Polar CloudsJekyll2024-03-08T12:07:29+00:00https://polarclouds.co.uk/Chris Hallhttps://polarclouds.co.uk/https://polarclouds.co.uk/unlocking-power-of-gpt-with-nutanix-ce2024-03-08T00:00:00+00:002024-03-08T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p>Don’t blame me - it came up with the title itself:</p>
<figure><img style="Display: block; margin-left: auto; margin-right: auto;" alt="GWrite me a blog post title..." src="/images/unlocking-power-of-gpt-with-nutanix-ce/unlocking-power-of-gpt-with-nutanix-ce-02.png" />
<figcaption><i>OK... It's kind of there</i></figcaption>
</figure>
<p>Let’s rephrase:</p>
<h1 id="unlocking-the-power-of-free-gpt-with-nutanix-community-edition">Unlocking the Power of Free GPT with Nutanix Community Edition</h1>
<p>That’s right - Your own GPT-In-A-Box …for free. Let me explain how we got here and the steps involved.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#unlocking-the-power-of-free-gpt-with-nutanix-community-edition" id="markdown-toc-unlocking-the-power-of-free-gpt-with-nutanix-community-edition">Unlocking the Power of Free GPT with Nutanix Community Edition</a> <ul>
<li><a href="#what-is-gpt" id="markdown-toc-what-is-gpt">What is GPT?</a></li>
<li><a href="#in-a-box" id="markdown-toc-in-a-box">In A Box?</a></li>
<li><a href="#introducing-gptstack" id="markdown-toc-introducing-gptstack">Introducing GPTStack</a></li>
<li><a href="#creating-a-free-gptstack" id="markdown-toc-creating-a-free-gptstack">Creating a Free GPTStack</a> <ul>
<li><a href="#nutanix-ce" id="markdown-toc-nutanix-ce">Nutanix CE</a></li>
<li><a href="#automation" id="markdown-toc-automation">Automation</a></li>
<li><a href="#ubuntu-2204-cloud-image" id="markdown-toc-ubuntu-2204-cloud-image">Ubuntu 22.04 Cloud Image</a></li>
</ul>
</li>
<li><a href="#deployment" id="markdown-toc-deployment">Deployment</a> <ul>
<li><a href="#ubuntu-image-upload" id="markdown-toc-ubuntu-image-upload">Ubuntu Image Upload</a></li>
<li><a href="#create-a-gptstack-vm-template" id="markdown-toc-create-a-gptstack-vm-template">Create a GPTStack VM Template</a></li>
<li><a href="#deploy-a-gptstack-vm" id="markdown-toc-deploy-a-gptstack-vm">Deploy A GPTStack VM</a></li>
</ul>
</li>
<li><a href="#its-alive" id="markdown-toc-its-alive">It’s ALIVE!!!</a></li>
<li><a href="#gpt4all-model-selection" id="markdown-toc-gpt4all-model-selection">GPT4All Model Selection</a></li>
<li><a href="#play-time-sorry---testing-time" id="markdown-toc-play-time-sorry---testing-time">Play Time (Sorry - Testing Time)</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="what-is-gpt">What is GPT?</h2>
<p>Unless you’ve been living under a very large rock, you have probably heard of Artificial Intelligence (AI) and GPT. But what is GPT?</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="What does GPT stand for?" src="/images/unlocking-power-of-gpt-with-nutanix-ce/unlocking-power-of-gpt-with-nutanix-ce-03.png" /></p>
<h2 id="in-a-box">In A Box?</h2>
<p>As you may or may not be aware, Nutanix now offers an enterprise solution called GPT-in-a-Box:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Nutanix GPT-In_A-Box" src="/images/unlocking-power-of-gpt-with-nutanix-ce/unlocking-power-of-gpt-with-nutanix-ce-04.png" /></p>
<p>GPT-in-a-Box is a turnkey AI solution for organizations wanting to implement GPT capabilities while maintaining control of their data and applications. It includes everything needed to build AI-ready infrastructure, including:</p>
<ul>
<li>Nutanix Cloud Platform infrastructure on GPU-enabled server nodes</li>
<li>Nutanix Files and Object storage for running and fine-tuning GPT models</li>
<li>Open source software to deploy and run AI workloads, including PyTorch and Kubeflow</li>
<li>Support for a curated set of LLMs (including Llama2, Falcon, and MPT)</li>
</ul>
<p>For more information, see <a href="https://www.nutanix.com/solutions/ai" target="_blank">https://www.nutanix.com/solutions/ai</a>.</p>
<p>Whilst the enterprise GPT-in-a-Box is a full on commercial grade scalable AI solution, what can we do on a more wallet friendly level?</p>
<p>In other words, what can we do for free?</p>
<h2 id="introducing-gptstack">Introducing GPTStack</h2>
<figure><img style="Display: block; margin-left: auto; margin-right: auto;" alt="GPTStack" src="/images/unlocking-power-of-gpt-with-nutanix-ce/unlocking-power-of-gpt-with-nutanix-ce-05.png" />
<figcaption><i>It's missing the point of "free", but whatever...</i></figcaption>
</figure>
<p>Let’s breakdown our (free) GPTStack:</p>
<ul>
<li><a href="https://www.nutanix.com/products/community-edition/register" target="_blank">Nutanix Community Edition (CE)</a> - a free version of Nutanix AOS, which powers the Nutanix Enterprise Cloud Platform.</li>
<li><a href="https://ubuntu.com/desktop" target="_blank">Ubuntu</a> - a Linux distribution based on Debian and composed mostly of free and open-source software.</li>
<li><a href="https://gpt4all.io/" target="_blank">GPT4All</a> - a free-to-use, locally running, privacy-aware chatbot. No GPU or internet required.</li>
</ul>
<p>A little less complicated and certainly wallet friendly! Private too!</p>
<p>OK, so if this is just an app running on Ubuntu, why not just run GPT4All on a standard desktop/laptop/server - why do I need Nutanix CE?</p>
<p>Given that the world of AI is evolving at breakneck speed, I’d rather treat my GPT solution as a <a href="https://en.wiktionary.org/wiki/cattle#:~:text=There%20is%20no%20universally%20accepted,bovine%20animal%22%20can%20be%20used." target="_blank">cattlebeast</a> rather than a pet… Confused? Take a watch of this 55 second explainer - <a href="https://www.youtube.com/watch?v=Od7e6hqis7A" target="_blank">YouTube</a>.</p>
<h2 id="creating-a-free-gptstack">Creating a Free GPTStack</h2>
<p>What follows is a scripted method of Ubuntu VM creation and GPT4All installation into the Ubuntu VM. As this method makes it very simple to deploy a Free GPTStack, it also means that when done we can take our GPT solution around the back of the woodshed, shotgun in hand and… Well you get the idea.</p>
<p>We can then spin up one, two, five, however many VMs for other AI tasks and know that they will all be built in the exact same way. <a href="https://en.wikipedia.org/wiki/Infrastructure_as_code" target="_blank">Infrastructure as Code</a> if you will.</p>
<h3 id="nutanix-ce">Nutanix CE</h3>
<p>I won’t cover CE installation here, as I have covered it <a href="/nested-nutanix-ce-deployment/" target="_blank">here</a> previously. You can obtain your free copy of CE from here: <a href="https://www.nutanix.com/products/community-edition/register" target="_blank">Download Community Edition</a> (free account required).
I’ve even covered making your CE install run faster via <a href="/nutanix-community-edition-hba-passthrough/" target="_blank">HBA Passthrough</a>.</p>
<h3 id="automation">Automation</h3>
<p>With our hypervisor sorted, lets look at how we can automate the build of our GPTStack VM.</p>
<p>For this we are going to use <a href="https://cloudinit.readthedocs.io/en/latest/index.html" target="_blank">Cloud-init</a>, this offers a cross-platform, cross-distribution approach to automating server initialization. An yes, you guessed it - use of Cloud-init is simple with Nutanix CE!</p>
<p>First off, let’s take a look at our Cloud-init script, <strong>GPTStack.yml</strong>:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><table class="rouge-table"><tbody><tr><td class="gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
</pre></td><td class="code"><pre><span class="c">#cloud-config</span>
apt_upgrade: <span class="nb">true
</span>repo_update: <span class="nb">true
</span>repo_upgrade: all
<span class="c"># Set the hostname</span>
<span class="nb">hostname</span>: free-gpt-stack
<span class="c"># User Authentication</span>
<span class="nb">users</span>:
- default
- name: chris
<span class="nb">groups</span>: <span class="nb">sudo
</span>shell: /bin/bash
lock_passwd: <span class="nb">false
</span>chpasswd:
list: |
chris:Password123
expire: <span class="nb">false</span>
<span class="c"># Assign static IP address</span>
write_files:
- path: /etc/netplan/50-cloud-init.yaml
content: |
network:
version: 2
renderer: networkd
ethernets:
ens3:
addresses: <span class="o">[</span>192.168.10.123/24]
gateway4: 192.168.10.1
nameservers:
addresses: <span class="o">[</span>192.168.10.10]
<span class="c"># Run the commands to add packages and resize the root partition</span>
runcmd:
- netplan apply
- apt remove <span class="nt">--autoremove</span> gnome-initial-setup <span class="nt">-y</span>
- wget <span class="nt">-P</span> /home/chris/Downloads https://gpt4all.io/installers/gpt4all-installer-linux.run
- <span class="nb">chmod</span> +x /home/chris/Downloads/gpt4all-installer-linux.run
- <span class="nb">mkdir</span> /Desktop
- <span class="nb">cd</span> /home/chris/Downloads <span class="o">&&</span> ./gpt4all-installer-linux.run <span class="nb">install</span> <span class="nt">--accept-licenses</span> <span class="nt">--confirm-command</span>
- <span class="nb">cp</span> /Desktop/GPT4All.desktop /usr/share/applications
- <span class="nb">rm</span> <span class="nt">-rf</span> /Desktop
packages:
- lightdm
- ubuntu-desktop
- wget
- libxcb-xinerama0
growpart:
mode: auto
devices: <span class="o">[</span><span class="s1">'/'</span><span class="o">]</span>
ignore_growroot_disabled: <span class="nb">false</span>
<span class="c"># Specify power state</span>
power_state:
delay: <span class="s2">"+1"</span>
mode: reboot
message: Rebooting after cloud-init
<span class="nb">timeout</span>: 10
condition: True
</pre></td></tr></tbody></table></code></pre></figure>
<p>Breaking this script down, lines:</p>
<ul>
<li>1-4: Identify this as a cloud-init script and run package updates on launch</li>
<li>6-7: Set the hostname of the VM</li>
<li>9-19: Create a user, call him chris, add to sudo group and set password</li>
<li>21-33: Set a static IP address for the VM</li>
<li>35-36: Run the following commands during the VM deployment</li>
<li>37: Apply static IP set above</li>
<li>38: Remove the ‘Welcome to Ubunbtu’ initial setup wizard</li>
<li>39: Download the GPT4All installer</li>
<li>40: Mark the GPT4All installer as executable</li>
<li>41: Workaround a GPT4All installer limitation (see <a href="https://github.com/nomic-ai/gpt4all/issues/873" target="_blank">#849</a>)</li>
<li>42: Install GPT4All application</li>
<li>43: Move GPT4All launcher to applications</li>
<li>44: Remove workaround from line 41</li>
<li>45-49: Install desktop and dependencies (more on this later)</li>
<li>50-53: Grow the partition to fill the disk (more on this later)</li>
<li>55-61: Reboot VM on completion</li>
</ul>
<p>For some examples of Nutanix compatible Cloud-init scripts, take a read of the Nutanix <a href="https://portal.nutanix.com/page/documents/details?targetId=Web-Console-Guide-Prism-v6_7:wc-linux-vm-customize-with-cloudinit-wc-t.html" target="_blank">Prism Element Web Console Guide</a>. Further examples are available in the <a href="https://cloudinit.readthedocs.io/en/latest/reference/examples.html" target="_blank">Cloud-init documentation</a>.</p>
<p>OK, with our script written, save it as GPTStack.yml and lets talk about Ubuntu.</p>
<h3 id="ubuntu-2204-cloud-image">Ubuntu 22.04 Cloud Image</h3>
<p>As we are using Cloud-init, we need to be careful around which version Ubuntu we use. Therefore, rather than using a standard desktop installer, we will be using an Ubuntu Cloud Image.</p>
<p>Ubuntu Cloud Images are the official Ubuntu images and are pre-installed disk images that have been customized by Ubuntu engineering to run on public clouds that provide Ubuntu Certified Images, Openstack, LXD, and more. In other words, we get a pre-installed Ubuntu server on a hard disk image that we can then install GPT4All on top of.</p>
<p>As the Ubuntu Cloud images are based on Ubuntu server, we will need to install a desktop into our VM (lines 45-49 of our GPTStack.yml script above). I’ve opted to install the standard desktop. Other desktops are available.</p>
<p>Another consideration when using an Ubuntu Cloud image is that whilst the image comes pre-installed, it is sized accordingly. For example the Ubuntu 22.04 server cloud image is just 2.2GB. We will need to resize the image to give us enough disk space for GPT4All and our selected model(s). Lines 50-53 of our GPTStack.yml script will partially handle this for us.</p>
<p>Whilst the full list of available Ubuntu cloud images is available at <a href="https://cloud-images.ubuntu.com/" target="_blank">https://cloud-images.ubuntu.com/</a>, for this GPTStack, I’m going to use the 22.04 Long Term Support (LTS) version of Ubuntu cloud image, available here: <a href="https://cloud-images.ubuntu.com/releases/22.04/release/" target="_blank">https://cloud-images.ubuntu.com/releases/22.04/release/</a>.</p>
<p>Specifically I’ll be using the ubuntu-22.04-server-cloudimg-amd64.img image.</p>
<h2 id="deployment">Deployment</h2>
<h3 id="ubuntu-image-upload">Ubuntu Image Upload</h3>
<p>Right, let’s get onto the fun stuff.</p>
<p>First off, let’s upload our Ubuntu Cloud Image to Nutanix CE. Log into Prism Element running on your CE cluster (https: // your-cluster : 9440). Click the settings cog in the top right hand corner of the Prism Element UI, select Image Configuration from the menu on the left.</p>
<p>Select <strong>Upload Image</strong> and complete the wizard, selecting image type of disk and entering the selected Ubuntu 22.04 LTS Server image URL:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">https://cloud-images.ubuntu.com/releases/22.04/release/ubuntu-22.04-server-cloudimg-amd64.img </code></pre></figure>
<p><img style="Display: block; margin-left: auto; margin-right: auto;" alt="Upload Image" src="/images/unlocking-power-of-gpt-with-nutanix-ce/unlocking-power-of-gpt-with-nutanix-ce-06.png" /></p>
<p>(Alternatively you can download the Ubuntu image first and then upload to CE - up to you)</p>
<p>Click <strong>Save</strong> when done.</p>
<h3 id="create-a-gptstack-vm-template">Create a GPTStack VM Template</h3>
<p>Without Prism Central, we can’t create ‘proper’ VM templates, but we can still create VMs and then use them to clone from later. A sudo template VM if you like.</p>
<p>Let’s create a template VM to clone from each time we need to deploy a GPTStack.</p>
<p>Again from the Prism Element UI, click the CE logo <img alt="CE Logo" src="/images/esxi-free-to-nutanix-ce/esxi-free-nutanix-ce-04.png" width="50" /> and select <strong>Home > VM > + Create VM</strong> (+ Create VM is located in top right hand corner of the VM UI).</p>
<ul>
<li>Name: GPTStack-Template</li>
<li>Timezone: UTC (which matches my timezone)</li>
<li>vCPUs: 4</li>
<li>Number Of Cores Per vCPU: 2</li>
<li>Memory: 12 GiB</li>
<li>Boot Configuration: Legacy BIOS</li>
<li>Disks:
<ul>
<li>Delete CD-ROM</li>
<li>Add New disk, clone Ubuntu image from image service</li>
</ul>
</li>
<li>Network Adapters: One NIC on my home LAN</li>
</ul>
<p>Click <strong>Save</strong> when done.</p>
<p>Once saved, right click the GPTStack-Template VM and select <strong>Update</strong>. Click the pencil next to the disk and resize to 20GB:</p>
<p><img style="Display: block; margin-left: auto; margin-right: auto;" alt="Resize Disk" src="/images/unlocking-power-of-gpt-with-nutanix-ce/unlocking-power-of-gpt-with-nutanix-ce-07.png" /></p>
<p>This fixes our image disk space issue discussed earlier. Click <strong>Close</strong> when done.</p>
<h3 id="deploy-a-gptstack-vm">Deploy A GPTStack VM</h3>
<p>So let’s create an AI VM. Right click the GPTStack-Template VM and select <strong>Clone</strong>. For this first test, I’ll build just the one VM. As discussed earlier, I could spin up more than one if I wanted.</p>
<ul>
<li>Number of Clones: 1</li>
<li>Name: GPTStack-1</li>
</ul>
<p>Scroll to the very bottom of the Clone VM wizard and complete the following:</p>
<ul>
<li>Custom Script ticked</li>
<li>Upload A File: GPTStack.yml (our script from earlier)</li>
</ul>
<p><img style="Display: block; margin-left: auto; margin-right: auto;" alt="Custom Script" src="/images/unlocking-power-of-gpt-with-nutanix-ce/unlocking-power-of-gpt-with-nutanix-ce-08.png" /></p>
<p>Click <strong>Save</strong> when done.</p>
<p>Right click GPTStack-1 VM and <strong>Power on</strong>. Once powered on, right click again and <strong>Launch Console</strong></p>
<h2 id="its-alive">It’s ALIVE!!!</h2>
<p><img style="Display: block; margin-left: auto; margin-right: auto;" alt="ALIVE!" src="/images/unlocking-power-of-gpt-with-nutanix-ce/alive.gif" /></p>
<p>Well, not quite yet, but it’s on it’s way. Initially, after booting you’ll see the following on the VM console:</p>
<p><img style="Display: block; margin-left: auto; margin-right: auto;" alt="Initial Boot" src="/images/unlocking-power-of-gpt-with-nutanix-ce/unlocking-power-of-gpt-with-nutanix-ce-09.png" /></p>
<p>Allow time for the script to complete. You will know when it’s ready as the VM will reboot into a GUI:</p>
<p><img style="Display: block; margin-left: auto; margin-right: auto;" alt="VM Build Complete" src="/images/unlocking-power-of-gpt-with-nutanix-ce/unlocking-power-of-gpt-with-nutanix-ce-10.png" /></p>
<p>Log in with the credentials set in the GPTStack script (lines 12 and 18 of the script). The GPT4All launcher will be among the installed applications.</p>
<p>Click to launch:</p>
<p><img style="Display: block; margin-left: auto; margin-right: auto;" alt="GPT4All Launcher" src="/images/unlocking-power-of-gpt-with-nutanix-ce/unlocking-power-of-gpt-with-nutanix-ce-11.png" /></p>
<h2 id="gpt4all-model-selection">GPT4All Model Selection</h2>
<p>After selecting whether to provide feedback to GPT4All, it’s time to choose an AI Model to download.</p>
<p>I went for the GPT4All Falcon model:</p>
<p><img style="Display: block; margin-left: auto; margin-right: auto;" alt="GPT4All Falcon" src="/images/unlocking-power-of-gpt-with-nutanix-ce/unlocking-power-of-gpt-with-nutanix-ce-12.png" /></p>
<p>Why?</p>
<p>No real reason. Other models might be better or worse. As you can see, each model has it’s various attributes listed in the GUI, with some models perhaps better at certain tasks over others. Feel free to give them a try!</p>
<p>Click download to install the model.</p>
<p>Once the model is installed, click the green <strong>X</strong> to close the model installer and using the <strong>Choose a model…</strong> dropdown, select your installed model:</p>
<p><img style="Display: block; margin-left: auto; margin-right: auto;" alt="Choose Model" src="/images/unlocking-power-of-gpt-with-nutanix-ce/unlocking-power-of-gpt-with-nutanix-ce-13.png" /></p>
<p>And we are done. Use the <strong>Send a message…</strong> box to interact with the AI:</p>
<p><img style="Display: block; margin-left: auto; margin-right: auto;" alt="Hello" src="/images/unlocking-power-of-gpt-with-nutanix-ce/unlocking-power-of-gpt-with-nutanix-ce-14.png" /></p>
<p>Now it’s ALLLIIIIVEEEE!!!!!</p>
<h2 id="play-time-sorry---testing-time">Play Time (Sorry - Testing Time)</h2>
<p>So what to do, what to do. Let’s see:</p>
<p><img style="Display: block; margin-left: auto; margin-right: auto;" alt="42" src="/images/unlocking-power-of-gpt-with-nutanix-ce/unlocking-power-of-gpt-with-nutanix-ce-15.png" /></p>
<p>OK, so it <a href="https://www.youtube.com/watch?v=5ZLtcTZP2js" target="_blank">knows the answer to the ultimate question</a>. Let’s try another:</p>
<p><img style="Display: block; margin-left: auto; margin-right: auto;" alt="Differential Equations" src="/images/unlocking-power-of-gpt-with-nutanix-ce/unlocking-power-of-gpt-with-nutanix-ce-16.png" /></p>
<p>OK. Another:</p>
<p><img style="Display: block; margin-left: auto; margin-right: auto;" alt="Jokes?" src="/images/unlocking-power-of-gpt-with-nutanix-ce/unlocking-power-of-gpt-with-nutanix-ce-17.png" /></p>
<p>Err… don’t give up the day job.</p>
<p><img style="Display: block; margin-left: auto; margin-right: auto;" alt="Nantucket" src="/images/unlocking-power-of-gpt-with-nutanix-ce/unlocking-power-of-gpt-with-nutanix-ce-18.png" /></p>
<p>OK STOP GENERATING! Phew.</p>
<p>Finally:</p>
<p><img style="Display: block; margin-left: auto; margin-right: auto;" alt="I love polarclouds.co.uk" src="/images/unlocking-power-of-gpt-with-nutanix-ce/unlocking-power-of-gpt-with-nutanix-ce-19.png" /></p>
<p>Awww, shucks :blush: OK, that’ll do for the moment.</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>Whilst this has been fun and all, the outcome is clear. We’ve created our very own personal artificial intelligence. What’s more we did it simply by deploying a VM, installing an application and downloading an AI model.</p>
<p>Perhaps more importantly, we put our deployment together in such a way that our AI can be deleted and redeployed by simply cloning an existing VM and using a pre-written script to configure the VM on boot, as detailed in the <a href="/unlocking-power-of-gpt-with-nutanix-ce/#deploy-a-gptstack-vm">Deploy a GPTStack VM</a> section of this post. Infrastructure as code to use the buzz words.</p>
<p>Sure what we’ve seen here is perhaps not the best AI, but this is where we are in March 2024 - for zero cost. The models are only going to improve, commercial and free.</p>
<p>I’m sure that there better things to do with the AI other than those shown here. The AI world is your oyster.</p>
<p>Speaking of which once installed, our AI VM can be run offline with it’s virtual network cable disconnected. No feeding data back to ‘some higher power intelligence out there on the interwebs’.</p>
<p>Anyway, after all that, it’s good night from me and:</p>
<p><img style="Display: block; margin-left: auto; margin-right: auto;" alt="Goodnight" src="/images/unlocking-power-of-gpt-with-nutanix-ce/unlocking-power-of-gpt-with-nutanix-ce-20.png" /></p>
<p>Yeah… Don’t have nightmares…</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/unlocking-power-of-gpt-with-nutanix-ce/">Unlocking the Power of GPT with Nutanix Community Edition and Free</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on March 08, 2024.</p>
https://polarclouds.co.uk/migrate-from-free-esxi-to-nutanix-community-edition2024-03-05T00:00:00+00:002024-03-05T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Nutanix CE HBA Passthrough" src="/images/esxi-free-to-nutanix-ce/esxi-free-nutanix-ce-01.png" />
Consider this scenario: You are a small company with a small budget to match. Until now you have been running quite happily with VMware’s free ESXi server offering. Besides you only have a handful of VMs that run perfectly well on your free ESXi server. You enjoy not being beholden to a software subscription licence agreement.</p>
<p>Or perhaps you are a large company with several test and development environments that also make use of the free ESXi offering from VMware. As these are test and development, there is zero financial appetite or need to formally licence these environments. Besides, if anything catastrophic happens you can rebuild, no harm no foul.</p>
<p>Then along comes Broadcom and <strong>BAM! End Of General Availability of the Free vSphere Hypervisor</strong> <a href="https://kb.vmware.com/s/article/2107518" target="_blank">KB2107518</a>.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="F F S" src="/images/esxi-free-to-nutanix-ce/hopeless-disappointed.gif" /></p>
<p>Short of setting up a free key exchange for free old ESXi licence keys - what’s stopping Broadcom from removing free ESXi functionality at their earliest convenience - i.e. with the next ESXi patch releases…?</p>
<p>It’s time to look further afield for a new free hypervisor.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#first-some-more-words-about-vmware-licensing" id="markdown-toc-first-some-more-words-about-vmware-licensing">First, Some More Words about VMware Licensing</a></li>
<li><a href="#how-about-nutanix-community-edition" id="markdown-toc-how-about-nutanix-community-edition">How about Nutanix Community Edition?</a></li>
<li><a href="#community-edition-installation" id="markdown-toc-community-edition-installation">Community Edition Installation</a></li>
<li><a href="#introducing-nutanix-move" id="markdown-toc-introducing-nutanix-move">Introducing Nutanix Move</a></li>
<li><a href="#installing-and-configuring-move" id="markdown-toc-installing-and-configuring-move">Installing and Configuring Move</a> <ul>
<li><a href="#update-portal-fun" id="markdown-toc-update-portal-fun">[Update] Portal Fun</a></li>
<li><a href="#upload-move-disk-image" id="markdown-toc-upload-move-disk-image">Upload Move Disk Image</a></li>
<li><a href="#deploy-move-vm" id="markdown-toc-deploy-move-vm">Deploy Move VM</a></li>
<li><a href="#move-configuration" id="markdown-toc-move-configuration">Move Configuration</a></li>
<li><a href="#move-environments" id="markdown-toc-move-environments">Move Environments</a></li>
<li><a href="#migration-plan" id="markdown-toc-migration-plan">Migration Plan</a></li>
</ul>
</li>
<li><a href="#data-replication" id="markdown-toc-data-replication">Data Replication</a></li>
<li><a href="#making-the-move" id="markdown-toc-making-the-move">Making the Move</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="first-some-more-words-about-vmware-licensing">First, Some More Words about VMware Licensing</h2>
<p>Whilst this post describes migrating VMs from the free version of ESXi to Nutanix Community Edition, we need to talk about VMware licensing.</p>
<p>Unfortunately out of the box, the free version of ESXi does not provide licensing provision for the required vSphere Storage APIs required to allow Nutanix Move to incrementally capture the source VM. Therefore in order to follow the method outlined in this post, you will either need to obtain some temporary ESXi license keys or use a search engine to find out how to reset your ESXi license configuration to reenable the free 60 day evaluation ESXi license to continue.</p>
<p><em>However you do enable vSphere Storage APIs on your free ESXi instance is between you and <del>VMware</del> Broadcom. I don’t want or need to know.</em> :point_right::neutral_face::point_left:</p>
<p>To confirm you are all set, logon to your ESXi server, select <strong>Host > Manage > Licensing</strong>. If Storage APIs is listed as a licensed feature, you are good to go.</p>
<p>Anyway, on with the post.</p>
<h2 id="how-about-nutanix-community-edition">How about Nutanix Community Edition?</h2>
<p><a href="https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Community-Edition-Getting-Started-v2_0:Nutanix-Community-Edition-Getting-Started-v2_0" target="_blank">Nutanix Community Edition (CE)</a> is a free version of Nutanix AOS, which powers the Nutanix Enterprise Cloud Platform. The Community Edition of AOS is designed for people interested in test driving AOS main features on their own test hardware and infrastructure. As stated in the license agreement, Community Edition is intended for internal business operations and non-production use only.</p>
<p>Perfect.</p>
<h2 id="community-edition-installation">Community Edition Installation</h2>
<p>I won’t cover CE installation here, as I have covered it <a href="/nested-nutanix-ce-deployment/" target="_blank">here</a> previously. You can obtain your free copy of CE from here: <a href="https://next.nutanix.com/discussion-forum-14/download-community-edition-38417" target="_blank">Download Community Edition</a> (free account required).</p>
<h2 id="introducing-nutanix-move">Introducing Nutanix Move</h2>
<p>Keeping with the Nutanix naming standard of calling a piece of software after it’s core functionality, Move is used to ..er.. move VMs between environments:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Move Migration Environments" src="/images/esxi-free-to-nutanix-ce/esxi-free-nutanix-ce-02.png" /></p>
<p>…But we are getting ahead of ourselves.</p>
<p>Move supports VM migration from the following sources to targets:</p>
<ul>
<li>VMware ESXi (legacy infrastructure or Nutanix) to AHV</li>
<li>VMware ESXi (legacy infrastructure or Nutanix) to VMware ESXi on Nutanix</li>
<li>VMware ESXi to Nutanix Cloud Clusters (NC2) on AWS</li>
<li>VMware ESXi to NC2 on Microsoft Azure</li>
<li>Microsoft Hyper-V to AHV</li>
<li>Microsoft Hyper-V to VMware ESXi on Nutanix</li>
<li>Microsoft Hyper-V to NC2 on AWS</li>
<li>AWS EC2 to AHV</li>
<li>AWS EC2 to VMware ESXi on Nutanix</li>
<li>AWS EC2 to NC2 on AWS</li>
<li>Microsoft Azure Cloud to AHV</li>
<li>Microsoft Azure Cloud to VMware ESXi on Nutanix</li>
<li>Microsoft Azure Cloud to NC2 on Azure</li>
<li>Nutanix AHV to Nutanix AHV</li>
<li>Nutanix AHV to AWS EC2</li>
<li>Nutanix AHV to Microsoft Azure Cloud</li>
<li>Nutanix AHV to NC2 on AWS/Azure</li>
<li>NC2 on AWS/Azure to Nutanix AHV</li>
<li>NC2 on Azure to NC2 on Azure</li>
</ul>
<p>Oh and by the way, <a href="https://www.nutanix.com/blog/nutanix-ahv-and-nutanix-move-a-year-of-remarkable-success" target="_blank">Nutanix Move now migrates between 22,000 and 26,000 VMs to AHV per quarter</a>, so you are among friends! What’s more Move is free.</p>
<h2 id="installing-and-configuring-move">Installing and Configuring Move</h2>
<p>Following the Move <a href="https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Move-v5_1:top-deployment-c.html" target="_blank">deployment documentation</a> the recommendation is to install Move on to the target environment. So in our case that is our Nutanix CE installation.</p>
<p>Download the installer from the <a href="https://portal.nutanix.com/page/downloads?product=move" target="_blank">Nutanix Portal</a>. Use the same free account you used when installing CE to access the Move downloads. As mentioned, Move is free to download and use.</p>
<h3 id="update-portal-fun">[Update] Portal Fun</h3>
<p>It has been brought to my attention that accessing downloads from the Nutanix Portal is sometimes tricky for Community Edition only users. After some further testing, the following process should allow you access to the downloads area of the Nutanix portal:</p>
<ol>
<li>Create a Community Edition account as normal at <a href="https://www.nutanix.com/products/community-edition/register" target="_blank">https://www.nutanix.com/products/community-edition/register</a></li>
<li>Verify email address via link sent in email</li>
<li>Navigate and login (with credentials set above) to <a href="https://my.nutanix.com/" target="_blank">https://my.nutanix.com/</a></li>
<li>Scroll down to, launch and register with Nutanix University - again using credentials set above</li>
<li>Launch <a href="https://portal.nutanix.com/" target="_blank">https://portal.nutanix.com</a> directly (as in enter this address into your browser)</li>
</ol>
<p>You’ll know you’ve got it correct when portal.nutanix stops redirecting you to my.nutanix. Finally, with stable access to portal.nutanix, click the hamburger menu (top left) to access downloads.</p>
<p>As you can gleam from the above, it seems that downloads are only available to those that also have University accounts. Thanks to Brandon at <a href="https://www.virtualizationhowto.com/" target="_blank">virtualizationhowto.com</a> for reaching out on this. Cheers Brandon!</p>
<h3 id="upload-move-disk-image">Upload Move Disk Image</h3>
<p>Log into Prism Element running on your CE cluster (https: // your-cluster : 9440). Click the settings cog in the top right hand corner of the Prism Element UI, select Image Configuration from the menu on the left.</p>
<p>Select <strong>Upload Image</strong>.</p>
<p>Complete the wizard, selecting image type of disk and finally selecting the move qcow image previously downloaded:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Upload Move qcow" src="/images/esxi-free-to-nutanix-ce/esxi-free-nutanix-ce-03.png" /></p>
<p>Confirm the image type is set to <strong>Disk</strong> and select <strong>Save</strong> to upload the Move VM disk image.</p>
<h3 id="deploy-move-vm">Deploy Move VM</h3>
<p>Next, we need to deploy our Move VM.</p>
<p>Again from the Prism Element UI, click the CE logo <img src="/images/esxi-free-to-nutanix-ce/esxi-free-nutanix-ce-04.png" width="50" /> and select <strong>Home > VM > + Create VM</strong> (+ Create VM is located in top right hand corner of the VM UI).</p>
<ul>
<li>Name: Move</li>
<li>Timezone: UTC (which matches my timezone)</li>
<li>vCPUs: 2</li>
<li>Number Of Cores Per vCPU: 2</li>
<li>Memory: 8 GiB</li>
<li>Boot Configuration: Legacy BIOS</li>
<li>Disks: (See below)</li>
<li>Network Adapters: One NIC on my management LAN</li>
</ul>
<p>The above specs match the minimum requirements for Move. You may size your VM differently as required.</p>
<p>Add one disk and configure it to clone from previously uploaded Move image:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Clone Move Disk" src="/images/esxi-free-to-nutanix-ce/esxi-free-nutanix-ce-05.png" /></p>
<p>Once the VM has been created, right click it and select <strong>Power On</strong>.</p>
<h3 id="move-configuration">Move Configuration</h3>
<p>Once the Move VM has booted up and is available on the network, access it via a web browser.</p>
<p>Should you need to manually assign an IP address to the move VM, use the <code class="language-plaintext highlighter-rouge">configure-static-ip</code> script detailed in <a href="https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Move-v5_1:top-assign-ip-addresses-t.html" target="_blank">Assigning a Static IP Address to Move</a> section of the Move User Guide.</p>
<p>Additionally, given that my source ESXi host is in my lab and my CE target is not, I’ll need to add a static route to my Move VM to allow it to get to my lab.</p>
<p>The process is simple enough. We need to open an SSH connection to our move VM, login with <a href="https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Move-v5_1:top-vm-secure-t.html" target="_blank">default credentials</a> and reset the password. After that we need to edit the file <code class="language-plaintext highlighter-rouge">/etc/network/interfaces</code> (sudo vi) and add our static route in the format:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">up ip route add DESTINATION-NET/CIDR via GATEWAY</code></pre></figure>
<p>Which in my case looks like this:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Move Static Route" src="/images/esxi-free-to-nutanix-ce/esxi-free-nutanix-ce-08.png" /></p>
<p>Reboot the Move VM to apply the static route. Once the Move VM has booted access the Move IP address/hostname via a web browser.</p>
<p>After accepting the licence and customer experience agreements, set a new password. Login in with your newly set password you will be presented with the Move dashboard:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Move Dashboard" src="/images/esxi-free-to-nutanix-ce/esxi-free-nutanix-ce-06.png" /></p>
<p>As you can see, the Move interface is clutter free and simple enough to navigate.</p>
<h3 id="move-environments">Move Environments</h3>
<p>Right, let’s setup my source VMware ESXi environment within Move.</p>
<p>From the Move interface, select <strong>+ Add Environment</strong>. Select the environment type and complete the details. For my ESXi host, the details are as follows:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="ESXi Environment in Move" src="/images/esxi-free-to-nutanix-ce/esxi-free-nutanix-ce-09.png" /></p>
<p>Click <strong>Add</strong> to complete. Next we will add our Nutanix CE Environment:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="CE Environment in Move" src="/images/esxi-free-to-nutanix-ce/esxi-free-nutanix-ce-10.png" /></p>
<p>Use the Virtual IP for the Nutanix Cluster set as discussed <a href="/nested-nutanix-ce-deployment-pt2/#cluster-name" target="_blank">here</a>. Again click <strong>Add</strong> to complete.</p>
<h3 id="migration-plan">Migration Plan</h3>
<p>With both source and target environments configured in Move, let’s create a migration plan.</p>
<p>I’ll name my Plan <strong>ESXi Free to Nutanix CE</strong> and after completing the details:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Move Migration Plan 1" src="/images/esxi-free-to-nutanix-ce/esxi-free-nutanix-ce-11.png" /></p>
<p>Click <strong>Next</strong> to continue. Next I’ll select my VM to migrate by clicking the <strong>+</strong> next to the VM. Added VMs are listed on the right:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Move Migration Plan 2" src="/images/esxi-free-to-nutanix-ce/esxi-free-nutanix-ce-12.png" /></p>
<p>Let’s investigate the <strong>[!]</strong> note:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Move Migration Plan 2 - Note" src="/images/esxi-free-to-nutanix-ce/esxi-free-nutanix-ce-13.png" /></p>
<p>My CE installation is running AOS 6.5.5.5 (latest LTS version of AOS as of time of writing), so I’m all good. Again click <strong>Next</strong> to continue.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Move Migration Plan 3" src="/images/esxi-free-to-nutanix-ce/esxi-free-nutanix-ce-14.png" /></p>
<p>I’ll select my target network, VM-GREEN-LAN in my case. I’m not going to use a test network. Again click <strong>Next</strong> to continue.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Move Migration Plan 4" src="/images/esxi-free-to-nutanix-ce/esxi-free-nutanix-ce-15.png" /></p>
<p>I’ve unticked <strong>Retain static IP addresses from source VMs</strong> as I’m moving my VM onto a network with DHCP enabled. I’ve also supplied the credentials of my VM to Move so that it can uninstall VMtools from and inject the required VirtIO drivers into my VM as part of the migration.</p>
<p>Again click <strong>Next</strong> to continue.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Move Migration Plan 5" src="/images/esxi-free-to-nutanix-ce/esxi-free-nutanix-ce-16.png" /></p>
<p>I’ve set my timezone and I’ll retain my VM’s MAC address. Again click <strong>Next</strong> to continue.</p>
<p>Move will now validate selected settings and provided credentials.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Move Migration Plan Summary" src="/images/esxi-free-to-nutanix-ce/esxi-free-nutanix-ce-17.png" /></p>
<p>Click <strong>Save and Start</strong>.</p>
<h2 id="data-replication">Data Replication</h2>
<p>With the above completed, we can see that Move has started replicating our ESXi VM(s) to our CE instance:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Move Migration In Progress" src="/images/esxi-free-to-nutanix-ce/esxi-free-nutanix-ce-18.png" /></p>
<p>Once seeding has completed, the ready to Cutover count will increase to match the count of VMs configured in the migration plan:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VMs Ready to Cutover" src="/images/esxi-free-to-nutanix-ce/esxi-free-nutanix-ce-19.png" /></p>
<p>In this state, changes to the source VM will be replicated to the target VM every 10 minutes. If you wish to change this interval, from the move interface select the cog on the Move task bar and select <strong>Appliance Settings > Snapshot Configuration</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Snapshot Configuration" src="/images/esxi-free-to-nutanix-ce/esxi-free-nutanix-ce-20.png" /></p>
<p>For bonus points, from the move interface select the cog on the Move task bar and select <strong>View Metrics</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Move Metrics" src="/images/esxi-free-to-nutanix-ce/esxi-free-nutanix-ce-21.png" /></p>
<h2 id="making-the-move">Making the Move</h2>
<p>So let’s cutover our VM from our Free ESXi installation into our Community Edition environment.</p>
<p>From the Move dashboard, click on the <strong>In Progress</strong> status dialogue of the currently running plan. Then select the VM to cutover:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Cutover 1" src="/images/esxi-free-to-nutanix-ce/esxi-free-nutanix-ce-22.png" /></p>
<p>Select <strong>Cutover</strong>.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Cutover 2" src="/images/esxi-free-to-nutanix-ce/esxi-free-nutanix-ce-23.png" /></p>
<p>Select <strong>Continue</strong> and allow time for the cutover to complete Once Move has complete the migration:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Move Complete" src="/images/esxi-free-to-nutanix-ce/esxi-free-nutanix-ce-24.png" /></p>
<p>Let’s log into our migrated VM. Looks good:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VM All Good" src="/images/esxi-free-to-nutanix-ce/esxi-free-nutanix-ce-25.png" /></p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>So there we have it. A free and simple way to migrate VMs from ESXi to CE.</p>
<p>Of course, this guide also works should you be migrating VMs from vSphere to any Nutanix version - CE or Enterprise.</p>
<p>To confirm if your guest VM is supported for migration by Move, take a look at the following documentation links:</p>
<ul>
<li><a href="https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Move-v5_1:top-support-os-r.html" target="_blank">Move Supported Guest Operating Systems</a></li>
<li><a href="https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Move-v5_1:top-support-for-uefi-enabled-os.html" target="_blank">Move Supported Operating Systems for UEFI Enabled VMs</a></li>
<li><a href="https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Move-v5_1:top-support-for-secure-boot.html" target="_blank">Move Support for UEFI with Secure Boot Enabled VMs</a></li>
<li><a href="https://portal.nutanix.com/page/documents/details?targetId=Release-Notes-Nutanix-Move-v5_1_1:v51-supported-versions-r.html" target="_blank">Move Supported AOS, ESXi, and Hyper-V Versions</a></li>
</ul>
<p>Moving doesn’t need to be stressful. Enjoy.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/migrate-from-free-esxi-to-nutanix-community-edition/">Quickly Migrate from Free ESXi to Nutanix Community Edition</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on March 05, 2024.</p>
https://polarclouds.co.uk/nutanix-community-edition-hba-passthrough-testing2024-02-27T00:00:00+00:002024-02-27T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Nutanix CE HBA Passthrough" src="/images/nutanix-ce-hba-passthrough-testing/nutanix-ce-hba-testing-01.png" />
Last time we looked at addressing the storage performance difference between Nutanix Community Edition (CE) and it’s enterprise sibling.</p>
<p>We were able to make changes to our Community Edition lab environment to successfully use PCI Passthrough to pass our node’s storage controller, also known as a Host Bus Adapter (HBA), through to our node’s CVM.</p>
<p>If you have not had a chance to read through that post yet, what’s stopping you? It is <a href="/nutanix-community-edition-hba-passthrough/" target="_blank">available here</a> and is a great read! :wink: This post builds upon that post and puts some numbers around the performance increase achieved by implementing the changes described.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#introducing-nutanix-x-ray" id="markdown-toc-introducing-nutanix-x-ray">Introducing Nutanix X-Ray</a></li>
<li><a href="#testing-preamble" id="markdown-toc-testing-preamble">Testing Preamble</a> <ul>
<li><a href="#order-of-testing" id="markdown-toc-order-of-testing">Order of Testing</a></li>
<li><a href="#test-environment-handling" id="markdown-toc-test-environment-handling">Test Environment Handling</a></li>
<li><a href="#x-ray-test-selection" id="markdown-toc-x-ray-test-selection">X-Ray Test Selection</a></li>
<li><a href="#usual-disclaimers-apply" id="markdown-toc-usual-disclaimers-apply">Usual Disclaimers Apply</a></li>
</ul>
</li>
<li><a href="#the-results-with-hba-passthrough" id="markdown-toc-the-results-with-hba-passthrough">The Results: With HBA Passthrough</a> <ul>
<li><a href="#random-read-iops---with-hba-passthrough" id="markdown-toc-random-read-iops---with-hba-passthrough">Random Read (IOPS) - With HBA Passthrough</a></li>
<li><a href="#sequential-read-bytessec---with-hba-passthrough" id="markdown-toc-sequential-read-bytessec---with-hba-passthrough">Sequential Read (Bytes/Sec) - With HBA Passthrough</a></li>
<li><a href="#random-write-iops---with-hba-passthrough" id="markdown-toc-random-write-iops---with-hba-passthrough">Random Write (IOPS) - With HBA Passthrough</a></li>
<li><a href="#sequential-write-bytessec---with-hba-passthrough" id="markdown-toc-sequential-write-bytessec---with-hba-passthrough">Sequential Write (Bytes/Sec) - With HBA Passthrough</a></li>
</ul>
</li>
<li><a href="#the-results-without-hba-passthrough" id="markdown-toc-the-results-without-hba-passthrough">The Results: Without HBA Passthrough</a> <ul>
<li><a href="#random-read-iops---without-hba-passthrough" id="markdown-toc-random-read-iops---without-hba-passthrough">Random Read (IOPS) - Without HBA Passthrough</a></li>
<li><a href="#sequential-read-bytessec---without-hba-passthrough" id="markdown-toc-sequential-read-bytessec---without-hba-passthrough">Sequential Read (Bytes/Sec) - Without HBA Passthrough</a></li>
<li><a href="#random-write-iops---without-hba-passthrough" id="markdown-toc-random-write-iops---without-hba-passthrough">Random Write (IOPS) - Without HBA Passthrough</a></li>
<li><a href="#sequential-write-bytessec---without-hba-passthrough" id="markdown-toc-sequential-write-bytessec---without-hba-passthrough">Sequential Write (Bytes/Sec) - Without HBA Passthrough</a></li>
</ul>
</li>
<li><a href="#the-results-comparison-and-analysis" id="markdown-toc-the-results-comparison-and-analysis">The Results: Comparison and Analysis</a> <ul>
<li><a href="#median" id="markdown-toc-median">Median</a></li>
<li><a href="#maximums" id="markdown-toc-maximums">Maximums</a></li>
<li><a href="#minimums" id="markdown-toc-minimums">Minimums</a></li>
</ul>
</li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="introducing-nutanix-x-ray">Introducing Nutanix X-Ray</h2>
<p>X-Ray is a freely available automated testing framework and benchmarking application for enterprise-grade datacenters. The X-Ray application is a downloadable virtual machine (VM) with a user interface and documentation. After installing X-Ray, you can test and analyze several systems and report comparable information.</p>
<p>X-Ray provides test scenarios for hyperconverged platforms that demonstrate variations in areas such as performance, data integrity, and availability. X-Ray supports clusters of virtually any size. X-Ray runs one test scenario per target at a time.</p>
<p>Let’s take a look at the array of tests X-Ray can perform for us:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="X-Ray Console" src="/images/nutanix-ce-hba-passthrough-testing/nutanix-ce-hba-testing-12.png" /></p>
<p>Find out more about testing with X-Ray here: <a href="https://www.nutanix.com/uk/products/x-ray" target="_blank">Nutanix X-Ray</a>.</p>
<h2 id="testing-preamble">Testing Preamble</h2>
<p>To try and keep everything as fair as possible, I’ll be doing the following.</p>
<h3 id="order-of-testing">Order of Testing</h3>
<p>As my CE node is already using HBA passthrough, I’ll be doing my performance testing a bit backwards - that is I’ll be performance testing with HBA passthrough first after which I’ll be going back to my CVM backup taken prior to any changes as described <a href="/nutanix-community-edition-hba-passthrough/#attach-hba-to-cvm" target="_blank">here</a>. After which I’ll rerun my selected X-Ray test.</p>
<h3 id="test-environment-handling">Test Environment Handling</h3>
<p>As the X-Ray management VM should not be deployed on the environment under test, I’ll be deploying it to my ESXi host and testing my Nutanix node from there.</p>
<p>Prior to testing, I’ll shutdown all user VMs on my CE server, after which I will reboot my CVM and allow it to start the cluster as normal.</p>
<p>After 11 minutes of CVM uptime (one better than ten minutes!), I’ll start the X-Ray test and allow it to complete normally.</p>
<h3 id="x-ray-test-selection">X-Ray Test Selection</h3>
<p>As I’m testing a one node cluster, I’m not interested in using X-Ray to test resiliency, scalability, data protection or utility. I’m purely interested in storage performance. To this end, I selected X-Ray’s Peak Performance Microbenchmark.</p>
<p>Details of the X-Ray Peak Performance Microbenchmark test are as follows. From the X-Ray test description:</p>
<blockquote>
<p>This test runs the four data workload types (random reads, sequential reads, random writes, and sequential writes) and shows their peak burst performances.</p>
<p>Each of these workloads runs in sequence for 1 minute with 1-minute intervals between. For random reads and writes, higher IOPS indicates better performance; for sequential reads and writes, more bytes per second indicate better performance.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="X-Ray Peak Performance Microbenchmark" src="/images/nutanix-ce-hba-passthrough-testing/nutanix-ce-hba-testing-02.png" /></p>
<p>How X-Ray runs the test<br />
Note: This test scales with the number of nodes.<br /></p>
<p>Test Requirements <br /></p>
<ul>
<li>vCPU: 4 vCPU per node.</li>
<li>RAM: 4 GB per node.</li>
<li>Cluster storage: 116 GB per node.</li>
<li>IP addresses: one per node.</li>
</ul>
<p>Setup <br /></p>
<ol>
<li>Deploy one workload VM per host.</li>
<li>Fill virtual disks with random data.</li>
<li>Run random read workload warmup for 5 minutes.</li>
</ol>
<p>Measurement <br /></p>
<ol>
<li>Run random read workload for 1 minute on all VMs.</li>
<li>Wait 1 minute.</li>
<li>Run sequential read workload for 1 minute on all VMs.</li>
<li>Wait 1 minute.</li>
<li>Run random write workload for 1 minute on all VMs.</li>
<li>Wait 1 minute.</li>
<li>Run sequential write workload for 1 minute on all VMs.</li>
</ol>
</blockquote>
<p>This looks like the perfect test for this exercise. I shall use this test in it’s default form with zero customisation.</p>
<h3 id="usual-disclaimers-apply">Usual Disclaimers Apply</h3>
<p>What follows are results from two consecutive test runs executed on the same morning with the <a href="/nutanix-community-edition-hba-passthrough/" target="_blank">previously applied configuration changes</a> reversed in between tests. More on that below. AHV was not rebooted in between tests.</p>
<p>Your mileage may vary, <a href="/pages/disclaimer/" target="_blank">usual disclaimer applies</a>. With that out of the way, lets get to it.</p>
<h2 id="the-results-with-hba-passthrough">The Results: With HBA Passthrough</h2>
<p>The results of testing with the HBA passed through to CVM are as follows:</p>
<h4 id="random-read-iops---with-hba-passthrough">Random Read (IOPS) - With HBA Passthrough</h4>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Random Read - HBA Passthrough" src="/images/nutanix-ce-hba-passthrough-testing/nutanix-ce-hba-testing-03.png" /></p>
<h4 id="sequential-read-bytessec---with-hba-passthrough">Sequential Read (Bytes/Sec) - With HBA Passthrough</h4>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Sequential Read - HBA Passthrough" src="/images/nutanix-ce-hba-passthrough-testing/nutanix-ce-hba-testing-04.png" /></p>
<h4 id="random-write-iops---with-hba-passthrough">Random Write (IOPS) - With HBA Passthrough</h4>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Random Write - HBA Passthrough" src="/images/nutanix-ce-hba-passthrough-testing/nutanix-ce-hba-testing-05.png" /></p>
<h4 id="sequential-write-bytessec---with-hba-passthrough">Sequential Write (Bytes/Sec) - With HBA Passthrough</h4>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Sequential Write - HBA Passthrough" src="/images/nutanix-ce-hba-passthrough-testing/nutanix-ce-hba-testing-06.png" /></p>
<h2 id="the-results-without-hba-passthrough">The Results: Without HBA Passthrough</h2>
<p>This required a little backwards configuration to set up for testing:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">1. After shutting CVM down, delete CVM with HBA passthrough configured:
<span class="o">[</span>root@AHV ~]# virsh undefine NTNX-XXXXXX-CVM
2. Restore CVM from backup taken before HBA passthrough changes made:
<span class="o">[</span>root@AHV ~]# virsh define <span class="nt">--file</span> /root/NTNX-XXXXXX-CVM-ORIG.xml
3. Reattach AHV to the HBA:
<span class="o">[</span>root@AHV ~]# virsh nodedev-reattach pci_0000_01_00_0
4. Start CVM as normal:
<span class="o">[</span>root@AHV ~]# virsh start NTNX-XXXXXX-CVM</code></pre></figure>
<p>After allowing the CVM to boot, let’s check it’s PCI devices via <code class="language-plaintext highlighter-rouge">lspci</code>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="CVM lspci" src="/images/nutanix-ce-hba-passthrough-testing/nutanix-ce-hba-testing-07.png" /></p>
<p>Yep, the CVM is now using the Virtio SCSI HBA rather than our passed though LSI MegaRAID HBA. Let’s test!</p>
<h4 id="random-read-iops---without-hba-passthrough">Random Read (IOPS) - Without HBA Passthrough</h4>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Random Read - No HBA Passthrough" src="/images/nutanix-ce-hba-passthrough-testing/nutanix-ce-hba-testing-08.png" /></p>
<h4 id="sequential-read-bytessec---without-hba-passthrough">Sequential Read (Bytes/Sec) - Without HBA Passthrough</h4>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Sequential Read - No HBA Passthrough" src="/images/nutanix-ce-hba-passthrough-testing/nutanix-ce-hba-testing-09.png" /></p>
<h4 id="random-write-iops---without-hba-passthrough">Random Write (IOPS) - Without HBA Passthrough</h4>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Random Write - No HBA Passthrough" src="/images/nutanix-ce-hba-passthrough-testing/nutanix-ce-hba-testing-10.png" /></p>
<h4 id="sequential-write-bytessec---without-hba-passthrough">Sequential Write (Bytes/Sec) - Without HBA Passthrough</h4>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Sequential Write - No HBA Passthrough" src="/images/nutanix-ce-hba-passthrough-testing/nutanix-ce-hba-testing-11.png" /></p>
<h2 id="the-results-comparison-and-analysis">The Results: Comparison and Analysis</h2>
<p>Let’s dig into the results.</p>
<div>
<style scoped="">
table {
border-collapse: collapse;
border: none;
}
tr {
border-top: 1px solid black;
}
tr:first-child {
border-top: none;
}
td {
border: none !important;
}
</style>
</div>
<h3 id="median">Median</h3>
<table>
<thead>
<tr>
<th style="text-align: left">Test</th>
<th style="text-align: center">Without HBA PCI Passthrough (Median)</th>
<th style="text-align: center">With HBA PCI Passthrough (Median)</th>
<th style="text-align: center">% Gain or Loss</th>
<th style="text-align: center">Winner</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left">Random Read (IOPS)</td>
<td style="text-align: center">117.55K</td>
<td style="text-align: center">120.21K</td>
<td style="text-align: center">+2.26%</td>
<td style="text-align: center">With HBA Passthrough</td>
</tr>
<tr>
<td style="text-align: left">Sequential Read (Bytes/Sec)</td>
<td style="text-align: center">2.25G</td>
<td style="text-align: center">2.62G</td>
<td style="text-align: center">+16.44%</td>
<td style="text-align: center">With HBA Passthrough</td>
</tr>
<tr>
<td style="text-align: left">Random Write (IOPS)</td>
<td style="text-align: center">85.61K</td>
<td style="text-align: center">94.17K</td>
<td style="text-align: center">+9.99%</td>
<td style="text-align: center">With HBA Passthrough</td>
</tr>
<tr>
<td style="text-align: left">Sequential Write (Bytes/Sec)</td>
<td style="text-align: center">1.29G</td>
<td style="text-align: center">1.29G</td>
<td style="text-align: center">0%</td>
<td style="text-align: center">Equal</td>
</tr>
</tbody>
</table>
<p>Well there we have it. Gains across the board with equal performance in one result. Nice!</p>
<p>Sure, gains are to be expected because by using HBA passthrough we are simplifying the I/O path to our storage. What is interesting is to see the level of change that the simplification affords us.</p>
<p>Since we have them too, lets compare the maximum and minimum results too.</p>
<h3 id="maximums">Maximums</h3>
<table>
<thead>
<tr>
<th style="text-align: left">Test</th>
<th style="text-align: center">Without HBA PCI Passthrough (Maximums)</th>
<th style="text-align: center">With HBA PCI Passthrough (Maximums)</th>
<th style="text-align: center">% Gain or Loss</th>
<th style="text-align: center">Winner</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left">Random Read (IOPS)</td>
<td style="text-align: center">120.52K</td>
<td style="text-align: center">123.28K</td>
<td style="text-align: center">+2.29%</td>
<td style="text-align: center">With HBA Passthrough</td>
</tr>
<tr>
<td style="text-align: left">Sequential Read (Bytes/Sec)</td>
<td style="text-align: center">2.34G</td>
<td style="text-align: center">2.69G</td>
<td style="text-align: center">+14.96%</td>
<td style="text-align: center">With HBA Passthrough</td>
</tr>
<tr>
<td style="text-align: left">Random Write (IOPS)</td>
<td style="text-align: center">88.55K</td>
<td style="text-align: center">99.76K</td>
<td style="text-align: center">+3.43%</td>
<td style="text-align: center">With HBA Passthrough</td>
</tr>
<tr>
<td style="text-align: left">Sequential Write (Bytes/Sec)</td>
<td style="text-align: center">1.31G</td>
<td style="text-align: center">1.35G</td>
<td style="text-align: center">+3.05%</td>
<td style="text-align: center">With HBA Passthrough</td>
</tr>
</tbody>
</table>
<p>Comparing the maximum results seen on each test, our results roughly match the orders of magnitude seen in the median results.</p>
<h3 id="minimums">Minimums</h3>
<table>
<thead>
<tr>
<th style="text-align: left">Test</th>
<th style="text-align: center">Without HBA PCI Passthrough (Minimums)</th>
<th style="text-align: center">With HBA PCI Passthrough (Minimums)</th>
<th style="text-align: center">% Gain or Loss</th>
<th style="text-align: center">Winner</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left">Random Read (IOPS)</td>
<td style="text-align: center">114.1K</td>
<td style="text-align: center">114.41K</td>
<td style="text-align: center">+0.27%</td>
<td style="text-align: center">With HBA Passthrough</td>
</tr>
<tr>
<td style="text-align: left">Sequential Read (Bytes/Sec)</td>
<td style="text-align: center">1.38G</td>
<td style="text-align: center">1.35G</td>
<td style="text-align: center">-2.17%</td>
<td style="text-align: center">Without HBA Passthrough</td>
</tr>
<tr>
<td style="text-align: left">Random Write (IOPS)</td>
<td style="text-align: center">80.62K</td>
<td style="text-align: center">88.77K</td>
<td style="text-align: center">+10.11%</td>
<td style="text-align: center">With HBA Passthrough</td>
</tr>
<tr>
<td style="text-align: left">Sequential Write (Bytes/Sec)</td>
<td style="text-align: center">1.19G</td>
<td style="text-align: center">1.27G</td>
<td style="text-align: center">+6.72%</td>
<td style="text-align: center">With HBA Passthrough</td>
</tr>
</tbody>
</table>
<p>Interestingly we see our first win for Without HBA Passthrough; minimum sequential read without HBA passthrough is 2.17% faster.</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>After implementing the HBA passthrough changes it is nice to have some figures to match the perceived performance gains. It’s not a placebo!</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="It's faaaaaast!" src="/images/nutanix-ce-hba-passthrough-testing/nutanix-ce-hba-testing-13.gif" /></p>
<p>Looking to the future, the even better news is that as it stands today, when CE is deployed on systems using NVMe drives, the CE installer will pass the NVMe controller(s) through to the CVM natively - no need for the modifications discussed in this and the previous posts. Thanks to <a href="https://www.linkedin.com/in/mat-brown-mb2018/" target="_blank">Matt Brown</a> for your assistance confirming this! :thumbsup:</p>
<p>Finally, <a href="https://www.reddit.com/r/nutanix/comments/1avpdth/comment/krczbmn/?utm_source=share&utm_medium=web2x&context=3" target="_blank">this all might be academic one day</a>. Fingers crossed Jon! :trophy:</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nutanix-community-edition-hba-passthrough-testing/">Testing Nutanix Community Edition HBA Passthrough</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 27, 2024.</p>
https://polarclouds.co.uk/vmware-vexpert-20242024-02-23T00:00:00+00:002024-02-23T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VMware vExpert" src="/images/vmware-vexpert/vexpert.png" />
<br />
Yup, that’s right… for the fifth consecutive year. Yep, the Quintuple!</p>
<p>I’ve again been appraised, approved and deemed worthy to be a VMware vExpert.</p>
<p>Cheers again to all a <del>VMware</del> Broadcom for the accolade.</p>
<p>Check me out in the <a href="https://vexpert.vmware.com/directory/5800" target="_blank">vExpert Directory</a>.</p>
<p>-Chris
<br />
<img style="display: block; margin-left: auto; margin-right: auto;" alt="VMware vExpert 2023" src="/images/pages/vexpert2024.png" /></p>
<p><a href="https://polarclouds.co.uk/vmware-vexpert-2024/">VMware vExpert 2024</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 23, 2024.</p>
https://polarclouds.co.uk/nutanix-community-edition-hba-passthrough2024-02-20T00:00:00+00:002024-02-20T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Nutanix CE HBA Passthrough" src="/images/nutanix-ce-hba-passthrough/nutanix-ce-hba-passthrough-01.png" />
With the demise of the free edition of VMware ESXi as per <a href="https://kb.vmware.com/s/article/2107518" target="_blank">VMware KB2107518</a>, what better time to give the free <a href="https://www.nutanix.com/uk/products/community-edition" target="_blank">Nutanix Community Edition</a> a test drive instead?</p>
<p>When Community Edition was being developed, certain choices were made to ensure Community Edition (CE) compatibility with the widest range of hardware possible, one of which was the virtualisation of the storage controller - also known as a Host Bus Adapter (HBA) - by the hypervisor, in CE’s case Nutanix AHV.</p>
<p>The downside of this compatibility choice is CE’s storage I/O is not as performant as the enterprise versions of Nutanix AOS. This post attempts to address that difference and (when using the correct hardware) reconfigure CE to match the storage performance its enterprise sibling.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#quick-refresher" id="markdown-toc-quick-refresher">Quick Refresher</a></li>
<li><a href="#hardware-requirements" id="markdown-toc-hardware-requirements">Hardware Requirements</a> <ul>
<li><a href="#hypervisor-boot-storage" id="markdown-toc-hypervisor-boot-storage">Hypervisor Boot Storage</a></li>
<li><a href="#user-vm-storage" id="markdown-toc-user-vm-storage">User VM Storage</a></li>
</ul>
</li>
<li><a href="#community-edition-installation" id="markdown-toc-community-edition-installation">Community Edition Installation</a></li>
<li><a href="#hba-passthrough-configuration---information-gathering" id="markdown-toc-hba-passthrough-configuration---information-gathering">HBA Passthrough Configuration - Information Gathering</a> <ul>
<li><a href="#vt-d-extensions" id="markdown-toc-vt-d-extensions">VT-d Extensions</a></li>
<li><a href="#finding-the-hba-to-passthrough" id="markdown-toc-finding-the-hba-to-passthrough">Finding the HBA to Passthrough</a></li>
</ul>
</li>
<li><a href="#hba-passthrough-configuration---making-changes" id="markdown-toc-hba-passthrough-configuration---making-changes">HBA Passthrough Configuration - Making Changes</a> <ul>
<li><a href="#shutdown-vms" id="markdown-toc-shutdown-vms">Shutdown VMs</a></li>
<li><a href="#detach-hba-from-ahv" id="markdown-toc-detach-hba-from-ahv">Detach HBA from AHV</a></li>
<li><a href="#attach-hba-to-cvm" id="markdown-toc-attach-hba-to-cvm">Attach HBA to CVM</a></li>
</ul>
</li>
<li><a href="#fire-in-the-hole" id="markdown-toc-fire-in-the-hole">Fire in the Hole!</a> <ul>
<li><a href="#start-the-cvm" id="markdown-toc-start-the-cvm">Start the CVM</a></li>
<li><a href="#checking-cvm-hbas" id="markdown-toc-checking-cvm-hbas">Checking CVM HBAs</a></li>
<li><a href="#set-cvm-to-auto-start" id="markdown-toc-set-cvm-to-auto-start">Set CVM to Auto Start</a></li>
</ul>
</li>
<li><a href="#conclusion-wrap-up-and-further-reading" id="markdown-toc-conclusion-wrap-up-and-further-reading">Conclusion, Wrap Up and Further Reading</a> <ul>
<li><a href="#a-quick-word-on-hardware-compatibility-and-support" id="markdown-toc-a-quick-word-on-hardware-compatibility-and-support">A Quick Word on Hardware Compatibility and Support</a></li>
</ul>
</li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="quick-refresher">Quick Refresher</h2>
<p>As discussed in a <a href="/nested-nutanix-ce-deployment/#nutanix---introduction--architecture" target="_blank">previous post</a>, Nutanix AOS employs a Control VM (CVM) to manage the operation of a cluster. Every node (aka host in VMware parlance) in a Nutanix cluster houses and runs a CVM.</p>
<p>Along with cluster management, configuration and other duties, the CVM directly manages the local storage contained in the node that it is running on. In the enterprise version of AOS it is able to do this via PCI passthrough of the storage controller to the CVM:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Node Architecture" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-02.png" /></p>
<p>Find out more at the <a href="https://www.nutanixbible.com/2c-book-of-basics-hyperconverged-platform.html" target="_blank">Nutanix Bible Book of Basics</a>.</p>
<h2 id="hardware-requirements">Hardware Requirements</h2>
<p>OK, so how do we go about this?
First off, we need to ensure that our CE node is using different storage controllers for its hypervisor boot and its user VM storage.</p>
<h3 id="hypervisor-boot-storage">Hypervisor Boot Storage</h3>
<p>This can be any type of storage. As discussed in the <a href="https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Community-Edition-Getting-Started-v2_0:top-sysreqs-ce-r.html" target="_blank">Recommended Community Edition Hardware documentation</a>:</p>
<blockquote>
<p>One 32 GB capacity device per node. It can be an external (such as USB flash drive) or internal device (such as SATA DOM, M.2 SSD or SATA SSD/HDD).</p>
<p>Nutanix has successfully tested and used external USB drives and internal devices such as a SATA DOM with AHV. Drives with high I/O speed and reliability are recommended. Note: Nutanix recommends to use USB 3.0 drives or higher to avoid hypervisor imaging timed out issues.</p>
</blockquote>
<p>In my case, I’m using a Dell PowerEdge R530:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Dell PowerEdge R530" src="/images/nutanix-ce-hba-passthrough/nutanix-ce-hba-passthrough-02.jpg" /></p>
<p>With an adapter fitted in the DVD ROM slot which in turn contains a SATA SSD:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="DVD ROM SATA Adapter" src="/images/nutanix-ce-hba-passthrough/nutanix-ce-hba-passthrough-03.jpg" /></p>
<p>For my hypervisor boot; the server boots from a 120GB SSD drive fitted into to the adapter.</p>
<h3 id="user-vm-storage">User VM Storage</h3>
<p>My Dell R530 was supplied with a PERC H730 HBA adapter. This adapter manages the drives fitted into the eight drive trays in the front of the R530:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="PERC H730" src="/images/nutanix-ce-hba-passthrough/nutanix-ce-hba-passthrough-04.jpg" /></p>
<p>I have configured this adapter to HBA mode as shown in this <a href="https://www.youtube.com/watch?v=l41rhE79vqU" target="_blank">Dell Enterprise YouTube video</a>.</p>
<h2 id="community-edition-installation">Community Edition Installation</h2>
<p>I’ve covered CE installation <a href="/nested-nutanix-ce-deployment/" target="_blank">previously</a>, so I won’t cover it again here, suffice to say double check that the drive you select for your hypervisor boot [H] is <strong>not</strong> a drive connected to the HBA you wish to passthrough to the CVM. In my case I selected my 120GB SATA fitted to my DVD ROM adapter.</p>
<h2 id="hba-passthrough-configuration---information-gathering">HBA Passthrough Configuration - Information Gathering</h2>
<p>With all of the above preamble out of the way, hardware correctly configured, CE installed and updated, lets get to it!</p>
<h3 id="vt-d-extensions">VT-d Extensions</h3>
<p>Firstly we need to ensure that our server BIOS and CE install are ready to pass PCI devices through to our CVM. Luckily for us this can be checked and confirmed with two commands.</p>
<p>After opening an SSH session to the AHV hypervisor, elevate to root and run the following command:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="o">[</span>root@AHV ~]# dmesg | <span class="nb">grep</span> <span class="s1">'Virtualization Technology'</span></code></pre></figure>
<p>Running the command on my server, I can see that VT-d is enabled (if VT-d was not enabled, no text would be returned):</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VT-d Enabled in BIOS" src="/images/nutanix-ce-hba-passthrough/nutanix-ce-hba-passthrough-05.png" /></p>
<p>Finally, let’s confirm that the Nutanix kernel has VT-d enabled :</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="o">[</span>root@AHV ~]# <span class="nb">grep </span>intel_iommu /boot/grub2/grub.cfg</code></pre></figure>
<p>Yep, as part of the default AHV hypervisor boot parameters <code class="language-plaintext highlighter-rouge">intel_iommu=on</code> is enabled:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VT-d Enabled in Kernel" src="/images/nutanix-ce-hba-passthrough/nutanix-ce-hba-passthrough-06.png" /></p>
<h3 id="finding-the-hba-to-passthrough">Finding the HBA to Passthrough</h3>
<p>Next we need to locate the HBA that we plan to pass though to our CVM. I happen to know that the Dell PERC H730 is hased on an LSI chipset and in so being is identified in Linux as a MegaRAID card. The HBA you plan to pass though to your CVM might be different. If it is, simply omit the <code class="language-plaintext highlighter-rouge">grep MegaRAID</code> from the following command:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="o">[</span>root@AHV ~]# lspci <span class="nt">-vv</span> | <span class="nb">grep </span>MegaRAID</code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Find HBA PCI ID" src="/images/nutanix-ce-hba-passthrough/nutanix-ce-hba-passthrough-07.png" /></p>
<p>The numbers at the beginning of the above represent the PCI bus ID of the HBA. From the screenshot you can see that my HBA is at PCI ID <code class="language-plaintext highlighter-rouge">01:00.0</code>. Plumbing the PCI ID into <a href="https://www.libvirt.org/manpages/virsh.html" target="_blank">virsh</a> to obtain more information on the HBA:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="o">[</span>root@AHV ~]# virsh nodedev-dumpxml pci_0000_01_00_0</code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Find HBA virsh" src="/images/nutanix-ce-hba-passthrough/nutanix-ce-hba-passthrough-08.png" /></p>
<p>Yep, virsh is listing that ID as the MegaRAID card. Make a note of the <code class="language-plaintext highlighter-rouge"><address domain='0x0000' bus='0x01' slot='0x00' function='0x0'/></code> information returned (yours may be different) as we will need this later.</p>
<h2 id="hba-passthrough-configuration---making-changes">HBA Passthrough Configuration - Making Changes</h2>
<h3 id="shutdown-vms">Shutdown VMs</h3>
<p>First off we need to shutdown all the VMs running on our node, including the CVM.</p>
<p>Once all other VMs are shut down, open an SSH session to the CVM and issue the following command to cleanly shutdown and power off the CVM:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">nutanix@CVM:~<span class="nv">$ </span>cvm_shutdown <span class="nt">-P</span></code></pre></figure>
<h3 id="detach-hba-from-ahv">Detach HBA from AHV</h3>
<p>Next, we need to tell AHV to relinquish use of the HBA. This is done via an SSH session to the AHV hypervisor:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="o">[</span>root@AHV ~]# virsh nodedev-detach pci_0000_01_00_0</code></pre></figure>
<p>If the above command is successful, the hypervisor will return nothing. No errors or confirmation.</p>
<h3 id="attach-hba-to-cvm">Attach HBA to CVM</h3>
<p>As a get out of jail card, should things go wrong or if we want to go back to the original configuration at a later date, let’s find and backup our CVM configuration first (replace the X’s with the details of your CVM):</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="o">[</span>root@AHV ~]# virsh list <span class="nt">--all</span>
<span class="o">[</span>root@AHV ~]# virsh dumpxml NTNX-XXXXXX-CVM <span class="o">></span> /root/NTNX-XXXXXX-CVM-ORIG.xml</code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Backup CVM Config" src="/images/nutanix-ce-hba-passthrough/nutanix-ce-hba-passthrough-09.png" /></p>
<p>Next, let’s edit the CVM VM configuration (again, replace the X’s with the details of your CVM):</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="o">[</span>root@AHV ~]# virsh edit NTNX-XXXXXX-CVM</code></pre></figure>
<p>The VM configuration editor is based on vi, so for those unfamiliar with vi - <a href="https://www.cs.colostate.edu/helpdocs/vi.html" target="_blank">Basic vi Commands</a>.</p>
<p>In the VM configuration, we need to delete all references to the disks connected to the HBA we will passthrough. I my case, I have three Samsung SSDs connected to my Dell PERC H730, I need to completely delete these three sections from the CVM config:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"> <disk <span class="nb">type</span><span class="o">=</span><span class="s1">'block'</span> <span class="nv">device</span><span class="o">=</span><span class="s1">'disk'</span><span class="o">></span>
<driver <span class="nv">name</span><span class="o">=</span><span class="s1">'qemu'</span> <span class="nb">type</span><span class="o">=</span><span class="s1">'raw'</span> <span class="nv">cache</span><span class="o">=</span><span class="s1">'none'</span> <span class="nv">io</span><span class="o">=</span><span class="s1">'native'</span>/>
<<span class="nb">source </span><span class="nv">dev</span><span class="o">=</span><span class="s1">'/dev/disk/by-id/ata-SAMSUNG_MZ7LH1T9HMLT-00005_XXXXXXXXXXXXXX'</span>/>
<backingStore/>
<target <span class="nv">dev</span><span class="o">=</span><span class="s1">'sda'</span> <span class="nv">bus</span><span class="o">=</span><span class="s1">'scsi'</span>/>
<serial>SXXXXXXXXXXXXXX</serial>
<wwn>XXXXXXXXXXXXXX</wwn>
<vendor>ATA</vendor>
<product>SAMSUNG MZ7LH1T9</product>
<address <span class="nb">type</span><span class="o">=</span><span class="s1">'drive'</span> <span class="nv">controller</span><span class="o">=</span><span class="s1">'0'</span> <span class="nv">bus</span><span class="o">=</span><span class="s1">'0'</span> <span class="nv">target</span><span class="o">=</span><span class="s1">'0'</span> <span class="nv">unit</span><span class="o">=</span><span class="s1">'0'</span>/>
</disk>
<disk <span class="nb">type</span><span class="o">=</span><span class="s1">'block'</span> <span class="nv">device</span><span class="o">=</span><span class="s1">'disk'</span><span class="o">></span>
<driver <span class="nv">name</span><span class="o">=</span><span class="s1">'qemu'</span> <span class="nb">type</span><span class="o">=</span><span class="s1">'raw'</span> <span class="nv">cache</span><span class="o">=</span><span class="s1">'none'</span> <span class="nv">io</span><span class="o">=</span><span class="s1">'native'</span>/>
<<span class="nb">source </span><span class="nv">dev</span><span class="o">=</span><span class="s1">'/dev/disk/by-id/ata-SAMSUNG_MZ7LH1T9HMLT-00005_XXXXXXXXXXXXXX'</span>/>
<backingStore/>
<target <span class="nv">dev</span><span class="o">=</span><span class="s1">'sdb'</span> <span class="nv">bus</span><span class="o">=</span><span class="s1">'scsi'</span>/>
<serial>XXXXXXXXXXXXXX</serial>
<wwn>XXXXXXXXXXXXXX</wwn>
<vendor>ATA</vendor>
<product>SAMSUNG MZ7LH1T9</product>
<address <span class="nb">type</span><span class="o">=</span><span class="s1">'drive'</span> <span class="nv">controller</span><span class="o">=</span><span class="s1">'0'</span> <span class="nv">bus</span><span class="o">=</span><span class="s1">'0'</span> <span class="nv">target</span><span class="o">=</span><span class="s1">'0'</span> <span class="nv">unit</span><span class="o">=</span><span class="s1">'1'</span>/>
</disk>
<disk <span class="nb">type</span><span class="o">=</span><span class="s1">'block'</span> <span class="nv">device</span><span class="o">=</span><span class="s1">'disk'</span><span class="o">></span>
<driver <span class="nv">name</span><span class="o">=</span><span class="s1">'qemu'</span> <span class="nb">type</span><span class="o">=</span><span class="s1">'raw'</span> <span class="nv">cache</span><span class="o">=</span><span class="s1">'none'</span> <span class="nv">io</span><span class="o">=</span><span class="s1">'native'</span>/>
<<span class="nb">source </span><span class="nv">dev</span><span class="o">=</span><span class="s1">'/dev/disk/by-id/ata-SAMSUNG_MZ7LH1T9HMLT-00005_XXXXXXXXXXXXXX'</span>/>
<backingStore/>
<target <span class="nv">dev</span><span class="o">=</span><span class="s1">'sdc'</span> <span class="nv">bus</span><span class="o">=</span><span class="s1">'scsi'</span>/>
<serial>XXXXXXXXXXXXXX</serial>
<wwn>XXXXXXXXXXXXXX</wwn>
<vendor>ATA</vendor>
<product>SAMSUNG MZ7LH1T9</product>
<address <span class="nb">type</span><span class="o">=</span><span class="s1">'drive'</span> <span class="nv">controller</span><span class="o">=</span><span class="s1">'0'</span> <span class="nv">bus</span><span class="o">=</span><span class="s1">'0'</span> <span class="nv">target</span><span class="o">=</span><span class="s1">'0'</span> <span class="nv">unit</span><span class="o">=</span><span class="s1">'2'</span>/>
</disk></code></pre></figure>
<p>Next, remove the virtual SCSI adapter from the CVM configuration too. I deleted the following section:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"> <controller <span class="nb">type</span><span class="o">=</span><span class="s1">'scsi'</span> <span class="nv">index</span><span class="o">=</span><span class="s1">'0'</span> <span class="nv">model</span><span class="o">=</span><span class="s1">'virtio-scsi'</span><span class="o">></span>
<address <span class="nb">type</span><span class="o">=</span><span class="s1">'pci'</span> <span class="nv">domain</span><span class="o">=</span><span class="s1">'0x0000'</span> <span class="nv">bus</span><span class="o">=</span><span class="s1">'0x00'</span> <span class="nv">slot</span><span class="o">=</span><span class="s1">'0x06'</span> <span class="k">function</span><span class="o">=</span><span class="s1">'0x0'</span>/>
</controller>
</code></pre></figure>
<p>Finally, add the details of the HBA into CVM config. A good place to add this is where we deleted the above controller section.</p>
<p>The <code class="language-plaintext highlighter-rouge"><address domain='0x0000' bus='0x01' slot='0x00' function='0x0'/></code> information was obtained when we ran the <code class="language-plaintext highlighter-rouge">virsh nodedev-dumpxml pci_0000_01_00_0</code> command previously.</p>
<p>The config I added to my CVM resembled the following:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><hostdev <span class="nv">mode</span><span class="o">=</span><span class="s1">'subsystem'</span> <span class="nb">type</span><span class="o">=</span><span class="s1">'pci'</span> <span class="nv">managed</span><span class="o">=</span><span class="s1">'yes'</span><span class="o">></span>
<<span class="nb">source</span><span class="o">></span> <address <span class="nv">domain</span><span class="o">=</span><span class="s1">'0x0000'</span> <span class="nv">bus</span><span class="o">=</span><span class="s1">'0x01'</span> <span class="nv">slot</span><span class="o">=</span><span class="s1">'0x00'</span> <span class="k">function</span><span class="o">=</span><span class="s1">'0x0'</span>/>
</source>
</hostdev></code></pre></figure>
<p>With all changes complete, save the config and exit the VM editor.</p>
<h2 id="fire-in-the-hole">Fire in the Hole!</h2>
<h3 id="start-the-cvm">Start the CVM</h3>
<p>With all changes done, there is nothing else left to do than to do the do. Let’s start the CVM (again, replace the X’s with the details of your CVM):</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="o">[</span>root@AHV ~]# virsh start NTNX-XXXXXX-CVM</code></pre></figure>
<p>You should receive the comforting confirmation the the CVM started OK.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="CVM Started" src="/images/nutanix-ce-hba-passthrough/nutanix-ce-hba-passthrough-10.png" /></p>
<p>If you do run into issues and need to restore yor CVM from the backup we took earlier, use the following commands (again, replace the X’s with the details of your CVM):</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="o">[</span>root@AHV ~]# virsh undefine NTNX-XXXXXX-CVM
<span class="o">[</span>root@AHV ~]# virsh define <span class="nt">--file</span> /root/NTNX-XXXXXX-CVM-ORIG.xml</code></pre></figure>
<p>After the CVM has booted and with a bit of luck you should be able to ping your CVM after a couple of minutes.</p>
<h3 id="checking-cvm-hbas">Checking CVM HBAs</h3>
<p>Right, we’ve updated our CVM config and our CVM boots. So far, so good. Let’s check to see if it is using our HBA. Open a SSH session to the CVM and check it’s PCI devices using <code class="language-plaintext highlighter-rouge">lspci</code>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="CVM lspci" src="/images/nutanix-ce-hba-passthrough/nutanix-ce-hba-passthrough-11.png" /></p>
<p>As a belt and braces move, lets see what disks our CVM can see via the passed through HBA using the <code class="language-plaintext highlighter-rouge">list_disks</code> command in the CVM:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="CVM disks" src="/images/nutanix-ce-hba-passthrough/nutanix-ce-hba-passthrough-12.png" /></p>
<div align="center">
<b>SUCCESS!!! The HBA and disks have been passed through to the CVM!!! Enjoy the speed boost!!!</b>
<br />
<br />
<img style="display: block; margin-left: auto; margin-right: auto;" alt="NICE!" src="/images/nutanix-ce-hba-passthrough/nice.gif" />
<b>NICE!</b>
</div>
<h3 id="set-cvm-to-auto-start">Set CVM to Auto Start</h3>
<p>Finally, finally, to ensure that the CVM auto starts next time we start the node, back in the SSH session to the hypervisor, run the following command (again, replace the X’s with the details of your CVM):</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="o">[</span>root@AHV ~]# virsh autostart NTNX-XXXXXX-CVM</code></pre></figure>
<h2 id="conclusion-wrap-up-and-further-reading">Conclusion, Wrap Up and Further Reading</h2>
<p>With that done, we now have a Community Edition installation with storage performance equivalent to that of an enterprise installation. Nice.</p>
<p>In this post we took advantage of the fact that Nutanix AOS runs Linux <a href="https://linux-kvm.org/page/Main_Page" target="_blank">Kernel Virtual Machine (KVM)</a> under the covers as it’s virtualisation engine. From there we used some generic KVM knowledge to find pass our HBA through to the VM that manages all the storage in our Nutanix node; the CVM.</p>
<p>Some further reading:</p>
<ul>
<li><a href="https://www.linuxquestions.org/questions/linux-newbie-8/how-can-assign-hba-port-directly-to-kvm-virtual-guest-by-pci-passtrough-4175467325/" target="_blank">A LinuxQuestions Thread</a> that proved invaluable when trying this for the first time and ultimately putting this post together</li>
<li><a href="https://portal.nutanix.com/kb/7154" target="_blank">Nutanix KB 7154: CVM might not boot after hardware replacement due to PCI re-numbering on AHV</a> discusses editing the CVM config with respect to HBA passthrough</li>
<li><a href="https://portal.nutanix.com/kb/1113" target="_blank">Nutanix KB 1113: HDD, SSD, and HBA troubleshooting</a></li>
</ul>
<h3 id="a-quick-word-on-hardware-compatibility-and-support">A Quick Word on Hardware Compatibility and Support</h3>
<p>Nutanix hardware compatibility is detailed in <a href="https://www.nutanix.com/uk/products/hardware-platforms" target="_blank">Supported Hardware Platforms and Public Clouds</a>.
The whole ethos behind CE is that support comes from the community as per the <a href="https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Community-Edition-Getting-Started-v2_0:top-support-learn-more-ce-c.html" target="_blank">CE documentation</a>.</p>
<p>Is this level of modification supported? No, but I’m happy to run my CE install with a config that matches that seen in Nutanix enterprise deployments and enjoy the performance boost.</p>
<p>Want to see the numbers behind the boost? Take a look at my post <a href="/nutanix-community-edition-hba-passthrough-testing/" target="_blank">Testing Nutanix Community Edition HBA Passthrough</a>.</p>
<p>Until next time…</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nutanix-community-edition-hba-passthrough/">Nutanix Community Edition HBA Passthrough</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 20, 2024.</p>
https://polarclouds.co.uk/nutanix-certified-master-multicloud-infrastructure2023-10-30T00:00:00+00:002023-10-30T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Nutanix NCM-MCI" src="/images/nutanix-certified-master-multicloud-infrastructure/nutanix-certified-master-multicloud-infrastructure.png" /></p>
<p>Yours truly is now a Nutanix Certified Master in Multicloud Infrastructure (an NCM-MCI)!</p>
<p>The Nutanix Certified Master - Multicloud Infrastruture (NCM-MCI) certification measures your ability to analyse, evaluate, and optimize platform performance, configuration and health. The exam will also validate the candidate’s ability to remediate and evolve the platform to be in compliance with business requirements.</p>
<p>Find out more at <a href="https://www.nutanix.com/support-services/training-certification/certifications/certification-details-ncm-mci" target="_blank">Nutanix.com</a>.</p>
<p>Link to my achievement via <a href="https://www.credly.com/badges/2450b422-6849-4560-bdba-ecc0334b8e41/public_url" target="_blank">Credly</a>.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nutanix-certified-master-multicloud-infrastructure/">Nutanix Certified Master - Multicloud Infrastructure</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on October 30, 2023.</p>
https://polarclouds.co.uk/nutanix-budget-vm-recovery2023-07-27T01:00:00+01:002023-07-27T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Nutanix and ESXi" src="/images/ntx-budget-vm-recovery/ntx-budget-vm-recovery-00.png" />
Back in August 2020, we took a look at VMware vSphere VM recovery on a budget. The main ‘thrust’ of the series was to look at cross site replication of VMware vSphere VMs without breaking the bank.</p>
<p>During the series we looked at deploying and leveraging vSphere Replication.</p>
<p>If you missed it, <a href="/budget-vm-recovery-pt1/" target="_blank">take a look now</a>, it’s a great series if I do say so myself!</p>
<p>In this follow up series, we will look at achieving the same level of resiliency, however this time we will use Nutanix Protection Domains.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#what-is-a-nutanix-protection-domain" id="markdown-toc-what-is-a-nutanix-protection-domain">What is a Nutanix Protection Domain?</a></li>
<li><a href="#requirements" id="markdown-toc-requirements">Requirements</a></li>
<li><a href="#local-protection-domains" id="markdown-toc-local-protection-domains">Local Protection Domains</a></li>
<li><a href="#configuring-remote-sites-for-protection-domains" id="markdown-toc-configuring-remote-sites-for-protection-domains">Configuring Remote Sites for Protection Domains</a></li>
<li><a href="#creating-a-site-to-site-protection-domain" id="markdown-toc-creating-a-site-to-site-protection-domain">Creating a Site to Site Protection Domain</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="what-is-a-nutanix-protection-domain">What is a Nutanix Protection Domain?</h2>
<p>A protection domain is a group of VMs or volume groups that you can either snapshot locally or replicate to one or more clusters when you have a remote site configured. Prism Element uses protection domains when replicating between remote sites. Essentially a Nutanix Protection domain can achieve the same cross site VM resiliency that vSphere Replication can.</p>
<h2 id="requirements">Requirements</h2>
<p>Let’s look at the software requirements required to deploy VMware vSphere Replication and Nutanix Protection Domains:</p>
<p><strong>VMware vSphere Replication</strong>:</p>
<ul>
<li>2 x ESXi Clusters - Minimum of 1 ESXi host per cluster per site</li>
<li>vCenter Server - Minimum of 1 vCenter Server managing both sites</li>
<li>2 x vSphere Recovery Appliances - Minimum of 1 appliance per site</li>
</ul>
<p><strong>Nutanix Protection Domains</strong>:</p>
<ul>
<li>2 x Nutanix Clusters - Minimum of 1 node (can be AHV or ESXi) per cluster per site</li>
</ul>
<p>And that’s it. Nutanix Prism Central (analogous to VMware vCenter) is NOT required. Specialist single use replication / recovery appliances are also not required.</p>
<p>All of the required functionality is <strong>built in to Prism Element</strong> running on the CVM VMs.</p>
<p>Let’s take a look at a two site Nutanix Protection Domain deployment:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Protection Domains" src="/images/ntx-budget-vm-recovery/ntx-budget-vm-recovery-01.png" /></p>
<p>In the above diagram we have two sites (Site A and Site B) both running a single node AHV clusters. Site A is running our protected production VM Stack. Site B contains our replicated VMs.</p>
<p>The Site A replica VMs housed in Site B are offline until needed, for example in the event of a disaster. Other production VMs can also run at Site B, however for clarity I have not shown them in the above diagram.</p>
<h2 id="local-protection-domains">Local Protection Domains</h2>
<p>In the same way that vSphere replication can be configured to locally protect VM(s); Nutanix Protection Domains can also be configured to locally protect VM(s), keeping snapshots local to the cluster currently running the VM(s).</p>
<p>Let’s look at configuring local protection domains.</p>
<p>After logging into Prism Element running on the cluster with the VMs to be protected, use the drop down to select the <strong>Data Protection</strong> dashboard. From there, select <strong>Table</strong> and <strong>Async DR</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Protection Domains 1" src="/images/ntx-budget-vm-recovery/ntx-budget-vm-recovery-02.png" /></p>
<p>To create a protection domain, select <strong>+ Protection Domain</strong> (top right) and <strong>Async DR</strong>. The protection domain wizard will launch:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Protection Domains 2" src="/images/ntx-budget-vm-recovery/ntx-budget-vm-recovery-03.png" /></p>
<p>I’ll name my protection domain <strong>SITE-A-LOCAL-PD</strong> (PD for Protection Domain). Click <strong>Create</strong> to continue.</p>
<p>In the Entities screen, I’ll select my VM to protect, in my case my Windows 10 VM, I’ll create a new Consistency Group called <strong>SITE-A-LOCAL-CG</strong> (Consistency Group) and finally I’ll select <strong>Protect Selected Entities</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Protection Domains 3" src="/images/ntx-budget-vm-recovery/ntx-budget-vm-recovery-04.png" /></p>
<p>After clicking <strong>Next</strong>, select <strong>New Schedule</strong>.</p>
<p>I’ll create a snapshot every hour and hold onto the last 2 snapshots:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Protection Domains 4" src="/images/ntx-budget-vm-recovery/ntx-budget-vm-recovery-05.png" /></p>
<p>Finally I’ll select <strong>Create Schedule</strong> and <strong>Close</strong> to complete the protection domain creation.</p>
<p>Back at the Data Protection > Async DR > Table upon selecting the SITE-A-LOCAL-PD protection domain and then selecting the <strong>Local Snapshots</strong> table, I can see that a snapshot has already been created and is available for restore for the next two hours:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Protection Domains 5" src="/images/ntx-budget-vm-recovery/ntx-budget-vm-recovery-06.png" /></p>
<p>My VM is now locally protected.</p>
<h2 id="configuring-remote-sites-for-protection-domains">Configuring Remote Sites for Protection Domains</h2>
<p>Having a local protection domain is fine and has legitimate uses, however what happens if I loose my local site?</p>
<p>How about placing the protection domain snapshots on a remote site for recovery either at the remote site or back on our local site, once the local site is running again?</p>
<p>First off, let’s connect a remote site. Back in our <strong>Data Protection</strong> dashboard, let’s select <strong>Remote Site</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Protection Domains 9" src="/images/ntx-budget-vm-recovery/ntx-budget-vm-recovery-10.png" /></p>
<p>Select <strong>+Remote Site</strong> (top right) and <strong>Physical Cluster</strong>.</p>
<p>I’ll name my remote site cluster <strong>SITE-B-CLUSTER</strong>. As we are looking to use the remote site for disaster recovery, select <strong>Disaster Recovery</strong></p>
<p>The Cluster Virtual IP of SITE-B-CLUSTER can be found by browsing to SITE-B-CLUSTER’s Prism Element as discussed <a href="/nested-nutanix-ce-deployment-pt2/#cluster-name" target="_blank">here</a>.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Protection Domains 10" src="/images/ntx-budget-vm-recovery/ntx-budget-vm-recovery-11.png" /></p>
<p>Click <strong>Add Site</strong>.</p>
<p>Optionally, I’ll configure my Network Mappings, that is I’ll map my Site A VM primary network to my Site B VM primary network. Both my Site A and Site B VM production networks are named “Primary”.</p>
<p>With this configured, data protection will be able to connect our Site A recovered VM(s) to the correctly mapped network at Site B:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Protection Domains 11" src="/images/ntx-budget-vm-recovery/ntx-budget-vm-recovery-12.png" /></p>
<p>Hit <strong>Save</strong> to complete the wizard.</p>
<p>After logging onto Prism Element at Site B, add the reciprocal remote site (Site A) along with the network mappings:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Protection Domains 12" src="/images/ntx-budget-vm-recovery/ntx-budget-vm-recovery-13.png" /></p>
<h2 id="creating-a-site-to-site-protection-domain">Creating a Site to Site Protection Domain</h2>
<p>Unsurprisingly this is a “rinse and repeat” of the Local protection domain covered earlier. The only difference is the destination is SITE-B-CLUSTER on Site B.</p>
<p>I’ll call this protection domain <strong>Site-A-to-Site-B-PD</strong> (Protection Domain):</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Protection Domains 13" src="/images/ntx-budget-vm-recovery/ntx-budget-vm-recovery-14.png" /></p>
<p>Again, I’ll create a consistency group for the protection domain and add the VM(s) I wish to protect:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Protection Domains 14" src="/images/ntx-budget-vm-recovery/ntx-budget-vm-recovery-15.png" /></p>
<p>Finally, I’ll configure the protection domain to keep two hourly snapshots locally an replicate one hourly snapshot to SITE-B-CLUSTER on my remote site:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Protection Domains 15" src="/images/ntx-budget-vm-recovery/ntx-budget-vm-recovery-16.png" /></p>
<p>And that’s it!</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>In this post we briefly looked at Nutanix Protection Domains in comparison to VMware vSphere Replication.</p>
<p>From there we found that we need no additional software, management or replication appliances in order to enable Nutanix Protection Domains.</p>
<p>Finally we configured both local and remote protection domains to ensure that our mission critical VMs were protected from disaster.</p>
<p>Next time we’ll get into a disaster and recover from it. Spoiler alert: <a href="/budget-vm-recovery-pt3/" target="_blank">Something like this</a>.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nutanix-budget-vm-recovery/">Nutanix VM Recovery on a Budget - Part 1</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on July 27, 2023.</p>
https://polarclouds.co.uk/nutanix-prism-central-deployment2023-06-21T01:00:00+01:002023-06-21T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Nutanix and ESXi" src="/images/nutanix-prism-central-deployment/nutanix-prism-central-deployment-00.png" />
Continuing with our series looking at Nutanix, today we will take a look at Prism Central and its deployment.</p>
<p>First off, for my non-Nutanix familiar readers, what is Prism Central?</p>
<p>In much the same way as VMware vCenter is a separate application that can be deployed to manage multiple VMware vSphere clusters, Prism Central (PC) is a separate application that can be deployed to manage multiple Nutanix clusters.</p>
<p>Much like vCenter and vCenter High Availability, Prism Central can be deployed as a single virtual machine or in a three node “scale out” cluster. The scale out PC deployment option can provide additional resiliency in environments that require it.</p>
<p>Unlike vCenter, Prism Element - the default host management plane deployed when you deploy a Nutanix host and it’s control VM - is still required to manage some lower level configuration of hosts and VMs.</p>
<p>Having said that, also unlike vCenter, Prism Central is also used to enable and manage the following products:</p>
<ul>
<li>Flow (Virtual Networking and Micro-segmentation)</li>
<li>Calm (Automation)</li>
<li>Files (SMB and NFS File Services)</li>
<li>Foundation Central (Cluster Deployment)</li>
<li>Karbon (Kubernetes)</li>
<li>Objects (S3 Compatible Storage)</li>
</ul>
<p>Finally, both VM protection and VM efficiency analysis are also built into Prism Central, rather than requiring a separate products and licences such as VMware Site Recovery Manager for VM protection and VMware vRealise (or Aria as it is now called) for VM efficiency monitoring.</p>
<p>Looking VM efficiency in PC for example, we can see:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VM efficiency" src="/images/nutanix-prism-central-deployment/nutanix-prism-central-deployment-23.png" /></p>
<p>Nice!</p>
<p>Not only that, Prism Central can also perform <a href="https://portal.nutanix.com/page/documents/details?targetId=Prism-Central-Guide-vpc_2023_1_0_1:mul-resource-planning-pc-c.html" target="_blank">full capacity planning and reporting</a> out of the box.</p>
<p>Although we are getting ahead of ourselves. Let’s deploy Prism Central already!</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#prism-central-deployment" id="markdown-toc-prism-central-deployment">Prism Central Deployment</a></li>
<li><a href="#web-ssl-certificate-replacement" id="markdown-toc-web-ssl-certificate-replacement">Web SSL Certificate Replacement</a></li>
<li><a href="#find-out-for-yourself" id="markdown-toc-find-out-for-yourself">Find Out for Yourself</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="prism-central-deployment">Prism Central Deployment</h2>
<p>From our community edition deployment, select the <strong>Register or create new</strong> option:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="PC Deploy 1" src="/images/nutanix-prism-central-deployment/nutanix-prism-central-deployment-01.png" />
New please:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="PC Deploy 2" src="/images/nutanix-prism-central-deployment/nutanix-prism-central-deployment-02.png" /></p>
<p>Let’s select the latest compatible version:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="PC Deploy 3" src="/images/nutanix-prism-central-deployment/nutanix-prism-central-deployment-03.png" /></p>
<p>As this is a test lab, let’s go with a single VM PC deployment:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="PC Deploy 4" src="/images/nutanix-prism-central-deployment/nutanix-prism-central-deployment-04.png" /></p>
<p>Again, as this is a lab, let’s go with the small option. We will also configure networking and storage:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="PC Deploy 5" src="/images/nutanix-prism-central-deployment/nutanix-prism-central-deployment-05.png" /></p>
<p>As well as the hostname and IP address of our PC VM:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="PC Deploy 6" src="/images/nutanix-prism-central-deployment/nutanix-prism-central-deployment-06.png" /></p>
<p>Confirm configuration and click <strong>Deploy</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="PC Deploy 7" src="/images/nutanix-prism-central-deployment/nutanix-prism-central-deployment-07.png" /></p>
<p>Monitoring the deployment via the Prism Element tasks view:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="PC Deploy 8" src="/images/nutanix-prism-central-deployment/nutanix-prism-central-deployment-08.png" />
A quick look at the newly deployed PC VM console:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="PC Deploy 9" src="/images/nutanix-prism-central-deployment/nutanix-prism-central-deployment-09.png" />
Finally, after deployment, let’s browse to our Prism Central VM:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="PC Deploy 10" src="/images/nutanix-prism-central-deployment/nutanix-prism-central-deployment-10.png" />
As was seen when deploying our host, Chrome does not like the out of the box SSL certificate. Easily fixed by clicking on the browser window and typing:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">thisisunsafe</code></pre></figure>
<p>The default credentials are:</p>
<ul>
<li>Username: <strong>admin</strong></li>
<li>Password: <strong>Nutanix/4u</strong></li>
</ul>
<p>Let’s create a new password:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="PC Deploy 11" src="/images/nutanix-prism-central-deployment/nutanix-prism-central-deployment-11.png" />
Continue with Pulse telemetry enabled:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="PC Deploy 12" src="/images/nutanix-prism-central-deployment/nutanix-prism-central-deployment-12.png" />
Deployment complete!</p>
<p>What’s more is that we have 90 days of Prism Central Ultimate out of the box too:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="PC Deploy 13" src="/images/nutanix-prism-central-deployment/nutanix-prism-central-deployment-13.png" />
Back in Prism Element, let’s connect our cluster to our newly deployed Prism Central. Select the <strong>Register or create new</strong> option again and select <strong>Connect</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="PC Deploy 14" src="/images/nutanix-prism-central-deployment/nutanix-prism-central-deployment-14.png" /></p>
<p>Click <strong>Next</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="PC Deploy 15" src="/images/nutanix-prism-central-deployment/nutanix-prism-central-deployment-15.png" /></p>
<p>Supply our newly deployed Prism Central details and <strong>Connect</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="PC Deploy 16" src="/images/nutanix-prism-central-deployment/nutanix-prism-central-deployment-16.png" /></p>
<p>Again we can monitor the connection process via the Prism Element tasks view:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="PC Deploy 17" src="/images/nutanix-prism-central-deployment/nutanix-prism-central-deployment-17.png" />
Back in Prism Central we can see that our cluster connection is complete. Notice that our cluster SITE-A-CLUSTER listed:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="PC Deploy 18" src="/images/nutanix-prism-central-deployment/nutanix-prism-central-deployment-18.png" /></p>
<h2 id="web-ssl-certificate-replacement">Web SSL Certificate Replacement</h2>
<p>Finally, let’s fix our web SSL certificate to keep Chrome happy.</p>
<p>Click the hamburger menu (top left hand corner), scroll down to and select <strong>Prism Central Settings</strong>, select <strong>SSL Certificate</strong> and <strong>Replace Certificate</strong>:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="PC Deploy 19" src="/images/nutanix-prism-central-deployment/nutanix-prism-central-deployment-19.png" />
As this is a lab, I’ll go with regenerating another self signed certificate:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="PC Deploy 20" src="/images/nutanix-prism-central-deployment/nutanix-prism-central-deployment-20.png" />
Allow time for the certificate to be generated imported into Prism Central. A refresh and Chrome now gives us the option to proceed:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="PC Deploy 21" src="/images/nutanix-prism-central-deployment/nutanix-prism-central-deployment-21.png" />
Job done! Prism Central deployed and managing our cluster:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="PC Deploy 22" src="/images/nutanix-prism-central-deployment/nutanix-prism-central-deployment-22.png" /></p>
<h2 id="find-out-for-yourself">Find Out for Yourself</h2>
<p>Don’t just take my word for it, have a look and play with a Prism Central instance for yourself at <a href="https://demo.nutanix.com" target="_blank">demo.nutanix.com</a>:</p>
<p><a target="_blank" href="https://demo.nutanix.com"><img style="display: block; margin-left: auto; margin-right: auto;" alt="PC Demo" src="/images/nutanix-prism-central-deployment/nutanix-prism-central-deployment-24.png" /></a></p>
<p style="text-align: center;">(Click image above to go to demo.nutanix.com)</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>A high level look at Nutanix Prism Central, it’s capabilities and it’s deployment.</p>
<p>As opposed to the VMware model where each service requires it’s own management console - for example VMware NSX manager for virtual networking and micro-segmentation, VMware SRM manager for VM protection; Nutanix Prism Central provides a “one stop shop” for these services and more - built in.</p>
<p>For those that need it the <a href="https://portal.nutanix.com/page/documents/list?type=software&filterKey=software&filterVal=Prism" target="_blank">Prism Central Documentation ‘stack’</a> is available publicly without the need for a logon.</p>
<p>Finally, finally, given <a href="https://www.reuters.com/markets/deals/eu-antitrust-regulators-okay-broadcom-vmware-deal-sources-says-2023-06-12/" target="_blank">recent news</a> would not now be a great time to start looking at alternatives?</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nutanix-prism-central-deployment/">Nutanix Prism Central Deployment</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on June 21, 2023.</p>
https://polarclouds.co.uk/nutanix-certified-professional-unified-storage2023-05-31T01:00:00+01:002023-05-31T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Nutanix NCP-US" src="/images/pages/ncp-us.png" /></p>
<p>Yours truly is now a Nutanix Certified Professional in Unified Storage (an NCP-US)!</p>
<p>The Nutanix Certified Professional – Unified Storage (NCP-US) certification validates your skills and abilities to deploy, configure, optimize, troubleshoot, and perform administrative tasks on the Nutanix Unified Storage technologies: Files, Objects, and Volumes.</p>
<p>Find out more at <a href="https://www.nutanix.com/support-services/training-certification/certifications/certification-details-nutanix-certified-professional-unified-storage-v6" target="_blank">Nutanix Training and Certification</a>.</p>
<p>Link to my achievement via <a href="https://www.credly.com/badges/3f3278eb-690f-4af3-a301-265c7427c821/public_url" target="_blank">Credly</a>.</p>
<p>Find out about my other <a href="/pages/qualifications/" target="_blank">qualifications, certifications and accreditations</a>.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nutanix-certified-professional-unified-storage/">Nutanix Certified Professional - Unified Storage</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on May 31, 2023.</p>
https://polarclouds.co.uk/nutanix-storage-protection-concepts2023-04-25T01:00:00+01:002023-04-25T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Nutanix and ESXi" src="/images/nutanix-storage-protection-concepts/nutanix-storage-protection-concepts-00.png" />
Last time we looked at how our Nutanix cluster ingests our data into it’s Distributed Storage Fabric (DSF) and the concepts behind the ingestion. This time we will look at how the DSF protects the ingested data within the cluster.</p>
<p>If you missed the previous post, you can find it here: <a href="/nutanix-storage-concepts/" target="_blank">Nutanix Distributed Storage Fabric Concepts</a>.</p>
<p>I’m going to call it before we get into the weeds: Having two concepts with the the same acronym “RF” is… confusing. In blogs, discussion threads and some third party media, “RF” can mean either Redundancy Factor <em>OR</em> Replication Factor. Thus descriptions and meanings get real confusing real quick!</p>
<p>Anyway, let’s get to it.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#availability-domains--fault-tolerance-domains" id="markdown-toc-availability-domains--fault-tolerance-domains">Availability Domains / Fault Tolerance Domains</a></li>
<li><a href="#redundancy-factor-hardware" id="markdown-toc-redundancy-factor-hardware">Redundancy Factor (Hardware)</a></li>
<li><a href="#replication-factor-data" id="markdown-toc-replication-factor-data">Replication Factor (Data)</a></li>
<li><a href="#erasure-coding" id="markdown-toc-erasure-coding">Erasure Coding</a></li>
<li><a href="#data-locality-networking-and-io" id="markdown-toc-data-locality-networking-and-io">Data Locality, Networking and I/O</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h3 id="availability-domains--fault-tolerance-domains">Availability Domains / Fault Tolerance Domains</h3>
<p><em>Analogous to VMware <a href="https://docs.vmware.com/en/VMware-vSphere/8.0/vsan-planning/GUID-FE7DBC6F-C204-4137-827F-7E04FE88D968.html" target="_blank">vSAN Fault Domains</a></em>.<br />
A Nutanix cluster leveraging DSF can be configured to tolerate one or two failures (depending on the replication factor of the cluster or container) of a variety of hardware components while still running guest VMs and responding to commands through the management console.
These failures can be be thought of in terms of fault domains. There are four fault domains in a Nutanix Cluster:</p>
<ul>
<li>Disk</li>
<li>Node</li>
<li>Block</li>
<li>Rack</li>
</ul>
<p>Looking at our Nutanix AHV node we deployed <a href="/nested-nutanix-ce-deployment/" target="_blank">previously</a>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Availability Domain" src="/images/nutanix-storage-protection-concepts/nutanix-storage-protection-concepts-01.png" />
We have one node, therefore not many options!</p>
<h3 id="redundancy-factor-hardware">Redundancy Factor (Hardware)</h3>
<p>Redundancy factor refers to the number of hardware failures (such as a node failure or a disk failure) that a cluster is able to withstand while still continuing to operate. By default, Nutanix clusters (with the recommended minimum of 3 nodes) have a redundancy factor of 2. This means they can tolerate the failure of a single availability domain (disk, node, etc).</p>
<p>Redundancy factors of 1 and 3 are also available as a configurable options. A redundancy factor of 1 means that the cluster is not redundant; one disk or node failure will cause the cluster to fail.</p>
<p>A redundancy factor 3 on the other hand, allows a cluster to withstand the failure of two availability domains. However, it is important to note that:</p>
<ul>
<li>A cluster must have at least five availability domains for redundancy factor 3 to be enabled.</li>
<li>For guest VMs to tolerate the simultaneous failure of two availability domains, the data must be stored on storage containers with replication factor 3. In other words, it is not possible to configure a replication factor higher than the current redundancy factor.</li>
</ul>
<h3 id="replication-factor-data">Replication Factor (Data)</h3>
<p><em>Analogous to VMware <a href="https://docs.vmware.com/en/VMware-vSphere/8.0/vsan-administration/GUID-C8E919D0-9D80-4AE1-826B-D180632775F3.html" target="_blank">vSAN Policies</a></em>.<br />
Replication factor refers to the number of copies of data and metadata that will be maintained on a cluster.</p>
<p>A replication factor of 2 means that 2 copies of data will be available (1 original and 1 copy), while replication factor 3 means that 3 copies of data will be available (1 original and 2 copies).
While replication factor 1 is available (only the original data will be maintained, with no copies) it is not recommended unless your cluster is running applications that provide their own data protection or high availability.</p>
<p>As discussed <a href="/nutanix-storage-concepts/#oplog" target="_blank">here in the previous post</a>, the OpLog acts as a staging area to absorb incoming writes onto the low-latency SSD tier. When data is written to a local OpLog, it is synchronously replicated to another one or two Nutanix CVM’s OpLog (one other OpLog for RF2 and two other OpLogs for RF3) before being acknowledged as a successful write to the host. This ensures that the data exists in at least two or three independent locations and is fault tolerant.</p>
<p>It is important to note that replication factor is handled differently for data and metadata.</p>
<ul>
<li>For data RF2, there will be two copies of data and three copies of metadata.</li>
<li>For data RF3, there will be three copies of data and five copies of metadata.</li>
</ul>
<p>Metadata replication factor cannot be set or configured independently of data replication factor, and is dependent on data replication factor and the cluster’s redundancy factor.</p>
<p>If you are still unsure on the two RF’s, here’s a five minute video that should help:</p>
<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/tVPhl52thDY" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen=""></iframe>
<p><br />
Looking at our Nutanix AHV node we deployed <a href="/nested-nutanix-ce-deployment/" target="_blank">previously</a>:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="RF and RF" src="/images/nutanix-storage-protection-concepts/nutanix-storage-protection-concepts-02.png" />
And our storage containers:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Storage Container RF" src="/images/nutanix-storage-protection-concepts/nutanix-storage-protection-concepts-03.png" />
One AHV node so a redundancy factor of 1 and a replication factor of 1 across the board.</p>
<h3 id="erasure-coding">Erasure Coding</h3>
<p><em>Analogous to VMware <a href="https://docs.vmware.com/en/VMware-vSphere/8.0/vsan-administration/GUID-AD408FA8-5898-4541-9F82-FE72E6CD6227.html" target="_blank">vSAN RAID 5 or RAID 6 Erasure Coding</a></em>.<br />
As cluster membership sizes increase, we can change the replication factor from 2 to 3 to handle additional failures. This increase, of course, reduces usable disk space by creating additional redundant copies of the data.</p>
<p>Nutanix addresses this drawback with the Erasure Coding (EC-X) feature, which increases usable disk space while maintaining the same cluster resiliency by striping individual data blocks and associated parity blocks across nodes rather than disks, forming an erasure strip.</p>
<p>In the event of a failure, the system uses the parity block along with the remaining blocks in the erasure strip to recalculate the missing data onto a new node. All blocks associated with erasure coding strips are stored on separate nodes. Each node can then take part in subsequent rebuilds, which reduces potential rebuild time.</p>
<p>EC-X works best on cold data, archives, and backups. Containers with applications that incur numerous overwrites, such as log file analysis or sensor data, require a longer delay than the one-hour EC-X post-processing default.</p>
<p>Trying to enable EC-X on the default storage container of our previously deployed node:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Enable EC-X" src="/images/nutanix-storage-protection-concepts/nutanix-storage-protection-concepts-04.png" /></p>
<p>Notice the change in node requirements too!</p>
<h3 id="data-locality-networking-and-io">Data Locality, Networking and I/O</h3>
<p><em><a href="https://core.vmware.com/resource/understanding-data-locality-vmware-vsan#section5" target="_blank">VMware’s take on vSAN Data Locality</a></em>.<br />
The DSF ensures that as much of a VM’s data as possible is stored on the node where the VM is currently running. This removed the need for storage I/O to traverse the network. VM data is served locally from the CVM and stored preferentially on local storage.</p>
<p>Like vSAN, a Nutanix cluster does not require a backplane for inter-node communication. A standard 10GbE network is all that is required. All storage I/O for VMs running on a Nutanix node is handled by the hypervisor on a dedicated private network.</p>
<p>When a VM is moved from one node to another using vMotion or live migration (or during an HA event), the migrated VM’s data automatically follows the VM in the background based on read patterns.</p>
<p>The following diagram from the Nutanix Bible covers this nicely:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Data Locality" src="/images/nutanix-storage-protection-concepts/nutanix-storage-protection-concepts-05.png" /></p>
<p>As discussed in the VMware vSAN article linked above, the storage I/O latency introduced by the network when a VM is not local to it’s data is negligible when compared to flash device latencies. Therefore the impact of running a VM away from it’s data should be transparent to the VM end user(s).</p>
<h3 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h3>
<p>So there we have it. Two posts (find <a href="/nutanix-storage-concepts/" target="_blank">part 1 here</a>) with lots of concepts to understand. I think I’ve covered the “big hitters” although it’s possible missed the odd one… I don’t think so!</p>
<p>And that’s just intra-cluster storage and data protection. We have not looked at cross cluster replication and data protection (akin to VMware <a href="https://www.vmware.com/uk/products/site-recovery-manager.html" target="_blank">SRM</a>) yet! Perhaps in a later post. :wink:</p>
<p>Hopefully you found these posts valuable, especially for the VMware vSAN admin looking at Nutanix DSF for the first time.</p>
<p>Again, if you are still thirsty for more take a look at the <a href="https://www.nutanixbible.com/4c-book-of-aos-dsf.html" target="_blank">Book of AOS</a> from the Nutanix Bible.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nutanix-storage-protection-concepts/">Nutanix Distributed Storage Fabric Protection Concepts</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 25, 2023.</p>
https://polarclouds.co.uk/nutanix-certified-professional-multicloud-infrastructure2023-04-18T01:00:00+01:002023-04-18T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Nutanix NCP-MCI" src="/images/nutanix-certified-professional-multicloud-infrastructure/nutanix-certified-professional-multicloud-infrastructure.png" /></p>
<p>Yours truly is now a Nutanix Certified Professional in Multicloud Infrastructure (an NCP-MCI)!</p>
<p>The NCP-MCI certification validates your ability to deploy and manage virtual infrastructure and VMs, perform operational maintenance tasks, and initiate disaster recovery.</p>
<p>Find out more at <a href="https://www.nutanix.com/support-services/training-certification/certifications/certification-details-nutanix-certified-professional-multicloud-infrastructure-6_5" target="_blank">Nutanix.com</a>.</p>
<p>Link to my achievement via <a href="https://www.credly.com/badges/231fa9a9-fd75-4cc9-b7b2-f7e7a50a2c18/public_url" target="_blank">Credly</a>.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nutanix-certified-professional-multicloud-infrastructure/">Nutanix Certified Professional - Multicloud Infrastructure</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 18, 2023.</p>
https://polarclouds.co.uk/vmware-vexpert-nsx-20232023-04-16T01:00:00+01:002023-04-16T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VMware vExpert" src="/images/vmware-vexpert/vexpert.png" />
<br />
My first year of being a vExpert in NSX!</p>
<p>I’ve been appraised, approved and deemed worthy to be a vExpert in VMware’s NSX product.</p>
<p>Cheers again to all at VMware for the accolade.</p>
<p>Check me out in the <a href="https://vexpert.vmware.com/directory/5800" target="_blank">vExpert Directory</a>.</p>
<p>-Chris
<br />
<img style="display: block; margin-left: auto; margin-right: auto;" alt="VMware vExpert 2023" src="/images/pages/vexpert-nsx-2023.png" /></p>
<p><a href="https://polarclouds.co.uk/vmware-vexpert-nsx-2023/">VMware vExpert NSX 2023</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 16, 2023.</p>
https://polarclouds.co.uk/nutanix-storage-concepts2023-04-12T01:00:00+01:002023-04-12T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Nutanix Storage and Data Management" src="/images/nutanix-storage-concepts/nutanix-storage-concepts-00.png" />
In light of recent <a href="https://www.linkedin.com/posts/activity-7043559030807494657-i8DL" target="_blank">career developments</a>, I’m continuing to deepen my knowledge into Nutanix products and offerings. In this post we will take a closer look into Nutanix storage.</p>
<p>One of the major components and unique selling points of the Nutanix cloud platform is Nutanix Unified Storage offering. The backbone of which is the Nutanix Distributed Storage Fabric (DSF).</p>
<p>Put simply, DSF is a software-defined storage solution that provides a unified storage fabric for all applications, both virtualized and non-virtualized.</p>
<p>DSF is built on a distributed architecture that allows for the pooling of storage resources across multiple hosts and nodes, providing high performance and scalability:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="DSF High Level" src="/images/nutanix-storage-concepts/nutanix-storage-concepts-01.png" /></p>
<p>DSF simplifies storage management by providing a single interface for provisioning and managing storage resources, making it easier for organizations to deploy and manage their storage infrastructure. Finally, DSF also includes data protection features such as data replication, erasure coding, and data-at-rest encryption.</p>
<p>In this post let’s take a look at the concepts and components that make up the Nutanix Distributed Storage Fabric.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#cvm" id="markdown-toc-cvm">CVM</a></li>
<li><a href="#storage-pool" id="markdown-toc-storage-pool">Storage Pool</a></li>
<li><a href="#storage-container" id="markdown-toc-storage-container">Storage Container</a></li>
<li><a href="#vdisk" id="markdown-toc-vdisk">vDisk</a></li>
<li><a href="#extent" id="markdown-toc-extent">Extent</a></li>
<li><a href="#extent-group" id="markdown-toc-extent-group">Extent Group</a></li>
<li><a href="#vblock" id="markdown-toc-vblock">vBlock</a></li>
<li><a href="#oplog" id="markdown-toc-oplog">OpLog</a></li>
<li><a href="#extent-store" id="markdown-toc-extent-store">Extent Store</a></li>
<li><a href="#autonomous-extent-store" id="markdown-toc-autonomous-extent-store">Autonomous Extent Store</a></li>
<li><a href="#unified-cache" id="markdown-toc-unified-cache">Unified Cache</a></li>
<li><a href="#pulling-it-together" id="markdown-toc-pulling-it-together">Pulling It Together</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h3 id="cvm">CVM</h3>
<p>As I covered in my <a href="/nested-nutanix-ce-deployment/#nutanix---introduction--architecture" target="_blank">first Nutanix post</a>, A Nutanix Controller VM (CVM) is deployed on each hypervisor participating in a Nutanix cluster. The CVM runs the Nutanix software and serves all of the I/O operations for the hypervisor and all VMs running on that host.</p>
<h3 id="storage-pool">Storage Pool</h3>
<p>A storage pool is the group of storage devices (HDD, SSD) in the cluster. The storage pool can span multiple Nutanix hosts and is expanded as the cluster host count is increased.
In most deployments a single storage pool is used.</p>
<h3 id="storage-container">Storage Container</h3>
<p>A storage container is a logical segmentation of the storage pool. Storage containers contain VMs or files (vDisks).
Some configurations options are available at the storage container level such as Replication Factor. These configuration options are applied at the individual VM or file level.
Storage containers typically have direct 1 to 1 mapping with a datastore (NFS in the case of ESXi and SMB in the case of Hyper-V).</p>
<h3 id="vdisk">vDisk</h3>
<p>A vDisk is any file stored in a storage container that is over 512KB in size. For example this might be a VMDK file for an ESXi VM virtual disk or a VHD or a Hyper-V VM virtual disk.
vDisks are broken into extents which are grouped and stored on the physical disk as an extent group.</p>
<h3 id="extent">Extent</h3>
<p>An extent is a 1MB piece of of logically contiguous data consisting of a number of contiguous vBlocks. The number of vBlocks in an extent is dependant on the block size set by the guest VM’s operating system. Extents are read/modified/written on a sub-extent basis known as a slice. A slice may be trimmed when moving when moving into the cache depending on the amount of data being read/cached.</p>
<p>Extents are dynamically distributed among extent groups to provide data striping across hosts/disks to improve performance.</p>
<h3 id="extent-group">Extent Group</h3>
<p>An extent group is a 1MB or 4MB piece of contiguous stored data. This data is stored as a file on a storage device owned by a CVM.</p>
<h3 id="vblock">vBlock</h3>
<p>A vBlock is a 1MB piece of vDisk space. For example a 100MB vDisk will consist of 100 x 1MB vBlocks. vBlock 0 would be for 0-1MB, vBlock 1 would be from 1-2MB etc. As discussed above, vBlocks map to Extents.</p>
<h3 id="oplog">OpLog</h3>
<p>The oplog operates in a way similar to a filesystem journal and is built as a staging area to handle bursts of random writes, consolidate them and then sequentially “drain” the written data to the extent store. For sequential workloads, the OpLog is bypassed and writes go directly to the extent store.</p>
<p>If data is currently sitting in the OpLog and has not been drained, all read requests will be directly fulfilled from the OpLog until they have been drained, where they would then be served by the extent store/unified cache.</p>
<h3 id="extent-store">Extent Store</h3>
<p>The Extent Store is the persistent bulk storage of DSF and spans all device tiers (Optane SSD, PCIe SSD, SATA SSD, HDD) and is extensible to facilitate additional devices/tiers. Data entering the extent store is either being drained from the OpLog or is sequential/sustained in nature and has bypassed the OpLog directly.</p>
<p>The Nutanix Intelligent Lifecycle Manager (ILM) will determine tier placement dynamically based upon I/O patterns, number of accesses of data and weight given to individual tiers and will move data between tiers.</p>
<h3 id="autonomous-extent-store">Autonomous Extent Store</h3>
<p>The Autonomous Extent Store (AES) is a different method for writing/storing data in the Extent Store. It leverages a mix of primarily local + global metadata allowing for much more efficient sustained performance due to metadata locality. For sustained random write workloads, these will bypass the OpLog and be written directly to the Extent Store using AES. For bursty random workloads these will take the typical OpLog I/O path then drain to the Extent Store using AES where possible.</p>
<h3 id="unified-cache">Unified Cache</h3>
<p>The Unified Cache is a read cache which is used for data, metadata and deduplication, and is stored in the CVM’s memory.</p>
<p>Upon a read request of data not in the cache (or based upon a particular fingerprint), the data will be read from the extent store and will also be placed into the single-touch pool of the Unified Cache which completely sits in memory, where it will use LRU (least recently used) until it is evicted from the cache. Any subsequent read request will “move” (no data is actually moved, just cache metadata) the data into the multi-touch pool.</p>
<p>Any read request for data in the multi-touch pool will cause the data to go to the peak of the multi-touch pool where it will be given a new LRU counter.</p>
<h2 id="pulling-it-together">Pulling It Together</h2>
<p>The following diagram illustrates at a low level how the above elements are interconnected to provide the Nutanix Distributed Storage Fabric:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="DSF Low Level" src="/images/nutanix-storage-concepts/nutanix-storage-concepts-02.png" />
Notes:</p>
<ol>
<li>Block size is determined by the VM guest filesystem<br /></li>
<li>Extents or vBlocks</li>
</ol>
<p>The following diagram illustrates the I/O path from a guest VM into the DSF:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="DSF IO Path" src="/images/nutanix-storage-concepts/nutanix-storage-concepts-03.png" /></p>
<p>As can be seen from above, DSF is accessed using industry standard storage protocols thus providing a unified storage fabric for all applications, both virtualized and non-virtualized.</p>
<p>That will do it for this time. If you are still thirsty for more take a look at the <a href="https://www.nutanixbible.com/4c-book-of-aos-dsf.html" target="_blank">Book of AOS</a> from the Nutanix Bible.</p>
<p>Next time we will take a look at the data protection features built into DSF such as data replication, erasure coding, and data-at-rest encryption.</p>
<p>You can find that post here: <a href="/nutanix-storage-protection-concepts/" target="_blank">Nutanix Distributed Storage Fabric Protection Concepts</a>.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nutanix-storage-concepts/">Nutanix Distributed Storage Fabric Concepts</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 12, 2023.</p>
https://polarclouds.co.uk/nutanix-technical-associate2023-04-03T01:00:00+01:002023-04-03T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Nutanix Technical Associate" src="/images/nutanix-technical-associate/nutanix-technical-associate.png" /></p>
<p>Yup, another one to add to the list. Yours truly is now a Nutanix Certified Associate (NCA)!</p>
<p>The Nutanix Certified Associate exam tests skills and abilities to navigate Nutanix Prism UI, extrapolate information from the UI and know how to use the UI for operational tasks.</p>
<p>Find out more at <a href="https://www.nutanix.com/support-services/training-certification/certifications/certification-details-nutanix-certified-associate-6_5" target="_blank">Nutanix.com</a>.</p>
<p>Link to my achievement via <a href="https://www.credly.com/badges/92df0772-aaaa-4b46-a98f-7dcc197dac0c/public_url" target="_blank">Credly</a>.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nutanix-technical-associate/">Nutanix Technical Associate</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 03, 2023.</p>
https://polarclouds.co.uk/couch-to-5k2023-04-01T01:00:00+01:002023-04-01T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Couch to 5K Logo" src="/images/couch-to-5k/couch-to-5k-01.png" />
We all know about new year’s resolutions. The idea that a new year would provide the impetus to start/stop/try/whatever something.</p>
<p>Like <a href="https://www.forbes.com/health/mind/new-years-resolutions-statistics/#:~:text=19%25%20lasting%20at%20least%20one%20month%20and%20just%2011%25%20lasting%20less%20than%20a%20month." target="_blank">30% of respondents to a 2020 survey</a>, I’m not good at keeping new year’s resolutions for even a month… Let alone a year.</p>
<p>Therefore to everyone’s surprise on 1 February 2023 - which is way too late for new year’s resolutions - I settled on two things:</p>
<ol>
<li>Start Couch to 5K</li>
<li>Give up alcohol for a month</li>
</ol>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#why" id="markdown-toc-why">Why?</a></li>
<li><a href="#couch-to-5k" id="markdown-toc-couch-to-5k">Couch to 5K</a></li>
<li><a href="#finished" id="markdown-toc-finished">Finished!</a> <ul>
<li><a href="#was-it-easy" id="markdown-toc-was-it-easy">Was It Easy?</a></li>
<li><a href="#are-you-glad-you-finished" id="markdown-toc-are-you-glad-you-finished">Are You Glad You Finished?</a></li>
<li><a href="#how-do-you-feel" id="markdown-toc-how-do-you-feel">How Do You Feel?</a></li>
<li><a href="#will-you-keep-the-running-up" id="markdown-toc-will-you-keep-the-running-up">Will You Keep The Running Up?</a></li>
<li><a href="#wait---you-gave-up-alcohol-too-how-did-you-do" id="markdown-toc-wait---you-gave-up-alcohol-too-how-did-you-do">Wait - You Gave up Alcohol too… How did you do?</a></li>
</ul>
</li>
<li><a href="#thank-you" id="markdown-toc-thank-you">Thank You!</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="why">Why?</h2>
<p>Let’s start with 2. Give up alcohol for a month. Well, February <em>is</em> the shortest month:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Think Meme" src="/images/couch-to-5k/think-meme.gif" /></p>
<p>Clever a? I thought so! :wink:</p>
<p>Traditionally the first couple of weeks of February are when the south of the UK is likely to see snow. <em>“No good starting to run in January when one would have to stop because of snow in February”</em> is what I thought sat on the couch between Christmas 2022 and 2023 new year’s. Made perfect sense to me!</p>
<p>So when checking the weather on 1st February I saw that there was no snow in the weather forecast for the foreseeable, that added to the aforementioned February being the shortest month, I felt like it was now or never.</p>
<h2 id="couch-to-5k">Couch to 5K</h2>
<p>For those not aware of the Couch to 5K program, the aim is exactly that: Get up from the couch and run for 5 Kilometres without stopping.</p>
<p>The program comes in the form of a 100% free (no paid add-ons etc) app for Android / IOS:</p>
<table>
<tbody>
<tr>
<td><a href="https://play.google.com/store/apps/details?id=com.phe.couchto5K" target="_blank"><img alt="Google Play" src="/images/fossil-collider-hr/play.png" /></a></td>
<td><a href="https://apps.apple.com/gb/app/nhs-couch-to-5k/id1082307672" target="_blank"><img alt="Apple AppStore" src="/images/fossil-collider-hr/appstore.png" /></a></td>
</tr>
</tbody>
</table>
<p>It takes nine weeks to complete the plan, with three runs each week.</p>
<p>The very first run of week one lasts just 60 seconds with the last run of week nine lasting 30 minutes. Take a look at <a href="https://www.nhs.uk/live-well/exercise/running-and-aerobic-exercises/get-running-with-couch-to-5k/" target="_blank">this page on the NHS UK website</a> for further details.</p>
<p>In my case, I had originally downloaded the Couch to 5K app in the summer of 2020. Which means - embarrassingly - I had spent two and a half years working on the couch part of the plan… :anguished:</p>
<p>…yeah, probably time to start then…</p>
<h2 id="finished">Finished!</h2>
<p>Yep, after 9 weeks, this morning I finished the plan:</p>
<table>
<tbody>
<tr>
<td><img alt="Week One Run One" src="/images/couch-to-5k/couch-to-5k-02.png" /></td>
<td><img alt="Week Nine Run Three" src="/images/couch-to-5k/couch-to-5k-03.png" /></td>
</tr>
<tr>
<td><img alt="Done It" src="/images/couch-to-5k/couch-to-5k-07.png" /></td>
<td><img alt="Graduated" src="/images/couch-to-5k/couch-to-5k-08.png" /></td>
</tr>
</tbody>
</table>
<h3 id="was-it-easy">Was It Easy?</h3>
<p><strong>NO.</strong> :disappointed: <br />
There were times when I didn’t want to run.<br />
There were times when I didn’t continuously run the required time.<br />
There were times when I didn’t think I’d make it to the end of the plan.<br />
I repeated one of the runs.</p>
<h3 id="are-you-glad-you-finished">Are You Glad You Finished?</h3>
<p><strong>YES!</strong> :relaxed: <br />
I made it. <br />
All of the above was worth it.<br />
What’s more is that I ran the full 30 minutes without stopping for all three of my week 9 runs!</p>
<h3 id="how-do-you-feel">How Do You Feel?</h3>
<p><strong>GOOD!</strong> :smile: <br />
My level of general fitness has increased - I don’t think I’ve ever been this fit in my life before. Certainly not this century or ever - yes I’m old!</p>
<p>My stamina has increased too. I used to suffer from “the 4pm lag” - that is come 4pm each day, it felt like it was time to switch my brain off; time to slow down for the end of the work day.</p>
<p>Since starting running that feeling has completely gone. An example of this is completing a four hour drive starting after work at 5PM, arriving home at 9PM and still feeling able to fully function in the brain department. Previously I would have needed to switch off the second I got home.</p>
<p>Not so any more!</p>
<h3 id="will-you-keep-the-running-up">Will You Keep The Running Up?</h3>
<p><strong>YES - DEFINITELY!</strong><br />
As previously mentioned, my fitness and stamina are better than ever!<br />
My next run will be without the “safety net” of the Couch to 5K app.<br />
No more words of encouragement in my ears from <a href="https://speakout.uk/speaker/sanjeev-kohli-navid/" target="_blank">Sanjeev Kohli</a>.</p>
<p>I’m looking forward to it! :smile:</p>
<h3 id="wait---you-gave-up-alcohol-too-how-did-you-do">Wait - You Gave up Alcohol too… How did you do?</h3>
<p>Really good! - I’m still off of it! February was harder, March was a breeze.</p>
<p>In all honesty, I could not have done it without assistance from these three alcohol free friends:</p>
<table>
<tbody>
<tr>
<td><img alt="Peroni 0.0%" src="/images/couch-to-5k/couch-to-5k-04.jpg" /></td>
<td><img alt="Brew Dog Punk IPA 0%" src="/images/couch-to-5k/couch-to-5k-05.png" /></td>
<td><img alt="Corona Cero 0%" src="/images/couch-to-5k/couch-to-5k-06.jpg" /></td>
</tr>
</tbody>
</table>
<p>Although when all said and done, of the two resolutions, I can see alcohol returning at some point in the distant future.</p>
<p>Just as long as the alcohol doesn’t affect my running! :running: :running: :running:</p>
<p>It’s easy to avoid - just keep buying the alcohol free beer and I’m good!</p>
<h2 id="thank-you">Thank You!</h2>
<p>Thank you to family, friends, everyone for the kind words of encouragement over the last 9 weeks. I could not have done it without your help!</p>
<p>Now, who fancies an alcohol free beer? :beers:</p>
<p>Cheers!</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/couch-to-5k/">Couch to 5K</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 01, 2023.</p>
https://polarclouds.co.uk/nested-nutanix-ce-deployment-pt22023-03-28T01:00:00+01:002023-03-28T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Nutanix and ESXi" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-01.png" />
In this post we will complete the basic configuration of our Nutanix AHV installation and deploy a VM into it.</p>
<p>This post is part 2 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="/nested-nutanix-ce-deployment/" target="_blank">Now it’s Time for Something Different</a></li>
<li>Part 2: This Part: Configuration and Test VM Build</li>
</ul>
<p>Let’s continue.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#configuration" id="markdown-toc-configuration">Configuration</a></li>
<li><a href="#cvm-certificate" id="markdown-toc-cvm-certificate">CVM Certificate</a></li>
<li><a href="#change-default-credentials" id="markdown-toc-change-default-credentials">Change Default Credentials</a></li>
<li><a href="#host-credentials" id="markdown-toc-host-credentials">Host Credentials</a></li>
<li><a href="#cvm-credentials" id="markdown-toc-cvm-credentials">CVM Credentials</a></li>
<li><a href="#storage-tier-skew-on-a-node" id="markdown-toc-storage-tier-skew-on-a-node">Storage Tier Skew on a Node</a></li>
<li><a href="#cluster-name" id="markdown-toc-cluster-name">Cluster Name</a></li>
<li><a href="#language--settings" id="markdown-toc-language--settings">Language Settings</a></li>
<li><a href="#networking" id="markdown-toc-networking">Networking</a></li>
<li><a href="#upload-isos" id="markdown-toc-upload-isos">Upload ISOs</a></li>
<li><a href="#vm-creation" id="markdown-toc-vm-creation">VM Creation</a></li>
<li><a href="#vm-power-on-and-os-installation" id="markdown-toc-vm-power-on-and-os-installation">VM Power On and O/S Installation</a></li>
<li><a href="#virtio-and-nutanix-guest-tools" id="markdown-toc-virtio-and-nutanix-guest-tools">VirtIO and Nutanix Guest Tools</a></li>
<li><a href="#power-down" id="markdown-toc-power-down">Power Down</a> <ul>
<li><a href="#cvm-shutdown" id="markdown-toc-cvm-shutdown">CVM Shutdown</a></li>
<li><a href="#ahv-host-shutdown" id="markdown-toc-ahv-host-shutdown">AHV Host Shutdown</a></li>
</ul>
</li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="configuration">Configuration</h2>
<p>Since part 1 covered purely the deployment of Nutanix CE 2.0, there are some post installation configuration points that we need to cover off prior to deploying our first guest VM later on in this post.</p>
<h2 id="cvm-certificate">CVM Certificate</h2>
<p>So that we no longer need to tell chrome <strong>thisisunsafe</strong> each time we access our CVM, let’s replace it’s SSL certificate.</p>
<p>Click the settings cog in the top right hand corner of the PRISM Elements UI, select <strong>SSL Certificate</strong> from the menu on the left:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Replace Certificate 1" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-16.png" /></p>
<p>Select <strong>Replace Certificate > Regenerate Self Signed Certificate</strong> and <strong>Apply</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Replace Certificate 2" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-17.png" /></p>
<p>Allow time for the replacement to complete. That’s Chrome happy again!</p>
<h2 id="change-default-credentials">Change Default Credentials</h2>
<p>Both our Host and our CVM are using the default credentials:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Default Creds Alarm" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-01.png" /></p>
<p>Clicking on each of the alarms in turn provides the following summaries:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Default Creds Host Summary" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-02.png" /></p>
<p>And:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Default Creds CVM Summary" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-03.png" /></p>
<p>Let’s fix that.</p>
<p>For reference, the Nutanix KB article that covers changing both the Host and CVM default credentials is here: <a href="https://portal.nutanix.com/kb/6153" target="_blank">KB 6153</a>.</p>
<h2 id="host-credentials">Host Credentials</h2>
<p>SSH to the AHV host as root (see <a href="/nested-nutanix-ce-deployment/#installing-vmware-tools" target="_blank">Part 1</a> for default credentials) and issue the following command:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">passwd</code></pre></figure>
<h2 id="cvm-credentials">CVM Credentials</h2>
<p>SSH to the CVM as user nutanix (again see <a href="/nested-nutanix-ce-deployment/#ahv-vm-config" target="_blank">Part 1</a> for default credentials)and issue the following command:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nb">sudo </span>passwd nutanix</code></pre></figure>
<p>Job done. Clicking on the alters and then clicking <strong>Resolve</strong> clears the alerts from the PRISM Element console.</p>
<h2 id="storage-tier-skew-on-a-node">Storage Tier Skew on a Node</h2>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Storage Tier Skew on a Node" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-04.png" /></p>
<p>From Nutanix <a href="http://portal.nutanix.com/kb/10718" target="_blank">KB 10718</a>:</p>
<blockquote>
<p>The NCC health check plugin node_storage_tier_skew_check reports disk capacity skew above 15% within a storage tier in each individual node in a Nutanix cluster.</p>
</blockquote>
<p>As we have only the one host in our cluster, let’s turn this check off. Click <strong>Turn Check Off</strong> to complete.</p>
<h2 id="cluster-name">Cluster Name</h2>
<p>Let’s name our cluster. Click on the label <strong>Unnamed</strong> and enter a cluster name and virtual IP:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Name Cluster" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-06.png" /></p>
<p>Click <strong>Save</strong> when done.</p>
<p>The cluster FQDN needs to resolve to both the cluster virtual IP and to the CVM IP(s). I’m using OPNsense Unbound DNS in my lab, so to achieve this simply add two cluster FQDN host overrides pointing to the virtual and CVM IPs:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="OPNsense Unbound site-a-cluster.lab" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-06a.png" /></p>
<p>Nice:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="nslookup site-a-cluster.lab" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-06b.png" /></p>
<h2 id="language--settings">Language Settings</h2>
<p>Select <strong>admin</strong> in the top right hand corner of the PRISM Element UI and select <strong>Update Profile</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Update Profile" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-07.png" /></p>
<p>Enter name and email address, hit <strong>Save</strong> when done:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Name + Email Address" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-08.png" /></p>
<p>Click the settings cog in the top right hand corner of the PRISM Elements UI and select <strong>Language Configuration</strong>. Set Region accordingly and hit <strong>Save</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Language Settings" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-09.png" /></p>
<h2 id="networking">Networking</h2>
<p>Next we will create a network to connect our VMs to.</p>
<p>Click the settings cog in the top right hand corner of the PRISM Elements UI and select <strong>Network Configuration</strong> and <strong>Subnets</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Subnet Config 1" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-10.png" /></p>
<p>Click <strong>Create Subnet</strong>.</p>
<p>I’ll name my subnet <strong>Site-A-Lab</strong>, select vSwitch <strong>vs0</strong> and set my VLAN ID to <strong>0</strong> (native VLAN):</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Subnet Config 2" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-11.png" /></p>
<p>Click <strong>Save</strong> to complete. Job done:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Subnet Created" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-12.png" /></p>
<h2 id="upload-isos">Upload ISOs</h2>
<p>Next, we need to upload our operating system ISO. Whilst we are at it, we will also upload the Nutanix VirtIO for Windows ISO as well (VirtIO ISO can be downloaded from <a href="https://next.nutanix.com/discussion-forum-14/download-community-edition-38417" target="_blank">HERE</a>).</p>
<p>Click the settings cog in the top right hand corner of the PRISM Elements UI, select <strong>Image Configuration</strong> from the menu on the left:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Image Config 1" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-18.png" /></p>
<p>Select <strong>Upload Image</strong>. I’ll upload my <a href="https://info.microsoft.com/ww-landing-windows-server-2022.html" target="_blank">Windows Server 2022 Evaluation ISO</a>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Image Config 2" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-19.png" /></p>
<p>Allow time for the image to upload. Repeat for the VirtIO ISO.</p>
<p>Once complete, confirm both ISOs are marked as <strong>ACTIVE</strong>, ready to use:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Image Config 3" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-20.png" /></p>
<h2 id="vm-creation">VM Creation</h2>
<p>Let’s create our first (not counting the CVM) Nutanix guest VM then! :smile:</p>
<p>From the menu drop down select <strong>VM</strong> and <strong>Create VM</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Create VM 1" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-13.png" /></p>
<p>I’ll configure the following:</p>
<ul>
<li>Name: Win-Srv-2022</li>
<li>Timezone: Europe / London</li>
<li>vCPUs: 2</li>
<li>Cores per vCPU: 1</li>
<li>Memory: 2GB</li>
<li>Legacy BIOS</li>
<li>NIC: Connected to Site-A-Lab</li>
</ul>
<p>Finally, I’ll add a 60GB disk to my VM as follows:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Create VM 2" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-14.png" /></p>
<p>Click <strong>Save</strong> to complete. Select <strong>Table</strong> to view the VM in the list.</p>
<h2 id="vm-power-on-and-os-installation">VM Power On and O/S Installation</h2>
<p>Click <strong>Power on</strong> to start the VM and <strong>Launch Console</strong> to take a look at it:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VM Created - Power On" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-15.png" /></p>
<p>Once the console of the newly created VM opens, select <strong>Mount ISO</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Mount ISO 1" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-21.png" /></p>
<p>Select the O/S ISO uploaded earlier and select <strong>Mount</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Mount ISO 2" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-22.png" /></p>
<p>The VM should boot from the ISO:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VM Boot 1" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-23.png" /></p>
<p>I won’t cover the full installation of Windows here.</p>
<p>The only minor ripple to an otherwise normal Windows install was mounting the VirtIO ISO mid windows install to allow Windows to use the VirtIO SCSI controller driver:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VM Boot 2" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-24.png" /></p>
<p>Once the driver is loaded, hard disk discovered and selected, change the mounted ISO back to Windows and click <strong>Refresh</strong> within the Windows installer to get it to continue with the installation.</p>
<h2 id="virtio-and-nutanix-guest-tools">VirtIO and Nutanix Guest Tools</h2>
<p>Upon completion of the Windows installation, mount the VirtIO ISO again and launch the x64 installer:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Launch VirtIO Installer" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-25.png" /></p>
<p>Complete the install.</p>
<p>Back at the PRISM Element VM Table, select <strong>Manage Guest Tools</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Manage Guest Tools" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-26.png" /></p>
<p>I’m going to Enable and Mount the guest tools installer. I’ll investigate the other options another day:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Enable + Mount NGT" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-27.png" /></p>
<p><strong>Submit</strong> to complete. Run the setup to install:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Install NGT" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-28.png" /></p>
<h2 id="power-down">Power Down</h2>
<p>Because <a href="https://www.google.com/search?q=uk+energy+crisis" target="_blank">UK Energy Crisis</a>, let’s quickly cover safely powering down our Nutanix environment.</p>
<h3 id="cvm-shutdown">CVM Shutdown</h3>
<p>After shutting down all other guest VMs, SSH to the CVM and issue the command:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">cvm_shutdown <span class="nt">-P</span> now</code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Shutdown CVM" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-29.png" /></p>
<h3 id="ahv-host-shutdown">AHV Host Shutdown</h3>
<p>Cheat!</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Shutdown AHV Host" src="/images/nested-nutanix-ce-deployment-pt2/nested-nutanix-ce-deployment-pt2-30.png" /></p>
<p>That’s why we <a href="/nested-nutanix-ce-deployment/#installing-vmware-tools" target="_blank">installed VMTools in part 1</a>. :wink:</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>So there we have it. In this post we built upon the <a href="/nested-nutanix-ce-deployment/" target="_blank">deployment of our Nutanix AHV host</a> by completing it’s configuration.</p>
<p>After that, we deployed a test VM. Finally we looked at how to power the environment down.</p>
<p>Nice!</p>
<p>This post is part 2 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="/nested-nutanix-ce-deployment/" target="_blank">Now it’s Time for Something Different</a></li>
<li>Part 2: This Part: Configuration and Test VM Build</li>
</ul>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nested-nutanix-ce-deployment-pt2/">Nested Nutanix CE 2.0 Deployment - Part 2</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on March 28, 2023.</p>
https://polarclouds.co.uk/nested-nutanix-ce-deployment2023-03-14T00:00:00+00:002023-03-14T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Nutanix and ESXi" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-01.png" />
In this post I want to look at deploying a Nutanix Community Edition 2.0 as a nested VM under VMware ESXi.</p>
<p>Those that follow me on LinkedIn will already be aware of a <a href="https://www.linkedin.com/posts/activity-7032699536208711680-4eWr?utm_source=share&utm_medium=member_desktop" target="_blank">little spoiler</a> which may or may not mean that I’m going to spending some more time looking into and learning about the Nutanix product portfolio…</p>
<p>For everyone that comes here to enjoy my regular VMware content, you need not worry - that content is certainly <strong>not</strong> going away.</p>
<p>What’s more is that Nutanix products can be layered on top of VMware products to augment functionality. From <a href="https://www.nutanix.com/uk/info/nutanix-vs-vmware" target="_blank">Nutanix vs. VMware: Comparing Hyperconverged Infrastructure and Hybrid Cloud Solutions</a>:</p>
<blockquote>
<p>In fact, while many Nutanix customers choose to run ESXi on the Nutanix platform today, a number of others choose Microsoft Windows Server Hyper-V and even more customers are now switching to Nutanix AHV to reduce virtualization licensing costs, enable a single pane-of-glass management across hypervisors, and provide the ability to run business-critical workloads.</p>
</blockquote>
<p>Quite why anyone would want to run Hyper-V… :laughing:</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#nutanix---introduction--architecture" id="markdown-toc-nutanix---introduction--architecture">Nutanix - Introduction & Architecture</a></li>
<li><a href="#nutanix---for-the-vsphere-admin" id="markdown-toc-nutanix---for-the-vsphere-admin">Nutanix - For the vSphere Admin</a></li>
<li><a href="#nutanix-iso-download" id="markdown-toc-nutanix-iso-download">Nutanix ISO Download</a></li>
<li><a href="#ip-addresses-and-esxi-config" id="markdown-toc-ip-addresses-and-esxi-config">IP Addresses and ESXi Config</a></li>
<li><a href="#ahv-vm-config" id="markdown-toc-ahv-vm-config">AHV VM Config</a></li>
<li><a href="#installing-vmware-tools" id="markdown-toc-installing-vmware-tools">Installing VMware Tools</a></li>
<li><a href="#updates" id="markdown-toc-updates">Updates</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="nutanix---introduction--architecture">Nutanix - Introduction & Architecture</h2>
<p>Nutanix AOS (Acropolis Operating System) is the company’s primary operating system for its Hyper-Converged Infrastructure (HCI) products. It provides a comprehensive set of data services, including storage, networking, security, and management capabilities, all integrated into a single platform.</p>
<p>Nutanix AHV (Acropolis Hypervisor) is Nutanix’s native hypervisor, which allows customers to run multiple virtual machines on a single physical server. AHV is built on <a href="https://www.linux-kvm.org/page/Main_Page" target="_blank">open-source KVM technology</a> and is included as part of Nutanix AOS.</p>
<p>One major difference to ESXi is that AHV uses a Controller VM (CVM) to manage storage local to the hypervisor, as seen in green below:</p>
<figure style="display: block; margin-left: auto; margin-right: auto;">
<img alt="Node Architecture" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-02.png" />
<figcaption>
<a href="https://www.nutanixbible.com/5a-book-of-ahv-architecture.html" target="_blank"><i class="photo-credit">Image: nutanixbible.com - The Book of AHV</i></a>
</figcaption>
</figure>
<h2 id="nutanix---for-the-vsphere-admin">Nutanix - For the vSphere Admin</h2>
<p>I’m sure this will upset both VMware and Nutanix supporters alike (Microsoft Hyper-V supporters are already annoyed at my comment above) but here goes.</p>
<p>To understand the Nutanix product portfolio and how it would potentially map to the VMware product portfolio, lets lay the products against each other:</p>
<table>
<thead>
<tr>
<th style="text-align: center"> </th>
<th style="text-align: center">VMware Product</th>
<th style="text-align: center">Nutanix Product</th>
<th style="text-align: center"> </th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: center"> </td>
<td style="text-align: center">ESXi</td>
<td style="text-align: center">AHV</td>
<td style="text-align: center"> </td>
</tr>
<tr>
<td style="text-align: center"> </td>
<td style="text-align: center">ESXi Host Client</td>
<td style="text-align: center">PRISM Element</td>
<td style="text-align: center"> </td>
</tr>
<tr>
<td style="text-align: center"> </td>
<td style="text-align: center">vSAN</td>
<td style="text-align: center">AOS Storage</td>
<td style="text-align: center"> </td>
</tr>
<tr>
<td style="text-align: center"> </td>
<td style="text-align: center">vCenter</td>
<td style="text-align: center">PRISM Central</td>
<td style="text-align: center"> </td>
</tr>
<tr>
<td style="text-align: center"> </td>
<td style="text-align: center">VMtools</td>
<td style="text-align: center">Nutanix Guest Tools / VirtIO</td>
<td style="text-align: center"> </td>
</tr>
<tr>
<td style="text-align: center"> </td>
<td style="text-align: center">NSX</td>
<td style="text-align: center">Flow</td>
<td style="text-align: center"> </td>
</tr>
<tr>
<td style="text-align: center"> </td>
<td style="text-align: center">Converter</td>
<td style="text-align: center">Move</td>
<td style="text-align: center"> </td>
</tr>
</tbody>
</table>
<p>With everyone suitably annoyed, let’s move on! :wink:</p>
<p>Right, let’s learn through doing.</p>
<h2 id="nutanix-iso-download">Nutanix ISO Download</h2>
<p>We will deploy the Community Edition 2.0 (released March 2023) available <a href="https://download.nutanix.com/ce/2023.03.01/phoenix-ce2.0-fraser-6.5.2-stable-fnd-5.3.4-x86_64.iso" target="_blank">HERE</a>, no login required.</p>
<p>Download the CE 2.0 ISO <strong>phoenix-ce2.0-fraser-6.5.2-stable-fnd-5.3.4-x86_64.iso</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="CE ISO Download" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-03.png" /></p>
<h2 id="ip-addresses-and-esxi-config">IP Addresses and ESXi Config</h2>
<p>Now that we have our ISO, to successfully deploy it as a VM running on ESXi, we need the following:</p>
<p>Two IP Addresses:</p>
<ul>
<li>One for the AHV Host</li>
<li>One for CVM (Storage Controller VM) running on the AHV host</li>
</ul>
<p>In my lab, I’ll use the following:</p>
<ul>
<li>Nutanix Host: AHV-SITE-A-1 - 192.168.10.51</li>
<li>Nutanix CVM: CVM-SITE-A-1 - 192.168.10.50</li>
</ul>
<p>As we are running VMs under our AHV VM, we need to enable the following on our ESXi vSwitch portgroup:</p>
<ul>
<li>MAC Address Changes - <a href="https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-942BD3AA-731B-4A05-8196-66F2B4BF1ACB.html" target="_blank">More Info</a></li>
<li>Forged Transmits - <a href="https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-7DC6486F-5400-44DF-8A62-6273798A2F80.html" target="_blank">More Info</a></li>
</ul>
<p>As below:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="MAC Changes, Forged Tx" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-04.png" /></p>
<p>Our Nutanix AHV host and CVM will require internet access. This is required so that they can access our Nutanix NEXT account (link provided to create a free account later on if you don’t already have one) and download various updates.</p>
<h2 id="ahv-vm-config">AHV VM Config</h2>
<p>Let’s create our VM. A VM with the following configuration is required:</p>
<ul>
<li>Compatibility: ESXi 7.0 U2 and later</li>
<li>Guest OS Family: Linux</li>
<li>Guest OS Version: CentOS 7 (64-bit)</li>
<li>8 CPUs</li>
<li>Expose hardware assisted virtualization to the guest OS - Ticked</li>
<li>32GB RAM</li>
<li>SCSI Controller VMware Paravirtual</li>
<li>16GB HDD - SCSI(0:0)</li>
<li>200GB HDD - SCSI(0:1)</li>
<li>500GB HDD - SCSI(0:2)</li>
<li>1 VMXNET3 Network Adapter</li>
<li>VM Options > Boot Options > Firmware > BIOS</li>
</ul>
<p>Once booted from the <strong>phoenix-ce2.0-fraser-6.5.2-stable-fnd-5.3.4-x86_64.iso</strong> and after a short delay, the following is seen:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="AOS Installer 1" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-05.png" /></p>
<p>Select and verify the following:</p>
<ul>
<li>AHV Install</li>
<li>16GB = Hypervisor Boot [H]</li>
<li>200GB = Data [D]</li>
<li>500GB = CVM Boot [C]</li>
</ul>
<p>Then enter, using tab to move between selections:</p>
<ul>
<li>Host IP address</li>
<li>CVM IP address</li>
<li>Subnet mask</li>
<li>Gateway</li>
<li>Check the single-node cluster box</li>
<li>DNS server IP address</li>
</ul>
<p>Once completed, the configuration should resemble the following:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="AOS Installer 2" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-06.png" /></p>
<p>On the next page, scroll to end of and accept licence agreement and tab to start the installation.</p>
<p>After allowing around 10 mins for the initial installation, press Y to reboot.</p>
<p>After allowing around another 10 to 20 mins for <del>a nice cup of coffee</del> the host and CVM to boot and complete installation, ping the AHV host and the CVM. Both should be available.</p>
<p>Next, SSH to it CVM using the following credentials:</p>
<ul>
<li>Username: <strong>nutanix</strong></li>
<li>Password: <strong>nutanix/4u</strong></li>
</ul>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="SSH to CVM" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-07.png" /></p>
<p>Execute the following command to check the status of the cluster:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">cluster status</code></pre></figure>
<p>Confirm the output resembles the following showing that all services are up:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Cluster Status" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-08.png" /></p>
<p>If some services return the status of “DOWN”, issue the following command to start them:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">cluster start</code></pre></figure>
<p>Next, open a browser and browse to:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">https://<CVM IP or FQDN>:9440</code></pre></figure>
<p>If you receive “You cannot visit right now because the website sent scrambled credentials that Chrome cannot process.” from Google Chrome as shown below:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Chrome Scrambled Creds" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-08a.png" /></p>
<p>Type <strong>thisisunsafe</strong> and Chrome will continue to the PRISM login page.</p>
<p>Login using the same credentials as before:</p>
<ul>
<li>Username: <strong>admin</strong></li>
<li>Password: <strong>nutanix/4u</strong></li>
</ul>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Prism login" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-09.png" /></p>
<p>When prompted, change password and login again with your new password.</p>
<p>Next enter your Nutanix portal credentials (Use the link to create a free account if you don’t already have one):</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Supply NEXT Credentials" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-10.png" /></p>
<p>If you receive the error “Unknown host, could not reach NEXT server. Please configure name server”:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Supply NEXT Credentials ERROR" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-10a.png" /></p>
<p>Guess what, you’ll need to configure a DNS server. SSH back into the CVM and use the following commands to check, remove and add DNS name servers:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">ncli cluster get-name-servers
ncli cluster remove-from-name-servers <span class="nv">servers</span><span class="o">=</span><span class="s2">"<INCORRECT DNS SERVER IP>"</span>
ncli cluster add-to-name-servers <span class="nv">servers</span><span class="o">=</span><span class="s2">"<CORRECT DNS SERVER IP>"</span></code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add DNS Server" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-10b.png" /></p>
<p>After reattempting to login, you should be presented with the Prism Element console:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Prism Element Console" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-11.png" /></p>
<h2 id="installing-vmware-tools">Installing VMware Tools</h2>
<p>Whilst VMware <a href="https://kb.vmware.com/s/article/2073803" target="_blank">recommend the use of Open-VM-Tools</a>, I’m going to install the ESXi bundled version of VMtools for ease of installation and avoidance of “dependency hell”.</p>
<p>Mount the VMtools ISO image in the normal way:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Mount VMtools ISO" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-11a.png" /></p>
<p>SSH into the AHV host (not the CVM) using these credentials:</p>
<ul>
<li>Username: <strong>root</strong></li>
<li>Password: <strong>nutanix/4u</strong></li>
</ul>
<p>Run the following command to find the mounted VMtools ISO:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">blkid</code></pre></figure>
<p>As can be seen below, VMtools ISO is available at <code class="language-plaintext highlighter-rouge">/dev/sr0</code>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="blkid" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-11b.png" /></p>
<p>Next, create a mount point, mount the VMtools ISO and take a look at the contents of the ISO image:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nb">mkdir</span> /media/iso
mount /dev/sr0 /media/iso
<span class="nb">ls</span> /media/iso</code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Mount and explore ISO" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-11c.png" /></p>
<p>Next, let’s copy <code class="language-plaintext highlighter-rouge">VMwareTools-10.3.25-20206839.tar.gz</code> to <code class="language-plaintext highlighter-rouge">/root</code> and extract it:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nb">cp</span> /media/iso/VMwareTools-10.3.25-20206839.tar.gz /root/
<span class="nb">cd</span> /root
<span class="nb">tar</span> <span class="nt">-xf</span> VMwareTools-10.3.25-20206839.tar.gz</code></pre></figure>
<p>Launch the installer:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nb">cd </span>vmware-tools-distrib
./vmware-install.pl</code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Launch Installer" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-11d.png" /></p>
<p>Accept the defaults for all options (just press RETURN).</p>
<p>Confirm VMTools is running:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VMTools Running" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-12.png" /></p>
<p>That is the basics done.</p>
<h2 id="updates">Updates</h2>
<p>From the menu bar, select <strong>LCM</strong> as below:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Select LCM" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-13.png" /></p>
<p>Click <strong>Inventory > Perform Inventory</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Perform Inventory" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-14.png" /></p>
<p>Click <strong>Proceed</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Perform Inventory - Proceed" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-14a.png" /></p>
<p>Allow time for the inventory and LCM update to complete:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="LCM Updating" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-15.png" /></p>
<p>Click on <strong>Updates > Software</strong> to view available updates. Yep, some updates are available to be applied. Select all and then <strong>View Update Plan</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Updates" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-16.png" /></p>
<p>Select all updates and click <strong>View Update Plan</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Apply Updates" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-17.png" /></p>
<p>Click <strong>Next</strong> to continue and click <strong>Apply Updates</strong>. Allow time for the updates to be applied:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Applying Updates" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-18.png" /></p>
<p>Depending on the updates being applied, connectivity to PRISM may drop. Simply allow time for the updates to install and reconnect after.</p>
<p>Job done:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Update Complete" src="/images/nested-nutanix-ce-deployment/nested-nutanix-ce-deployment-19.png" /></p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>That will do for our first look at Nutanix AHV and PRISM Element. In this post we deployed Nutanix Community Edition 2.0 and updated it to bring it right up to date, in readiness for the deployment of virtual machines.</p>
<p>In future posts we will be looking to finish our AHV host configuration, spinning up some VMs and potentially deploying PRISM Central.</p>
<p>This post is part 1 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: This Part: Now it’s Time for Something Different</li>
<li>Part 2: <a href="/nested-nutanix-ce-deployment-pt2/" target="_blank">Configuration and Test VM Build</a></li>
</ul>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nested-nutanix-ce-deployment/">Nested Nutanix CE 2.0 Deployment</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on March 14, 2023.</p>
https://polarclouds.co.uk/nsx-ping-testing2023-03-07T00:00:00+00:002023-03-07T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<figure style="float: right; margin: 0px 0px 10px 10px;">
<img src="/images/nsx-ping-testing/nsx-ping-testing-00.png" alt="Ping Pong" />
<figcaption>
<a href="https://www.flickr.com/photos/maxbraun/2418283360" target="_blank"><i class="photo-credit">Image: Max Braun</i></a>
</figcaption>
</figure>
<p>When deploying NSX there certain are points during deployment that lend themselves to spending a couple of extra minutes to double checking configuration and connectivity before moving on to the next deployment step.</p>
<p>A couple of quick minutes here and there can save hours of troubleshooting later on.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#what-to-test-and-when" id="markdown-toc-what-to-test-and-when">What to Test and When</a></li>
<li><a href="#nsx-gateway-components" id="markdown-toc-nsx-gateway-components">NSX Gateway Components</a></li>
<li><a href="#maximum-transmission-unit-mtu" id="markdown-toc-maximum-transmission-unit-mtu">Maximum Transmission Unit (MTU)</a> <ul>
<li><a href="#host-tep-connectivity" id="markdown-toc-host-tep-connectivity">Host TEP Connectivity</a></li>
<li><a href="#edge-tep-connectivity" id="markdown-toc-edge-tep-connectivity">Edge TEP Connectivity</a></li>
<li><a href="#tier-0-uplink-connectivity" id="markdown-toc-tier-0-uplink-connectivity">Tier-0 Uplink Connectivity</a></li>
</ul>
</li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="what-to-test-and-when">What to Test and When</h2>
<p>Typically during a deployment, there are three stages where a quick ping test comes handy prior to moving on with the NSX deployment. These are:</p>
<ul>
<li>
<p><strong>Host TEP Connectivity</strong> - Typically just after the ESXi hosts have prepared for NSX - Confirm host TEPs can ping the gateway on the physical network with a recommended MTU of >=1700 bytes.</p>
</li>
<li>
<p><strong>Edge TEP Connectivity</strong> - Typically just after the edge nodes have been deployed - Confirm edge TEPs can ping the gateway on the physical network with a recommended MTU of >=1700 bytes.</p>
</li>
<li>
<p><strong>Tier-0 Uplink Connectivity</strong> - Once the Tier-0 has been configured with a External (uplink) interface(s). These interfaces carry North/South traffic out/in to the NSX environment. Recommended MTU for these is 1500 bytes.</p>
</li>
</ul>
<p>All three networks need to be routable.</p>
<h2 id="nsx-gateway-components">NSX Gateway Components</h2>
<p>Before we get into the testing we need to appreciate the make up of an NSX gateway:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="NSX Gateway" src="/images/nsx-ping-testing/nsx-ping-testing-04.png" /></p>
<p>A gateway can be either a Tier-0 or a Tier-1 gateway, depending on the design requirements:</p>
<ul>
<li>A Tier-0 gateway provides north-south connectivity. In a single-tier topology, the Tier-0 gateway also provides east-west connectivity.</li>
<li>A Tier-1 gateway provides east-west connectivity.</li>
</ul>
<p>A Tier-1 and a Tier-0 gateway can have Distributed Router (DR) and Service Router (SR) components.</p>
<p>A Distributed Router (DR) has the following features:</p>
<ul>
<li>Provides basic packet-forwarding functionalities</li>
<li>Spans all transport nodes (host and edge transport nodes)</li>
<li>Runs as a kernel module in the ESXi hypervisor</li>
<li>Provides distributed routing functionality</li>
<li>Provides first-hop routing for workloads</li>
</ul>
<p>A Service Router (SR) has the following features:</p>
<ul>
<li>Provides north-south routing</li>
<li>Provides centralized services such as NAT and load balancing</li>
<li>Required for the uplinks to external networks</li>
<li>Deployed in edge transport nodes</li>
</ul>
<p>A Distributed Router is always created when creating a gateway.<br />
A Service Router is automatically created on the edge node when you configure the gateway with an edge cluster.</p>
<h2 id="maximum-transmission-unit-mtu">Maximum Transmission Unit (MTU)</h2>
<p>OK, with DRs and SRs understood, we need to briefly talk about MTU. Given that our NSX Tunnel Endpoints (TEPs) encapsulate our standard 1500 byte MTU packets using the Geneve protocol, we need to ensure that our overlay networks are able to handle packets larger than 1500 bytes without fragmenting the packet.</p>
<p>The <strong><a href="https://communities.vmware.com/t5/VMware-NSX-Documents/VMware-NSX-T-Reference-Design/ta-p/2778093" target="_blank">VMware NSX Reference Design Guide v3.2 (pdf)</a></strong>. Page 236 onwards covers our situation (emphasis mine):</p>
<blockquote>
<p>A minimum required MTU is 1600. <strong>However, MTU of 1700 bytes is recommended</strong> to address the whole possibility of a variety of functions and future proof the environment for an expanding Geneve header.</p>
</blockquote>
<p>So we also need to test MTU with our ping testing.</p>
<h3 id="host-tep-connectivity">Host TEP Connectivity</h3>
<p>From the GUI, these are the interfaces we are interested in:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VMkernel Adapters" src="/images/nsx-ping-testing/nsx-ping-testing-05.png" /></p>
<p>OK, let’s SSH to our first ESXi host and list it’s VMKernel network interfaces:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">esxcfg-vmknic <span class="nt">-l</span></code></pre></figure>
<p>From the below we can see that our host has two NSX VMKernel interfaces (denoted by them being on the vxlan NetStack (last column):</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="o">[</span>root@esxi-site-a-1:~] esxcfg-vmknic <span class="nt">-l</span>
Interface Port Group/DVPort/Opaque Network IP Family IP Address Netmask Broadcast MAC Address MTU TSO MSS Enabled Type NetStack
vmk0 10 IPv4 192.168.10.10 255.255.255.0 192.168.10.255 00:50:56:bb:37:15 1500 65535 <span class="nb">true </span>STATIC defaultTcpipStack
vmk10 ad451e93-a608-48ac-8099-84fbb44f3a23 IPv4 192.168.11.2 255.255.255.0 192.168.11.255 00:50:56:63:77:7b 1700 65535 <span class="nb">true </span>STATIC vxlan
vmk11 83159744-e019-47d5-bf0c-116c1d723968 IPv4 192.168.11.3 255.255.255.0 192.168.11.255 00:50:56:65:bc:07 1700 65535 <span class="nb">true </span>STATIC vxlan
vmk50 60c5dbc7-0cd0-43e0-bd17-6cfdb14d6e04 IPv4 169.254.1.1 255.255.0.0 169.254.255.255 00:50:56:60:7f:18 1700 65535 <span class="nb">true </span>STATIC hyperbus</code></pre></figure>
<p>They also have an MTU configured of 1700 (eighth column).</p>
<p>Lets construct our command to ping the host TEP physical network gateway and check for an MTU of 1700. (See <a href="https://kb.vmware.com/s/article/1003728" target="_blank">VMware KB 1003728</a> for syntax).</p>
<p>The command looks like this:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">vmkping ++netstack<span class="o">=</span>vxlan <GATEWAY_IP> <span class="nt">-d</span> <span class="nt">-s</span> 1672 <span class="nt">-c</span> 5</code></pre></figure>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="o">[</span>root@esxi-site-a-1:~] vmkping ++netstack<span class="o">=</span>vxlan 192.168.11.1 <span class="nt">-d</span> <span class="nt">-s</span> 1672 <span class="nt">-c</span> 5
PING 192.168.11.1 <span class="o">(</span>192.168.11.1<span class="o">)</span>: 1672 data bytes
1680 bytes from 192.168.11.1: <span class="nv">icmp_seq</span><span class="o">=</span>0 <span class="nv">ttl</span><span class="o">=</span>64 <span class="nb">time</span><span class="o">=</span>0.417 ms
1680 bytes from 192.168.11.1: <span class="nv">icmp_seq</span><span class="o">=</span>1 <span class="nv">ttl</span><span class="o">=</span>64 <span class="nb">time</span><span class="o">=</span>0.617 ms
1680 bytes from 192.168.11.1: <span class="nv">icmp_seq</span><span class="o">=</span>2 <span class="nv">ttl</span><span class="o">=</span>64 <span class="nb">time</span><span class="o">=</span>0.685 ms
1680 bytes from 192.168.11.1: <span class="nv">icmp_seq</span><span class="o">=</span>3 <span class="nv">ttl</span><span class="o">=</span>64 <span class="nb">time</span><span class="o">=</span>0.658 ms
1680 bytes from 192.168.11.1: <span class="nv">icmp_seq</span><span class="o">=</span>4 <span class="nv">ttl</span><span class="o">=</span>64 <span class="nb">time</span><span class="o">=</span>0.637 ms
<span class="nt">---</span> 192.168.11.1 ping statistics <span class="nt">---</span>
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max <span class="o">=</span> 0.417/0.603/0.685 ms
<span class="o">[</span>root@esxi-site-a-1:~]</code></pre></figure>
<p>Nice. That is working perfectly.</p>
<h3 id="edge-tep-connectivity">Edge TEP Connectivity</h3>
<p>From the GUI, these are the interfaces we are interested in:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Edge TEP IP Addresses" src="/images/nsx-ping-testing/nsx-ping-testing-06.png" /></p>
<p>Given that our edges can span tier-0 and tier-1 gateways and that each of those gateways can have DR and SR components each doing their own job, we need to ensure that not only are we using the correct gateway but the correct router too.</p>
<p>Let’s SSH to our first edge and take a look using the following command:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">get logical-router</code></pre></figure>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">esg-site-a-1> get logical-router
Wed Feb 08 2023 UTC 19:50:57.747
Logical Router
UUID VRF LR-ID Name Type Ports Neighbors
736a80e3-23f6-5a2d-81d6-bbefb2786666 0 0 TUNNEL 4 2/5000
f08525af-e5b5-4bce-9d8f-144ffcee1b7a 1 2 SR-Tier-0-Site-A SERVICE_ROUTER_TIER0 6 1/50000
16a7a4f9-57e1-48ab-9699-71e7e692da2e 3 1 DR-Tier-0-Site-A DISTRIBUTED_ROUTER_TIER0 5 2/50000
83061617-17e6-4d89-ba5f-9fcf435f3eb4 4 6 SR-Tier-1-Site-A SERVICE_ROUTER_TIER1 5 2/50000
79f4951c-87ce-4268-9a9c-29d10e5756ad 5 5 DR-Tier-1-Site-A DISTRIBUTED_ROUTER_TIER1 6 0/50000</code></pre></figure>
<p>As you can see, I have SRs and DRs for my Site-A Tier-0 and Tier-1 gateways configured.</p>
<p>When testing Edge TEP connectivity, we are interested in the TUNNEL router as that deals with our TEP traffic.</p>
<p>Using the TUNNEL router UUID, let’s take a look at it’s forwarding table:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">get logical-router <ROUTER_UUID> forwarding</code></pre></figure>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">esg-site-a-1> get logical-router 736a80e3-23f6-5a2d-81d6-bbefb2786666 forwarding
Wed Feb 08 2023 UTC 19:51:03.086
Logical Router
UUID VRF LR-ID Name Type
736a80e3-23f6-5a2d-81d6-bbefb2786666 0 0 TUNNEL
IPv4 Forwarding Table
IP Prefix Gateway IP Type UUID Gateway MAC
0.0.0.0/0 192.168.13.1 route c7a99c20-9a00-5d9e-ac45-112e6a787435 00:50:56:bb:ff:b1
192.168.13.1 b7e1a1c3-4203-5368-9a80-a639419267da 00:50:56:bb:ff:b1
192.168.13.0/24 route c7a99c20-9a00-5d9e-ac45-112e6a787435
b7e1a1c3-4203-5368-9a80-a639419267da
192.168.13.2/32 route 8f6a05bd-e029-5be4-ac5f-d5a9f5823ca0
192.168.13.3/32 route 8f6a05bd-e029-5be4-ac5f-d5a9f5823ca0</code></pre></figure>
<p>Yep we can see that the tunnel router is using our configured Edge TEP gateway of 192.168.13.1.</p>
<p>Lets construct our command to ping the host TEP physical network gateway and check for an MTU of 1700. (See <a href="https://vdc-download.vmware.com/vmwb-repository/dcr-public/cc42e3c1-eb34-4567-a916-147e79798957/8264605c-a5e1-49a8-b603-cc78621eeeab/cli.html#ping%20%3Chostname-or-ip-address%3E%20[repeat%20%3Cnumber%3E]%20[size%20%3Cnumber%3E]%20[source%20%3Chostname-or-ip-address%3E]%20[dfbit%20enable]" target="_blank">NSX-T Command-Line Interface Reference</a> for syntax).</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">ping <GATEWAY_IP> <span class="nb">source</span> <EDGE_TEP_IP> vrfid <TUNNEL_VRF_ID> size 1672 dfbit <span class="nb">enable </span>repeat 5 </code></pre></figure>
<p>Which when run:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">esg-site-a-1> ping 192.168.13.1 <span class="nb">source </span>192.168.13.2 vrfid 0 size 1672 dfbit <span class="nb">enable </span>repeat 5
PING 192.168.13.1 <span class="o">(</span>192.168.13.1<span class="o">)</span> from 192.168.13.2: 1672 data bytes
1680 bytes from 192.168.13.1: <span class="nv">icmp_seq</span><span class="o">=</span>0 <span class="nv">ttl</span><span class="o">=</span>64 <span class="nb">time</span><span class="o">=</span>2.105 ms
1680 bytes from 192.168.13.1: <span class="nv">icmp_seq</span><span class="o">=</span>1 <span class="nv">ttl</span><span class="o">=</span>64 <span class="nb">time</span><span class="o">=</span>2.340 ms
1680 bytes from 192.168.13.1: <span class="nv">icmp_seq</span><span class="o">=</span>2 <span class="nv">ttl</span><span class="o">=</span>64 <span class="nb">time</span><span class="o">=</span>2.677 ms
1680 bytes from 192.168.13.1: <span class="nv">icmp_seq</span><span class="o">=</span>3 <span class="nv">ttl</span><span class="o">=</span>64 <span class="nb">time</span><span class="o">=</span>2.016 ms
1680 bytes from 192.168.13.1: <span class="nv">icmp_seq</span><span class="o">=</span>4 <span class="nv">ttl</span><span class="o">=</span>64 <span class="nb">time</span><span class="o">=</span>2.121 ms
<span class="nt">---</span> 192.168.13.1 ping statistics <span class="nt">---</span>
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev <span class="o">=</span> 2.016/2.252/2.677/0.238 ms
esg-site-a-1></code></pre></figure>
<p>Nice. That is also working perfectly.</p>
<h3 id="tier-0-uplink-connectivity">Tier-0 Uplink Connectivity</h3>
<p>Finally, lets check North bound connectivity out of the NSX environment to the gateway out on the physical network.</p>
<p>From the GUI (Tier-0 > Interfaces > External and Service Interfaces), these are the interfaces we are interested in:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Tier-0 External Interface" src="/images/nsx-ping-testing/nsx-ping-testing-07.png" /></p>
<p>Again, we can check that from our edges. Let’s remind ourselves of the logical routers present on our edge:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">get logical-router</code></pre></figure>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">esg-site-a-1> get logical-router
Wed Feb 08 2023 UTC 19:50:57.747
Logical Router
UUID VRF LR-ID Name Type Ports Neighbors
736a80e3-23f6-5a2d-81d6-bbefb2786666 0 0 TUNNEL 4 2/5000
f08525af-e5b5-4bce-9d8f-144ffcee1b7a 1 2 SR-Tier-0-Site-A SERVICE_ROUTER_TIER0 6 1/50000
16a7a4f9-57e1-48ab-9699-71e7e692da2e 3 1 DR-Tier-0-Site-A DISTRIBUTED_ROUTER_TIER0 5 2/50000
83061617-17e6-4d89-ba5f-9fcf435f3eb4 4 6 SR-Tier-1-Site-A SERVICE_ROUTER_TIER1 5 2/50000
79f4951c-87ce-4268-9a9c-29d10e5756ad 5 5 DR-Tier-1-Site-A DISTRIBUTED_ROUTER_TIER1 6 0/50000</code></pre></figure>
<p>As we are talking North/South traffic we need to be using the Service Router context of our Tier-0 router. In the case above, that’s VRF ID 1.</p>
<p>A reminder of the command, remember we are not so much worried about the larger MTU value here, 1500 is fine. (Again, see <a href="https://vdc-download.vmware.com/vmwb-repository/dcr-public/cc42e3c1-eb34-4567-a916-147e79798957/8264605c-a5e1-49a8-b603-cc78621eeeab/cli.html#ping%20%3Chostname-or-ip-address%3E%20[repeat%20%3Cnumber%3E]%20[size%20%3Cnumber%3E]%20[source%20%3Chostname-or-ip-address%3E]%20[dfbit%20enable]" target="_blank">NSX-T Command-Line Interface Reference</a> for syntax):</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">ping <GATEWAY_IP> <span class="nb">source</span> <EDGE_TEP_IP> vrfid <SR-Tier-0_VRF_ID> size 1472 dfbit <span class="nb">enable </span>repeat 5 </code></pre></figure>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">esg-site-a-1> ping 192.168.12.1 <span class="nb">source </span>192.168.12.2 vrfid 1 size 1472 dfbit <span class="nb">enable </span>repeat 5
PING 192.168.12.1 <span class="o">(</span>192.168.12.1<span class="o">)</span> from 192.168.12.2: 1472 data bytes
1480 bytes from 192.168.12.1: <span class="nv">icmp_seq</span><span class="o">=</span>0 <span class="nv">ttl</span><span class="o">=</span>64 <span class="nb">time</span><span class="o">=</span>2.343 ms
1480 bytes from 192.168.12.1: <span class="nv">icmp_seq</span><span class="o">=</span>1 <span class="nv">ttl</span><span class="o">=</span>64 <span class="nb">time</span><span class="o">=</span>1.894 ms
1480 bytes from 192.168.12.1: <span class="nv">icmp_seq</span><span class="o">=</span>2 <span class="nv">ttl</span><span class="o">=</span>64 <span class="nb">time</span><span class="o">=</span>1.528 ms
1480 bytes from 192.168.12.1: <span class="nv">icmp_seq</span><span class="o">=</span>3 <span class="nv">ttl</span><span class="o">=</span>64 <span class="nb">time</span><span class="o">=</span>1.320 ms
1480 bytes from 192.168.12.1: <span class="nv">icmp_seq</span><span class="o">=</span>4 <span class="nv">ttl</span><span class="o">=</span>64 <span class="nb">time</span><span class="o">=</span>2.691 ms
<span class="nt">---</span> 192.168.12.1 ping statistics <span class="nt">---</span>
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev <span class="o">=</span> 1.320/1.955/2.691/0.506 ms
esg-site-a-1></code></pre></figure>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>As Sean Connery once said:</p>
<table>
<tbody>
<tr>
<td><img alt="One Ping 1" src="/images/nsx-ping-testing/nsx-ping-testing-01.jpg" /></td>
<td><img alt="One Ping 2" src="/images/nsx-ping-testing/nsx-ping-testing-02.jpg" /></td>
<td><img alt="One Ping 3" src="/images/nsx-ping-testing/nsx-ping-testing-03.jpg" /></td>
</tr>
</tbody>
</table>
<p>Yes I’m old. Referencing a <a href="https://www.imdb.com/title/tt0099810/" target="_blank">33 year old movie</a> at this point (2023) is …yeah… For those that have missed out or simply just forgotten: <a href="https://www.youtube.com/watch?v=jr0JaXfKj68" target="_blank">One Ping Only - YouTube</a>.</p>
<p>Not quite as badass as Sean Connery (RIP) or Sam Neill, using five pings instead of one ping only, but hey I’m OK with that!</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nsx-ping-testing/">NSX Ping Testing and Troubleshooting</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on March 07, 2023.</p>
https://polarclouds.co.uk/nsx-virtual-networking-only-caveats2023-02-23T00:00:00+00:002023-02-23T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX-T Logo" src="/images/nsx-vcenter-plugin-deployment/nsx-vcenter-plugin-deployment-00.png" />
In two of my previous posts we looked at deploying VMware NSX via the vCenter plug-in and then configuring NSX using the Virtual Networking configuration wizard. If you missed either or both of the posts, catch up here:</p>
<ul>
<li><a href="/nsx-vcenter-plugin-deployment/" target="_blank">NSX vCenter Plug-in Deployment</a></li>
<li><a href="/nsx-vcenter-virtual-networking/" target="_blank">NSX vCenter Plug-in Deployment - Virtual Networking Configuration</a></li>
</ul>
<p>In the same vane as the post <a href="/nsx-vcenter-security-only-caveats/" target="_blank">NSX vCenter Plug-in Deployment - Security Only Configuration: Caveats</a>, in this post we will look at the caveats that apply to building an environment using NSX Virtual Networking configuration wizard via the vCenter plug-in.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#separate-host-overlay-and-edge-overlay-vlans" id="markdown-toc-separate-host-overlay-and-edge-overlay-vlans">Separate Host Overlay and Edge Overlay VLANs</a></li>
<li><a href="#rebuildability" id="markdown-toc-rebuildability">Rebuildability</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="separate-host-overlay-and-edge-overlay-vlans">Separate Host Overlay and Edge Overlay VLANs</h2>
<p>As we encountered during <a href="/nsx-vcenter-virtual-networking/#edge-deployment" target="_blank">Edge Deployment</a>, the virtual networking wizard would not allow us to use the same VLAN ID for our host overlay and edge overlay connections:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Edge VLAN value cannot be the same as Overlay VLAN ID" src="/images/nsx-vcenter-virtual-networking-caveats/nsx-vcenter-virtual-networking-caveats-01.png" /></p>
<p>OK, so let’s take a look at the <strong><a href="https://communities.vmware.com/t5/VMware-NSX-Documents/VMware-NSX-T-Reference-Design/ta-p/2778093" target="_blank">VMware NSX Reference Design Guide v3.2 (pdf)</a></strong>. Page 305 onwards covers our situation (emphasis mine):</p>
<blockquote>
<p>Starting with NSX version 3.1, edge and host TEPs can reside on the same VLAN because the host now can process Geneve traffic internal to the host itself. We must transport edge VM overlay traffic over an NSX Segment in this case. If the edge TEPs are connected to a vCenter managed dvpg, tunnels between the host and the edge will not come up. This design is presented in figure 7-56 below:</p>
</blockquote>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Figure 7-56" src="/images/nsx-vcenter-virtual-networking-caveats/nsx-vcenter-virtual-networking-caveats-02.png" /></p>
<blockquote>
<p>When connecting edge VMs to an NSX prepared VDS or NVDS, please keep in mind the following recommendations:</p>
<ul>
<li>
<p>Host and Edges should be part of different VLAN Transport Zones. This ensures a clear boundary between the transport segments on the host and those used for the routing peering on the edges. The edge segment traffic is transported by the host segments, configured as a trunk.</p>
</li>
<li>
<p>When implementing a single TEP VLAN design like in figure 7-56, the VDS trunk port groups transporting the edge TEP traffic must be NSX managed segments and cannot be created in vCenter.</p>
</li>
<li>
<p>Follow the canonical recommendations regarding VLAN trunking and teaming policy configuration for overlay and VLAN peering traffic described in section: 7.5.2.2.</p>
</li>
</ul>
<p>The design with different VLAN/IP subnets per TEP is still valid and can be used with any NSX version, including 3.1 or later. <strong>In most cases, the single TEP design is preferred for its simplicity, however for most deployments having separate VLANs for Edge and Host TEP is recommended</strong> due to following considerations:</p>
<ul>
<li>
<p>When Edges and hosts share the same TEP VLAN, they also share the span of that VLAN. While it is usually desirable to limit the host TEP VLAN to a rack, edge VMs may require mobility across racks or even sites (e.g., in the VCF stretched cluster design). Separate VLANs allow to manage the span of host and edge TEP networks individually.</p>
</li>
<li>
<p>An edge and the host where the edge is running will never lose TEP connectivity if they share the same TEP network, regardless of a pNIC failure. This means that the edge node VM will never incur in an all tunnels down HA condition, limiting its ability to react to specific failures. Please refer to the EDGE HA SECTION IN CHAPTER 4 for more information. (Note: a design that matches figure 7-56 should not incur any issue as management,
overlay, and VLAN peering networks share the same pNICs).</p>
</li>
</ul>
</blockquote>
<p>Whilst single and dual TEP VLANs are supported, it is recommended to separate host and edge TEP VLANs.</p>
<p>Looking back over my <a href="/nsx-t-overlay-lab-pt1/" target="_blank">NSX Overlay Lab Build Series</a>, I covered exactly that: a lab build where we were fine in moving away from the recommendations in the name of simplicity and expediency. Not only did we use a single VLAN for my host and edge TEPs, we also deployed only one NSX manger VM and we also deployed just one edge VM.</p>
<p>Shocker! :wink:<br /></p>
<p>The deviations from the recommendations did not harm lab functionality in any way. A lab is a playground to test, learn and break things in - it is not intended for production.</p>
<h2 id="rebuildability">Rebuildability</h2>
<p>We saw in the <a href="/nsx-vcenter-security-only-caveats/" target="_blank">Security Only Configuration: Caveats</a> post that deploying NSX via the security only wizard caused issues should the NSX build need to be extended in the future.</p>
<p>I’m happy to report that no such issues exist when using the virtual networking wizard. Transport node profiles are user editable and therefore not susceptible to the same kind of issues seen previously.</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>Yep, that’s better! The NSX virtual networking wizard build results in an NSX build that can be modified at a later date.</p>
<p>Sure it would be good to have the wizard offer options as per <a href="https://kb.vmware.com/s/article/83743" target="_blank">NSX-T Edge TEP networking options (83743)</a>, but if the NSX build the wizard produces follows the VMware guidelines, then hey I’m good with that.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nsx-virtual-networking-only-caveats/">NSX vCenter Plug-in Deployment - Virtual Networking Configuration: Caveats</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 23, 2023.</p>
https://polarclouds.co.uk/vmware-vexpert-20232023-02-18T00:00:00+00:002023-02-18T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VMware vExpert" src="/images/vmware-vexpert/vexpert.png" />
<br />
Yup, that’s right… for the fourth year running!</p>
<p>I’ve again been appraised, approved and deemed worthy to be a VMware vExpert.</p>
<p>Cheers again to all a VMware for the accolade.</p>
<p>Check me out in the <a href="https://vexpert.vmware.com/directory/5800" target="_blank">vExpert Directory</a>.</p>
<p>-Chris
<br />
<img style="display: block; margin-left: auto; margin-right: auto;" alt="VMware vExpert 2023" src="/images/pages/vexpert2023.png" /></p>
<p><a href="https://polarclouds.co.uk/vmware-vexpert-2023/">VMware vExpert 2023</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 18, 2023.</p>
https://polarclouds.co.uk/nsx-vcenter-virtual-networking2023-02-16T00:00:00+00:002023-02-16T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX-T Logo" src="/images/nsx-vcenter-plugin-deployment/nsx-vcenter-plugin-deployment-00.png" />
Last time, we looked at deploying NSX as a plug-in to vCenter server. See <a href="/nsx-vcenter-plugin-deployment/" target="_blank">NSX vCenter Plug-in Deployment</a>.</p>
<p>We then used the deployment wizard to configure NSX in a security only configuration. See <a href="/nsx-vcenter-security-only/" target="_blank">NSX vCenter Plug-in Deployment - Security Only Configuration</a>.</p>
<p>Finally we looked at the caveats to deploying NSX security only via the deployment wizard. See <a href="/nsx-vcenter-security-only-caveats/" target="_blank">NSX vCenter Plug-in Deployment - Security Only Configuration: Caveats</a> to catch up if needed.</p>
<p>This time we will run through the other NSX deployment wizard: Virtual Networking.</p>
<p>To recap; historically NSX-T or <a href="https://blogs.vmware.com/partnernews/2022/04/nsx-data-center-name-change.html" target="_blank">NSX as it is now known as</a> was installed as a separate entity and managed away from vCenter and the vSphere client.</p>
<p>Since the releases of vSphere 7.0 Update 3 and NSX 3.2.0, NSX can now optionally be installed and managed in the vSphere client via a vCenter plug-in in much the same way as the previous VMware network virtualisation product, <a href="/nsx-data-center-failover-pt2/#disconnect-secondary-nsx-manger-from-primary" target="_blank">NSX-v used to be</a>.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#what-is-an-nsx-virtual-networking-configuration" id="markdown-toc-what-is-an-nsx-virtual-networking-configuration">What is an NSX Virtual Networking Configuration?</a></li>
<li><a href="#configuring-an-nsx-virtual-networking-deployment-via-the-vcenter-plug-in" id="markdown-toc-configuring-an-nsx-virtual-networking-deployment-via-the-vcenter-plug-in">Configuring an NSX Virtual Networking Deployment via the vCenter Plug-in</a> <ul>
<li><a href="#getting-started" id="markdown-toc-getting-started">Getting Started</a></li>
<li><a href="#host-cluster-preparation" id="markdown-toc-host-cluster-preparation">Host Cluster Preparation</a></li>
<li><a href="#edge-deployment" id="markdown-toc-edge-deployment">Edge Deployment</a></li>
<li><a href="#network-connectivity" id="markdown-toc-network-connectivity">Network Connectivity</a></li>
<li><a href="#new-segments" id="markdown-toc-new-segments">New Segments</a></li>
<li><a href="#add-on-services" id="markdown-toc-add-on-services">Add On Services</a></li>
<li><a href="#virtual-networking-configuration-completed" id="markdown-toc-virtual-networking-configuration-completed">Virtual Networking Configuration Completed</a></li>
</ul>
</li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="what-is-an-nsx-virtual-networking-configuration">What is an NSX Virtual Networking Configuration?</h2>
<p>Not only that, how does it differ from an NSX security only configuration, as <a href="/nsx-vcenter-security-only/" target="_blank">covered previously</a>?</p>
<p>Let’s ask!</p>
<blockquote>
<p><strong>Chris:</strong> How does a NSX virtual networking install differ from an NSX security only install?</p>
</blockquote>
<blockquote>
<p><strong>ChatGPT:</strong> An NSX virtual networking installation is a full installation of the NSX platform that provides both network virtualization and security features, while a security-only installation provides only security features.</p>
<p>In a full NSX virtual networking installation, all the components necessary to create and manage virtual networks, including virtual switches, routers, and load balancers, are installed and configured. Additionally, security features such as firewalls, intrusion detection and prevention, and security groups are integrated with the virtual networking components to provide end-to-end security for virtualized applications and workloads.</p>
<p>In a security-only installation, only the security-related components of NSX are installed and configured, such as firewalls, intrusion detection and prevention, and security groups. This type of installation is typically used in cases where a customer already has an existing virtual networking infrastructure and only needs to add security to it.</p>
<p>In summary, the main difference between a full NSX virtual networking installation and a security-only installation is the scope and the components installed, with the former providing both network virtualization and security capabilities, while the latter provides only security capabilities.</p>
</blockquote>
<p>Correct! Wait. Hmmmmmm…</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Hmmm" src="/images/nsx-vcenter-virtual-networking/trek_hmm.gif" /></p>
<p>Anyway…<br /></p>
<p>Lets look at the NSX’s virtual networking option.</p>
<h2 id="configuring-an-nsx-virtual-networking-deployment-via-the-vcenter-plug-in">Configuring an NSX Virtual Networking Deployment via the vCenter Plug-in</h2>
<p>Let’s begin the configuration. As mentioned, this builds upon the installation we completed <a href="/nsx-vcenter-plugin-deployment/" target="_blank">previously</a>.</p>
<p><strong>Note:</strong> We will be using the wizard to (re)build our NSX Site A as detailed <a href="/nsx-t-overlay-lab-pt1/" target="_blank">here</a>. All IP addressing and VLAN selection will be taken from this post.</p>
<p>There is one change we need to make before NSX deployment. We need to create a VLAN Trunk that we will use later on during deployment:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Create Trunk" src="/images/nsx-vcenter-virtual-networking/nsx-vcenter-virtual-networking-00.png" /></p>
<h3 id="getting-started">Getting Started</h3>
<p>From the vSphere Client menu, select <strong>NSX</strong>. From the wizard, select the Virtual Networking <strong>Get Started</strong> option:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Select Get Started" src="/images/nsx-vcenter-virtual-networking/nsx-vcenter-virtual-networking-01.png" /></p>
<h3 id="host-cluster-preparation">Host Cluster Preparation</h3>
<p>After selecting the cluster to prepare and the VDS for networking, click <strong>Next</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Select Cluster and VDS" src="/images/nsx-vcenter-virtual-networking/nsx-vcenter-virtual-networking-02.png" /></p>
<p>Next we select our VLAN for our overlay network. This VLAN will is also known as our Transport VLAN and it will be the VLAN used by our host tunnel end points (TEPs). We will be using VLAN 11. Click <strong>Next</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Enter Overlay VLAN ID" src="/images/nsx-vcenter-virtual-networking/nsx-vcenter-virtual-networking-03.png" /></p>
<p>Next let’s complete our Host TEP IP addressing. I’m not using DHCP, so I shall create an IP Pool, after which I shall select <strong>Prepare Cluster</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="TEP IP Pool" src="/images/nsx-vcenter-virtual-networking/nsx-vcenter-virtual-networking-04.png" /></p>
<p>Allow time for the cluster to prepare. You can click the step under NSX Configuration to monitor the preparation:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Prepare Cluster" src="/images/nsx-vcenter-virtual-networking/nsx-vcenter-virtual-networking-05.png" /></p>
<p>Job done, cluster prepared. Click <strong>Next</strong> to continue:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Cluster Prepared" src="/images/nsx-vcenter-virtual-networking/nsx-vcenter-virtual-networking-06.png" /></p>
<h3 id="edge-deployment">Edge Deployment</h3>
<p>Next, lets configure our Edges. Here is where we run into our first issue:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Edge VLAN Cannot be the same as Overlay VLAN" src="/images/nsx-vcenter-virtual-networking/nsx-vcenter-virtual-networking-07.png" /></p>
<blockquote>
<p>Edge VLAN value cannot be the same as Overlay VLAN ID.</p>
</blockquote>
<p>Really? <a href="https://kb.vmware.com/s/article/83743" target="_blank">VMware Knowledge Base 83743</a> says different.</p>
<p>Looking back over our manual build, we did create a <a href="/nsx-t-overlay-lab-pt2/#create-trunk-vlan-segment" target="_blank">Create a Trunk VLAN Segment</a> for our edge TEPs prior to deploying the edges. However, so far following the wizard we have had no such opportunity.</p>
<p>OK, we’ll use VLAN 13 instead. We will also create our Edge TEP Pool:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Edge General Settings" src="/images/nsx-vcenter-virtual-networking/nsx-vcenter-virtual-networking-08.png" /></p>
<p>Next, we will name, size and set the storage location for our edge:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Edge Node 1 Settings 1" src="/images/nsx-vcenter-virtual-networking/nsx-vcenter-virtual-networking-09.png" /></p>
<p>Next we will configure our edge networking. This is where the trunk we created earlier comes in:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Edge Node 1 Settings 2" src="/images/nsx-vcenter-virtual-networking/nsx-vcenter-virtual-networking-10.png" /></p>
<p>Lets configure edge 2:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Edge Node 2 Settings 1" src="/images/nsx-vcenter-virtual-networking/nsx-vcenter-virtual-networking-11.png" /></p>
<p>And edge 2’s networking:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Edge Node 2 Settings 2" src="/images/nsx-vcenter-virtual-networking/nsx-vcenter-virtual-networking-12.png" /></p>
<p>Hit <strong>Deploy Edge</strong> to continue. After allowing time to complete, we have two edges deployed:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Edges Deployed" src="/images/nsx-vcenter-virtual-networking/nsx-vcenter-virtual-networking-13.png" /></p>
<h3 id="network-connectivity">Network Connectivity</h3>
<p>OK, lets set up some BGP peering. I’m using an OPNsense router to peer with. See my post <a href="/opnsense-bgp-bfd-config/" target="_blank">OPNsense BGP and BFD Configuration</a> for OPNsense configuration details.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Peering 1" src="/images/nsx-vcenter-virtual-networking/nsx-vcenter-virtual-networking-14.png" /></p>
<p>and:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Peering 2" src="/images/nsx-vcenter-virtual-networking/nsx-vcenter-virtual-networking-15.png" /></p>
<p>After clicking <strong>Create Gateways</strong>, we get confirmation that our Tier-0 gateway has been created:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="T0 Created" src="/images/nsx-vcenter-virtual-networking/nsx-vcenter-virtual-networking-16.png" /></p>
<p>Checking OPNsense, I can see that that our NSX Tier-0 has successfully established a BGP session:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="BGP Established" src="/images/nsx-vcenter-virtual-networking/nsx-vcenter-virtual-networking-17.png" /></p>
<h3 id="new-segments">New Segments</h3>
<p>Back to the NSX deployment, lets create a segment to connect our VMs to. I’ll create a segment called VM-APPS and give it the IP address CIDR of 192.168.40.0/24:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Create Segment" src="/images/nsx-vcenter-virtual-networking/nsx-vcenter-virtual-networking-18.png" /></p>
<h3 id="add-on-services">Add On Services</h3>
<p>I’m not going to create any NAT services just now:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="No NAT Today" src="/images/nsx-vcenter-virtual-networking/nsx-vcenter-virtual-networking-19.png" /></p>
<h3 id="virtual-networking-configuration-completed">Virtual Networking Configuration Completed</h3>
<p>Click <strong>finish</strong> and BOOM!</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Finished!" src="/images/nsx-vcenter-virtual-networking/nsx-vcenter-virtual-networking-20.png" /></p>
<p>By way of belt and braces, let’s check the OPNsense routing table to see if BGP is propagating a route to get to our VM-APPS (192.168.40.0/24) network. Yep looks good:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="BGP Route Table" src="/images/nsx-vcenter-virtual-networking/nsx-vcenter-virtual-networking-21.png" /></p>
<p>The next hop 192.168.12.2 is the IP we gave to our Tier-0 router earlier.</p>
<p>Tracing to VM-APPS from my Windows laptop:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Windows Tracert" src="/images/nsx-vcenter-virtual-networking/nsx-vcenter-virtual-networking-22.png" /></p>
<p>Nice!</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>So let’s take a step back and take a look at the infrastructure the wizard has built for us using the network topology view from the NSX manager interface:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Completed Topology" src="/images/nsx-vcenter-virtual-networking/nsx-vcenter-virtual-networking-23.png" /></p>
<p>Working down the topology top to bottom, we have the uplink to the OPNsense lab router from the Tier-0 gateway via the edge nodes. This is achieved over the SITE-A-vlan-segment1 VLAN which is shown to the right of the topology map. Site-A-Tier0 is providing the one service; gateway firewall.</p>
<p>Below Site-A-Tier0 we have the “auto-plumbed” 100.64.0.0 network connecting Site-A-Tier0 gateway to Site-A-Tier1 gateway. Services on the Site-A-Tier1 gateway are gateway firewall and DHCP for the VM-APPS segment.</p>
<p>Finally, connected VM-APPS segment we have 2 VMs APP1 and APP2.</p>
<p>All in, all good, all tested and working.</p>
<p>Next time we’ll dig into the caveats of using this deployment model.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nsx-vcenter-virtual-networking/">NSX vCenter Plug-in Deployment - Virtual Networking Configuration</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 16, 2023.</p>
https://polarclouds.co.uk/nsx-vcenter-security-only-caveats2023-02-08T00:00:00+00:002023-02-08T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX-T Logo" src="/images/nsx-vcenter-plugin-deployment/nsx-vcenter-plugin-deployment-00.png" />
Over the course of my previous two posts, we have looked at deploying VMware NSX via the vCenter plug-in and then configuring the plug-in using the Security Only configuration. If you missed either or both of the posts, catch up here:</p>
<ul>
<li><a href="/nsx-vcenter-plugin-deployment/" target="_blank">NSX vCenter Plug-in Deployment</a></li>
<li><a href="/nsx-vcenter-security-only/" target="_blank">NSX vCenter Plug-in Deployment - Security Only Configuration</a></li>
</ul>
<p>In this post we will look at the caveats that apply to using NSX security only configuration via the vCenter plug-in.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#the-scenario" id="markdown-toc-the-scenario">The Scenario</a></li>
<li><a href="#the-problem" id="markdown-toc-the-problem">The Problem</a> <ul>
<li><a href="#create-overlay-transport-zone" id="markdown-toc-create-overlay-transport-zone">Create Overlay Transport Zone</a></li>
<li><a href="#modify-transport-node-profile" id="markdown-toc-modify-transport-node-profile">Modify Transport Node Profile</a></li>
<li><a href="#create-new-transport-node-profile" id="markdown-toc-create-new-transport-node-profile">Create New Transport Node Profile</a></li>
<li><a href="#create-new-vlan-transport-zone" id="markdown-toc-create-new-vlan-transport-zone">Create New VLAN Transport Zone</a></li>
<li><a href="#create-new-transport-node-profile---take-2" id="markdown-toc-create-new-transport-node-profile---take-2">Create New Transport Node Profile - Take 2</a></li>
<li><a href="#apply-new-transport-node-profile-to-cluster" id="markdown-toc-apply-new-transport-node-profile-to-cluster">Apply New Transport Node Profile to Cluster</a></li>
</ul>
</li>
<li><a href="#possible-workaround" id="markdown-toc-possible-workaround">Possible Workaround</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="the-scenario">The Scenario</h2>
<p>PolarCloudsCo deployed NSX-T or <a href="https://blogs.vmware.com/partnernews/2022/04/nsx-data-center-name-change.html" target="_blank">NSX as it is now known as</a> in a security only configuration just over twelve months ago.</p>
<p>Given the success of PolarCloudsCo, they are now looking to expand their datacenter provision by adding a second site or cloud. The second site will be used for provisioning some production services as well as providing failover and resiliency for their existing services run from their existing site.</p>
<p>To achieve this, PolarCloudsCo would like to extend their existing NSX deployment into their second site or cloud and leverage NSX networking and routing as well as NSX security.</p>
<h2 id="the-problem">The Problem</h2>
<p>When NSX is deployed using the vSphere vCenter plug-in security only wizard option, <strong>there is no quick way to add virtual networking to the deployment.</strong></p>
<p>To fully understand the issue, let’s run through the workflow to see where the wheels fall off.</p>
<h3 id="create-overlay-transport-zone">Create Overlay Transport Zone</h3>
<p>To enable networking and routing, we need to create an overlay transport zone. Let’s create that then:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Create Overlay TZ" src="/images/nsx-vcenter-security-only-caveats/nsx-vcenter-security-only-caveats-01.png" /></p>
<h3 id="modify-transport-node-profile">Modify Transport Node Profile</h3>
<p>OK, now that we have our Overlay Transport zone, we need to add it to the transport node profile that our cluster / hosts are currently attached to:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Modify Transport Node Profile" src="/images/nsx-vcenter-security-only-caveats/nsx-vcenter-security-only-caveats-02.png" /></p>
<p>Ah…. Edit is greyed out meaning we are unable to modify it.</p>
<h3 id="create-new-transport-node-profile">Create New Transport Node Profile</h3>
<p>OK, so let’s create a brand new transport node profile, using our existing VLAN transport zone and our new Overlay transport zone:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Trans Node Profile" src="/images/nsx-vcenter-security-only-caveats/nsx-vcenter-security-only-caveats-03.png" /></p>
<p>This results in the error:</p>
<blockquote>
<p>Using system created TZ for transportNodeProfile (Error code: 26903)</p>
</blockquote>
<p>Our VLAN transport zone is system owned, therefore we are unable to modify or use it in our new transport zone profile.</p>
<h3 id="create-new-vlan-transport-zone">Create New VLAN Transport Zone</h3>
<p>OK, so lets create a new VLAN transport zone as well then:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add VLAN Transport Zone" src="/images/nsx-vcenter-security-only-caveats/nsx-vcenter-security-only-caveats-04.png" /></p>
<h3 id="create-new-transport-node-profile---take-2">Create New Transport Node Profile - Take 2</h3>
<p>Let’s have a second go at a new transport node profile, using our new VLAN and Overlay transport zones:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Replacement Trans Node Profile" src="/images/nsx-vcenter-security-only-caveats/nsx-vcenter-security-only-caveats-05.png" /></p>
<p>OK, we have our existing and replacement transport node profiles.</p>
<h3 id="apply-new-transport-node-profile-to-cluster">Apply New Transport Node Profile to Cluster</h3>
<p>Finally, lets update our cluster to use the new Trans Node Profile:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Attach Replmnt Trans Node Profile" src="/images/nsx-vcenter-security-only-caveats/nsx-vcenter-security-only-caveats-06.png" /></p>
<p>Fail:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Attach Replmnt Trans Node Profile Fail" src="/images/nsx-vcenter-security-only-caveats/nsx-vcenter-security-only-caveats-07.png" /></p>
<blockquote>
<p>Transport Node Collection is configured for security. Update is not allowed. To update the Transport Node Collection, uninstall NSX from the cluster and then apply the desired Transport Node Profile (Error code: 26908)</p>
</blockquote>
<p>Uninstalling NSX will also remove the distributed firewall and all our carefully hand crafted firewall rules.</p>
<p>Without the distributed firewall, all VMs would be exposed to undesirable traffic.</p>
<p>So we are stuck.</p>
<h2 id="possible-workaround">Possible Workaround</h2>
<p>A potential way around this would be to remove a host from the existing cluster, rebuild and use this rebuilt host as a basis to create a new cluster with its own distributed switch. From there VMs could be migrated from existing hosts on to the new cluster. Existing firewall rules would follow the VMs to the new cluster.</p>
<p>However this would assume that there is enough capacity in the existing cluster allow the removal and rebuild of a host in the first place.</p>
<p>After all of that work is done however we would still have the original system generated VLAN Transport Zone and Transport Node Profile configurations floating around in our environment that cannot be removed as they remain system owned.</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>Take care when deploying NSX Security Only via the vSphere Plug-in.</p>
<p>If there is even a remote possibility of a move to virtual networking after deployment, then by all means install the vCenter plug-in but manually configure security only as detailed in my post <a href="/nsx-t-3-2-manual-microsegmentation/" target="_blank">NSX-T 3.2: Micro-Segmentation Only Deployment - Manual Setup</a> rather then using the configuration wizard.</p>
<p>Sometimes taking a shortcut today can cause undesired consequences tomorrow.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nsx-vcenter-security-only-caveats/">NSX vCenter Plug-in Deployment - Security Only Configuration: Caveats</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 08, 2023.</p>
https://polarclouds.co.uk/nsx-vcenter-security-only2023-02-01T00:00:00+00:002023-02-01T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX-T Logo" src="/images/nsx-vcenter-plugin-deployment/nsx-vcenter-plugin-deployment-00.png" />
Last time, we looked at deploying NSX as a plug-in to vCenter server. See <a href="/nsx-vcenter-plugin-deployment/" target="_blank">NSX vCenter Plug-in Deployment</a> to catch up if needed.</p>
<p>This time we will run through the security only configuration of NSX.</p>
<p>To recap; historically NSX-T or <a href="https://blogs.vmware.com/partnernews/2022/04/nsx-data-center-name-change.html" target="_blank">NSX as it is now known as</a> was installed as a separate entity and managed away from vCenter and the vSphere client.</p>
<p>Since the releases of vSphere 7.0 Update 3 and NSX 3.2.0, NSX can now optionally be installed and managed in the vSphere client via a vCenter plug-in in much the same way as the previous VMware network virtualisation product, <a href="/nsx-data-center-failover-pt2/#disconnect-secondary-nsx-manger-from-primary" target="_blank">NSX-v used to be</a>.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#what-is-an-nsx-security-only-configuration" id="markdown-toc-what-is-an-nsx-security-only-configuration">What is an NSX Security Only Configuration?</a></li>
<li><a href="#the-nsx-distributed-firewall-essentials" id="markdown-toc-the-nsx-distributed-firewall-essentials">The NSX Distributed Firewall: Essentials</a></li>
<li><a href="#the-nsx-distributed-firewall-rules" id="markdown-toc-the-nsx-distributed-firewall-rules">The NSX Distributed Firewall: Rules</a></li>
<li><a href="#configuring-an-nsx-security-only-deployment-via-the-vcenter-plug-in" id="markdown-toc-configuring-an-nsx-security-only-deployment-via-the-vcenter-plug-in">Configuring an NSX Security Only Deployment via the vCenter Plug-in</a></li>
<li><a href="#the-nsx-distributed-firewall-default-rule" id="markdown-toc-the-nsx-distributed-firewall-default-rule">The NSX Distributed Firewall: Default Rule</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="what-is-an-nsx-security-only-configuration">What is an NSX Security Only Configuration?</h2>
<p>In this configuration, only the security-related components of NSX are deployed, such as the distributed firewall, intrusion detection and prevention and micro-segmentation. This allows organizations to quickly and easily implement advanced security features without having to deploy the full range of NSX-T networking functionality.</p>
<p>An NSX Security Only configuration is typically used in cases where an organization already has an existing network infrastructure in place and only wants to add security features to it.</p>
<p>The deployment of an NSX Security Only Configuration can be done with a minimal number of components, and can be done in a shorter time frame, as it does not require the deployment of additional network services such as routing, switching and load balancing.</p>
<h2 id="the-nsx-distributed-firewall-essentials">The NSX Distributed Firewall: Essentials</h2>
<p>Before we continue, we need to understand the NSX Distributed Firewall.</p>
<p>Consider the following diagram:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="NSX Distributed Firewall" src="/images/nsx-vcenter-security-only/nsx-vcenter-security-only-00.png" /></p>
<p>The host ESXi-Site-A.lab has been prepared for NSX. As a result of the NSX preparation, each of our VMs gain an external firewall. The firewall is distributed to all VMs running on the prepared ESXi hosts.</p>
<p>Whilst the firewall the VMs receive is external to the VMs themselves (the NSX firewall is substantiated in the kernel of the ESXi host rather than in the O/S of the VMs themselves), it is centrally managed via the NSX user interface / API.</p>
<p>So to recap, the NSX firewall is distributed, yet centrally managed.</p>
<p>What’s more is that the NSX distributed firewall is vSphere object aware. A vSphere object maybe a single VM, a collection of VMs, VMs with a specific tag, VMs running a specific operating system, etc, etc. Therefore firewall rules may be constructed that reference vSphere objects rather than network characteristics; IP address etc.</p>
<p>If you wish to delve deeper into the NSX distributed firewall, you can <a href="https://www.vmware.com/products/nsx-distributed-firewall.html" target="_blank">find more here</a>.</p>
<h2 id="the-nsx-distributed-firewall-rules">The NSX Distributed Firewall: Rules</h2>
<p>The NSX distributed firewall management interface comes with five predefined categories for firewall rules. These categories allow you to organise your firewall rules.</p>
<p>Categories are evaluated by the NSX distributed firewall from left to right (Ethernet > Emergency > Infrastructure > Environment > Application) and the rules within each category are evaluated top down.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="NSX Distributed Firewall Categories" src="/images/nsx-vcenter-security-only/nsx-vcenter-security-only-00a.png" /></p>
<p>Image taken from NSX documentation <a href="https://docs.vmware.com/en/VMware-NSX/4.0/administration/GUID-6AB240DB-949C-4E95-A9A7-4AC6EF5E3036.html" target="_blank">here</a>.</p>
<h2 id="configuring-an-nsx-security-only-deployment-via-the-vcenter-plug-in">Configuring an NSX Security Only Deployment via the vCenter Plug-in</h2>
<p>Let’s begin the configuration. As mentioned, this builds upon the installation we completed <a href="/nsx-vcenter-plugin-deployment/" target="_blank">last time</a>.</p>
<p>From the vSphere Client menu, select <strong>NSX</strong>. From the wizard, select the Security Only <strong>Get Started</strong> option:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Select Get Started" src="/images/nsx-vcenter-security-only/nsx-vcenter-security-only-01.png" /></p>
<p>Choose the correct cluster and select <strong>Install NSX</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Select Cluster" src="/images/nsx-vcenter-security-only/nsx-vcenter-security-only-02.png" /></p>
<p>As discussed <a href="/nsx-vcenter-plugin-deployment/#vsphere-environment">previously</a>, our environment is using a VDS version 8.0, so we are good to click <strong>Install</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Install Security Prompt" src="/images/nsx-vcenter-security-only/nsx-vcenter-security-only-03.png" /></p>
<p>Allow time for the host preparation to complete. Click on <strong>Installing NSX</strong>, to track the installation progress:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="NSX Host Preparation" src="/images/nsx-vcenter-security-only/nsx-vcenter-security-only-04.png" /></p>
<p>Once complete, we can see that our ESXi host is prepared with the correct version of NSX:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="NSX Host Preparation Complete" src="/images/nsx-vcenter-security-only/nsx-vcenter-security-only-05.png" /></p>
<p>Click <strong>Next</strong> to continue.</p>
<p>Let’s start creating some firewall rules:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Create Firewall Rules" src="/images/nsx-vcenter-security-only/nsx-vcenter-security-only-06.png" /></p>
<p>As we touched upon earlier, we can see the beginnings of our NSX firewall rule categories.</p>
<p><strong>NOTE:</strong> <em>As this is a demo environment, I’ll create just one rule for demonstration purposes. No doubt your environment will be different and will need significantly more than just one rule!</em></p>
<p>Lets create a group for our DNS Servers. Choose the DNS infrastructure service, and select <strong>Define Group</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Define Firewall Group" src="/images/nsx-vcenter-security-only/nsx-vcenter-security-only-07.png" /></p>
<p>Let’s name the group, create the NSX Tag and as my DNS server is external to the vSphere environment, let’s supply it’s IP address:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Define DNS Firewall Group" src="/images/nsx-vcenter-security-only/nsx-vcenter-security-only-08.png" /></p>
<p>After saving, Let’s select <strong>Define Communications</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Define Communications" src="/images/nsx-vcenter-security-only/nsx-vcenter-security-only-09.png" /></p>
<p>I’m happy that <strong>Any</strong> source can talk to my DNS-Servers-Group. Let’s select the service that they can use:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Access Infrastructure Services" src="/images/nsx-vcenter-security-only/nsx-vcenter-security-only-10.png" /></p>
<p>Filtering for TCP and UDP DNS services, lets select both and apply:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Set Services" src="/images/nsx-vcenter-security-only/nsx-vcenter-security-only-11.png" /></p>
<p>Looks good:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Services Review" src="/images/nsx-vcenter-security-only/nsx-vcenter-security-only-12.png" /></p>
<p>Let’s review and finally publish:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Final Review" src="/images/nsx-vcenter-security-only/nsx-vcenter-security-only-13.png" /></p>
<p>We are done!</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Security configuration completed successfully!" src="/images/nsx-vcenter-security-only/nsx-vcenter-security-only-14.png" /></p>
<p>OK, lets take a look at the distributed firewall from the NSX Dashboard:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Open Distributed Firewall from Dashboard" src="/images/nsx-vcenter-security-only/nsx-vcenter-security-only-15.png" /></p>
<p>Looking in the infrastructure category, we can see our DNS firewall rule:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Distributed Firewall Infrastructure Category" src="/images/nsx-vcenter-security-only/nsx-vcenter-security-only-16.png" /></p>
<h2 id="the-nsx-distributed-firewall-default-rule">The NSX Distributed Firewall: Default Rule</h2>
<p><strong>STOP!</strong> Before continuing, take a look at my <a href="/nsx-dfw-system-excluded-vm-list-empty/" target="_blank">NSX DFW System Excluded VM List Empty</a> post. Don’t saw off the branch you’re sitting on!</p>
<p>Upon a fresh install, out of the box, the very bottom three rules of the application category - that is the very last three rules to be evaluated - are set by default to allow any traffic from any source to any destination:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Default Allow Rules" src="/images/nsx-vcenter-security-only/nsx-vcenter-security-only-17.png" /></p>
<p>Depending on the security stance of your environment, it is advisable to review these and set these default rules as appropriate. If making changes, publish when complete:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Default Allow Rule Changes" src="/images/nsx-vcenter-security-only/nsx-vcenter-security-only-18.png" /></p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>In this post we completed perhaps the simplest NSX installation model: an NSX Security Only Deployment via the vSphere vCenter Plug-in, using the quick start wizard.</p>
<p>If you are looking to “dip your toe into the world of NSX” then the deployment model covered in <a href="/nsx-vcenter-plugin-deployment/" target="_blank">NSX vCenter Plug-in Deployment</a> and this post will get your NSX environment up and running quickly and efficiently.</p>
<p>Having said that, there are caveats to using this deployment model that need to be considered prior to installation.</p>
<p>We will look at those next time.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nsx-vcenter-security-only/">NSX vCenter Plug-in Deployment - Security Only Configuration</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 01, 2023.</p>
https://polarclouds.co.uk/nsx-vcenter-plugin-deployment2023-01-23T00:00:00+00:002023-01-23T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX-T Logo" src="/images/nsx-vcenter-plugin-deployment/nsx-vcenter-plugin-deployment-00.png" />
In this post we will look at installing NSX as a plug-in to vCenter server, as promised <a href="/nsx-t-3-2-manual-microsegmentation/" target="_blank">a while ago</a>.</p>
<p>Historically, NSX-T or <a href="https://blogs.vmware.com/partnernews/2022/04/nsx-data-center-name-change.html" target="_blank">just NSX</a> as it is now known as was installed as a separate entity and managed away from vCenter and the vSphere client.</p>
<p>Since the releases of vSphere 7.0 Update 3 and NSX 3.2.0, NSX can now be installed and managed in the vSphere client via a vCenter plug-in in much the same way as the previous VMware network virtualisation product, <a href="/nsx-data-center-failover-pt2/#disconnect-secondary-nsx-manger-from-primary" target="_blank">NSX-v used to be</a>.</p>
<p>First off, let’s take a look around our environment prior to NSX deployment.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#vsphere-environment" id="markdown-toc-vsphere-environment">vSphere Environment</a></li>
<li><a href="#nsx-deployment" id="markdown-toc-nsx-deployment">NSX Deployment</a></li>
<li><a href="#options" id="markdown-toc-options">Options</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="vsphere-environment">vSphere Environment</h2>
<p>vSphere 8.0 environment consisting of one ESXi 8.0 and one vCenter 8.0 server:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Environment 1" src="/images/nsx-vcenter-plugin-deployment/nsx-vcenter-plugin-deployment-01.png" /></p>
<p>A single version 8.0 vSphere Distributed Switch (VDS) handling all connectivity via two uplink NICs:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Environment 1a" src="/images/nsx-vcenter-plugin-deployment/nsx-vcenter-plugin-deployment-01a.png" /></p>
<p>VDS topology:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Environment 2" src="/images/nsx-vcenter-plugin-deployment/nsx-vcenter-plugin-deployment-02.png" /></p>
<h2 id="nsx-deployment">NSX Deployment</h2>
<p>OK, let’s download the correct NSX installer from the <a href="https://customerconnect.vmware.com/en/downloads/info/slug/networking_security/vmware_nsx/4_x" target="_blank">VMware software portal</a>. In this article I’ll be deploying NSX v4.0.1.1 into my vSphere 8.0 environment:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Select NSX Manager vCenter Plugin" src="/images/nsx-vcenter-plugin-deployment/nsx-vcenter-plugin-deployment-03.png" /></p>
<p>Next, from the vSphere Client menu, select the <strong>NSX</strong> option:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Select NSX" src="/images/nsx-vcenter-plugin-deployment/nsx-vcenter-plugin-deployment-04.png" /></p>
<p>The install wizard starts. Select <strong>Install NSX</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Select Install NSX" src="/images/nsx-vcenter-plugin-deployment/nsx-vcenter-plugin-deployment-05.png" /></p>
<p>Supply location of downloaded NSX Manager with vCenter Plug-in OVA file:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Find Downloaded File" src="/images/nsx-vcenter-plugin-deployment/nsx-vcenter-plugin-deployment-06.png" /></p>
<p>Name the VM and select an inventory location for the VM to reside:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Name VM" src="/images/nsx-vcenter-plugin-deployment/nsx-vcenter-plugin-deployment-07.png" /></p>
<p>Select the ESXi Host (if <a href="https://www.vmware.com/uk/products/vsphere/drs-dpm.html" target="_blank">DRS</a> not enabled for your cluster):</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Select Compute Resource" src="/images/nsx-vcenter-plugin-deployment/nsx-vcenter-plugin-deployment-08.png" /></p>
<p>Confirm access to vCenter Server:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Confirm vCenter Access" src="/images/nsx-vcenter-plugin-deployment/nsx-vcenter-plugin-deployment-09.png" /></p>
<p>Select NSX Manager VM deployment size. For sizing requirements, see <a href="https://docs.vmware.com/en/VMware-NSX/4.0/installation/GUID-AECA2EE0-90FC-48C4-8EDB-66517ACFE415.html#nsx-manager-vm-resource-requirements-3" target="_blank">NSX 4.0 Manager VM Resource Requirements</a>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Select Manager Size" src="/images/nsx-vcenter-plugin-deployment/nsx-vcenter-plugin-deployment-10.png" /></p>
<p>Select datastore for the NSX Manager VM:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Select Storage" src="/images/nsx-vcenter-plugin-deployment/nsx-vcenter-plugin-deployment-11.png" /></p>
<p>Select management network for the NSX Manager VM:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Select Network" src="/images/nsx-vcenter-plugin-deployment/nsx-vcenter-plugin-deployment-12.png" /></p>
<p>Complete the required information. At a minimum, you need to provide NSX Manager:</p>
<ul>
<li>Root account password</li>
<li>Hostname</li>
<li>IP address details (if not using DHCP)</li>
<li>DNS details</li>
<li>NTP details</li>
</ul>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Complete Details" src="/images/nsx-vcenter-plugin-deployment/nsx-vcenter-plugin-deployment-13.png" /></p>
<p>Select vCenter to associate NSX with:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Associate vCenter" src="/images/nsx-vcenter-plugin-deployment/nsx-vcenter-plugin-deployment-14.png" /></p>
<p>Review and finish NSX manager deployment wizard:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Ready to Complete" src="/images/nsx-vcenter-plugin-deployment/nsx-vcenter-plugin-deployment-15.png" /></p>
<p>Allow some time for the NSX-T manager VM to complete it’s first boot activities and initial configuration. In normal circumstances this can take around 15 to 20 minutes to complete.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Start NSX Onboarding" src="/images/nsx-vcenter-plugin-deployment/nsx-vcenter-plugin-deployment-16.png" /></p>
<p>After refreshing the browser to load the NSX plug-in, Select <strong>NSX</strong> from the vSphere Client menu again:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Select Installed NSX Plug In" src="/images/nsx-vcenter-plugin-deployment/nsx-vcenter-plugin-deployment-17.png" /></p>
<p>Welcome indeed! Let’s supply our licence key:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Licence Key" src="/images/nsx-vcenter-plugin-deployment/nsx-vcenter-plugin-deployment-18.png" /></p>
<p>Finally we arrive at the Getting Started Wizard page:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Select one of the recommended use cases to configure NSX" src="/images/nsx-vcenter-plugin-deployment/nsx-vcenter-plugin-deployment-19.png" /></p>
<p>As a check, yes we can also browse and login directly to our newly deployed NSX manager:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="NSX Manager Interface" src="/images/nsx-vcenter-plugin-deployment/nsx-vcenter-plugin-deployment-20.png" /></p>
<h2 id="options">Options</h2>
<p>For those who <strong><em>don’t wanna follow no crazy wizard!!1!</em></strong> - that is those of a more hardcore or “back to basics” type of disposition, wishing to learn about the NSX installation process and the configuration that makes up an NSX deployment from the ground up by doing it manually, check out the following:</p>
<p><strong>Manual NSX Installation: Security Only</strong> (also known as a Micro-Segmentation installation):</p>
<ul>
<li><a href="/nsx-t-3-2-manual-microsegmentation/" target="_blank">NSX-T 3.2: Micro-Segmentation Only Deployment - Manual Setup</a></li>
</ul>
<p><strong>Manual NSX Installation: Virtual Networking</strong> (also known as an Overlay installation):</p>
<ul>
<li><a href="/nsx-t-overlay-lab-pt1/" target="_blank">NSX-T 3.2: Overlay Lab Build - Part 1</a></li>
<li><a href="/nsx-t-overlay-lab-pt2/" target="_blank">NSX-T 3.2: Overlay Lab Build - Part 2</a></li>
</ul>
<p><strong>Automated NSX Installation:</strong> For those that don’t want to follow an NSX wizard <strong>OR</strong> complete a manual install:</p>
<ul>
<li><a href="/nsx-t-overlay-lab-pt3/" target="_blank">NSX-T 3.2: Overlay Lab Build - Part 3</a></li>
</ul>
<p>Where we complete an NSX virtual networking installation using PowerShell and NSX API calls alone!</p>
<p>Options, options. Plenty of options!</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>That will do it for this post. In upcoming posts we will follow the security only and virtual networking wizards to complete our NSX installs.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nsx-vcenter-plugin-deployment/">NSX vCenter Plug-in Deployment</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 23, 2023.</p>
https://polarclouds.co.uk/nsx-dfw-system-excluded-vm-list-empty2023-01-16T00:00:00+00:002023-01-16T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Sawing Off the Branch" src="/images/nsx-system-excluded-vm-list-empty/nsx-system-excluded-vm-list-empty-01.jpg" /></p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#question-when-is-the-worst-time-to-find-the-nsx-distributed-firewall-system-excluded-vm-list-is-empty" id="markdown-toc-question-when-is-the-worst-time-to-find-the-nsx-distributed-firewall-system-excluded-vm-list-is-empty">Question: When is the worst time to find the NSX Distributed Firewall System Excluded VM list is empty?</a></li>
<li><a href="#oh-fk-1" id="markdown-toc-oh-fk-1">Oh F\/£k !!!!!1!!</a></li>
<li><a href="#background" id="markdown-toc-background">Background</a></li>
<li><a href="#recovery" id="markdown-toc-recovery">Recovery</a></li>
<li><a href="#recovery---discussion-points" id="markdown-toc-recovery---discussion-points">Recovery - Discussion Points</a></li>
<li><a href="#making-sure-this-does-not-happen-again" id="markdown-toc-making-sure-this-does-not-happen-again">Making Sure This Does Not Happen Again</a></li>
<li><a href="#making-sure-this-does-not-happen-again---testing" id="markdown-toc-making-sure-this-does-not-happen-again---testing">Making Sure This Does Not Happen Again - Testing</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h3 id="question-when-is-the-worst-time-to-find-the-nsx-distributed-firewall-system-excluded-vm-list-is-empty">Question: When is the worst time to find the NSX Distributed Firewall System Excluded VM list is empty?</h3>
<p>Hint:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Setting Default Rules" src="/images/nsx-system-excluded-vm-list-empty/nsx-system-excluded-vm-list-empty-02.png" /></p>
<p>Yep that’s it. When running NSX manager VM(s) on a cluster prepared for NSX and then setting the default NSX distributed firewall rules to <strong>Drop</strong> or <strong>Reject</strong>.</p>
<p>And that’s when all hell doesn’t break loose. Quite the opposite in fact.</p>
<h2 id="oh-fk-1">Oh F\/£k !!!!!1!!</h2>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="NSX Manager Unknown" src="/images/nsx-system-excluded-vm-list-empty/nsx-system-excluded-vm-list-empty-03.png" /></p>
<p>Yeah… a whole lot of nothing going on.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="No ping!" src="/images/nsx-system-excluded-vm-list-empty/nsx-system-excluded-vm-list-empty-04.png" /></p>
<p>Yep. My NSX Manager is completely firewalled from the rest of my network and for all intents and purposes offline.</p>
<p>Choice words were spoken… Very choice words indeed…</p>
<h2 id="background">Background</h2>
<p>Whilst writing an upcoming post on deploying NSX using the vCenter plug-in, I had my vSphere 8.0 and NSX 4.0.1.1 environment all in and spinning nicely. Final thing to talk about were the very bottom three rules of the application category - that is the very last three rules to be evaluated by the distributed firewall - which are set by default to allow any traffic from any source to any destination.</p>
<p>Yep, just set those to drop (or reject) and publish.</p>
<p>Aaaand that is where we find ourselves; a firewalled NSX manager that we are unable to get at via the network to turn off said firewall.</p>
<h2 id="recovery">Recovery</h2>
<p>So how do we recover from this situation?</p>
<p>How can we disable the NSX distributed firewall without using the NSX web GUI?</p>
<p>From the NSX command line interface (CLI) perhaps?</p>
<p>What is the “magic” command to allow access again?</p>
<p>After much googling and CLI bashing, I discovered this command to be run on the ESXi server hosting my NSX Manager VM (this is a lab so I only have one manager - production environments should have three) to recover access to NSX Manager again:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">vsipioctl clearallfilters <span class="nt">-Override</span></code></pre></figure>
<p>Which when run on the ESXi host in question, looks like this (I suggest reading discussion points below BEFORE running):</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="vsipioctl clearallfilters -Override" src="/images/nsx-system-excluded-vm-list-empty/nsx-system-excluded-vm-list-empty-05.png" /></p>
<p>I was then able to access my NSX Manager and change my default rules back.</p>
<p>For good measure after recovery I rebooted my ESXi host too.</p>
<h2 id="recovery---discussion-points">Recovery - Discussion Points</h2>
<p>Some points to consider:</p>
<ol>
<li>
<p>Migrate (vMotion) all VMs other than the affected NSX Manager VM(s) away from the ESXi host that the command is run on. This command will unilaterally remove <strong>ALL firewall rules from ALL VMs</strong> on the ESXi host it is run on.</p>
</li>
<li>
<p>Searching for the <code class="language-plaintext highlighter-rouge">vsipioctl clearallfilters</code> command in the VMware Knowledge Base results in just one hit: <a href="https://kb.vmware.com/s/article/74556" target="_blank">vNICs are disconnected after NSX is uninstalled from ESXi (74556)</a>. At the time of writing this post, the related products section of this KB article lists only NSX for vSphere (aka NSX-v), not NSX-T or <a href="https://blogs.vmware.com/partnernews/2022/04/nsx-data-center-name-change.html" target="_blank">NSX as it is now known as</a>.</p>
</li>
<li>
<p>After rebooting the ESXi host, you may find that firewall rules are still not being applied to VMs running on the . To resolve disconnect, save, reconnect and save each network connection for each VM affected:</p>
</li>
</ol>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Network Adapter" src="/images/nsx-system-excluded-vm-list-empty/nsx-system-excluded-vm-list-empty-06.png" /></p>
<p>Temporarily moving VMs to a different VDS port group and back may help too. Anything to get the ESXi host to rebuild it’s dvfilter table.</p>
<h2 id="making-sure-this-does-not-happen-again">Making Sure This Does Not Happen Again</h2>
<p>How can we make sure that this doesn’t happen again?</p>
<p>By making use of the user configured <strong>Distributed Firewall Exclusion List</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Select Distributed Firewall Exclusion List" src="/images/nsx-system-excluded-vm-list-empty/nsx-system-excluded-vm-list-empty-07.png" /></p>
<p>Whilst we are here, a quick look in the <strong>System Excluded VMs</strong> list, shows nothing going on as suspected and experienced:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="System Excluded VMs List" src="/images/nsx-system-excluded-vm-list-empty/nsx-system-excluded-vm-list-empty-08.png" /></p>
<p>Back to <strong>User Excluded Groups</strong>, let’s add, name and save our <strong>DFW-Excluded</strong> group:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Save Exclusion List" src="/images/nsx-system-excluded-vm-list-empty/nsx-system-excluded-vm-list-empty-09.png" /></p>
<p>Navigate to <strong>Inventory > Groups</strong> and edit the newly created <strong>DFW-Excluded</strong> group. Let’s set some members:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Edit DFW-Excluded Group" src="/images/nsx-system-excluded-vm-list-empty/nsx-system-excluded-vm-list-empty-10.png" /></p>
<p>I’ll add my NSX Manager by VM name:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add NSX Manager VM to DFW-Excluded" src="/images/nsx-system-excluded-vm-list-empty/nsx-system-excluded-vm-list-empty-11.png" /></p>
<p>As it’s external to the NSX prepared environment (it’s running on another ESXi host), I’ll add my vCenter server by IP as well for good measure:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add vCenter IP to DFW-Excluded" src="/images/nsx-system-excluded-vm-list-empty/nsx-system-excluded-vm-list-empty-12.png" /></p>
<p><strong>Save</strong> (twice) and lets look at the members of our DFW-Excluded group. First VMs:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="DFW-Excluded Member VMs" src="/images/nsx-system-excluded-vm-list-empty/nsx-system-excluded-vm-list-empty-13.png" /></p>
<p>Looks good. Checking IP addresses, we can see both the IPs of our vCenter and our NSX Manager listed (Remember production environments should have three NSX Managers deployed - this is just a lab):</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="DFW-Excluded Member IPs" src="/images/nsx-system-excluded-vm-list-empty/nsx-system-excluded-vm-list-empty-14.png" /></p>
<h2 id="making-sure-this-does-not-happen-again---testing">Making Sure This Does Not Happen Again - Testing</h2>
<p>Let’s pop in a distributed firewall rule to drop ping from any source to any destination:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="ICMP any/any Drop" src="/images/nsx-system-excluded-vm-list-empty/nsx-system-excluded-vm-list-empty-15.png" /></p>
<p>Yep, we can still ping our NSX Manager:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="ICMP Test" src="/images/nsx-system-excluded-vm-list-empty/nsx-system-excluded-vm-list-empty-16.png" /></p>
<p>Finally let’s set the default rules to <strong>Drop</strong> again, and publish:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Set Default Rules to Drop Again" src="/images/nsx-system-excluded-vm-list-empty/nsx-system-excluded-vm-list-empty-17.png" /></p>
<p>A refresh of the browser to check that the vCenter NSX plug-in reloads…</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="All Good" src="/images/nsx-system-excluded-vm-list-empty/nsx-system-excluded-vm-list-empty-18.png" /></p>
<p>Yep we are all good! Phew!</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>Well, a post that I did not think I would need to write. That said, a good post to have in the back pocket should I/you need to stop the NSX distributed firewall in a hurry in the future.</p>
<p>Certainly reading through the <a href="https://docs.vmware.com/en/VMware-NSX/4.0/administration/GUID-3B3C278D-4E35-4CE9-A4E2-ED6B1F25ABCE.html" target="_blank">Manage a Firewall Exclusion List</a> section of the NSX documentation on the VMware website:</p>
<blockquote>
<p>NSX has system excluded virtual machines, and user excluded groups. NSX Manager and NSX Edge node virtual machines are automatically added to the read-only the System Excluded VMs list.</p>
</blockquote>
<p>Not in an NSX 4.0.1.1 vSphere 8.0 plug-in environment they are not!</p>
<p>Finally as perhaps proof of a small world, take a look at the third command listed towards the bottom of this post: <a href="/nsx-t-nested-host-prep-failed/" target="_blank">NSX-T Nested ESXi Host Preparation Failed or Timed Out</a>.</p>
<p>It would seem that I had the answer all along, yet I didn’t know it.</p>
<p>…story of my life… :wink:</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nsx-dfw-system-excluded-vm-list-empty/">NSX DFW System Excluded VM List Empty</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 16, 2023.</p>
https://polarclouds.co.uk/vms-with-tpms2023-01-09T00:00:00+00:002023-01-09T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="ESXi + Key" src="/images/vms-with-tpms/vms-with-tpms-01.png" />
A quick post to show how to handle the creation of Virtual Machines (VMs) that require Trusted Platform Modules (TPMs) to function.</p>
<p>A Trusted Platform Module, or TPM, is a secure crypto processor that secures a computer via an integrated cryptographic key. But in more basic terms, it’s like a security alarm for your computer (or virtual machine) to prevent hackers or malware from accessing data.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#tpms-and-vtpms" id="markdown-toc-tpms-and-vtpms">TPMs and vTPMs</a></li>
<li><a href="#create-vsphere-native-key-provider" id="markdown-toc-create-vsphere-native-key-provider">Create vSphere Native Key Provider</a></li>
<li><a href="#provision-a-vm-with-a-vtpm" id="markdown-toc-provision-a-vm-with-a-vtpm">Provision a VM with a vTPM</a></li>
<li><a href="#deletion-of-a-key-provider" id="markdown-toc-deletion-of-a-key-provider">Deletion of a Key Provider</a></li>
<li><a href="#restore-key-provider" id="markdown-toc-restore-key-provider">Restore Key Provider</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="tpms-and-vtpms">TPMs and vTPMs</h2>
<p>A TPM is a requirement run some modern operating systems such as Windows 11 (<a href="https://www.microsoft.com/en-gb/windows/windows-11-specifications" target="_blank">Windows 11 requirements</a>) without workarounds. Therefore to be able to run, for example Windows 11 as a virtual machine, our VM is going to need a Virtual TPM or vTPM.</p>
<p>Let’s look closer at creating a VM with a VTPM.</p>
<h2 id="create-vsphere-native-key-provider">Create vSphere Native Key Provider</h2>
<p>Before we can provision VMs with vTPMs, we need a key provider. For deployments of vSphere 7.0 update 2 or later, vCenter has a key provider built in. VMware calls this the vSphere Native Key Provider.</p>
<p>For an overview of the vSphere Native Key Provider, see the Native Key Provider <a href="https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-54B9FBA2-FDB1-400B-A6AE-81BF3AC9DF97.html" target="_blank">documentation</a>.</p>
<p>For the purposes of this post, let’s set up a Native Key Provider.</p>
<p>From the vSphere client select the vCenter instance at the top of the inventory list. Then select <strong>Configure > Security > Add > Add Native Key Provider</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Native Key Provider 1" src="/images/vms-with-tpms/vms-with-tpms-02.png" /></p>
<p>Name the provider:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Native Key Provider 2" src="/images/vms-with-tpms/vms-with-tpms-03.png" /></p>
<p>After creation of the provider, but before we can use it, we need to back up the provider configuration. Select <strong>Back Up</strong> to continue:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Back Up Provider 1" src="/images/vms-with-tpms/vms-with-tpms-04.png" /></p>
<p>Supply a suitably complex password and select <strong>Back Up Key Provider</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Back Up Provider 2" src="/images/vms-with-tpms/vms-with-tpms-05.png" /></p>
<p>Once the backup completes, the provider becomes active and available for use:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Native Provider Provisioned" src="/images/vms-with-tpms/vms-with-tpms-06.png" /></p>
<h2 id="provision-a-vm-with-a-vtpm">Provision a VM with a vTPM</h2>
<p>Right. Let’s create a Windows 11 VM. For brevity, I’ll cover just the salient vTPM points below.</p>
<p>During the Windows 11 VM creation, we can see that the VM will be provided with a vTPM:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add TPM" src="/images/vms-with-tpms/vms-with-tpms-07.png" /></p>
<p>Confirming the VM configuration prior to completion, all looks good:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="TPM Present" src="/images/vms-with-tpms/vms-with-tpms-08.png" /></p>
<p>Let’s fire our VM up:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="TPM Enabled Boot" src="/images/vms-with-tpms/vms-with-tpms-09.png" /></p>
<p>Install Windows 11:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Win11 Installing" src="/images/vms-with-tpms/vms-with-tpms-10.png" /></p>
<p>Looks good:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Win11 Installed" src="/images/vms-with-tpms/vms-with-tpms-11.png" /></p>
<p>Checking our VM details, we can see that the VM is encrypted with a native key provider:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VM Encrypted with Native Key Provider" src="/images/vms-with-tpms/vms-with-tpms-12.png" /></p>
<p>Looking at the virtual hardware from the Windows install within the VM, a TPM can be seen:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Win11 Devices - TPM 2.0" src="/images/vms-with-tpms/vms-with-tpms-13.png" /></p>
<p>And that’s all there is to it! Simple, easy peasy!</p>
<h2 id="deletion-of-a-key-provider">Deletion of a Key Provider</h2>
<p>In the interests of “I wonder what happens when…”, let’s simulate the loss of a Key Provider. First, I’ll delete my Key Provider:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Delete Key Provider" src="/images/vms-with-tpms/vms-with-tpms-14.png" /></p>
<p>Let’s see if our Windows VM will continue to operate correctly. Powering on:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Encrypted VM Power On without NKP 1" src="/images/vms-with-tpms/vms-with-tpms-15.png" /></p>
<p>Yep, VM is starting up OK:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Encrypted VM Power On without NKP 2" src="/images/vms-with-tpms/vms-with-tpms-16.png" /></p>
<p>OK, I’ll power off and remove it from the vCenter inventory:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Remove Encrypted VM" src="/images/vms-with-tpms/vms-with-tpms-17.png" /></p>
<p>Next, I’ll re-register the VM back into the vCenter inventory:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Register Encrypted VM" src="/images/vms-with-tpms/vms-with-tpms-18.png" /></p>
<p>From the start the VM is marked as invalid:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Invalid Encrypted VM" src="/images/vms-with-tpms/vms-with-tpms-19.png" /></p>
<p>After sometime, I receive a “Virtual Machine Locked Alarm”. OK, let’s try an <strong>Unlock VM</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Invalid Encrypted VM Unlock - No NKP 1" src="/images/vms-with-tpms/vms-with-tpms-20.png" /></p>
<p>OK, vCenter will try to transmit an encryption key to my VM:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Invalid Encrypted VM Unlock - No NKP 2" src="/images/vms-with-tpms/vms-with-tpms-21.png" /></p>
<p>As suspected, because the Site-A-Key-Provider no longer exists, I cannot unlock the VM in order to power it on:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Invalid Encrypted VM Unlock - No NKP 3" src="/images/vms-with-tpms/vms-with-tpms-22.png" /></p>
<h2 id="restore-key-provider">Restore Key Provider</h2>
<p>Remember the backup we took before we were able to complete the creation of the Native Key Provider?</p>
<p>Let’s restore that backup now:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Restore Native Key Provider 1" src="/images/vms-with-tpms/vms-with-tpms-23.png" /></p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Restore Native Key Provider 2" src="/images/vms-with-tpms/vms-with-tpms-24.png" /></p>
<p>With the key provider restored, let’s try to unlock our VM again:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Invalid Encrypted VM Unlock - With NKP 1" src="/images/vms-with-tpms/vms-with-tpms-25.png" /></p>
<p>Finally, let’s power the VM on:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Invalid Encrypted VM Unlock - With NKP 2" src="/images/vms-with-tpms/vms-with-tpms-26.png" /></p>
<p>Looks good. Our Windows 11 VM is able to boot again.</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>With a bit of up front configuration, deploying TPM enabled modern operating system based VMs such as Windows 11 are simple enough to complete when using the vSphere Native Key Provider.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/vms-with-tpms/">VMs with TPMs</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 09, 2023.</p>
https://polarclouds.co.uk/voma2022-12-12T00:00:00+00:002022-12-12T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Failed Volume" src="/images/voma/voma-01.png" />
File this one away under “I hope I won’t ever need this, but just in case here it is anyway”.</p>
<p>As a last resort before investigating data restoration from backup(s), or even starting to look for data recovery services, the vSphere On-disk Metadata Analyzer (VOMA) tool can be used to identify and fix incidents of logical volume metadata corruption.</p>
<p>In this post we will take a closer look at VOMA.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#symptoms" id="markdown-toc-symptoms">Symptoms</a></li>
<li><a href="#risks" id="markdown-toc-risks">Risks</a></li>
<li><a href="#using-voma" id="markdown-toc-using-voma">Using VOMA</a></li>
<li><a href="#further-reading" id="markdown-toc-further-reading">Further Reading</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="symptoms">Symptoms</h2>
<p>The following may be observed:</p>
<ul>
<li>No access to files located on a datastore</li>
<li>Reports of metadata errors in the vmkernel.log file</li>
</ul>
<h2 id="risks">Risks</h2>
<p>VOMA is potentially a tool of last resort and as so it should be treated as such. Because VOMA requires all VMs on a suspect volume to either have been powered off or migrated away from the suspect volume (if possible), there are situations where data may become permanently unavailable. Because of this it is always advisable to have current backups of VMs in an environment.</p>
<p>There may be situations where the deletion and recreation of a datastore may be preferable over a repair attempt.</p>
<h2 id="using-voma">Using VOMA</h2>
<p>OK, so you understand the risks, you’ve migrated and/or powered down your VMs and you are ready. Lets look at using the tool.</p>
<p>First open an SSH connection to your ESXi host and issue the command:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">voma</code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VOMA Usage" src="/images/voma/voma-02.png" /></p>
<p>To find the device name of the volume that is having the issues, use the command:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">esxcli storage vmfs extent list</code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="esxcli storage vmfs extent list" src="/images/voma/voma-03.png" /></p>
<p>As you can see for the above screenshot, my datastore <code class="language-plaintext highlighter-rouge">DATASTORE-01</code> has a device name of <code class="language-plaintext highlighter-rouge">mpx.vmhba0:C0:T1:L0</code>.</p>
<p>As VOMA must be run against the partition rather then the device, we need to suffix our device name with <code class="language-plaintext highlighter-rouge">:1</code>. Therefore my device becomes <code class="language-plaintext highlighter-rouge">mpx.vmhba0:C0:T1:L0:1</code>.</p>
<p>First off we will check for errors on my VMFS volume using the following command:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"> voma <span class="nt">-m</span> vmfs <span class="nt">-f</span> check <span class="nt">-d</span> /vmfs/devices/disks/mpx.vmhba0:C0:T1:L0:1</code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VOMA Check Mode" src="/images/voma/voma-04.png" /></p>
<p>In my test environment screenshot above, I’m not seeing any errors reported by VOMA. If you are reading this post, you will probably be seeing a different result.</p>
<p>If you are and you don’t have current good backups and/or you don’t already have a ticket open with VMware support, then I advise you <strong>STOP HERE and REVIEW</strong>.</p>
<p>To continue to try and fix errors with VOMA <a href="/pages/disclaimer" target="_blank">(usual disclaimers apply!)</a>, the following command may be used:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"> voma <span class="nt">-m</span> vmfs <span class="nt">-f</span> fix <span class="nt">-d</span> /vmfs/devices/disks/mpx.vmhba0:C0:T1:L0:1</code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VOMA Fix Mode" src="/images/voma/voma-05.png" /></p>
<h2 id="further-reading">Further Reading</h2>
<p>The following resources offer further information on using VOMA:</p>
<ul>
<li><a href="https://kb.vmware.com/s/article/2036767" target="_blank">Using vSphere On-disk Metadata Analyzer (VOMA) to check VMFS metadata consistency (2036767)</a></li>
<li><a href="https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.storage.doc/GUID-6F991DB5-9AF0-4F9F-809C-B82D3EED7DAF.html" target="_blank">Checking Metadata Consistency with VOMA</a></li>
<li><a href="https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.storage.doc/GUID-43AAB951-70DD-4C6E-AA6E-DFFD00D0F4E6.html" target="_blank">Use VOMA to Check Metadata Consistency</a></li>
<li><a href="https://kb.vmware.com/s/article/2103078" target="_blank">Using VMware vSphere On-disk Metadata Analyzer to re-create missing partition tables on VMware ESXi (2103078)</a></li>
<li><a href="https://kb.vmware.com/s/article/1015413" target="_blank">Data recovery services for data not recoverable by VMware Technical Support (1015413)</a></li>
</ul>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>In this post we took a closer look at the vSphere On-disk Metadata Analyzer (VOMA) tool.</p>
<p>Will VOMA help me in my situation?</p>
<p>Well only you can make that call. If you are already looking at data restoration / recovery situation, then VOMA might just be able to help.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/voma/">vSphere On-disk Metadata Analyzer (VOMA)</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on December 12, 2022.</p>
https://polarclouds.co.uk/vsphere-certificates-vmca-hybrid-mode2022-11-22T00:00:00+00:002022-11-22T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX-T Logo" src="/images/esxi-8-the-unsupported/esxi-8-the-unsupported-01.png" />
In this post we are going to dive into the world of the VMware Certificate Authority and it’s management modes as well as taking a look at vCenter certificates and ESXi certificates. We will also place our VMware Certificate Authority in Hybrid mode.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#vmware-certificate-authority" id="markdown-toc-vmware-certificate-authority">VMware Certificate Authority</a></li>
<li><a href="#vcenter-certificates" id="markdown-toc-vcenter-certificates">vCenter Certificates</a></li>
<li><a href="#vmca-management-modes" id="markdown-toc-vmca-management-modes">VMCA Management Modes</a></li>
<li><a href="#which-management-mode-to-use" id="markdown-toc-which-management-mode-to-use">Which Management Mode to Use?</a> <ul>
<li><a href="#fully-managed-mode" id="markdown-toc-fully-managed-mode">Fully Managed Mode</a></li>
<li><a href="#subordinate-ca-mode" id="markdown-toc-subordinate-ca-mode">Subordinate CA Mode</a></li>
<li><a href="#full-custom-mode" id="markdown-toc-full-custom-mode">Full Custom Mode</a></li>
<li><a href="#hybrid-mode" id="markdown-toc-hybrid-mode">Hybrid Mode</a></li>
</ul>
</li>
<li><a href="#configuring-vmca-hybrid-mode" id="markdown-toc-configuring-vmca-hybrid-mode">Configuring VMCA Hybrid Mode</a> <ul>
<li><a href="#confirm-client-access-certificate" id="markdown-toc-confirm-client-access-certificate">Confirm Client Access Certificate</a></li>
<li><a href="#request-replacement-machine-certificate" id="markdown-toc-request-replacement-machine-certificate">Request Replacement Machine Certificate</a></li>
<li><a href="#process-certificate-signing-request" id="markdown-toc-process-certificate-signing-request">Process Certificate Signing Request</a></li>
<li><a href="#import-certificate" id="markdown-toc-import-certificate">Import Certificate</a></li>
<li><a href="#certificate-replacement-confirmation" id="markdown-toc-certificate-replacement-confirmation">Certificate Replacement Confirmation</a></li>
</ul>
</li>
<li><a href="#esxi-certificates" id="markdown-toc-esxi-certificates">ESXi Certificates</a></li>
<li><a href="#bonus-round-nsx" id="markdown-toc-bonus-round-nsx">Bonus Round: NSX</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="vmware-certificate-authority">VMware Certificate Authority</h2>
<p>The VMware Certificate Authority (VMCA) is included in each vCenter Server deployment. Out of the box, VMCA provisions all vCenter and ESXi host certificates.</p>
<p>Functionality exists to decouple VMCA from provisioning ESXi host certificates. This is discussed in <a href="https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-4D658104-1D80-441D-B6BA-4CBBCD0EDD3C.html" target="_blank">ESXi Certificate Mode Switch Workflows</a>, however for the rest of this post we will assume that our VMCA is provisioning our ESXi host certificates for us.</p>
<h2 id="vcenter-certificates">vCenter Certificates</h2>
<p>At deployment, the VMCA will create three certificates for vCenter. The roles of these certificates are as follows:</p>
<ul>
<li><strong>Machine SSL Certificate</strong>: Used to secure user connectivity to vCenter via the vSphere web client</li>
<li><strong>VMware Certificate Authority</strong>: The root certificate used to sign certificates created by the VMCA</li>
<li><strong>STS Signing Certificate</strong>: Used by the Security Token Service to issue, validate and renew security tokens. <a href="https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-authentication/GUID-18482A49-F9F8-4755-9113-3ADBAFE74EA3.html" target="_blank">Further information on STS</a></li>
</ul>
<p>These certificates can be seen via the vSphere web client by browsing to <strong>vSphere Client > Administration > Certificates > Certificate Management</strong></p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="vCenter Certificates" src="/images/vsphere-certificates-vmca-hybrid-mode/vsphere-certificates-vmca-hybrid-mode-26.png" /></p>
<p>The root certificate is also listed as a trusted root certificate.</p>
<h2 id="vmca-management-modes">VMCA Management Modes</h2>
<p>Certificates handled by the vCenter VMCA can be managed in four ways. These are:</p>
<ul>
<li><strong>Fully Managed Mode</strong>: (default) VMCA uses it’s install time generated CA certificate to sign all certificates used in the environment</li>
<li><strong>Subordinate CA Mode</strong>: VMCA operates as a subordinate Certificate Authority (CA), a delegated authority from an internal or corporate CA</li>
<li><strong>Full Custom Mode</strong>: VMCA is not used. All certificates must be managed and installed manually throughout the vSphere estate</li>
<li><strong>Hybrid Mode</strong>: VMCA uses a supplied replacement certificate for user connectivity to vCenter via the vSphere web client. All other certificates are signed by VMCA using it’s install time generated root certificate</li>
</ul>
<p><strong>Note</strong>: in both fully managed hybrid modes, neither the ESXi hosts nor the vSphere web client have self-signed certificates. Certificates are generated by VMCA and signed by the VMCA root certificate as discussed above.</p>
<h2 id="which-management-mode-to-use">Which Management Mode to Use?</h2>
<p>It is up to you and your internal or corporate organisation.</p>
<h4 id="fully-managed-mode">Fully Managed Mode</h4>
<p>The default “do nothing” mode. To trust the VMCA install time certificates, each vSphere web client user must download and install the root CA certificate created by VMCA at install time:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Download CA Certificate" src="/images/vsphere-certificates-vmca-hybrid-mode/vsphere-certificates-vmca-hybrid-mode-25.png" /></p>
<h4 id="subordinate-ca-mode">Subordinate CA Mode</h4>
<p>This might be something that your organisation finds undesirable as it does involve creating and importing a special delegation certificate. If this delegation certificate is stored or intercepted or misplaced, it could be used to impersonate your internal or corporate organisation. Should you wish to pursue the the Subordinate CA Mode the process is covered in this post on <a href="https://www.derekseaman.com/2021/03/vsphere-7-certificates-with-vmca-as-subordinate.html" target="_blank">Derek Seaman’s IT Blog</a>.</p>
<h4 id="full-custom-mode">Full Custom Mode</h4>
<p>This mode requires the most amount of effort. All certificates throughout the environment need to be manually installed and replaced before they expire. In large environments the certificate application and subsequent replacement tasks can become unwieldy very quickly.</p>
<h4 id="hybrid-mode">Hybrid Mode</h4>
<p>The middle ground. The certificate used for user connectivity to vCenter via the vSphere web client is replaced with one generated by an internal or corporate CA. This means that users accessing vSphere do not have to download and install the root CA certificate created by VMCA at install time. VMCA continues to provision STS and ESXi certificates using it’s install time generated root certificate.</p>
<p>Because the VMCA install time generated root certificate is used for ESXi certificate provisioning, users may still receive an untrusted certificate warnings when browsing to ESXi hosts directly. To work around this, users can download and install the root certificate created by VMCA at install time, as discussed in <a href="/vsphere-certificates-vmca-hybrid-mode/#fully-managed-mode">Fully Managed Mode</a> above.</p>
<h2 id="configuring-vmca-hybrid-mode">Configuring VMCA Hybrid Mode</h2>
<p>We now know about VMCA, ESXi certificate modes and VMCA management modes, lets look at putting our VMCA into Hybrid mode.</p>
<h3 id="confirm-client-access-certificate">Confirm Client Access Certificate</h3>
<p>Let’s confirm which certificate is being used for accessing the environment via the vCenter client website. Log into vSphere web client and select <strong>vSphere Client > Administration > Certificates > Certificate Management</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Certificate Management" src="/images/vsphere-certificates-vmca-hybrid-mode/vsphere-certificates-vmca-hybrid-mode-01.png" /></p>
<p>Let’s take a closer look at the machine certificate (__MACHINE_CERT). Click <strong>View Details</strong> and make a note of the thumbprint:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Machine Cert Thumbprint" src="/images/vsphere-certificates-vmca-hybrid-mode/vsphere-certificates-vmca-hybrid-mode-02.png" /></p>
<p>Next, lets double check the certificate we are using to access vCenter. In Chrome, click on the warning on the task bar and then on <strong>Certificate is not valid</strong> to show further details:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Certificate is not valid" src="/images/vsphere-certificates-vmca-hybrid-mode/vsphere-certificates-vmca-hybrid-mode-03.png" /></p>
<p>Finally, lets check that our browser reported SHA-1 fingerprint matches that of our vCenter machine certificate:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Certificate Viewer" src="/images/vsphere-certificates-vmca-hybrid-mode/vsphere-certificates-vmca-hybrid-mode-04.png" /></p>
<p>It does indeed.</p>
<h3 id="request-replacement-machine-certificate">Request Replacement Machine Certificate</h3>
<p>Back in <strong>vSphere Client > Administration > Certificates > Certificate Management</strong>, select <strong>Actions</strong> in the Machine Cert box and select <strong>Generate Certificate Signing Request (CSR)</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Generate CSR" src="/images/vsphere-certificates-vmca-hybrid-mode/vsphere-certificates-vmca-hybrid-mode-05.png" /></p>
<p>Complete the required info:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Complete CSR Info" src="/images/vsphere-certificates-vmca-hybrid-mode/vsphere-certificates-vmca-hybrid-mode-06.png" /></p>
<p>Click <strong>Next</strong>. Once generated, the CSR can copied or downloaded for processing via the internal or corporate organisation CA:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Download or Copy CSR" src="/images/vsphere-certificates-vmca-hybrid-mode/vsphere-certificates-vmca-hybrid-mode-07.png" /></p>
<p>Finally click <strong>Finish</strong>.</p>
<h3 id="process-certificate-signing-request">Process Certificate Signing Request</h3>
<p>I use OPNsense as my lab CA. Other CA’s are available. Here is how to process a CSR using an OPNsense CA.</p>
<p>Log in to OPNsense, select <strong>System > Trust Certificates</strong> and click <strong>+</strong>. From there, select <strong>Sign a Certificate Signing Request</strong> and paste in the CSR:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="OPNsense Sign CSR 1" src="/images/vsphere-certificates-vmca-hybrid-mode/vsphere-certificates-vmca-hybrid-mode-08.png" /></p>
<p>Complete the Descriptive name, Digest Algorithm (recommend SHA256 or greater) and Lifetime (recommend 397 days - <a href="https://thehackernews.com/2020/09/ssl-tls-certificate-validity-398.html" target="_blank">here’s why</a>) fields. Then click <strong>Next</strong>.</p>
<p>Confirm Subject Alternative Name fields, ensure Key Usage is set to <strong>digitalSignature, nonRepudiation, keyEnciphermet</strong> and Extended Key Usage is set to <strong>Server Auth</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="OPNsense Sign CSR 2" src="/images/vsphere-certificates-vmca-hybrid-mode/vsphere-certificates-vmca-hybrid-mode-09.png" /></p>
<p>Click <strong>Save</strong>. Finally, find the newly generated certificate and export:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="OPNsense Export Cert" src="/images/vsphere-certificates-vmca-hybrid-mode/vsphere-certificates-vmca-hybrid-mode-10.png" /></p>
<h3 id="import-certificate">Import Certificate</h3>
<p>Back in <strong>vSphere Client > Administration > Certificates > Certificate Management</strong>, select <strong>Actions</strong> in the Machine Cert box and select <strong>Import and Replace Certificate</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Import and Replace vC Machine Cert 1" src="/images/vsphere-certificates-vmca-hybrid-mode/vsphere-certificates-vmca-hybrid-mode-11.png" /></p>
<p>Select <strong>Replace with external CA certificate where CSR is generated from vCenter Server (private key embedded)</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Import and Replace vC Machine Cert 2" src="/images/vsphere-certificates-vmca-hybrid-mode/vsphere-certificates-vmca-hybrid-mode-12.png" /></p>
<p>Click <strong>Next</strong>.</p>
<p>Find and upload newly created Machine SSL certificate and root certificate from your CA:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Import and Replace vC Machine Cert 3" src="/images/vsphere-certificates-vmca-hybrid-mode/vsphere-certificates-vmca-hybrid-mode-13.png" /></p>
<p>Finally, click <strong>Replace</strong>. If successful, you should be met with the following dialogue:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Import and Replace vC Machine Cert 4" src="/images/vsphere-certificates-vmca-hybrid-mode/vsphere-certificates-vmca-hybrid-mode-14.png" /></p>
<p>If you experience an “Error occurred while fetching tls: 0” error when replacing the certificate:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Import and Replace vC Machine Cert Error" src="/images/vsphere-certificates-vmca-hybrid-mode/vsphere-certificates-vmca-hybrid-mode-15.png" /></p>
<p>Try copying and pasting the vCenter certificate and CA certificate crt file contents into step 2 of the replace certificate wizard, rather than using the browse file buttons. Also double check <a href="https://kb.vmware.com/s/article/89424" target="_blank">KB 89424</a>.</p>
<h3 id="certificate-replacement-confirmation">Certificate Replacement Confirmation</h3>
<p>After allowing time for vCenter to reload, lets take another look. Immediately we see by the presence of the padlock in the URL bar that we are using trusted certificates for the session. Let’s also look again at the certificate presented:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="vC running with replacement cert" src="/images/vsphere-certificates-vmca-hybrid-mode/vsphere-certificates-vmca-hybrid-mode-16.png" /></p>
<p>Yep, that looks good. The Organisation listed is PolarClouds and the certificate was issued by our internal CA.</p>
<p>Back in vcenter <strong>Administration > Certificates > Certificate Management</strong>, lets take view the details of the __MACHINE_CERT again:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="New Machine Cert Details" src="/images/vsphere-certificates-vmca-hybrid-mode/vsphere-certificates-vmca-hybrid-mode-17.png" /></p>
<p>Indeed, we are using replacement certificate for vSphere web client as the vCenter is using our replacement certificate as its __MACHINE_CERT.</p>
<h2 id="esxi-certificates">ESXi Certificates</h2>
<p>As discussed above, when VMCA is in Hybrid mode the certificates used by our ESXi servers will be signed by VMCA using it’s install time generated CA certificate. Let’s check.</p>
<p>In this lab I have just one ESXi host:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="vCenter Tree" src="/images/vsphere-certificates-vmca-hybrid-mode/vsphere-certificates-vmca-hybrid-mode-18.png" /></p>
<p>Browsing to the host and checking the certificate it presents:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="ESXi Cert" src="/images/vsphere-certificates-vmca-hybrid-mode/vsphere-certificates-vmca-hybrid-mode-19.png" /></p>
<p>Yep, our ESXi host is presenting a certificate signed by our VMCA and it’s install time root certificate.</p>
<h2 id="bonus-round-nsx">Bonus Round: NSX</h2>
<p>As I am reusing the infrastructure created for my <a href="/nsx-tls-cipher-filtering/" target="_blank">TLS Version and Cipher Filtering with NSX Firewall</a> post (go take a look, it’s a great read!), I have NSX deployed in my environment. Lets check that NSX can still connect to our vCenter.</p>
<p>OK, vCenter (or Compute Manager as NSX calls it) connection status is showing as down:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="NSX vCenter Connection Down" src="/images/vsphere-certificates-vmca-hybrid-mode/vsphere-certificates-vmca-hybrid-mode-20.png" /></p>
<p>Looking closer at the error:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="NSX Thumbprint Mismatch" src="/images/vsphere-certificates-vmca-hybrid-mode/vsphere-certificates-vmca-hybrid-mode-21.png" /></p>
<p>The <strong>Resolve</strong> button remains greyed out so editing the compute manager, we can see that it is indeed expecting to use the SHA-256 thumbprint from our original VMCA signed certificate rather then our new certificate:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Edit Compute Manager" src="/images/vsphere-certificates-vmca-hybrid-mode/vsphere-certificates-vmca-hybrid-mode-22.png" /></p>
<p>Clicking <strong>Save</strong>, the inconsistency is picked up:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Change Thumbprint" src="/images/vsphere-certificates-vmca-hybrid-mode/vsphere-certificates-vmca-hybrid-mode-23.png" /></p>
<p>After clicking <strong>Add</strong> and allowing time for the connection to be re-established, we can see that our compute manager connection is now up:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="NSX vCenter Connection Up" src="/images/vsphere-certificates-vmca-hybrid-mode/vsphere-certificates-vmca-hybrid-mode-24.png" /></p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>In this post we looked at the VMware Certificate Authority (VMCA), the four VMCA management modes, briefly looked at ESXi host certification modes and finally we placed our VMCA into Hybrid mode. As a bonus we reconfigured NSX to connect to vCenter using our replacement vCenter certificate.</p>
<p>Whilst VMCA Hybrid mode doesn’t completely remove all certificate warnings when accessing all parts of the vSphere environment, it is a nice “halfway house”: Certificate warnings are resolved for vCenter access, although not for direct ESXi host access.</p>
<p>Besides, when was the last time you needed to logon to an ESXi host directly?</p>
<p>If you still wish to learn more, take a look at the VMware vSphere blog post <a href="https://blogs.vmware.com/vsphere/2020/04/vsphere-7-certificate-management.html" target="_blank">vSphere 7 – Certificate Management</a>. The same applies to vSphere 8.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/vsphere-certificates-vmca-hybrid-mode/">vSphere Certificates and Hybrid Certificate Mode</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on November 22, 2022.</p>
https://polarclouds.co.uk/nsx-tls-cipher-filtering2022-11-15T00:00:00+00:002022-11-15T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX Logo" src="/images/nsx-tls-cipher-filtering/nsx-tls-cipher-filtering-00.png" />
The NSX distributed firewall is able to allow or deny traffic based on the protocol version or encryption cipher of a Transport Layer Security (TLS) connection made across it. In this post we will explore and use this functionality.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#the-setup" id="markdown-toc-the-setup">The Setup</a></li>
<li><a href="#the-problem" id="markdown-toc-the-problem">The Problem</a></li>
<li><a href="#the-solution" id="markdown-toc-the-solution">The Solution</a></li>
<li><a href="#environment-current-state-capture" id="markdown-toc-environment-current-state-capture">Environment Current State Capture</a></li>
<li><a href="#implementing-tls-cipher-filtering" id="markdown-toc-implementing-tls-cipher-filtering">Implementing TLS Cipher Filtering</a> <ul>
<li><a href="#nsx-layer-7-app-ids" id="markdown-toc-nsx-layer-7-app-ids">NSX Layer 7 App IDs</a></li>
<li><a href="#nsx-layer-7-context-profiles" id="markdown-toc-nsx-layer-7-context-profiles">NSX Layer 7 Context Profiles</a></li>
<li><a href="#allow-client-access-via-tls-v13-only" id="markdown-toc-allow-client-access-via-tls-v13-only">Allow Client Access via TLS v1.3 Only</a></li>
<li><a href="#allow-legacy-server-access-via-tls-v12-only" id="markdown-toc-allow-legacy-server-access-via-tls-v12-only">Allow Legacy Server Access via TLS v1.2 Only</a></li>
</ul>
</li>
<li><a href="#choosing-tls-ciphers" id="markdown-toc-choosing-tls-ciphers">Choosing TLS Ciphers</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a> <ul>
<li><a href="#a-10000-feet-view" id="markdown-toc-a-10000-feet-view">A 10,000 Feet View</a></li>
</ul>
</li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="the-setup">The Setup</h2>
<p>As you can see from the diagram below, a standard single flat network is in play with all servers, external clients and ESXi hosts connected to the same VLAN:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="TLS Filtering Lab" src="/images/nsx-tls-cipher-filtering/nsx-tls-cipher-filtering-01.png" /></p>
<p>Working clockwise around the setup:</p>
<ul>
<li><strong>Client</strong> - Windows 10 (22H2) client machine on the wider network</li>
<li><strong>vC-Site-A.lab</strong> - vCenter Server 8.0</li>
<li><strong>NSXT-Site-A.lab</strong> - A single NSX Manager VM (in normal deployments there should be at least three of these for redundancy)</li>
<li><strong>Site-A VLAN</strong> - Our standard VLAN to which everything is attached</li>
<li><strong>ESXi-Site-A.lab</strong> - An ESXi Server prepared for NSX</li>
<li><strong>Old-App.lab</strong> - A legacy application server running Windows Server 2016</li>
<li><strong>Server.lab</strong> - A complex application server running Windows Server 2022</li>
</ul>
<p>Looking at the ESXi virtual switch configuration:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="TLS Filtering Lab DVS" src="/images/nsx-tls-cipher-filtering/nsx-tls-cipher-filtering-02.png" /></p>
<p>A single distributed switch with two portgroups. Looking closer at the portgroups:</p>
<ul>
<li><strong>SITE-A-MGMT</strong> - A standard portgroup used for ESXi Server management</li>
<li><strong>SITE-A-MICRO-SEG</strong> - An NSX portgroup used for VM connectivity (notice the “N” on it’s icon?)</li>
</ul>
<p>Both our servers (Server.lab and Old-App.lab) are running on our NSX prepared ESXi server. Therefore they are both protected by the NSX Distributed Firewall (DFW), as denoted by the orange shield in the top diagram.</p>
<p>You could say that with the help of the NSX DFW, these servers occupy their own “<a href="https://www.vmware.com/topics/glossary/content/micro-segmentation.html" target="_blank">Micro Segments</a>” of the network.</p>
<h2 id="the-problem">The Problem</h2>
<p>Given what we now know about the above set up, consider the following scenario:</p>
<p>The application server server.lab is delivering a complex application via a TLS connection hosted on TCP/IP port 443. As such, server.lab supports connectivity via TLS v1.0, TLS v1.1, TLS v1.2 and TLS v1.3. The security department have mandated that all access to the complex application running on server.lab should be achieved via TLS v1.3 ONLY, given that the complex application supports TLS v1.3 as is today.</p>
<p>Other servers such as old-app.lab also need to connect to server.lab via TLS on port TCP/IP port 443 to upload data to the complex application. However due to their legacy operating systems, they do not support TLS v1.3. They support TLS v1.2 at a maximum.</p>
<p>To meet the security mandate of TLS v1.3 throughout, the following needs to happen:</p>
<ol>
<li>Every client accessing the complex application need to run an operating system that supports TLS v1.3</li>
<li>All legacy servers need to migrated to an operating system that supports TLS v1.3 in order to be able to continue to upload data to the complex application. Windows 2016 does not support TLS v1.3</li>
<li>The complex application on needs to be reconfigured to allow access via TLS v1.3 connections only</li>
</ol>
<p>But:</p>
<ol>
<li>Migrating legacy servers will involve significant costs and downtime, both of which are not available for 6+ months</li>
<li>The application developers want $100,000,000 to recode their application to support TLS v1.3 only</li>
</ol>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Dr Evil" src="/images/nsx-tls-cipher-filtering/nsx-tls-cipher-filtering-21.png" />
…its a complex app! :wink:</p>
<p>Still, on the plus side, all clients run Windows 10 which supports TLS v1.3 as is today!</p>
<p><strong>How can NSX help us here?</strong></p>
<h2 id="the-solution">The Solution</h2>
<p>With the TLS version and cipher filtering capability built into the NSX DFW we can achieve the following:</p>
<ol>
<li>Ensure all clients access the complex application via TLS v1.3 only</li>
<li>Ensure legacy servers can access complex application via TLS v1.2 only</li>
<li>Ensure no one can access complex application via TLS v1.0 and TLS v1.1</li>
<li>Shelve the requirement for downtime</li>
<li>Save money on complex application recoding</li>
</ol>
<p>We can get as close as we possibly can to the security mandate, whilst still saving downtime and costs.</p>
<p>How?</p>
<p>Simple. Two NSX distributed firewall rules:</p>
<ol>
<li>Allow client access via TLS v1.3 only</li>
<li>Allow legacy server access via TLS v1.2 only</li>
</ol>
<h2 id="environment-current-state-capture">Environment Current State Capture</h2>
<p>First, lets see what access to the complex application looks like before we start work.</p>
<p>Investigating the firewall rules in place for Complex Application access:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Before: Complex App DFW Rules" src="/images/nsx-tls-cipher-filtering/nsx-tls-cipher-filtering-05.png" /></p>
<p>Clients (1) and servers (2) access our complex application via the <a href="https://www.cloudflare.com/learning/ddos/what-is-layer-7/" target="_blank">Layer 7</a> HTTPS service (3) only. All other traffic is dropped (4).</p>
<p>Testing access to the complex application from a client:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Before: Client Access" src="/images/nsx-tls-cipher-filtering/nsx-tls-cipher-filtering-03.png" /></p>
<p>Yep, a “complex” application and we are connecting via TLS v1.3 already Nice! :wink:</p>
<p>Not so fast… Using something other than a web browser as browsers will generally connect at the highest level security level possible:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Before: Client Access Ciphers" src="/images/nsx-tls-cipher-filtering/nsx-tls-cipher-filtering-04.png" /></p>
<p>Ah… Clients are able to connect via TLS v1.0, TLS v1.1, TLS v1.2 and TLS v1.3.</p>
<p>Looking from our legacy server, we can only connect at TLS v1.2 level:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Before: Legacy Server Access" src="/images/nsx-tls-cipher-filtering/nsx-tls-cipher-filtering-06.png" /></p>
<p>However, we can also see the full suite of TLS ciphers from our legacy server too:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Before: Legacy Server Access Ciphers" src="/images/nsx-tls-cipher-filtering/nsx-tls-cipher-filtering-07.png" /></p>
<h2 id="implementing-tls-cipher-filtering">Implementing TLS Cipher Filtering</h2>
<p>To achieve TLS filtering we need to understand two NSX technologies.</p>
<h3 id="nsx-layer-7-app-ids">NSX Layer 7 App IDs</h3>
<p>Layer 7 attributes (App IDs) identify which application a particular packet or flow is generated by, independent of the port that is being used. Signature-based identification and enforcement enables users to match the particular application/protocol a flow belongs to, and the version of that protocol, for example TLS version 1.0, TLS version 1.2 or different versions of CIFS traffic. This allows you to have visibility into or restrict the use of protocols that have known vulnerabilities for all deployed applications.</p>
<p>See <a href="https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-36E39C9D-9F81-4BE4-B233-E8D1D1D362C4.html" target="_blank">this page</a> of the NSX product documentation for further details.</p>
<h3 id="nsx-layer-7-context-profiles">NSX Layer 7 Context Profiles</h3>
<p>A context profile can specify one or more App IDs and can also include sub-attributes for use in distributed firewall (DFW) rules and gateway firewall rules.</p>
<p>When a context profile is used in a rule, any traffic coming in from a virtual machine is matched against the rule table based on the <a href="https://www.techopedia.com/definition/28190/5-tuple" target="_blank">5-tuple</a>. If the rule matching the flow also includes a Layer 7 context profile, the packet is redirected to a user-space component called the vDPI engine. Subsequent packets are sent to the vDPI engine for each flow. After the App ID has been determined, the information is stored in the in-kernel context table.</p>
<p>When the next packet for the flow comes in, the information in the context table is compared with the rule table again, and is matched on 5-tuple and the Layer 7 App ID. The appropriate action as defined in the fully matched rule is taken, and if there is an ALLOW rule, all subsequent packets for the flow are processed in the kernel, and matched against the connection table. For fully matched DROP rules, a reject packet is generated.</p>
<p>See <a href="https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-5A73D94A-1B37-4D3C-9E09-E6936F39AEE3.html" target="_blank">this page</a> of the NSX product documentation for further details.</p>
<h3 id="allow-client-access-via-tls-v13-only">Allow Client Access via TLS v1.3 Only</h3>
<p>Lets create our TLS v1.3 Context Profile.</p>
<p>In NSX Manager, select <strong>Inventory > Profiles > Add Context Profile</strong>. I’ll name mine <strong>Site-A-TLS1.3</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add TLS v1.3 Context Profile 1" src="/images/nsx-tls-cipher-filtering/nsx-tls-cipher-filtering-08.png" /></p>
<p>Next, select <strong>Set > Add Attribute > App ID</strong> and choose <strong>SSL</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add TLS v1.3 Context Profile 2" src="/images/nsx-tls-cipher-filtering/nsx-tls-cipher-filtering-09.png" /></p>
<p>Click <strong>Set</strong> from the Sub Attribute/Values column, select <strong>Add Sub Attribute</strong>, select <strong>TLS_VERSION</strong> and choose <strong>TLS_V13</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add TLS v1.3 Context Profile 3" src="/images/nsx-tls-cipher-filtering/nsx-tls-cipher-filtering-10.png" /></p>
<p>Finally, click <strong>Add > Apply > Add > Apply > Save</strong> to save.</p>
<p>From NSX menu, select <strong>Security > Distributed Firewall</strong> and lets update our client access rule. Select the Context Profiles entry for the client access rule and edit:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Update Client Access Rule 1" src="/images/nsx-tls-cipher-filtering/nsx-tls-cipher-filtering-11.png" /></p>
<p>Filter on and select our previously created <strong>Site-A-TLS1.3</strong> profile:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Update Client Access Rule 2" src="/images/nsx-tls-cipher-filtering/nsx-tls-cipher-filtering-12.png" /></p>
<p>Click <strong>Apply</strong> and <strong>Publish</strong> to finish updating the client access rule. Quick Double check:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Update Client Access Rule 3" src="/images/nsx-tls-cipher-filtering/nsx-tls-cipher-filtering-13.png" /></p>
<p>Yep, looks good. Lets test again.</p>
<p>Yep can still access my “complex” application OK:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Client Access Test 1" src="/images/nsx-tls-cipher-filtering/nsx-tls-cipher-filtering-14.png" /></p>
<p>Double checking TLS version:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Client Access Test 2" src="/images/nsx-tls-cipher-filtering/nsx-tls-cipher-filtering-15.png" /></p>
<p>We are able to access our complex application via TLS v1.3 only. TLS v1.0, TLS v1.1, TLS v1.2 connectivity has been blocked by the NSX distributed firewall. Nice!</p>
<h3 id="allow-legacy-server-access-via-tls-v12-only">Allow Legacy Server Access via TLS v1.2 Only</h3>
<p>Essentially this is a ‘rinse and repeat’ of the above. However, we have another trick up our sleeve.</p>
<p>Notice that this post is titled “TLS Cipher Filtering” yet so far we have only done TLS version filtering?</p>
<p>Let’s fix that. :wink:</p>
<p>Back in NSX Manager, select <strong>Inventory > Profiles > Add Context Profile</strong>. I’ll name mine <strong>Site-A-TLS1.2-Cipher</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add TLS v1.2 Context Profile 1" src="/images/nsx-tls-cipher-filtering/nsx-tls-cipher-filtering-16.png" /></p>
<p>Next, select <strong>Set > Add Attribute > App ID</strong> and choose <strong>SSL</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add TLS v1.2 Context Profile 2" src="/images/nsx-tls-cipher-filtering/nsx-tls-cipher-filtering-09.png" /></p>
<p>Click <strong>Set</strong> from the Sub Attribute/Values column, select <strong>Add Sub Attribute</strong>, select <strong>TLS_VERSION</strong> and choose <strong>TLS_CIPHER_SUITE</strong>. In the Value column let’s add:</p>
<ul>
<li>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</li>
<li>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</li>
<li>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</li>
<li>TLS_RSA_WITH_AES_256_GCM_SHA384</li>
</ul>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add TLS v1.2 Context Profile 3" src="/images/nsx-tls-cipher-filtering/nsx-tls-cipher-filtering-17.png" /></p>
<p>Finally, click <strong>Add > Apply > Add > Apply > Save</strong> to save.</p>
<p>From NSX menu, select <strong>Security > Distributed Firewall</strong> and lets update our server access rule. Select the Context Profiles entry for the client access rule and edit:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add TLS v1.2 Context Profile 4" src="/images/nsx-tls-cipher-filtering/nsx-tls-cipher-filtering-18.png" /></p>
<p>OK, let’s test from our legacy server. Yep we can still access our “complex” application without issue:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Server Access Test 1" src="/images/nsx-tls-cipher-filtering/nsx-tls-cipher-filtering-19.png" /></p>
<p>Double checking TLS version:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Server Access Test 2" src="/images/nsx-tls-cipher-filtering/nsx-tls-cipher-filtering-20.png" /></p>
<p>We are able to access our complex application via TLS v1.2 only. Not only that, we have cut down our list of available ciphers from twelve TLS v1.2 ciphers to just four.</p>
<p>Double nice!</p>
<h2 id="choosing-tls-ciphers">Choosing TLS Ciphers</h2>
<p>How did I settle on the four ciphers above?</p>
<p>Put simply, I looked it the ciphers supported by my “complex” application (IIS10, built into Windows 2022) in comparison with the list of ciphers my 2016 legacy server supported and went from there.</p>
<p>If you are stuck deciding on which TLS ciphers to allow, NSX has five default cipher lists built in. Just filter the built in context profiles on “owasp”:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="OWASP Cipher Lists" src="/images/nsx-tls-cipher-filtering/nsx-tls-cipher-filtering-22.png" /></p>
<p>Further details on Open Web Application Security Project (OWASP) profiles can be found in their <a href="https://owasp.deteact.com/cheat/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html" target="_blank">TLS Cipher String Cheat Sheet</a>.</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>In this post, with the help of NSX App IDs and Context Profiles we have been able to apply rules to further enhance the security of our environment.</p>
<p>We can now hand on heart confirm, thanks to the NSX DFW, that clients access our application via TLS v1.3 only. Our legacy servers and only our legacy servers can access our application via a TLS v1.2 connection and only then via a restricted subset of more secure TLS v1.2 ciphers.</p>
<p>As all other traffic (TLS traffic included) is being dropped by the NSX distributed firewall, there is zero access to our application via TLS v1.0 or v1.1.</p>
<h3 id="a-10000-feet-view">A 10,000 Feet View</h3>
<p>Sure the basis of this post was a bit cheesy (how much to recode an application?!?) and our “complex application” is anything but; however the premise still stands.</p>
<p>Simply allowing TLS traffic at a layer 7 level will no longer suffice. To ensure the highest level of security, the version and ciphers used by the TLS connection should also be inspected with the use of less secure versions and ciphers restricted where possible.</p>
<p>Remember, Transport Layer Security is not only used for web traffic. TLS is used for securing many protocols from email (<a href="https://en.wikipedia.org/wiki/SMTPS" target="_blank">SMTPS</a>), to IP address lookups (<a href="https://en.wikipedia.org/wiki/DNS_over_TLS" target="_blank">DNS over TLS</a>), to private network connectivity (<a href="https://en.wikipedia.org/wiki/Virtual_private_network#Security_mechanisms" target="_blank">VPN</a>) to voice calls (<a href="https://en.wikipedia.org/wiki/Session_Initiation_Protocol#Encryption" target="_blank">SIPS</a>), to name just a few protocols that use TLS for security.</p>
<p>As we have seen in this post, the NSX distributed firewall leveraging App IDs and Context Profiles can be used to secure TLS connectivity not only to version level but to cipher level too.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nsx-tls-cipher-filtering/">TLS Version and Cipher Filtering with NSX Firewall</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on November 15, 2022.</p>
https://polarclouds.co.uk/vsphere-esxi-8-the-unsupported2022-10-11T01:00:00+01:002022-10-11T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX-T Logo" src="/images/esxi-8-the-unsupported/esxi-8-the-unsupported-01.png" />
With the release of any software major version update, there are always those that get left behind.</p>
<p>Familiar readers will remember my own struggles with vSphere 7.0: <a href="/workaround-esxi-cpu-unsupported/" target="_blank">Workaround ESXi CPU Unsupported Error</a>, <a href="/esxi7-missing-percs/" target="_blank">ESXi 7.0: The Missing PERC(s)</a> and finally <a href="/esxi-7-the-unsupported/" target="_blank">ESXi 7.0: The Unsupported</a>. Fun times!</p>
<p>This time around with the release of vSphere 8.0 (containing ESXi 8.0), lets take another look at the gone but not forgotten hardware no longer supported by VMware’s latest vSphere release.</p>
<p>As usual, the <a href="https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vmware-vsphere-80-release-notes/index.html" target="_blank">VMware vSphere 8.0 Release Notes</a> are a good place to start.</p>
<h2 id="vmware-knowledge-base">VMware Knowledge Base</h2>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#vmware-knowledge-base" id="markdown-toc-vmware-knowledge-base">VMware Knowledge Base</a></li>
<li><a href="#vmware-compatibility-guide" id="markdown-toc-vmware-compatibility-guide">VMware Compatibility Guide</a></li>
<li><a href="#vmware-interoperability-matrix" id="markdown-toc-vmware-interoperability-matrix">VMware Interoperability Matrix</a></li>
<li><a href="#try-it" id="markdown-toc-try-it">Try It</a></li>
<li><a href="#workarounds" id="markdown-toc-workarounds">Workarounds</a> <ul>
<li><a href="#bypass-unsupported-cpu-check" id="markdown-toc-bypass-unsupported-cpu-check">Bypass Unsupported CPU Check</a></li>
<li><a href="#apple-and-lenovo-hardware" id="markdown-toc-apple-and-lenovo-hardware">Apple and Lenovo Hardware</a></li>
</ul>
</li>
<li><a href="#replace-unsupported-hardware" id="markdown-toc-replace-unsupported-hardware">Replace Unsupported Hardware</a></li>
<li><a href="#migrate-to-the-cloud" id="markdown-toc-migrate-to-the-cloud">Migrate to the Cloud</a></li>
<li><a href="#other-hypervisors" id="markdown-toc-other-hypervisors">Other Hypervisors</a> <ul>
<li><a href="#commercially-supported" id="markdown-toc-commercially-supported">Commercially Supported</a></li>
<li><a href="#free-open-source-with-support-available" id="markdown-toc-free-open-source-with-support-available">Free Open Source with Support Available</a></li>
</ul>
</li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<p>Rather than having to poke around in a Dell OEM ISO image as I did for ESXi 7.0, this time around VMware have been quite open an honest about deprecated and unsupported devices in ESXi 8.0. Further information can be found in <a href="https://kb.vmware.com/s/article/88172" target="_blank">Devices deprecated and unsupported in ESXi 8.0 (88172)</a>.</p>
<p>Attached to the above KB (right hand side, second box down), you will find a tabbed spreadsheet that contains the details of devices no longer supported in ESXi 8.0.</p>
<p>That said, one thing missing from the spreadsheet is unsupported CPUs.</p>
<p>Don’t worry, the VMware KB has your back for that too: <a href="https://kb.vmware.com/s/article/82794" target="_blank">Updated Plan for CPU Support Discontinuation In Future Major vSphere Releases (82794)</a>.</p>
<h2 id="vmware-compatibility-guide">VMware Compatibility Guide</h2>
<p>For the latest and greatest advice, consult the <a href="https://www.vmware.com/resources/compatibility/search.php" target="_blank">VMware Compatibility Guide</a> for details. Simply search for your device(s) to confirm compatibility.</p>
<p>Not much more to be said other than this should be your number one source for the latest compatibility and support news.</p>
<h2 id="vmware-interoperability-matrix">VMware Interoperability Matrix</h2>
<p>If an existing vSphere deployment leverages other VMware products such as (for example) NSX, vCloud Director, Site Recovery Manager, (to name just a few), often the compatibility and interoperability of these products needs to be taken into account prior to upgrading to vSphere 8.0.</p>
<p>To avoid issues, consult the <a href="https://interopmatrix.vmware.com" target="_blank">VMware Product Interoperability Matrix</a> for details. Not only does the matrix provide interoperability details, it can also provide upgrade paths to get you where you want to be.</p>
<h2 id="try-it">Try It</h2>
<p>Given that ESXi supports being installed to a USB device, use a spare machine to install ESXi onto a USB stick (minimum 32GB capacity stick recommended), transfer the USB stick to the server to be tested and reboot from USB.</p>
<p>VMware Workstation can also be used to create the ESXi 8.0 USB stick. Simply connect the USB to a VM and install ESXi to it:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Workstation: Connect USB" src="/images/esxi-8-the-unsupported/esxi-8-the-unsupported-02.png" /></p>
<h2 id="workarounds">Workarounds</h2>
<p><strong>NOTE:</strong> <a href="/pages/disclaimer/" target="_blank">Usual disclaimer applies</a>. Needless to say that some/all of these workarounds may not be supported by VMware either.</p>
<h3 id="bypass-unsupported-cpu-check">Bypass Unsupported CPU Check</h3>
<p>The following kernel option can be added to bypass the unsupported CPU check during ESXi installation or upgrade:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">allowLegacyCPU</span><span class="o">=</span><span class="nb">true</span></code></pre></figure>
<p>See <a href="https://williamlam.com/2020/04/quick-tip-allow-unsupported-cpus-when-upgrading-to-esxi-7-0.html" target="_blank">this post</a> on William Lam’s blog for further details.</p>
<h3 id="apple-and-lenovo-hardware">Apple and Lenovo Hardware</h3>
<p>The following kernel option can be added to allow ESXi 8.0 to boot on some Apple hardware:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">norts</span><span class="o">=</span>1</code></pre></figure>
<p>For Apple hardware, see <a href="https://williamlam.com/2022/10/vsphere-8-on-apple-mac-hardware.html" target="_blank">this post</a> on William Lam’s blog for further details.<br />
For Lenovo hardware, see <a href="https://support.lenovo.com/gb/en//solutions/ht510589-system-stuck-at-shutting-down-firmware-services-when-installing-vmware-esxi-65-u3-through-uefi-mode-ipxe-lenovo-thinksystem/" target="_blank">this how to</a> for further details.</p>
<h2 id="replace-unsupported-hardware">Replace Unsupported Hardware</h2>
<p>Unfortunately “rip and replace” may be the only option, as discussed in my post <a href="/esxi7-missing-percs-pt2/" target="_blank">ESXi 7.0: The Missing PERC(s) - Part 2</a>.</p>
<p>However, given ongoing supply chain issues, simply “dropping in” a brand new vSphere farm to run vSphere 8.0 may prove to not be such a quick fix as it may have once been.</p>
<p>For production systems wanting to keep VMware support, then 100% supported hardware is a must, even if that means running a down-level vSphere version until end of system life.</p>
<p>For home and lab users a little more flexibility can be afforded. Sure a particular server model may not be listed as supported in the VMware Compatibility Guide, however if it’s component parts (CPUs, storage controllers, network cards, etc) are listed / supported and found to work, then hey go for it and install ESXi 8.0.</p>
<p>Remember: ebay is your friend! <em>(Other sources of server hardware are available)</em>.</p>
<p><strong>Pro-Tip</strong>: Checkout <a href="https://labgopher.com/" target="_blank">LabGopher</a> for second hand server deals. See the links on LabGopher for localised (US, UK, Canada and Australia) sites.</p>
<h2 id="migrate-to-the-cloud">Migrate to the Cloud</h2>
<p>Whilst not a maybe not solution for everyone, functionality exists for existing VMware VMs to be run in the cloud with minimal reconfiguration:</p>
<ul>
<li>vSphere on <a href="https://aws.amazon.com/vmware/" target="_blank">Amazon AWS</a></li>
<li>vSphere on <a href="https://azure.microsoft.com/en-gb/products/azure-vmware/" target="_blank">Microsoft Azure</a></li>
<li>vSphere on <a href="https://cloud.google.com/vmware-engine" target="_blank">Google Cloud</a></li>
</ul>
<p>Once VMs are running it the cloud, unsupported on-premises hardware can be decommissioned.</p>
<h2 id="other-hypervisors">Other Hypervisors</h2>
<p>Shocker I know, other server based Hypervisors do exist! They often do not have the same limitations to them that vSphere 8.0 does. These roughly drop into two categories. Here are three of each.</p>
<h3 id="commercially-supported">Commercially Supported</h3>
<ul>
<li><a href="https://learn.microsoft.com/en-us/azure-stack/hci/overview" target="_blank">Microsoft Azure Stack HCI</a> - Microsoft’s on-premises infrastructure with Azure cloud services</li>
<li><a href="https://www.nutanix.com" target="_blank">Nutanix</a> - Hyper-converged on-premises infrastructure</li>
<li><a href="https://www.oracle.com/virtualization/" target="_blank">Oracle Virtualisation</a> - On-premises virtualisation based on Linux KVM</li>
</ul>
<p>What about Microsoft Hyper-V? As discussed <a href="https://www.theregister.com/2021/08/31/hyper_v_server_discontinued/" target="_blank">here</a> on the Register:</p>
<blockquote>
<p>Azure Stack HCI is Microsoft’s premier hypervisor offering for running virtual machines on-premises</p>
</blockquote>
<p>Hyper-V’s days are numbered it would seem.</p>
<h3 id="free-open-source-with-support-available">Free Open Source with Support Available</h3>
<ul>
<li><a href="https://www.proxmox.com" target="_blank">Proxmox</a> - All in one solution, popular with home lab-ers</li>
<li><a href="https://xcp-ng.org/" target="_blank">XCP-ng</a> - Provides separate host (XCP-ng) and host management (Xen Orchestra) experience</li>
<li><a href="https://www.linux-kvm.org/page/Main_Page" target="_blank">Linux KVM</a> - The basis of Proxmox, XCP-ng and Oracle Virtualisation. For the purists!</li>
</ul>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>In this post we looked at avoiding the pitfalls that can be fallen into when upgrading to vSphere 8.0. Following on from there we looked at ways of working around and upgrading hardware to allow ESXi 8.0 to be installed. Via a quick trip to running vSphere VMs natively on the cloud we looked at alternative type-1 hypervisor solutions; both commercial and free.</p>
<p>Comparing today (October 2022) to where we were when vSphere 7.0 was launched (April 2020), it feels that whilst there are squeezes on traditional on-premises vSphere deployments from both cloud and supply chain issues, there are more options open to clients now then there were at the time of the vSphere 7.0 launch.</p>
<p>Also as I briefly touched on in the introduction of my <a href="/skyline-health-diag-tool/" target="_blank">VMware Skyline Health Diagnostics Tool</a> post, there are clients that find themselves not able to move to cloud whilst simultaneously unable upgrade existing hardware. They are locked into their current (supported or unsupported) vSphere version for the time being.</p>
<p>Finally there is the <a href="https://www.broadcom.com/company/news/financial-releases/60271" target="_blank">Broadcom acquisition of VMware</a> and the uncertainty that it brings.</p>
<p>The overall uptake of vSphere 8.0 is going to be interesting.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/vsphere-esxi-8-the-unsupported/">vSphere and ESXi 8.0: The Unsupported</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on October 11, 2022.</p>
https://polarclouds.co.uk/skyline-health-diag-tool2022-10-10T01:00:00+01:002022-10-10T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX-T Logo" src="/images/skyline-health-diag-tool/skyline-health-diag-tool-01.png" />
Recently I had an engagement to take a look at an underperforming vSphere estate owned by a client. The engagement had been escalated my way as - by their own admission - the client were not at all familiar with complex vSphere diagnosis and they needed some consulting to get them back on track.</p>
<p>Statements like “the environment is running slow”, “it doesn’t perform as it used to”, “nothing has changed” and “this is causing major business impact” are insightful and understandable but they don’t help to get to the root cause.</p>
<p>Given the nature of the client business, all their vSphere environments had to stay on premises (actually 90+ sites, but that’s another story) which meant a move to cloud was out of the question.</p>
<p>Also, given ongoing supply chain issues, the client was not in a position to procure new hardware either; certainly nowhere within the time-frame required.</p>
<p>So to sum up:</p>
<ol>
<li>Diagnose</li>
<li>Fix - and fix quickly</li>
<li>No new infrastructure</li>
<li>No cloud</li>
</ol>
<p>Which got me thinking.</p>
<ul>
<li>What tools exist that can give a “10,000 feet” overview of an environment?</li>
<li>How can I “zero in” on the root cause of an issue?</li>
<li>I’m sure whatever the issue (or issues), the answers are somewhere in the system logs</li>
</ul>
<p>Hmmm. There must be something…</p>
<h2 id="enter-vmware-skyline-health-diagnostics-shd">Enter VMware Skyline Health Diagnostics (SHD)</h2>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#enter-vmware-skyline-health-diagnostics-shd" id="markdown-toc-enter-vmware-skyline-health-diagnostics-shd">Enter VMware Skyline Health Diagnostics (SHD)</a></li>
<li><a href="#deployment" id="markdown-toc-deployment">Deployment</a> <ul>
<li><a href="#workstation-wrinkle" id="markdown-toc-workstation-wrinkle">Workstation Wrinkle</a></li>
</ul>
</li>
<li><a href="#configuration" id="markdown-toc-configuration">Configuration</a></li>
<li><a href="#grab-a-vcenter-or-esxi-log-bundle" id="markdown-toc-grab-a-vcenter-or-esxi-log-bundle">Grab a vCenter or ESXi Log Bundle</a></li>
<li><a href="#using-skyline-health-diagnostics" id="markdown-toc-using-skyline-health-diagnostics">Using Skyline Health Diagnostics</a></li>
<li><a href="#diagnostic-results" id="markdown-toc-diagnostic-results">Diagnostic Results</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<p>From <a href="https://blogs.vmware.com/vsphere/2020/09/introducing-vmware-skyline-health-diagnostic-tool.html" target="_blank">the introductory post</a> on the VMware vSphere blog:</p>
<blockquote>
<p>Skyline Health Diagnostics for vSphere is a self-service tool to detect issues using log bundles and suggest the KB remediate the issue. vSphere administrators can use this tool for troubleshooting issues before contacting VMware Support.</p>
</blockquote>
<p>What’s more, the tool is available <strong>free of cost</strong> and can optionally be used <strong>completely offline</strong>. That’s right, no internet required! Take a look at <a href="https://kb.vmware.com/s/article/81931" target="_blank">SHD FAQ</a> for full details.</p>
<p>SHD can integrate directly into your vSphere environment or it can remain separate and be used for analysis of log files or “log bundles” as VMware calls them.</p>
<p>My preferred way of working is to keep SHD as separate from the environment under analysis as possible. I don’t want to skew my findings by deploying yet more VMs on an environment that is already suffering.</p>
<p>Therefore, I’ll deploy SHD as a VM on my laptop and use it to analyse log bundles. This also helps with “mobile analysis” - I can fire up the SHD VM on my laptop at anytime and I’m ready!</p>
<h2 id="deployment">Deployment</h2>
<p>Grab the latest OVA from <a href="https://customerconnect.vmware.com/downloads/get-download?downloadGroup=SKYLINE_HD_VSPHERE" target="_blank">https://customerconnect.vmware.com/downloads/get-download?downloadGroup=SKYLINE_HD_VSPHERE</a></p>
<p>Given that Skyline Health Diagnostics (SHD) is delivered from VMware in the form of an OVA, means that the appliance can be deployed anywhere; into an existing vSphere environment (preferably NOT the environment you are diagnosing) or into VMware Workstation.</p>
<p>As I was going mobile, chose to deploy to VMware Workstation.</p>
<h3 id="workstation-wrinkle">Workstation Wrinkle</h3>
<p>I spotted a minor wrinkle when deploying SHD appliance v3.5.0-20430938 into VMware workstation 16.2.4:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Missing Network Prefix" src="/images/skyline-health-diag-tool/skyline-health-diag-tool-02.png" /></p>
<p>Yep, the Network Prefix box is missing. Weird.</p>
<p>OK, lets fix post deployment (assuming I can type the same password I literally set two minutes ago :flushed:):</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Console Login" src="/images/skyline-health-diag-tool/skyline-health-diag-tool-03.png" /></p>
<p>Edit the network config:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">vi /etc/systemd/network/10-static-en.network</code></pre></figure>
<p>Set the correct IP prefix:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Set prefix" src="/images/skyline-health-diag-tool/skyline-health-diag-tool-04.png" /></p>
<p>Save and reboot:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">reboot now</code></pre></figure>
<h2 id="configuration">Configuration</h2>
<p>Could not be any easier. Accept the EULA and choose whether to join the VMware Customer Experience Improvement Program (CEIP).</p>
<p>As I say, I want to be 100% offline here so I opted out of joining the CEIP.</p>
<p>Configuration complete!</p>
<h2 id="grab-a-vcenter-or-esxi-log-bundle">Grab a vCenter or ESXi Log Bundle</h2>
<p>Whilst SHD can analyse vCenter and ESXi host log bundles, I’ll concentrate in this post on analysing an ESXi host log bundle.</p>
<p>Obtaining a log bundle is simple enough, log in to your problematic ESXi host, select <strong>Monitor > Logs > Generate Support Bundle</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Generate ESXi Log Bundle" src="/images/skyline-health-diag-tool/skyline-health-diag-tool-05a.png" /></p>
<h2 id="using-skyline-health-diagnostics">Using Skyline Health Diagnostics</h2>
<p>Log into SHD using a web browser, the shd-admin account and the password set during OVA deployment:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Web Login" src="/images/skyline-health-diag-tool/skyline-health-diag-tool-05.png" /></p>
<p>Again, as I’m offline here, lets select the <strong>Upload Bundles</strong> option:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Upload Bundles" src="/images/skyline-health-diag-tool/skyline-health-diag-tool-06.png" /></p>
<p>Optionally choose whether to tag the analysis and click <strong>Upload + Analyze</strong></p>
<p>Allow the tool to do the analysis, and once complete click <strong>Show Report</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Analysis Underway" src="/images/skyline-health-diag-tool/skyline-health-diag-tool-07.png" /></p>
<p>Let’s take a look at the results:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="View Results" src="/images/skyline-health-diag-tool/skyline-health-diag-tool-08.png" /></p>
<h2 id="diagnostic-results">Diagnostic Results</h2>
<p>Obviously I can’t show you the diagnostic results of my client systems (data privacy etc), however I can show you the results of a scan of an ESXi server I have running else where:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Results" src="/images/skyline-health-diag-tool/skyline-health-diag-tool-09.png" /></p>
<p>Breaking the results down:</p>
<ol>
<li>No VMware Security Advisories (VMSA) findings. Nice, no security patching required :smile:</li>
<li>Seven diagnostic findings! :flushed:</li>
<li>Two errors, three warnings and two info items to dig into</li>
</ol>
<p>… and I thought I kept this environment <a href="https://dictionary.cambridge.org/dictionary/english/up-to-snuff" target="_blank">up to snuff</a> …!</p>
<p>Lets dig into the findings:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Headline Findings" src="/images/skyline-health-diag-tool/skyline-health-diag-tool-10.png" /></p>
<p>Scrolling to the bottom of the page allows you to dig into the findings yet further.</p>
<p>For example, one of my Error findings was that I had NIC connectivity problems on the 9th and 20th of September:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Link Down Finding" src="/images/skyline-health-diag-tool/skyline-health-diag-tool-11.png" /></p>
<p>One of the warning findings on my host was that there is a later driver available for my I350 network cards according to the VMware Compatibility Guide (VCG):</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="NIC Driver Finding" src="/images/skyline-health-diag-tool/skyline-health-diag-tool-12.png" /></p>
<p>Finally, interestingly the other warning finding was regarding Long VMFS3 rsv time:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VMFS3 rsv Finding" src="/images/skyline-health-diag-tool/skyline-health-diag-tool-13.png" /></p>
<p>As you can see from the resolution box in the above screenshot, there is a link to <a href="https://kb.vmware.com/s/article/1025299" target="_blank">KB 1025299</a>.<br />
Yep, I need to take a look at this. I may have a failing HDD I need to take care of…</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>So there we have it, a simple VMware log analysis tool that can be used to shed light on your environment. Even environments that were previously thought to be running OK!</p>
<p>Pairing SHD with VMware Workstation means that someone like myself can “parachute” onto a client site, download log bundles from problematic systems, analyse the bundles using the mobile offline SHD instance on a laptop and in next to no time have direction on issues and areas for further investigation plus remediation.</p>
<p>What’s more, with it’s built in VGC database, the SHD tool can also be used to qualify ESXi builds, showing where driver updates and improvements can be made.</p>
<p>Bonus!</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/skyline-health-diag-tool/">VMware Skyline Health Diagnostics Tool</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on October 10, 2022.</p>
https://polarclouds.co.uk/simple-vmtools-upgrades2022-08-15T01:00:00+01:002022-08-15T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX-T Logo" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-01.png" />
<em>In observance of <a href="https://www.wincalendar.com/uk/Lazy-Day" target="_blank">National Lazy Day 2022</a>… Yeah I know, it was 5 days ago… But hey, who’s counting?</em></p>
<p>Back when, VMtools used to be updated with each ESXi patch installation. Just patch ESXi, an updated VMTools would be rolled in and away we go; VMs to update.</p>
<p>Not any more.</p>
<p>So what is the simplest way to handle VMTools updates?</p>
<p>Follows is the <strong>Lazy Guide</strong>.<br /></p>
<p><em><strong>Not that VM admins are lazy - far from it!</strong> VM admins have other things to do; Networking with <a href="https://www.vmware.com/uk/products/nsx.html" target="_blank">NSX-T</a>, Storage with <a href="https://www.vmware.com/uk/products/vsan.html" target="_blank">vSAN</a>, Compliance with <a href="https://www.vmware.com/uk/products/vrealize-operations.html" target="_blank">vRO</a>, Cloud Management with <a href="https://www.vmware.com/uk/products/cloud-director.html" target="_blank">vCD</a>, Disaster Recovery with <a href="https://www.vmware.com/uk/products/site-recovery-manager.html" target="_blank">SRM</a> to name a few. You know, other stuff to be getting on with…</em> :wink:</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#overview" id="markdown-toc-overview">Overview</a></li>
<li><a href="#download-latest-vmtools" id="markdown-toc-download-latest-vmtools">Download Latest VMTools</a></li>
<li><a href="#with-vcenter-method" id="markdown-toc-with-vcenter-method">With vCenter Method</a> <ul>
<li><a href="#import-vib--create-baseline" id="markdown-toc-import-vib--create-baseline">Import VIB + Create Baseline</a></li>
<li><a href="#attach-baseline-and-update-hosts" id="markdown-toc-attach-baseline-and-update-hosts">Attach Baseline and Update Hosts</a></li>
</ul>
</li>
<li><a href="#stand-alone-esxi-without-vcenter-method" id="markdown-toc-stand-alone-esxi-without-vcenter-method">Stand-alone ESXi (Without vCenter) Method</a></li>
<li><a href="#installing-vmtools-in-vms" id="markdown-toc-installing-vmtools-in-vms">Installing VMTools in VMs</a> <ul>
<li><a href="#linux-and-freebsd-vms" id="markdown-toc-linux-and-freebsd-vms">Linux and FreeBSD VMs</a></li>
<li><a href="#windows-vms" id="markdown-toc-windows-vms">Windows VMs</a></li>
</ul>
</li>
<li><a href="#automating-vmtools-updates-gui-method---with-vcenter" id="markdown-toc-automating-vmtools-updates-gui-method---with-vcenter">Automating VMTools Updates (GUI Method - With vCenter)</a></li>
<li><a href="#automating-vmtools-updates-gui-method---without-vcenter" id="markdown-toc-automating-vmtools-updates-gui-method---without-vcenter">Automating VMTools Updates (GUI Method - Without vCenter)</a></li>
<li><a href="#automating-vmtools-updates-script-method---both-with-and-without-vcenter" id="markdown-toc-automating-vmtools-updates-script-method---both-with-and-without-vcenter">Automating VMTools Updates (Script Method - Both With and Without vCenter)</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="overview">Overview</h2>
<p>Other methods of updating VMtools are available such as the <a href="https://blogs.vmware.com/vsphere/2019/01/configure-a-vmware-tools-repo-in-vsphere-6-7u1.html" target="_blank">VMTools Repository Method</a>, the <a href="https://docs.vmware.com/en/VMware-Tools/12.0.0/com.vmware.vsphere.vmwaretools.doc/GUID-B632D26F-410A-43C9-9BFD-21EBB21DE397.html" target="_blank">Manual Method</a> and the <a href="https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/deploying-vmware-tools-using-sccm-user-guide.pdf" target="_blank">SCCM method</a>.</p>
<p>Whilst those methods are okay, they do require either “getting down and dirty” with the vCenter/ESXi API (the repository method), lots of intervention (the manual method) or a System Center Configuration Manager (the SCCM method).</p>
<p>We are going to go simplicity. This method requires two steps:</p>
<ol>
<li>Update VMtools package via a baseline profile / update</li>
<li>Configure VMs to auto update when a new version of VMtools is detected</li>
</ol>
<p>As a bonus, we will look at achieving the above in both an enterprise deployment (I.E with vCenter Server(s)) and a smaller single host / stand-alone environment, without vCenter.</p>
<p>Finally, this post will take the form of a “beginners guide” with extra hand-holding and screenshots for those new to vSphere or unfamiliar with updating VMTools using these methods.</p>
<h2 id="download-latest-vmtools">Download Latest VMTools</h2>
<p>The permanent link to download VMtools is <a href="https://www.vmware.com/go/tools" target="_blank">https://www.vmware.com/go/tools</a>. For both with and without vCenter methods below, we require the <strong>VMware Tools Offline VIB Bundle</strong>.</p>
<p>With latest VMtools VIB in hand, lets get to it.</p>
<h2 id="with-vcenter-method">With vCenter Method</h2>
<p><em>TL;DR - Import VIB, create a baseline, attach and remediate.</em></p>
<h3 id="import-vib--create-baseline">Import VIB + Create Baseline</h3>
<p>From vCenter client (https://vcenter.fqdn/ui/), select <strong>Menu > Lifecycle Manager</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Open Lifecycle Manager" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-02.png" />
Select <strong>Actions > Import Updates</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Import Updates" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-03.png" /></p>
<p>Select previously downloaded VMtools VIB and allow to upload:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Upload Update" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-04.png" /></p>
<p>Select <strong>Baselines > New > Baseline</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="New Baseline" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-05.png" /></p>
<p>Enter Baseline name, description and select <strong>Patch</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="New Baseline Details 1" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-06.png" /></p>
<p>Click <strong>Next</strong>.</p>
<p>Untick “Automatically update this baseline with patches that match the following criteria” and click <strong>Next</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="New Baseline Details 2" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-07.png" /></p>
<p>Deselect “Show only rollup updates” and filter name on <strong>tools</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="New Baseline Details 3" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-08.png" /></p>
<p>Select the version VMtools that matches your newly uploaded VMTools and ESXi versions. In my case below, I’m selecting VMTools version 12.0.6 and ESXi 7.0.*:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="New Baseline Details 4" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-09.png" /></p>
<p>Click <strong>Next</strong>, confirm all looks correct and finally click <strong>Finish</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="New Baseline Details 5" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-10.png" /></p>
<p>Yep all looks good:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="New Baseline Details 6" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-10a.png" /></p>
<h3 id="attach-baseline-and-update-hosts">Attach Baseline and Update Hosts</h3>
<p>Select <strong>Menu > Inventory</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Open Inventory" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-11.png" /></p>
<p>As we want ALL ESXi hosts in our site to have the updated VMTools package, we will attach the baseline at our site level. Select your datacenter (in my case “SITE-A”), <strong>Updates</strong> and <strong>Baselines</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site Baseline 1" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-12.png" /></p>
<p>Scroll down and select <strong>Attach Baseline or Baseline Group</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site Baseline 2" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-13.png" /></p>
<p>Select the previously created VMTools baseline and click <strong>Attach</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site Baseline 3" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-14.png" /></p>
<p>From the <strong>Inventory > Datacenter > Updates > Baselines</strong> view, select <strong>Check Compliance</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Remediate Hosts 1" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-15.png" /></p>
<p>Once the compliance check has completed, you will see that your hosts will be flagged as “Non-compliant”:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Remediate Hosts 2" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-16.png" /></p>
<p>Scroll down and select <strong>Pre-check Remediation</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Remediate Hosts 3" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-17.png" /></p>
<p>Confirm that there are no issues flagged that may prevent the completion of remediation:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Remediate Hosts 4" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-18.png" /></p>
<p>Click <strong>Done</strong>.</p>
<p>Scroll down further, select the VMTools package attached earlier and finally select <strong>Remediate</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Remediate Hosts 5" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-19.png" /></p>
<p>Again, confirm all looks goo and click <strong>Remediate</strong> again:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Remediate Hosts 6" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-20.png" /></p>
<p>Monitor the installation via Recent Tasks:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Remediate Hosts 7" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-21.png" /></p>
<p>Job Done:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Remediate Hosts 8" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-22.png" /></p>
<p>Giving ESXi ten minutes to catch up, yep our Windows VMs need updating:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Remediate Hosts 9" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-23.png" /></p>
<p>Don’t worry, I have a lazy way to handle those too. :wink:</p>
<h2 id="stand-alone-esxi-without-vcenter-method">Stand-alone ESXi (Without vCenter) Method</h2>
<p>This method is a little simpler.</p>
<p>First off, we need to open our downloaded VMTools zip file and extract a VIB. Opening the zip and navigating into the <strong>vib20\tools-light</strong> folder, lets extract our VIB:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="ESXi Update 1" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-24.png" /></p>
<p>Log onto the ESXi management interface (https://esxi.fqdn/ui/), select <strong>Storage</strong> and a Datastore. In my case I selected “LOCAL1”:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="ESXi Update 2" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-25.png" /></p>
<p>Make a note of the location. This should be easily copied:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="ESXi Update 3" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-26.png" /></p>
<p>Select <strong>Datastore browser</strong> and <strong>Upload</strong>. Select the VIB extracted earlier and click <strong>Open</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="ESXi Update 4" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-27.png" /></p>
<p>Once the upload has completed, select <strong>Manage > Packages > Install Update</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="ESXi Update 5" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-28.png" /></p>
<p>Using the location noted earlier, add the name of the VIB file, paste into the install update dialogue and select <strong>Update</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="ESXi Update 6" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-29.png" /></p>
<p>Click <strong>Continue</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="ESXi Update 7" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-30.png" /></p>
<p>Monitor and confirm successful completion:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="ESXi Update 8" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-31.png" /></p>
<p>Finally, refresh the packages page, search for “tools-light” and confirm the updated version is listed:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="ESXi Update 9" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-32.png" /></p>
<p>Again, giving ESXi ten minutes to catch up, yep our Windows VMs need updating:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="ESXi Update 10" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-33.png" /></p>
<h2 id="installing-vmtools-in-vms">Installing VMTools in VMs</h2>
<p>The simplest way to handle updating of VMTools in VMs is two-fold:</p>
<h3 id="linux-and-freebsd-vms">Linux and FreeBSD VMs</h3>
<p>Use Open VM Tools for Linux and FreeBSD VMs rather than the VMware supplied VMTools. Open VM Tools are bundled with Linux and FreedBSD and are updated via distribution updates, therefore do not need updating separately. See <a href="https://docs.vmware.com/en/VMware-Tools/12.0.0/com.vmware.vsphere.vmwaretools.doc/GUID-8B6EA5B7-453B-48AA-92E5-DB7F061341D1.html" target="_blank">Open VM Tools</a> for details.</p>
<h3 id="windows-vms">Windows VMs</h3>
<p>Use automation. Lets look at that next.</p>
<h2 id="automating-vmtools-updates-gui-method---with-vcenter">Automating VMTools Updates (GUI Method - With vCenter)</h2>
<p>If we dig into our Windows VMs and take a look at the <strong>Updates</strong> tab, we can see the following option to update VMtools automatically when a VM is rebooted:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VM Update 1" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-34.png" /></p>
<p>Since we are talking Windows based VMs here, we know that through normal maintenance patching, our VMs are rebooted <em>at least</em> once a month.</p>
<p>Lets configure auto VMTools auto update then. Select <strong>Site > VMware Tools</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VM Update 2" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-35.png" /></p>
<p>After selecting the Cluster and our Windows VMs, we can set auto update to <strong>On</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VM Update 3" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-36.png" /></p>
<p>Job done.</p>
<h2 id="automating-vmtools-updates-gui-method---without-vcenter">Automating VMTools Updates (GUI Method - Without vCenter)</h2>
<p>Log into ESXi web client, select a Windows VM, <strong>Edit > VM Options</strong>, expand <strong>VMware Tools</strong> and enable <strong>Check and upgrade VMware Tools before each power on</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VM Update 4" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-37.png" /></p>
<p>Save and repeat for remaining Windows VMs.</p>
<h2 id="automating-vmtools-updates-script-method---both-with-and-without-vcenter">Automating VMTools Updates (Script Method - Both With and Without vCenter)</h2>
<p>The above methods VMTools Update methods are acceptable small scale, but what happens if we have hundreds of VMs to deal with?</p>
<p>Let’s use PowerShell! :sunglasses:</p>
<p>First let’s create a report of all Windows VMs that are not currently set to auto update VMTools:</p>
<figure><figcaption><b>Filename: </b>Report-VMToolsAutoUpgrade.ps1</figcaption>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><table class="rouge-table"><tbody><tr><td class="gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
</pre></td><td class="code"><pre><span class="nv">$VC</span> <span class="o">=</span> @<span class="o">(</span><span class="s2">"vcenter.local"</span><span class="o">)</span>
<span class="nv">$StoredCred</span> <span class="o">=</span> <span class="s2">"vSphere-Admin"</span>
<span class="nv">$Report</span> <span class="o">=</span> <span class="s2">"C:</span><span class="se">\S</span><span class="s2">cripts</span><span class="se">\V</span><span class="s2">M-Tools</span><span class="se">\V</span><span class="s2">2</span><span class="se">\E</span><span class="s2">nable-VMToolsAutoUpgrade-Report.csv"</span>
<span class="nv">$Credentials</span> <span class="o">=</span> Get-StoredCredential <span class="nt">-Target</span> <span class="nv">$StoredCred</span>
Connect-VIServer <span class="nt">-Server</span> <span class="nv">$VC</span> <span class="nt">-Credential</span> <span class="nv">$Credentials</span>
<span class="nv">$UPGNeeded</span> <span class="o">=</span> Get-VM | Where <span class="o">{</span><span class="nv">$_</span>.ExtensionData.Config.Tools.ToolsInstallType <span class="nt">-eq</span> <span class="s2">"guestToolsTypeMSI"</span> <span class="nt">-and</span> <span class="sb">`</span>
<span class="nv">$_</span>.ExtensionData.Config.Tools.ToolsUpgradePolicy <span class="nt">-like</span> <span class="s2">"manual"</span> <span class="nt">-and</span> <span class="sb">`</span>
<span class="nv">$_</span>.ExtensionData.Config.ManagedBy.type <span class="nt">-ne</span> <span class="s2">"placeholderVm"</span> <span class="nt">-and</span> <span class="sb">`</span>
<span class="nv">$_</span>.Name <span class="nt">-notlike</span> <span class="s2">"*FRED*"</span><span class="o">}</span>
<span class="nv">$UPGNeeded</span> | Select-Object <span class="sb">`</span>
Name,<span class="sb">`</span>
PowerState,<span class="sb">`</span>
@<span class="o">{</span><span class="nv">label</span><span class="o">=</span><span class="s1">'Current Tools Version'</span><span class="p">;</span> <span class="nv">expression</span><span class="o">={(</span><span class="nv">$_</span>.ExtensionData.Guest.ToolsVersion<span class="o">)}}</span>, <span class="sb">`</span>
@<span class="o">{</span><span class="nv">label</span><span class="o">=</span><span class="s1">'Operating System'</span><span class="p">;</span> <span class="nv">expression</span><span class="o">={(</span><span class="nv">$_</span>.Guest.OSFullName<span class="o">)}}</span>, <span class="sb">`</span>
@<span class="o">{</span><span class="nv">label</span><span class="o">=</span><span class="s1">'VM Notes'</span><span class="p">;</span> <span class="nv">expression</span><span class="o">={(</span><span class="nv">$_</span>.Notes[0..51] <span class="nt">-join</span> <span class="s2">""</span><span class="o">)}}</span> <span class="sb">`</span>
| Export-Csv <span class="nt">-Path</span> <span class="s2">"</span><span class="nv">$Report</span><span class="s2">"</span> <span class="nt">-NoTypeInformation</span>
Write-Host <span class="s2">"</span><span class="sb">`</span>n Report saved to <span class="nv">$Report</span><span class="s2">"
Disconnect-VIServer -Server * -Confirm:</span><span class="nv">$false</span><span class="s2"> </span>
</pre></td></tr></tbody></table></code></pre></figure>
</figure>
<p>Breaking the report script down:</p>
<ul>
<li><strong>Lines 1 to 5</strong>: Configure and connect to vCenter / ESXi using Credential Manager as discussed in <a href="/powershell-credential-handling/" target="_blank">PowerShell Credential Handling</a> post.</li>
<li><strong>Lines 6 to 9</strong>: Select VMs where VMTools install like “guestToolsTypeMSI” (IE Windows VMs), where upgrade policy is like “manual”, where VM is not a SRM place holder VM and finally with a VM name not like “FRED”.</li>
<li><strong>Lines 10 to 16</strong>: From the VMs selected, export name, power state, current tools version, guest operating system and VM notes (truncated to 50 characters).</li>
<li><strong>Line 17</strong>: Export .csv report</li>
<li><strong>Line 18</strong>: Disconnect from vCenter / ESXi</li>
</ul>
<p>The above will create a .csv spreadsheet containing following information:</p>
<table>
<thead>
<tr>
<th style="text-align: center">Name</th>
<th style="text-align: left">PowerState</th>
<th style="text-align: left">Current Tools Version</th>
<th style="text-align: left">Operating System</th>
<th style="text-align: left">VM Notes</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: center">APP1</td>
<td style="text-align: left">PoweredOn</td>
<td style="text-align: left">11334</td>
<td style="text-align: left">Microsoft Windows Server 2016 (64-bit)</td>
<td style="text-align: left">Test Server APP1</td>
</tr>
<tr>
<td style="text-align: center">APP2</td>
<td style="text-align: left">PoweredOn</td>
<td style="text-align: left">11334</td>
<td style="text-align: left">Microsoft Windows Server 2016 (64-bit)</td>
<td style="text-align: left">Test Server APP2</td>
</tr>
</tbody>
</table>
<p>Notice that the <strong>VM-CH-ESG-SITE-A</strong> is not listed in the report?</p>
<p>That’s because it’s a Linux VM running with Guest Managed VM tools:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Linux VM" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-38.png" /></p>
<p>After confirming the .csv spreadsheet contains the correct data, the next step is to enable VM tools on the applicable VMs. Again, we will use a script for this:</p>
<figure><figcaption><b>Filename: </b>Enable-VMToolsAutoUpgrade.ps1</figcaption>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><table class="rouge-table"><tbody><tr><td class="gutter gl"><pre class="lineno">1
2
3
4
5
6
7
8
9
10
11
12
13
14
</pre></td><td class="code"><pre><span class="nv">$VC</span> <span class="o">=</span> @<span class="o">(</span><span class="s2">"vcenter.local"</span><span class="o">)</span>
<span class="nv">$StoredCred</span> <span class="o">=</span> <span class="s2">"vSphere-Admin"</span>
<span class="nv">$Report</span> <span class="o">=</span> <span class="s2">"C:</span><span class="se">\S</span><span class="s2">cripts</span><span class="se">\V</span><span class="s2">M-Tools</span><span class="se">\V</span><span class="s2">2</span><span class="se">\E</span><span class="s2">nable-VMToolsAutoUpgrade-Report.csv"</span>
<span class="nv">$Credentials</span> <span class="o">=</span> Get-StoredCredential <span class="nt">-Target</span> <span class="nv">$StoredCred</span>
Connect-VIServer <span class="nt">-Server</span> <span class="nv">$VC</span> <span class="nt">-Credential</span> <span class="nv">$Credentials</span>
<span class="nv">$VMs</span> <span class="o">=</span> Import-CSV <span class="s2">"</span><span class="nv">$Report</span><span class="s2">"</span>
<span class="nv">$vmConfigSpec</span> <span class="o">=</span> New-Object VMware.Vim.VirtualMachineConfigSpec
<span class="nv">$vmConfigSpec</span>.Tools <span class="o">=</span> New-Object VMware.Vim.ToolsConfigInfo
<span class="nv">$vmConfigSpec</span>.Tools.ToolsUpgradePolicy <span class="o">=</span> <span class="s2">"UpgradeAtPowerCycle"</span>
ForEach<span class="o">(</span><span class="nv">$VM</span> <span class="k">in</span> <span class="nv">$VMs</span><span class="o">){</span>
Get-VM <span class="nt">-Name</span> <span class="si">$(</span><span class="nv">$VM</span>.Name<span class="si">)</span> | ForEach <span class="o">{</span><span class="nv">$_</span>.ExtensionData.ReconfigVM_task<span class="o">(</span><span class="nv">$vmConfigSpec</span><span class="o">)</span> <span class="o">></span> <span class="nv">$null</span><span class="o">}</span>
Write-Host <span class="s2">"Reconfigured </span><span class="si">$(</span><span class="nv">$VM</span>.Name<span class="si">)</span><span class="s2">"</span>
<span class="o">}</span>
Disconnect-VIServer <span class="nt">-Server</span> <span class="k">*</span> <span class="nt">-Confirm</span>:<span class="nv">$false</span>
</pre></td></tr></tbody></table></code></pre></figure>
</figure>
<p>Breaking the enable script down :</p>
<ul>
<li><strong>Lines 1 to 5</strong>: Configure and connect to vCenter / ESXi using Credential Manager as discussed in <a href="/powershell-credential-handling/" target="_blank">PowerShell Credential Handling</a> post.</li>
<li><strong>Line 6</strong>: Import the report .csv</li>
<li><strong>Lines 7 to 9</strong>: Create the VM <a href="https://vdc-repo.vmware.com/vmwb-repository/dcr-public/1ef6c336-7bef-477d-b9bb-caa1767d7e30/82521f49-9d9a-42b7-b19b-9e6cd9b30db1/vim.vm.ConfigSpec.html" target="_blank">configuration specification</a></li>
<li><strong>Line 10 to 13</strong>: Loop through the .csv report and apply the configuration specification to each VM listed and feedback</li>
<li><strong>Line 14</strong>: Disconnect from vCenter / ESXi</li>
</ul>
<p>Let’s run the script:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Enabling VMTools Auto Update" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-39.png" /></p>
<p>Looks good. Checking one of the VMs reconfigured:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VMTools Auto Update Enabled" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-40.png" /></p>
<p>Boom!</p>
<p>After a reboot of the VM:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VMTools Auto Updating" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-41.png" /></p>
<p>Something to be aware of, sometimes VMs require a reboot to fully install VMTools:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VMTools Auto Reboot" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-42.png" /></p>
<p>If you are rebooting your VMs in a maintenance window, what difference does second reboot make anyway?</p>
<p>And we are done!</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VMTools Upgrade Done" src="/images/vmtools-upgrades-lazy-guide/vmtools-upgrades-lazy-guide-43.png" /></p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>So there we have it. A simple way to update VMTools using Baselines and Lifecycle Manager in vCenter if you have it, or via ESXi host VIB update if not.</p>
<p>We then looked at using the Open-VM-Tools package for Linux and FreeBSD based VMs.</p>
<p>Finally we looked at manual and scripted methods to configure VMs to auto update their VMTools installations when they are rebooted - say during a maintenance window.</p>
<p>All with ease. Happy belated Lazy Day 2022!</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/simple-vmtools-upgrades/">Simple VMTools Upgrades - The Lazy Guide</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on August 15, 2022.</p>
https://polarclouds.co.uk/powershell-credential-handling2022-08-02T01:00:00+01:002022-08-02T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="PowerShell Credential Handling" src="/images/powershell-credential-handling/powershell-credential-handling-01.png" />
One of the things I like to do on this site is to share handy PowerShell scripts.</p>
<p>After all PowerShell allows for automation thus making life easier and who wouldn’t want an easy life?</p>
<p>Quite often PowerShell scripts need to pass credentials to remote systems/services; for example logging onto an ESXi host or a vCenter server to perform a task or two.</p>
<p>How do we handle those credentials? Preferably not in plain text…</p>
<p>Enter Credential Manager.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#credential-manager" id="markdown-toc-credential-manager">Credential Manager</a></li>
<li><a href="#powershell-module-installation" id="markdown-toc-powershell-module-installation">PowerShell Module Installation</a></li>
<li><a href="#saving-credentials" id="markdown-toc-saving-credentials">Saving Credentials</a></li>
<li><a href="#retrieving-credentials" id="markdown-toc-retrieving-credentials">Retrieving Credentials</a></li>
<li><a href="#using-credentials" id="markdown-toc-using-credentials">Using Credentials</a></li>
<li><a href="#deleting-credentials" id="markdown-toc-deleting-credentials">Deleting Credentials</a></li>
<li><a href="#powershell-core-on-linux" id="markdown-toc-powershell-core-on-linux">PowerShell Core on Linux</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="credential-manager">Credential Manager</h2>
<p>Credential Manager is accessed via Windows control panel:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Credential Manager" src="/images/powershell-credential-handling/powershell-credential-handling-02.png" /></p>
<p>The advantages of using Credential Manager to store our PowerShell credentials are as follows:</p>
<p>Credentials stored in credential manager are:</p>
<ol>
<li>Associated with each Windows user account and not transferable between users</li>
<li>Not generally transferable between computers (possible if using roaming profiles)</li>
<li>Accessible from a full-windows environment that has Credential Manager built in (EG not in WinPE)</li>
<li>Relatively easily accessible from PowerShell</li>
</ol>
<p>To expand on points 1. and 2. above, remember when running a PowerShell script containing credentials, the credentials referenced must be available to the user account running the script. For example, when running a PowerShell script as a scheduled task running under the local administrator account, the credentials must be available to the local administrator account used.</p>
<h2 id="powershell-module-installation">PowerShell Module Installation</h2>
<p>To access credentials stored in Credential Manager from PowerShell we need to install a PowerShell Module. The module is available here in the <a href="https://www.powershellgallery.com/packages/CredentialManager/2.0" target="_blank">PowerShell Gallery</a>.</p>
<p>Installation is simple enough:</p>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="n">Install-Module</span><span class="w"> </span><span class="nt">-Name</span><span class="w"> </span><span class="nx">CredentialManager</span></code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Install Credential Manager Module" src="/images/powershell-credential-handling/powershell-credential-handling-03.png" /></p>
<p>That’s it. Restart your PowerShell session to automatically load the module.</p>
<h2 id="saving-credentials">Saving Credentials</h2>
<p>Instead of using Credential Manager GUI to add credentials, the <code class="language-plaintext highlighter-rouge">New-StoredCredential</code> command can be used as follows.</p>
<p>As a bonus, teaming <code class="language-plaintext highlighter-rouge">New-StoredCredential</code> with <code class="language-plaintext highlighter-rouge">Get-Credential</code> pops up the credential request window for easy entry:</p>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="n">New-StoredCredential</span><span class="w"> </span><span class="nt">-Target</span><span class="w"> </span><span class="s2">"TEST"</span><span class="w"> </span><span class="nt">-Persist</span><span class="w"> </span><span class="s2">"LocalMachine"</span><span class="w"> </span><span class="nt">-Credentials</span><span class="w"> </span><span class="err">$</span><span class="p">(</span><span class="n">Get-Credential</span><span class="p">)</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Out-Null</span></code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Credential Prompt" src="/images/powershell-credential-handling/powershell-credential-handling-04.png" /></p>
<p>Enter credentials as normal and click OK.</p>
<p>Checking Credential Manager afterwards:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Credential Check" src="/images/powershell-credential-handling/powershell-credential-handling-05.png" /></p>
<h2 id="retrieving-credentials">Retrieving Credentials</h2>
<p>Again using PowerShell, credentials can be retrieved using <code class="language-plaintext highlighter-rouge">Get-StoredCredential</code> command as follows:</p>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="n">Get-StoredCredential</span><span class="w"> </span><span class="nt">-Target</span><span class="w"> </span><span class="s2">"TEST"</span></code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Retrieve Credential" src="/images/powershell-credential-handling/powershell-credential-handling-06.png" /></p>
<h2 id="using-credentials">Using Credentials</h2>
<p>So how do we use the credentials that we can recover from Credential Manager? For example, how can we use the recovered credentials to, say, logon to a VMware vCenter server?</p>
<p>In the following example, we will recover and use the following credential:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Using Credential Check" src="/images/powershell-credential-handling/powershell-credential-handling-07.png" /></p>
<p>The two line script is as follows:</p>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="nv">$Credentials</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">Get-StoredCredential</span><span class="w"> </span><span class="nt">-Target</span><span class="w"> </span><span class="s2">"vSphere-Admin"</span><span class="w">
</span><span class="n">Connect-VIServer</span><span class="w"> </span><span class="nt">-Server</span><span class="w"> </span><span class="s2">"vcenter.local"</span><span class="w"> </span><span class="nt">-Credential</span><span class="w"> </span><span class="nv">$Credentials</span></code></pre></figure>
<p>Yep that works nicely:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Using Credential" src="/images/powershell-credential-handling/powershell-credential-handling-08.png" /></p>
<p>Simple!</p>
<h2 id="deleting-credentials">Deleting Credentials</h2>
<p>Finally, credentials can be deleted using <code class="language-plaintext highlighter-rouge">Remove-StoredCredential</code> command as follows:</p>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="n">Remove-StoredCredential</span><span class="w"> </span><span class="nt">-Target</span><span class="w"> </span><span class="s2">"TEST"</span></code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Delete Credential" src="/images/powershell-credential-handling/powershell-credential-handling-09.png" /></p>
<p>Checking Credential Manager:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Delete Credential Check" src="/images/powershell-credential-handling/powershell-credential-handling-10.png" /></p>
<p>Yep, our test credential has been deleted.</p>
<h2 id="powershell-core-on-linux">PowerShell Core on Linux</h2>
<p>As Linux does not have a equivalent Credential Manager, we need to get creative when handling credentials in PowerShell core on Linux.</p>
<p>As luck would have it, a work around is available. What’s more is that we documented and used the workaround in part three of the UPS Triggered Shut Down of ESXi from Raspberry Pi series <a href="/esxi-rpi-ups-pt3/#powershell-credential-handling" target="_blank">HERE</a>.</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>A solution to implement and manage PowerShell credentials does exist. What’s more it’s simple to use.<br />
No more storing credentials in plain text inside scripts.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/powershell-credential-handling/">PowerShell Credential Handling</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on August 02, 2022.</p>
https://polarclouds.co.uk/esxi-rpi-ups-pt32022-07-23T01:00:00+01:002022-07-23T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="APC UPS Triggered shut down of ESXi from Raspberry Pi" src="/images/esxi-rpi-ups-pt1/esxi-rpi-ups-pt1-00.png" />
<em>Sorry about the tardiness of this post. I had it written, lost it and then found it again…</em>
<br />
<br />
Last <del>time</del> year we looked at our Uninterruptible Power Supply (UPS) hardware setup and the installation of the required software for our solution. If you’ve not seen that post, catch up now. It’s a great read. :wink:</p>
<p>As mentioned, this post is part 3 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="/esxi-rpi-ups-pt1/" target="_blank">Hardware, Requirement, Software, Solution</a></li>
<li>Part 2: <a href="/esxi-rpi-ups-pt2/" target="_blank">Hardware Connectivity and Software Installation</a></li>
<li>Part 3: This part - Scripting for the win… or should that be for the failure?</li>
</ul>
<p>First off a solution refresher of what we are trying to achieve in this series.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#solution-refresher" id="markdown-toc-solution-refresher">Solution (Refresher)</a></li>
<li><a href="#script-overview" id="markdown-toc-script-overview">Script Overview</a></li>
<li><a href="#powershell-credential-handling" id="markdown-toc-powershell-credential-handling">PowerShell Credential Handling</a></li>
<li><a href="#telegram-alerting" id="markdown-toc-telegram-alerting">Telegram Alerting</a></li>
<li><a href="#the-shut-down-script" id="markdown-toc-the-shut-down-script">The Shut Down Script</a></li>
<li><a href="#calling-the-powershell-shutdown-script" id="markdown-toc-calling-the-powershell-shutdown-script">Calling the PowerShell Shutdown Script</a></li>
<li><a href="#testing" id="markdown-toc-testing">Testing</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a> <ul>
<li><a href="#bonus-rounds" id="markdown-toc-bonus-rounds">Bonus Rounds</a></li>
</ul>
</li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="solution-refresher">Solution (Refresher)</h2>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="The Solution" src="/images/esxi-rpi-ups-pt1/esxi-rpi-ups-pt1-01.png" /></p>
<ol>
<li>Mains electricity fails… power cut!</li>
<li>The UPS signals to the Raspberry Pi that there is a power cut</li>
<li>The UPS signals its battery charge state to the Raspberry Pi</li>
<li>The UPS battery charge falls below a predetermined threshold and signals this to the Raspberry Pi</li>
<li>The Raspberry Pi runs a script to shut down all powered on VMs</li>
<li>The Raspberry Pi runs a script to shut down the ESXi host</li>
<li>The Raspberry Pi runs a script to shut itself down</li>
<li>The UPS stops supplying power from battery and shuts down which also shuts down the modem, router and network switch</li>
</ol>
<p>Let’s get to it.</p>
<h2 id="script-overview">Script Overview</h2>
<p>Lets look at what we need our script to achieve. Quite simple when we boil it down:</p>
<ol>
<li>Login to ESXi</li>
<li>Find and shutdown all powered on VMs</li>
<li>Shutdown ESXi server</li>
<li>Shutdown Raspberry Pi</li>
</ol>
<p>Simples!</p>
<p>First a couple of notes:</p>
<h2 id="powershell-credential-handling">PowerShell Credential Handling</h2>
<p>As the PowerShell script will run in unattended mode, we need to find a method of storing ESXi credentials.</p>
<p>My least preferred option is to place the credentials into the script in clear text. My preferred method of using the Windows Credential Manager module (available <a href="https://www.powershellgallery.com/packages/CredentialManager/2.0" target="_blank">here</a>) unsurprisingly does not work when running PowerShell on Linux. Therefore we are going to have to go for a the middle of the road solution of storing the password as an encrypted string in a text file.</p>
<p>To do this, we simply need to run the following which will output our encrypted password to the file <code class="language-plaintext highlighter-rouge">/home/chris/cred.txt</code>:</p>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="nv">$credential</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">Get-Credential</span><span class="w">
</span><span class="nv">$credential</span><span class="o">.</span><span class="nf">Password</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">ConvertFrom-SecureString</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Set-Content</span><span class="w"> </span><span class="nx">/home/chris/cred.txt</span></code></pre></figure>
<p>To “reconstitute” the password and combine with our user ID so that it can be used with the <code class="language-plaintext highlighter-rouge">Connect-VIServer -Credential</code> parameter, we need to include the following in our script:</p>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="nv">$Username</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"root"</span><span class="w">
</span><span class="nv">$Credfile</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"/home/chris/cred.txt"</span><span class="w">
</span><span class="nv">$Encrypted</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">Get-Content</span><span class="w"> </span><span class="nv">$Credfile</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">ConvertTo-SecureString</span><span class="w">
</span><span class="nv">$Credential</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">New-Object</span><span class="w"> </span><span class="nx">System.Management.Automation.PsCredential</span><span class="p">(</span><span class="nv">$Username</span><span class="p">,</span><span class="w"> </span><span class="nv">$Encrypted</span><span class="p">)</span></code></pre></figure>
<h2 id="telegram-alerting">Telegram Alerting</h2>
<p>One thing we’ve not touched on in this series yet is the need for notifications and alerting. It is always good to know what is going on with the UPS and the Raspberry Pi during a power cut.</p>
<p>In my solution script below, I’m going to use Telegram for notifications. Thinking here is that I will still receive the notifications during a power cut on my phone via 4 or 5G as at this point my non-UPS backed WiFi access points will also have had their power cut.</p>
<p>If you’ve not seen my post on sending Telegram messages from PowerShell, what are you waiting for? It’s simple. <a href="/send-telegram-from-powershell/" target="_blank">Check it out here</a> :wink:</p>
<p>Slight update to the Send-Telegram script to support Markdown formatting of messages:</p>
<figure><figcaption><b>Filename:</b>/home/chris/send-telegram2.ps1</figcaption>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="c">#! /usr/bin/pwsh
</span><span class="w">
</span><span class="kr">Param</span><span class="p">(</span><span class="w">
</span><span class="p">[</span><span class="n">Parameter</span><span class="p">(</span><span class="n">Mandatory</span><span class="o">=</span><span class="bp">$true</span><span class="p">)]</span><span class="nv">$Message</span><span class="p">,</span><span class="w">
</span><span class="p">[</span><span class="n">Parameter</span><span class="p">(</span><span class="n">Mandatory</span><span class="o">=</span><span class="bp">$false</span><span class="p">,</span><span class="n">HelpMessage</span><span class="o">=</span><span class="s2">"Specify Markdown or HTML formatting (Default = Markdown)"</span><span class="p">)][</span><span class="n">string</span><span class="p">]</span><span class="nv">$ParseMode</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"Markdown"</span><span class="w">
</span><span class="p">)</span><span class="w">
</span><span class="nv">$Telegramtoken</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"<TELEGRAM TOKEN>"</span><span class="w">
</span><span class="nv">$Telegramchatid</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"<TELEGRAM CHAT ID>"</span><span class="w">
</span><span class="c"># ================================
</span><span class="w">
</span><span class="nv">$payload</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">@{</span><span class="w">
</span><span class="s2">"chat_id"</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$Telegramchatid</span><span class="p">;</span><span class="w">
</span><span class="s2">"text"</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$Message</span><span class="w">
</span><span class="s2">"parse_mode"</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$ParseMode</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="c"># ================================
</span><span class="w">
</span><span class="p">[</span><span class="n">Net.ServicePointManager</span><span class="p">]::</span><span class="n">SecurityProtocol</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span><span class="n">Net.SecurityProtocolType</span><span class="p">]::</span><span class="n">Tls12</span><span class="w">
</span><span class="nv">$Response</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">Invoke-RestMethod</span><span class="w"> </span><span class="se">`
</span><span class="w">
</span><span class="nt">-Uri</span><span class="w"> </span><span class="p">(</span><span class="s2">"https://api.telegram.org/bot{0}/sendMessage"</span><span class="w"> </span><span class="nt">-f</span><span class="w"> </span><span class="nv">$Telegramtoken</span><span class="p">)</span><span class="w"> </span><span class="err">`</span><span class="w">
</span><span class="nt">-Method</span><span class="w"> </span><span class="n">Post</span><span class="w"> </span><span class="se">`
</span><span class="w">
</span><span class="nt">-ContentType</span><span class="w"> </span><span class="s2">"application/json"</span><span class="w"> </span><span class="err">`</span><span class="w">
</span><span class="nt">-Body</span><span class="w"> </span><span class="p">(</span><span class="n">ConvertTo-Json</span><span class="w"> </span><span class="nt">-Compress</span><span class="w"> </span><span class="nt">-InputObject</span><span class="w"> </span><span class="nv">$payload</span><span class="p">)</span><span class="w"> </span><span class="err">`</span><span class="w">
</span><span class="nt">-ErrorAction</span><span class="w"> </span><span class="n">Stop</span></code></pre></figure>
</figure>
<p>Don’t forget to mark the script executable using <code class="language-plaintext highlighter-rouge">chmod +x send-telegram2.ps1</code></p>
<h2 id="the-shut-down-script">The Shut Down Script</h2>
<p>Rather than post script snippets and talking about them for sections and sections, here is the complete script:</p>
<figure><figcaption><b>Filename:</b> /home/chris/shutdown.ps1</figcaption>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="c">#! /usr/bin/pwsh
</span><span class="w">
</span><span class="c"># == Complete These ==============
</span><span class="w">
</span><span class="nv">$ESXi</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"esxi-server.local"</span><span class="w">
</span><span class="nv">$Username</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"root"</span><span class="w">
</span><span class="nv">$Credfile</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"/home/chris/cred.txt"</span><span class="w">
</span><span class="nv">$Waittime</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"120"</span><span class="w">
</span><span class="c"># ================================
</span><span class="w">
</span><span class="kr">Function</span><span class="w"> </span><span class="nf">Send-Update</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="kr">Param</span><span class="p">(</span><span class="nv">$Message</span><span class="p">)</span><span class="w">
</span><span class="nv">$time</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="n">get-date</span><span class="w"> </span><span class="nt">-Format</span><span class="w"> </span><span class="s2">"dd/MM/yy HH:mm"</span><span class="p">)</span><span class="w">
</span><span class="nv">$status</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="nv">$Message</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="s2">"* - </span><span class="nv">$time</span><span class="s2">"</span><span class="w">
</span><span class="n">/home/chris/send-telegram2</span><span class="w"> </span><span class="nt">-Message</span><span class="w"> </span><span class="nv">$status</span><span class="w"> </span><span class="nt">-ParseMode</span><span class="w"> </span><span class="nx">Markdown</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="c"># ================================
</span><span class="w">
</span><span class="n">Import-Module</span><span class="w"> </span><span class="nx">VMware.PowerCLI</span><span class="w">
</span><span class="nv">$Encrypted</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">Get-Content</span><span class="w"> </span><span class="s2">"</span><span class="nv">$Credfile</span><span class="s2">"</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">ConvertTo-SecureString</span><span class="w">
</span><span class="nv">$Credential</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">New-Object</span><span class="w"> </span><span class="nx">System.Management.Automation.PsCredential</span><span class="p">(</span><span class="nv">$Username</span><span class="p">,</span><span class="w"> </span><span class="nv">$Encrypted</span><span class="p">)</span><span class="w">
</span><span class="n">/home/chris/send-telegram2</span><span class="w"> </span><span class="nt">-Message</span><span class="w"> </span><span class="s2">"VM Shutdown Sequence Started. VMs to be Shutdown:"</span><span class="w"> </span><span class="nt">-ParseMode</span><span class="w"> </span><span class="nx">Markdown</span><span class="w">
</span><span class="n">Connect-VIServer</span><span class="w"> </span><span class="nv">$ESXi</span><span class="w"> </span><span class="nt">-Credential</span><span class="w"> </span><span class="nv">$Credential</span><span class="w">
</span><span class="nv">$PoweredVMs</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="n">Get-VM</span><span class="p">)</span><span class="o">.</span><span class="nf">where</span><span class="p">{</span><span class="bp">$_</span><span class="o">.</span><span class="nf">PowerState</span><span class="w"> </span><span class="o">-eq</span><span class="w"> </span><span class="s1">'PoweredOn'</span><span class="p">}</span><span class="w">
</span><span class="n">Send-Update</span><span class="w"> </span><span class="p">(</span><span class="nv">$PoweredVMs</span><span class="o">.</span><span class="nf">Name</span><span class="w"> </span><span class="o">|</span><span class="n">Out-String</span><span class="p">)</span><span class="w">
</span><span class="kr">ForEach</span><span class="w"> </span><span class="p">(</span><span class="nv">$VM</span><span class="w"> </span><span class="kr">in</span><span class="w"> </span><span class="nv">$PoweredVMs</span><span class="p">){</span><span class="w">
</span><span class="n">Send-Update</span><span class="w"> </span><span class="s2">"Shutting down </span><span class="nv">$VM</span><span class="s2">"</span><span class="w">
</span><span class="nv">$VM</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Shutdown-VMGuest</span><span class="w"> </span><span class="nt">-Confirm</span><span class="p">:</span><span class="bp">$false</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="bp">$null</span><span class="w">
</span><span class="nv">$looptime</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$Waittime</span><span class="w">
</span><span class="kr">do</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="n">sleep</span><span class="w"> </span><span class="nx">10</span><span class="w">
</span><span class="nv">$looptime</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$looptime</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="mi">10</span><span class="w">
</span><span class="p">}</span><span class="w"> </span><span class="kr">until</span><span class="w"> </span><span class="p">((</span><span class="n">Get-VM</span><span class="w"> </span><span class="nv">$VM</span><span class="p">)</span><span class="o">.</span><span class="nf">PowerState</span><span class="w"> </span><span class="o">-eq</span><span class="w"> </span><span class="s1">'PoweredOff'</span><span class="w"> </span><span class="o">-or</span><span class="w"> </span><span class="nv">$looptime</span><span class="w"> </span><span class="o">-eq</span><span class="w"> </span><span class="mi">0</span><span class="p">)</span><span class="w">
</span><span class="n">Send-Update</span><span class="w"> </span><span class="s2">"</span><span class="nv">$VM</span><span class="s2"> is </span><span class="si">$(</span><span class="p">(</span><span class="n">Get-VM</span><span class="w"> </span><span class="nv">$VM</span><span class="p">)</span><span class="o">.</span><span class="nf">PowerState</span><span class="si">)</span><span class="s2">"</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="nv">$KillVMs</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="n">Get-VM</span><span class="p">)</span><span class="o">.</span><span class="nf">where</span><span class="p">{</span><span class="bp">$_</span><span class="o">.</span><span class="nf">PowerState</span><span class="w"> </span><span class="o">-eq</span><span class="w"> </span><span class="s1">'PoweredOn'</span><span class="p">}</span><span class="w">
</span><span class="kr">If</span><span class="w"> </span><span class="p">(</span><span class="nv">$KillVMs</span><span class="p">){</span><span class="w">
</span><span class="kr">ForEach</span><span class="w"> </span><span class="p">(</span><span class="nv">$VM</span><span class="w"> </span><span class="kr">in</span><span class="w"> </span><span class="nv">$KillVMs</span><span class="p">){</span><span class="w">
</span><span class="n">Send-Update</span><span class="w"> </span><span class="s2">"Killing </span><span class="nv">$VM</span><span class="s2">"</span><span class="w">
</span><span class="n">Stop-VM</span><span class="w"> </span><span class="nt">-kill</span><span class="w"> </span><span class="nv">$VM</span><span class="w"> </span><span class="nt">-Confirm</span><span class="p">:</span><span class="bp">$false</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="n">Send-Update</span><span class="w"> </span><span class="s2">"Shutting down </span><span class="nv">$ESXi</span><span class="s2">"</span><span class="w">
</span><span class="n">Stop-VMHost</span><span class="w"> </span><span class="nv">$ESXi</span><span class="w"> </span><span class="nt">-Force</span><span class="w"> </span><span class="nt">-Confirm</span><span class="p">:</span><span class="bp">$false</span><span class="w">
</span><span class="n">Disconnect-VIServer</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="nt">-confirm</span><span class="p">:</span><span class="bp">$false</span><span class="w">
</span><span class="n">Stop-Computer</span></code></pre></figure>
</figure>
<p>Don’t forget to mark the script executable using <code class="language-plaintext highlighter-rouge">chmod +x shutdown.ps1</code></p>
<h2 id="calling-the-powershell-shutdown-script">Calling the PowerShell Shutdown Script</h2>
<p>Next we need to configure calling the above PowerShell script from the apcups daemon:</p>
<figure><figcaption><b>Filename:</b> /etc/apcupsd/doshutdown</figcaption>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="c">#!/bin/sh
</span>
<span class="c"># This shell script if placed in /etc/apcupsd will be called by /etc/apcupsd/apccontrol when the UPS is running on batteries
</span>
<span class="c"># and one of the limits expires (time, run, load), this event is generated to cause the machine to shutdown.
</span>
<span class="nv">HOSTNAME</span><span class="o">=</span><span class="sb">`</span><span class="nb">hostname</span><span class="sb">`</span>
<span class="nv">MSG</span><span class="o">=</span><span class="s2">"</span><span class="nv">$HOSTNAME</span><span class="s2"> UPS </span><span class="nv">$1</span><span class="s2"> calling for controlled shut down"</span>
<span class="nv">now</span><span class="o">=</span><span class="si">$(</span><span class="nb">date</span> +<span class="s2">"%d/%m/%y %H:%M"</span><span class="si">)</span>
<span class="nv">now</span><span class="o">=</span><span class="s2">"</span><span class="nv">$now</span><span class="s2">"</span> pwsh <span class="nt">-file</span> /home/chris/send-telegram2.ps1 <span class="nt">-Message</span> <span class="s2">"<b></span><span class="nv">$now</span><span class="s2"></b> - UPS <code></span><span class="k">${</span><span class="nv">1</span><span class="k">}</span><span class="s2"></code> calling for control>
pwsh -file /home/chris/shutdown.ps1
</span><span class="k">${</span><span class="nv">SHUTDOWN</span><span class="k">}</span><span class="s2"> -h now "</span>apcupsd UPS <span class="k">${</span><span class="nv">1</span><span class="k">}</span> initiated shutdown<span class="s2">"
#
(
echo "</span><span class="nv">$MSG</span><span class="s2">"
echo "</span> <span class="s2">"
/sbin/apcaccess status
) | </span><span class="nv">$APCUPSD_MAIL</span><span class="s2"> -s "</span><span class="nv">$MSG</span><span class="s2">" </span><span class="nv">$SYSADMIN</span><span class="s2">
exit 0</span></code></pre></figure>
</figure>
<h2 id="testing">Testing</h2>
<p>Remarking out the shutdown commands and adjusting the timeout to 10 seconds per loop:</p>
<table>
<tr>
<td style="height:50%; width:50%;">
<a target="_blank" href="/images/esxi-rpi-ups-pt3/esxi-rpi-ups-pt3-01.jpg"><img style="display:block;" src="/images/esxi-rpi-ups-pt3/esxi-rpi-ups-pt3-01.jpg" alt="Telegram 1" /></a></td>
<td style="height:50%; width:50%;">
<a target="_blank" href="/images/esxi-rpi-ups-pt3/esxi-rpi-ups-pt3-02.jpg"><img style="display:block;" src="/images/esxi-rpi-ups-pt3/esxi-rpi-ups-pt3-02.jpg" alt="Telegram 2" /></a></td>
</tr>
</table>
<p>Nice!</p>
<p>Of course <strong>PoweredOn</strong> will read <strong>PoweredOff</strong> when VMs are actually shutdown and there won’t be as much VM killing going on (second screenshot), but you get the idea.</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>There we have it: UPS initiated ESXi shutdown handled by a Raspberry Pi!</p>
<h3 id="bonus-rounds">Bonus Rounds</h3>
<p>There are several other event called scripts contained in <code class="language-plaintext highlighter-rouge">/etc/apcupsd/</code> that can be modified to provide UPS visibility. For example:</p>
<figure><figcaption><b>Filename:</b> /etc/apcupsd/onbattery</figcaption>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="c">#! /usr/bin/pwsh
</span>
<span class="nv">$time</span> <span class="o">=</span> <span class="o">(</span>get-date <span class="nt">-Format</span> <span class="s2">"dd/MM/yy HH:mm"</span><span class="o">)</span>
<span class="nv">$status</span> <span class="o">=</span> <span class="s2">"*UPS Power failure - running on batteries!* - </span><span class="nv">$time</span><span class="s2">"</span>
/home/chris/send-telegram2 <span class="nt">-Message</span> <span class="nv">$status</span> <span class="nt">-ParseMode</span> Markdown</code></pre></figure>
</figure>
<figure><figcaption><b>Filename:</b> /etc/apcupsd/offbattery</figcaption>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="c">#! /usr/bin/pwsh
</span>
<span class="nv">$time</span> <span class="o">=</span> <span class="o">(</span>get-date <span class="nt">-Format</span> <span class="s2">"dd/MM/yy HH:mm"</span><span class="o">)</span>
<span class="nv">$status</span> <span class="o">=</span> <span class="s2">"*UPS Power returned - running on mains power* - </span><span class="nv">$time</span><span class="s2">"</span>
/home/chris/send-telegram2 <span class="nt">-Message</span> <span class="nv">$status</span> <span class="nt">-ParseMode</span> Markdown</code></pre></figure>
</figure>
<p>A full list of supported events can be found in <a href="http://www.apcupsd.org/manual/manual.html#customizing-event-handling" target="_blank">APCUPSD Manual - Customizing Event Handling</a>.</p>
<p>This post was <em>a belated</em> part 3 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="https://polarclouds.co.uk/esxi-rpi-ups-pt1" target="_blank">Hardware, Requirement, Software, Solution</a></li>
<li>Part 2: <a href="https://polarclouds.co.uk/esxi-rpi-ups-pt2" target="_blank">Hardware Connectivity and Software Installation</a></li>
<li>Part 3: This part - Scripting for the win… or should that be for the failure?</li>
</ul>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/esxi-rpi-ups-pt3/">UPS Triggered Shut Down of ESXi from Raspberry Pi - Part 3</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on July 23, 2022.</p>
https://polarclouds.co.uk/vsphere-compliance-with-vro-pt22022-07-05T01:00:00+01:002022-07-05T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX-T Logo" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-01.png" />
Last time we looked at regulatory compliance standards and benchmarks, vSphere tag creation and application and finally for the majority of the post at configuring vRealize Operations to continually monitor for system hardening standard / benchmark compliance.</p>
<p>If you have not yet seen that post, catch up now. It’s a great read. :wink:</p>
<p>As mentioned, this post is part 2 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="/vsphere-compliance-with-vro/" target="_blank">Creating Continual Regulatory Compliance</a></li>
<li>Part 2: This part: Monitoring and Reporting Regulatory Compliance</li>
</ul>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#monitoring-compliance" id="markdown-toc-monitoring-compliance">Monitoring Compliance</a></li>
<li><a href="#reporting-compliance" id="markdown-toc-reporting-compliance">Reporting Compliance</a> <ul>
<li><a href="#views" id="markdown-toc-views">Views</a> <ul>
<li><a href="#virtual-machines" id="markdown-toc-virtual-machines">Virtual Machines</a></li>
<li><a href="#esxi-hosts" id="markdown-toc-esxi-hosts">ESXi Hosts</a></li>
<li><a href="#virtual-switches" id="markdown-toc-virtual-switches">Virtual Switches</a></li>
<li><a href="#virtual-switch-port-groups" id="markdown-toc-virtual-switch-port-groups">Virtual Switch Port Groups</a></li>
</ul>
</li>
<li><a href="#reports" id="markdown-toc-reports">Reports</a></li>
</ul>
</li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a> <ul>
<li><a href="#chris-final-thought-1" id="markdown-toc-chris-final-thought-1">Chris’ Final Thought 1</a></li>
<li><a href="#chris-final-thought-2" id="markdown-toc-chris-final-thought-2">Chris’ Final Thought 2</a></li>
</ul>
</li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="monitoring-compliance">Monitoring Compliance</h2>
<p>We need a dashboard. Let’s create one! Luckily for us vRealize Operations (vRO) has just the thing.</p>
<p>From the vRO console, select <strong>Visualise > Dashboards</strong> and let’s search for compliance:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Find Compliance Dashboard" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-01.png" /></p>
<p>Not sure why the built in compliance dashboard is deprecated, but hey lets use it as a base for a new custom dashboard anyway. Taking a look at the dashboard:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="vSphere Compliance Dashboard" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-02.png" /></p>
<p>Nice. Let’s clone the dashboard to create our own. Click <strong>Manage</strong> and filter on <strong>compliance</strong> to find the dashboard in the dashboard library:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Find Compliance Dashboard in Library" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-03.png" /></p>
<p>Use the three vertical dots to clone the dashboard:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Clone Dashboard" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-04.png" /></p>
<p>I’ll name my new dashboard <strong>PolarClouds CIS Security Compliance</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Name Clone Dashboard" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-05.png" /></p>
<p>Again, using the three vertical dots, let’s edit the PolarClouds CIS Security Compliance dashboard. I’m not going to go into super detail here as dashboards are a can be subject to personal taste, but here are the changes I’ve made (you are of course free to make your own!):</p>
<ul>
<li>Removed the vSphere and VM Compliance heat maps:</li>
</ul>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Remove Heat Maps" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-06.png" /></p>
<ul>
<li>Group the affected objects by “None”:</li>
</ul>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Group by None" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-07.png" /></p>
<p>As this is a small environment with eventually zero compliance issues, I’m happy to put the hopefully empty list on non-compliances right on my dashboard! I’ll rename the widget “Non-Compliant Objects” too.</p>
<p>That’s it. I’ll save the dashboard and using the share button, setting the expiry to <strong>Never Expire</strong>, I’ll grab the link to my nice new dashboard:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Share Dashboard" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-08.png" /></p>
<p>Lets take a look at the final dashboard:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Final Dashboard" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-09.png" /></p>
<p>Happy with that. Yes, there is some hardening of the environment yet to do, I’ll forward the link to the security and compliance departments.</p>
<h2 id="reporting-compliance">Reporting Compliance</h2>
<p>Next, let’s work on reporting. Reports are consist of one or more views, so we’ll work on creating our views first.</p>
<p>For my report I’m going to include the following views:</p>
<ul>
<li>CIS Compliant Virtual Machines</li>
<li>CIS Compliant ESXi Hosts</li>
<li>CIS Compliant Virtual Switches</li>
<li>CIS Compliant Virtual Switch Port Groups</li>
<li>CIS Non-Compliant Virtual Machines</li>
<li>CIS Non-Compliant ESXi Hosts</li>
<li>CIS Non-Compliant Virtual Switches</li>
<li>CIS Non-Compliant Virtual Switch Port Groups</li>
<li>CIS Excluded Virtual Machines</li>
<li>CIS Excluded ESXi Hosts</li>
<li>CIS Excluded Virtual Switches</li>
<li>CIS Excluded Virtual Switch Port Groups</li>
</ul>
<p>Sure twelve views is a lot (remember CIS does not harden vCenter), but through the power of cloning and tweaking the filters we really only have to create four views.</p>
<h3 id="views">Views</h3>
<h4 id="virtual-machines">Virtual Machines</h4>
<p>From the vRO console, select <strong>Visualise > Views > Manage > Add</strong> and let’s create a view to add to a report. I’ll call my view “PolarClouds CIS Compliant Virtual Machines” and set the description as “Virtual Machines with vSphere configuration compliant with CIS Hardening Standards”:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Compliance Report Title + Description" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-10.png" /></p>
<p>Selecting step 2, lets create some views.</p>
<p>Click <strong>+</strong> to add a view. We will name this first view <strong>PolarClouds CIS Compliant Virtual Machines</strong> and set the description ro <strong>Virtual Machines with vSphere configuration compliant with CIS Hardening Standards</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Report Compliant VM View Name + Description" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-11.png" /></p>
<p>Next, lets present some data in list form, so select <strong>List</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Report Compliant VM View List" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-12.png" /></p>
<p>Moving onto step 3, lets set our subjects as <strong>vCenter Adaptor > Virtual Machine</strong></p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Report Compliant VM Subject List" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-13.png" /></p>
<p>Moving onto step 4, lets find some data to populate our list with. When we find our property / metric, simply drag to add to the list:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Report Compliant VM Subject List Drag to Add" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-14.png" /></p>
<p>Label the Metric and add a sort order:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Metric + Order" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-15.png" /></p>
<p>The full list of VM properties and metrics I use is, along with their paths is:</p>
<ul>
<li>VM IP Address : Properties > Summary > Guest Operating System>Guest OS IP Address</li>
<li>VM Operating System : Properties > Summary > Guest Operating System > Guest OS from Tools</li>
<li>VM CIS Compliance : Metrics > Badge > Compliance (%)</li>
</ul>
<p>Next, lets filter to show only the VMs that are 100% compliant:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Filter Compliant VMs" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-16.png" /></p>
<p>The final configuration of the view:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Compliant VMs View" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-17.png" /></p>
<p>Finally click <strong>Save</strong> to save the view.</p>
<p>Next we’ll create the CIS Non-Compliant Virtual Machines view.</p>
<p>Clone the previously created view:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Clone Compliant VMs View" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-18.png" /></p>
<p>Update Name and description:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Non-Compliant VMs Name + Description" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-19.png" /></p>
<p>Select <strong>4. Data</strong><br />
Change compliance operator to <strong>is not</strong><br />
Add <strong>Properties > vSphere Tag > Current > is not > [< Compliance-CIS-Excluded >]</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VMs is Not Compliant Filter" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-20.png" /></p>
<p>Finally save the view.</p>
<p>Given that we know that we have some non-compliant VMs, we can preview the view. Select the Non-Compliant view from the Recents list, click <strong>Select preview source</strong> and select <strong>vCenter Adapter > vSphere World . vSphere World</strong>. Looking good:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VMs Not Compliant" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-21.png" /></p>
<p>Just our VM with a serial port!</p>
<p>Finally lets clone and tweak the filter again to create our CIS Excluded Virtual Machines view. I’ve also removed the VM CIS Compliance column from the view.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VMs Excluded 1" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-22.png" /></p>
<p>Using vSphere World as a preview source:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VMs Excluded 2" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-23.png" /></p>
<p>Yep our two excluded VMs are listed. Hey presto we have our three VM views:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Three VM Views" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-24.png" /></p>
<h4 id="esxi-hosts">ESXi Hosts</h4>
<p>From the vRO console, select <strong>Visualise > Views > Manage > Add</strong> and let’s create a view to add to a report. I’ll call my view “PolarClouds CIS Compliant ESXi Hosts” and set the description as “ESXi Hosts with vSphere configuration compliant with CIS Hardening Standards”.</p>
<p>Again I shall configure presentation in list form and I’ll include the following properties and metrics:</p>
<ul>
<li>Host IP Address : Properties > Network > Management Address</li>
<li>Host Operating System : Properties > System > Product String</li>
<li>Host Version - Build Number: Properties > Summary > Version</li>
<li>Host CIS Compliance : Metrics > Badge > Compliance (%)</li>
</ul>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Host View" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-25.png" /></p>
<p>Again we’ll clone and set our filters accordingly to create the three views:</p>
<ul>
<li>CIS Compliant ESXi Hosts
<ul>
<li>Filter : Metrics > Badge > Compliance (%) > Current > is > 100</li>
</ul>
</li>
<li>CIS Non-Compliant ESXi Hosts
<ul>
<li>Filter : Metrics > Badge > Compliance (%) > Current > is not > 100</li>
<li>And : Properties > Summary > vSphere Tag > Current > is not > [< Compliance-CIS-Excluded >]</li>
</ul>
</li>
<li>CIS Excluded ESXi Hosts
<ul>
<li>Filter : Properties > Summary > vSphere Tag > Current > is > [< Compliance-CIS-Excluded >]</li>
</ul>
</li>
</ul>
<h4 id="virtual-switches">Virtual Switches</h4>
<p>Again three new views with the following properties and metrics:</p>
<ul>
<li>Switch Version - Build Number : Properties > Summary > Version</li>
<li>Switch CIS Compliance : Metrics > Badge > Compliance (%)</li>
</ul>
<p>Clone and set our filters accordingly to create the three views:</p>
<ul>
<li>CIS Compliant Virtual Switches
<ul>
<li>Filter : Metrics > Badge > Compliance (%) > Current > is > 100</li>
</ul>
</li>
<li>CIS Non-Compliant Virtual Switches
<ul>
<li>Filter : Metrics > Badge > Compliance (%) > Current > is not > 100</li>
<li>And : Properties > Summary > vSphere Tag > Current > is not > [< Compliance-CIS-Excluded >]</li>
</ul>
</li>
<li>CIS Excluded ESXi Hosts
<ul>
<li>Filter : Properties > Summary > vSphere Tag > Current > is > [< Compliance-CIS-Excluded >]</li>
</ul>
<h4 id="virtual-switch-port-groups">Virtual Switch Port Groups</h4>
<p>Finally three more views with the following properties and metrics:</p>
</li>
<li>Port Group VLAN ID : Properties > Configuration > Policies > Security > VLAN ID</li>
<li>Port Group VLAN Trunk : Properties > Configuration > Policies > Security > VLAN trunk range</li>
<li>Port Group CIS Compliance : Metrics > Badge > Compliance (%)</li>
</ul>
<p>Clone and set our filters accordingly to create the three views:</p>
<ul>
<li>CIS Compliant Virtual Switch Port Groups
<ul>
<li>Filter : Metrics > Badge > Compliance (%) > Current > is > 100</li>
</ul>
</li>
<li>CIS Non-Compliant Virtual Switch Port Groups
<ul>
<li>Filter : Metrics > Badge > Compliance (%) > Current > is not > 100</li>
<li>And : Properties > Summary > vSphere Tag > Current > is not > [< Compliance-CIS-Excluded >]</li>
</ul>
</li>
<li>CIS Excluded Virtual Switch Port Groups
<ul>
<li>Filter : Properties > Summary > vSphere Tag > Current > is > [< Compliance-CIS-Excluded >]</li>
</ul>
</li>
</ul>
<p>Phew! Done!</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="PolarClouds Views" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-26.png" /></p>
<h3 id="reports">Reports</h3>
<p>Now that we have sliced and diced out data into views, lets bundle the results into a report for review and action.</p>
<p>From the vRO console, select <strong>Visualise > Reports > Manage > Add</strong> and let’s create a report. I’ll call my report “PolarClouds vSphere Estate CIS Compliance” and set the description as “Status of vSphere CIS Compliance across the PolarClouds vSphere Estate”</p>
<p>Next, add the twelve views previously created:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="PolarClouds Report Views" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-27.png" /></p>
<p>Finally, I’ll enable PDF and CSV formats, add a cover page, table of contents and a footer.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="PolarClouds Report Layout Options" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-28.png" /></p>
<p>Save, find in the list and run the report against vSphere World:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Run the Report" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-29.png" /></p>
<p>And here is the report:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="PolarClouds Report" src="/images/vsphere-compliance-with-vro-pt2/vsphere-compliance-with-vro-pt2-30.png" /></p>
<p>Grab your copy of the report: <a href="/documents/PolarClouds-Lab-CIS-Compliance.pdf" target="_blank">PDF</a> <a href="/documents/PolarClouds-Lab-CIS-Compliance.csv" target="_blank">CSV</a></p>
<p>As you can see, I added a slightly tweaked version of the dashboard to the report too, thus making a nice summary page :sunglasses:</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>So there we have it.</p>
<p>In this post we looked at creating dashboards, views and reports to publicise our example PolarClouds lab environment CIS compliance and and non-compliances further.</p>
<p>All that is left is to harden the environment keeping an eye on our dashboard and reports as we go.</p>
<p>As you will have seen over the course of this series, vRealize Operations is able to assist with meeting and reporting security compliance across the vSphere estate and ensuring that compliance remains in place via dashboards and reports.</p>
<h3 id="chris-final-thought-1">Chris’ Final Thought 1</h3>
<p><a href="https://en.wikipedia.org/wiki/Trust,_but_verify" target="_blank">Trust, but verify</a>.
Compliance standards can and will change.</p>
<p>Therefore don’t take VMware’s vRO compliance as the final word for a compliant environment. Third party compliance scanning solutions such as those available from <a href="https://www.tenable.com/solutions/compliance" target="_blank">Tenable</a> and <a href="https://www.qualys.com/solutions/compliance/" target="_blank">Qualys</a> exist for a reason.</p>
<h3 id="chris-final-thought-2">Chris’ Final Thought 2</h3>
<p>Usual <a href="/pages/disclaimer/" target="_blank">disclaimer</a> applies.
<br />
And that’s it!<br /></p>
<p>As mentioned, this post is part 2 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="/vsphere-compliance-with-vro/" target="_blank">Creating Continual Regulatory Compliance</a></li>
<li>Part 2: This part: Monitoring and Reporting Regulatory Compliance</li>
</ul>
<p>As I said at the end of part 1:<br />
<em>Sure compliance is a dry and often a difficult subject to crack, however hopefully with the use of a automated and continuous monitoring tool such as vRealize Operations, we can ensure that our vSphere environment is always meeting its required compliance standard, whatever standard that may be.</em></p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/vsphere-compliance-with-vro-pt2/">vSphere Compliance with vRealize Operations and Tagging - Part 2</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on July 05, 2022.</p>
https://polarclouds.co.uk/vsphere-compliance-with-vro2022-06-28T01:00:00+01:002022-06-28T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="vRO CIS and DISA Logos" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-01.png" />
In these days of anywhere computing, one of the tools in the arsenal of the good guys is system hardening. But what is system hardening?</p>
<p>System hardening is defined as the practice of reducing a system’s vulnerability by reducing its attack surface. Through a reduced attack surface, there is a lower risk of data breaches, unauthorized access, system hacking, or malware infection.</p>
<p>Hardening may involve a reduction in attack surface through cutting unnecessary services or processes. Therefore for most environments a level of system hardening is required, but how much system hardening is required? How are systems hardened? Are there any system hardening compliance standards or guides that we could follow? Which standard best fits my scenario?</p>
<p>As with so may things in life, there are options. How much hardening depends on your risk appetite. <br /><strong>Spoiler Alert</strong>: a list of compliance standards is included later on in this post (<a href="/vsphere-compliance-with-vro/#activating-compliance-standard-to-apply-to-vsphere">tl,dr</a>). As for which standard to follow, that’s very much up to you and your compliance and security departments.</p>
<p>For example, two popular hardening benchmarks are CIS and DISA STIG. These are available:</p>
<ul>
<li>CIS Benchmarks: <a href="https://downloads.cisecurity.org/" target="_blank">Here</a></li>
<li>DISA STIG Benchmarks: <a href="https://public.cyber.mil/stigs/downloads/" target="_blank">Here</a></li>
</ul>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#objectives" id="markdown-toc-objectives">Objectives</a></li>
<li><a href="#what-is-vrealize-operations" id="markdown-toc-what-is-vrealize-operations">What is vRealize Operations?</a></li>
<li><a href="#vsphere-configuration" id="markdown-toc-vsphere-configuration">vSphere Configuration</a> <ul>
<li><a href="#why-vsphere-tags" id="markdown-toc-why-vsphere-tags">Why vSphere Tags?</a></li>
<li><a href="#configure-vsphere-tags" id="markdown-toc-configure-vsphere-tags">Configure vSphere Tags</a></li>
<li><a href="#apply-vsphere-tags" id="markdown-toc-apply-vsphere-tags">Apply vSphere Tags</a></li>
</ul>
</li>
<li><a href="#vrealize-operations-configuration" id="markdown-toc-vrealize-operations-configuration">vRealize Operations Configuration</a> <ul>
<li><a href="#activating-compliance-standard-to-apply-to-vsphere" id="markdown-toc-activating-compliance-standard-to-apply-to-vsphere">Activating Compliance Standard to Apply to vSphere</a></li>
<li><a href="#configuring-a-compliance-standard-to-apply-to-vsphere" id="markdown-toc-configuring-a-compliance-standard-to-apply-to-vsphere">Configuring a Compliance Standard to Apply to vSphere</a> <ul>
<li><a href="#esxi-host-is-violating-cis-alert-definition" id="markdown-toc-esxi-host-is-violating-cis-alert-definition">ESXi Host is Violating CIS Alert Definition</a></li>
<li><a href="#virtual-machine-is-violating-cis-alert-definition" id="markdown-toc-virtual-machine-is-violating-cis-alert-definition">Virtual Machine is Violating CIS Alert Definition</a></li>
<li><a href="#vsphere-distributed-port-group-is-violating-cis-alert-definition" id="markdown-toc-vsphere-distributed-port-group-is-violating-cis-alert-definition">vSphere Distributed Port Group is Violating CIS Alert Definition</a></li>
<li><a href="#vsphere-distributed-virtual-switch-is-violating-cis-alert-definition" id="markdown-toc-vsphere-distributed-virtual-switch-is-violating-cis-alert-definition">vSphere Distributed Virtual Switch is Violating CIS Alert Definition</a></li>
<li><a href="#alert-definition-wrap-up" id="markdown-toc-alert-definition-wrap-up">Alert Definition Wrap Up</a></li>
</ul>
</li>
<li><a href="#activating-alert-policies" id="markdown-toc-activating-alert-policies">Activating Alert Policies</a></li>
<li><a href="#custom-groups" id="markdown-toc-custom-groups">Custom Groups</a></li>
<li><a href="#custom-compliance-benchmark" id="markdown-toc-custom-compliance-benchmark">Custom Compliance Benchmark</a></li>
</ul>
</li>
<li><a href="#vrealize-operations-vsphere-cis-compliance-results" id="markdown-toc-vrealize-operations-vsphere-cis-compliance-results">vRealize Operations vSphere CIS Compliance Results</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="objectives">Objectives</h2>
<p>Whilst vRealize Operations (vRO) can be integrated into VMware Cloud on AWS, Azure VMware Solution, Google Cloud VMware Engine as well as native Azure and AWS environments, in this post we shall address the hardening of a Software Defined Data Center on premises vSphere environment.</p>
<p>In so doing, we shall be system hardening the following components that make up a vSphere environment:</p>
<ul>
<li>ESXi Hosts</li>
<li>vCenter Servers</li>
<li>Distributed Switches</li>
<li>Distributed Switch Ports</li>
<li>vSAN (if deployed)</li>
<li>NSX-T (if deployed)</li>
<li>Virtual Machine Configurations</li>
</ul>
<p>We will <strong>NOT</strong> be system hardening the guest operating systems running inside the virtual machines. These operating systems have their own system hardening standards / benchmarks so are therefore outside the scope of this article.</p>
<h2 id="what-is-vrealize-operations">What is vRealize Operations?</h2>
<p>From the VMware <a href="https://www.vmware.com/uk/products/vrealize-operations.html" target="_blank">marketing blurb</a>:<br />
VMware vRealize Operations provides self-driving IT Operations Management across private, hybrid and multi-cloud environments with a unified operations platform that delivers continuous performance, capacity and cost optimization, intelligent remediation and integrated compliance through AI/ML and predictive analytics.</p>
<p>Chris’ take:<br />
vRO monitors environments for alerts, symptoms and conditions. Compliance standards loaded into vRO are a set of alerts where by an object is not configured to satisfy the condition of the alert will cause the alert to be flagged.</p>
<h2 id="vsphere-configuration">vSphere Configuration</h2>
<p>As discussed, in this post we shall address the hardening of a Software Defined Data Center on premises vSphere environment.</p>
<p>We will be using the following lab environment:</p>
<ul>
<li>vSphere 7 update 3 - Single vCenter and single ESXi host</li>
<li>vRO 8.6.3 - Single VM, extra small</li>
</ul>
<p>No licences have been procured for this environment. All software is in evaluation mode.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="vSphere" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-02.png" /></p>
<p>Networking:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="vSphere Networking" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-03.png" /></p>
<p>Yep, nothing complicated at all. Much, much larger environments are available!</p>
<h3 id="why-vsphere-tags">Why vSphere Tags?</h3>
<p>When it comes to compliance, much as we would like it, occasionally (often) there are objects that at any one particular point in time are not required to be compliant with the system hardening benchmark in use across the environment. For example we may be deploying a an isolated test/dev environment or a quick temporary virtual machine, network port group, whatever. At this point in time these do not need to be compliant. Compliance may/can come later.</p>
<p>Having these known non-compliant environments being continually flagged in vRO is undesirable and may obscure issues elsewhere with objects that absolutely need to be compliant (think: “was it six or seven VMs and two or three port groups that we don’t need to care about compliance failures on?!?”).</p>
<p>Therefore, how can we “tune out the cruft” from vRO so that we can concentrate on the rest of the environment that absolutely needs to be compliant?</p>
<p>Simple:</p>
<ol>
<li>Configure compliance monitoring so that ALL objects need to be compliant by default</li>
<li>Employ a vSphere tag to mark objects that don’t need to be compliant</li>
<li>Manage by exception</li>
</ol>
<h3 id="configure-vsphere-tags">Configure vSphere Tags</h3>
<p>Let’s setup our vSphere tags for our compliance exceptions.<br />
From the vSphere Client, select <strong>Menu > Tags & Custom Attributes > Tags</strong> and <strong>Categories</strong>. From here we will create a new tag category named <strong>Compliance</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="vSphere Compliance Category" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-05.png" /></p>
<p>Next, we need to create a tag that should be applied to the vSphere objects that should be excluded from compliance. Select <strong>Menu > Tags & Custom Attributes > Tags</strong> and <strong>Tags</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="vSphere Compliance Tag" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-06.png" /></p>
<h3 id="apply-vsphere-tags">Apply vSphere Tags</h3>
<p>Within my test environment, I want to CIS compliance scan everything <strong>except</strong> the following two VMs:</p>
<ul>
<li>WIN-2022 - My Windows 2022 test/dev VM</li>
<li>vCLS-386d4abf-c432-4d1f-a4a2-c6355100f4b4 - the vSphere Cluster Services VM (see <a href="https://kb.vmware.com/s/article/80472" target="_blank">here</a> for details)</li>
</ul>
<p>Find the VM Tags dialogue:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Tag" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-07.png" /></p>
<p>Apply the tag:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Apply Tag" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-08.png" /></p>
<p>Confirm application:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Confirm Tag" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-09.png" /></p>
<p>To confirm which objects have the tag applied and which do not, simply search for the tag in the inventory and select <strong>Objects</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="List Objects with Tag" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-10.png" /></p>
<p>This list can be then be exported and provided to my security/compliance department as proof of those objects NOT in compliance with the hardening applied across the rest of the environment.</p>
<h2 id="vrealize-operations-configuration">vRealize Operations Configuration</h2>
<p>I won’t cover the deployment of the vRealize Operations appliance here. Should you need further info, see <a href="https://docs.vmware.com/en/vRealize-Operations/8.6/com.vmware.vcom.vapp.doc/GUID-49349FD7-7237-4022-A6A5-1B26D7AFC7DF.html" target="_blank">Deployment of vRealize Operations</a> and the <a href="https://vropssizer.vmware.com/" target="_blank">vRealize Operations Sizing Tool</a>.</p>
<p>To integrate vRO with vCenter, logon to vRO with the admin account, select <strong>Data Sources > Integrations > Add Account > vCenter</strong> and add your vCenter details.</p>
<p>Once vCenter has been integrated, you should see the following:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="vSphere Integration" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-11.png" /></p>
<h3 id="activating-compliance-standard-to-apply-to-vsphere">Activating Compliance Standard to Apply to vSphere</h3>
<p>Next we need to select a compliance standard baseline to which we require our environment to conform to.
From the vRealize Operations console, select <strong>Optimise > Compliance</strong>. As you can see from below, there are several built in Regulatory Standards / Benchmarks available to choose from. These include:</p>
<ul>
<li>CIS Security Standards</li>
<li>DISA Security Standards</li>
<li>FISMA Security Standards</li>
<li>HIPAA Compliance</li>
<li>ISO Security Standards</li>
<li>PCI Security Standards</li>
</ul>
<p>As can be seen below:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Regulatory Benchmarks" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-12.png" /></p>
<p>In the following example we will be using the CIS Security Standard to harden our vSphere environment.</p>
<p>In the CIS Security Standard option box, select <strong>Activate from Repository</strong>, <strong>Activate</strong> and <strong>Yes</strong> to activate the CIS standard. Confirm CIS compliance integration has been installed:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="CIS Activated" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-13.png" /></p>
<p>Do not activate the standard just yet. We will handle activation later.</p>
<h3 id="configuring-a-compliance-standard-to-apply-to-vsphere">Configuring a Compliance Standard to Apply to vSphere</h3>
<p>As discussed above, given that vRO operates via alerting, lets go find our newly downloaded compliance alerts. From the vRO console, select <strong>Configure > Alerts > Alert Definitions</strong> and filter by compliance standard activated (in my case CIS):</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="CIS Alert Definitions" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-14.png" /></p>
<p>As can be seen in the case of CIS, there are four alerts that have been created.</p>
<p>Notice that there is no alert configuration for vCenter server. The compliance standard chosen - CIS - does not contain hardening standards for vCenter. Others hardening compliance standards such as STIG certainly do contain <a href="https://www.stigviewer.com/stig/vmware_vsphere_6.7_vcenter/" target="_blank">hardening standards for vCenter</a>.</p>
<h4 id="esxi-host-is-violating-cis-alert-definition">ESXi Host is Violating CIS Alert Definition</h4>
<p>So that we may always have untouched alert definitions to go back to later should we need to, we will clone the alert definitions to create our own.</p>
<p>Using the three dots to the right of each of the alert definitions, select clone:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Clone Alert Definition" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-15.png" /></p>
<p>To make my alert definitions easier to find in the future, I shall suffix my alert definitions with “PolarClouds”:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Name Clone Alert Definition" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-16.png" /></p>
<p>Click <strong>Next</strong>. Here we can see the individual tests that constitute the “violating CIS” vRO alert:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Name Clone Alert Definition Tests" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-17.png" /></p>
<p>From here, we can remove any unwanted symptoms that we do not want to test for. Typically I remove the following tests:</p>
<ul>
<li>Use Active Directory for local user authentication <sup>1</sup></li>
<li>Enable vSphere Authentication Proxy when adding hosts to Active Directory <sup>1</sup></li>
<li>Enable bidirectional CHAP authentication for iSCSI traffic <sup>2</sup></li>
</ul>
<p><sup>1</sup> <em>Whilst I agree AD integration is something that should be considered for ease of administration, in my experience it is not something regularly implemented. From a 10,000 foot view, I would argue that Active Directory is a larger attack vector than ESXi.</em><br />
<sup>2</sup> <em>I’m not using iSCSI in my lab.</em></p>
<p>Use the <strong>X</strong> to remove the unwanted symptoms:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Remove Test" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-18.png" /></p>
<p>Click <strong>Next > Next</strong>, ensure no policies are selected to be enabled (again we will do this later) and finally <strong>Create</strong> to create the new PolarClouds ESXi Host is violating CIS policy.</p>
<h4 id="virtual-machine-is-violating-cis-alert-definition">Virtual Machine is Violating CIS Alert Definition</h4>
<p>Repeat above clone and modification action for the Virtual Machine is violating CIS alert definition. For the PolarClouds Virtual Machine is violating CIS alert definition, I shall remove the following symptoms:</p>
<ul>
<li>CD-ROM connected (5.5 Hardening Guide) <sup>1</sup></li>
<li>VGA only mode is not enabled (5.5 Hardening Guide) <sup>2</sup></li>
<li>USB controller connected (5.5 Hardening Guide) <sup>1</sup></li>
</ul>
<p><sup>1</sup> <em>vSphere 7 CIS benchmark v1.1.0, section 8.3.1 discusses “disabling unnecessary system components”. CD-ROM drives and USB adapters are necessary. Some methods of VMtools updates are not possible without a CD-ROM.</em><br />
<sup>2</sup> <em>According to latest vSphere 7 CIS benchmark (v1.1.0) this test has been removed</em><br /></p>
<p>Click <strong>Next > Next</strong>, ensure no policies are selected to be enabled (again we will do this later) and finally <strong>Create</strong> to create the new PolarClouds Virtual Machine is violating CIS policy.</p>
<h4 id="vsphere-distributed-port-group-is-violating-cis-alert-definition">vSphere Distributed Port Group is Violating CIS Alert Definition</h4>
<p>Repeat above clone and modification action for the vSphere Distributed Port Group is violating CIS alert definition. For the PolarClouds vSphere Distributed Port Group is violating CIS, you also need to set the Base Object Type to <strong>vCenter Adapter > vSphere Distributed Port Group</strong> and Alert Type and Subtype to <strong>Network: Compliance</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="PolarClouds vSphere Distributed Port Group is violating CIS" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-19.png" /></p>
<p>Out of the box at the time of writing, the VMware CIS template has no symptoms set for this alert. Therefore for this alert rather than removing symptoms we will be adding them. This is simple to do.</p>
<p>Select <strong>Symptoms</strong> in the right hand pane of the <strong>Symptoms / Conditions</strong> dialogue and use the filter to find the symptoms to add:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Find Symptoms" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-20.png" /></p>
<p>Once a symptom is found, use drag and drop to add the symptom to the alert.</p>
<p>For the PolarClouds vSphere Distributed Port Group is violating CIS alert I shall add the following and the set is met when <strong>Any</strong> of the symptoms / conditions are true:</p>
<ul>
<li>vNetwork.reject-forged-transmit-dvportgroup - The Forged Transmits policy is not set to reject <sup>1</sup></li>
<li>vNetwork.reject-mac-changes-dvportgroup - The MAC Address Changes policy is not set to reject <sup>2</sup></li>
<li>vNetwork.reject-promiscuous-mode-dvportgroup - The Promiscuous Mode policy is not set to reject <sup>3</sup></li>
<li>vNetwork.restrict-port-level-overrides - Port-level configuration VLAN overrides on VDS is not restricted <sup>4</sup></li>
</ul>
<p><sup>1</sup> <em>vSphere 7 CIS benchmark v1.1.0, section 7.1</em><br />
<sup>2</sup> <em>vSphere 7 CIS benchmark v1.1.0, section 7.2</em><br />
<sup>3</sup> <em>vSphere 7 CIS benchmark v1.1.0, section 7.3</em><br />
<sup>4</sup> <em>vSphere 7 CIS benchmark v1.1.0, section 7.8</em><br /></p>
<p>My PolarClouds vSphere Distributed Port Group is violating CIS alert Symptoms now resembles the following:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="PolarClouds vSphere Distributed Port Group is violating CIS alert Symptoms" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-21.png" /></p>
<p>Click <strong>Next > Next</strong>, ensure no policies are selected to be enabled (again we will do this later) and finally <strong>Create</strong> to create the new PolarClouds vSphere Distributed Port Group is violating CIS policy.</p>
<h4 id="vsphere-distributed-virtual-switch-is-violating-cis-alert-definition">vSphere Distributed Virtual Switch is Violating CIS Alert Definition</h4>
<p>Repeat above clone and modification action for the vSphere Distributed Virtual Switch is violating CIS alert definition. For the PolarClouds vSphere Distributed Virtual Switch is violating CIS alert definition, I will go with the defaults, no symptom modifications required:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="PolarClouds vSphere Distributed Virtual Switch is violating CIS alert Symptoms" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-22.png" /></p>
<p>Click <strong>Next > Next</strong>, ensure no policies are selected to be enabled (again we will do this later) and finally <strong>Create</strong> to create the new PolarClouds vSphere Distributed Virtual Switch is violating CIS.</p>
<h4 id="alert-definition-wrap-up">Alert Definition Wrap Up</h4>
<p>Just to double check then, all in all we have four custom CIS policies:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="PolarClouds Policies" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-23.png" /></p>
<p>To be 100% above board, submit details of the tests removed along with reasons for removal to your compliance and/or security department(s) for safe keeping. These will need logging as exceptions to the selected system hardening benchmark, in our case CIS.</p>
<h3 id="activating-alert-policies">Activating Alert Policies</h3>
<p>So let’s active our custom CIS policies. From the vRO console, select <strong>Configure > Policies > Add</strong>. I shall name my policy <strong>PolarClouds CIS Compliance Policy</strong> and I shall inherit from <strong>Base Settings</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="PolarClouds CIS Compliance Policy" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-24.png" /></p>
<p>After clicking <strong>Create Policy</strong>, lets add our custom alert definitions. Click <strong>Alerts and Symptoms</strong> and lets filter on “CIS” to see both the default and our custom PolarClouds CIS alert definitions:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Alerts and Symptoms" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-25.png" /></p>
<p>Using the drop downs, enable the PolarClouds policies:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Enable Definition" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-26.png" /></p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="PolarClouds Enabled Definitions" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-27.png" /></p>
<p>Finally click <strong>Save</strong>.</p>
<h3 id="custom-groups">Custom Groups</h3>
<p>So that we can leverage our vSphere tags for compliance scanning, we need to create some custom groups in vRO.</p>
<p>From the vRO console, select <strong>Environment > Custom Groups > Add</strong>. I shall name my custom group <strong>PolarClouds CIS Compliance Group</strong>.</p>
<p>The group type will be <strong>Environment</strong> and the policy will be our previously created <strong>PolarClouds CIS Compliance Policy</strong>. I shall tick <strong>Keep group membership up to date</strong>.</p>
<p>For membership criteria, I shall select object type <strong>vCenter Adapter > Virtual Machine</strong>, <strong>Properties</strong>, <strong>Summary > vSphere Tag</strong>, <strong>does not contain</strong> and <strong>[< Compliance-CIS-Excluded >]</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Group VM Criteria" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-28.png" /></p>
<p>Add another criteria set and repeat for vCenter Adapter > Host System, vSphere Distributed Port Group and vSphere Distributed Switch (you may need to copy and paste in [< Compliance-CIS-Excluded >] ):</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Group Criteria" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-29.png" /></p>
<p>Let’s preview our group membership:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Group Preview" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-30.png" /></p>
<p>We have a distributed switch, some port groups, a VM and an ESXi host in our group.</p>
<p>Notice that the vCLS and Win-2022 VMs are not listed in our custom group as these both have the CIS-Excluded vSphere tag applied to them. Nice!</p>
<p>Close the preview and OK the group.</p>
<h3 id="custom-compliance-benchmark">Custom Compliance Benchmark</h3>
<p>From the vRO console, select <strong>Optimise > Compliance > Add Custom Compliance > Create a new Custom Benchmark</strong>. I shall name my benchmark <strong>PolarClouds CIS Compliance</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Custom Compliance Benchmark Name" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-31.png" /></p>
<p>I shall select my four PolarClouds alert definitions:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Custom Compliance Benchmark Definitions" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-32.png" /></p>
<p>Finally I shall enable <strong>PolarClouds CIS Compliance Policy</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Custom Compliance Benchmark Policy" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-33.png" /></p>
<p>Once complete the initial assessment should begin:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Initial Assessment Running" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-34.png" /></p>
<h2 id="vrealize-operations-vsphere-cis-compliance-results">vRealize Operations vSphere CIS Compliance Results</h2>
<p>So after all that configuration, let’s see where we need to harden our vSphere environment. From the vRO console, select <strong>Optimise > Compliance > Custom Benchmark</strong> - in my case <strong>PolarClouds CIS Compliance</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="PolarClouds Initial Compliance" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-35.png" /></p>
<p>OK, so one out of three isn’t bad! Clicking on the alerts allows us to dig into the detail:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Host Compliance Failures" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-36.png" /></p>
<p>OK, so the ESXi host has five compliance failures.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Port Group Compliance Failures" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-37.png" /></p>
<p>My Distributed Port PG-TEST group has promiscuous mode enabled.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VM Compliance Failures" src="/images/vsphere-compliance-with-vro/vsphere-compliance-with-vro-38.png" /></p>
<p>And finally some doughnut has added a serial port to a VM. :doughnut: :grin:</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>Much as I try not to, we are going to have to call a temporary stop to proceedings here.</p>
<p>In this post we looked at regulatory compliance standards and benchmarks, vSphere tag creation and application and finally (for the majority of the post) at configuring vRealize Operations to continually monitor for system hardening benchmark compliance.</p>
<p>Next time we will look at creating a dashboards and reports to publicise our example PolarClouds lab environment CIS compliance and and non-compliances further.</p>
<p>Sure compliance is a dry and often a difficult subject to crack, however hopefully with the use of a automated and continuous monitoring tool such as vRealize Operations, we can ensure that our vSphere environment is always meeting its required compliance standard, whatever standard that may be.</p>
<p>This post is part 1 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: This part: Creating Continual Regulatory Compliance</li>
<li>Part 2: <a href="/vsphere-compliance-with-vro-pt2/" target="_blank">Monitoring and Reporting Regulatory Compliance</a></li>
</ul>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/vsphere-compliance-with-vro/">vSphere Compliance with vRealize Operations and Tagging</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on June 28, 2022.</p>
https://polarclouds.co.uk/rubrik-technical-professional2022-06-22T01:00:00+01:002022-06-22T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Rubrik Technical Professional logo" src="/images/rubrik-technical-professional/rubrik-technical-professional.png" /></p>
<p>Yup, that’s right, yours truly is now a Rubrik Technical Professional!</p>
<p>The Rubrik Technical Professional (RTP) accreditation training prepares technical pre-sales professionals to demonstrate their ability to build innovative data management solutions across Rubrik Rubrik Cloud Data Management (CDM) and Polaris platforms both on-premises and in the cloud.</p>
<p>Isn’t Rubrik a backup product?<br />
Historically yes, the Rubrik Cloud Data Management (CDM) product is an on premisses and cloud backup and recovery platform, however the Rubrik product suite and hence the RTP qualification has grown to include the Rubrik Polaris platform.</p>
<p>Rubrik Polaris includes the following:</p>
<h4 id="radar">Radar</h4>
<p>Rubrik Polaris Radar helps increase resiliency against ransomware by making it faster and easier to recover from an attack. Radar also helps to recover faster by providing a simple, intuitive user interface that allows for quick restores to the most recent clean state with minimum downtime. It increases intelligence by using machine learning to actively monitor and generate alerts for anomalous behaviour, like ransomware. To accelerate the discovery of an attack’s impact, Radar provides insight into how your data changed at the time of the event.
<a href="https://www.rubrik.com/products/ransomware-investigation" target="_blank">Further reading…</a></p>
<h4 id="sonar">Sonar</h4>
<p>As organizations adopt cloud, they grapple with massive data fragmentation, making it impossible to know where sensitive data resides. At the same time, the increasing risk of data privacy breaches and non-compliance with regulations can impose serious financial penalties. Sensitive Data Discovery is a SaaS application that discovers, classifies, and reports on sensitive data without any impact to production. By leveraging your existing Rubrik deployments, users get up and running in just a few minutes with zero additional infrastructure required.
<a href="https://www.rubrik.com/products/sensitive-data-discovery" target="_blank">Further reading…</a></p>
<p>-Chris
<br />
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Rubrik Technical Professional badge" src="/images/pages/rubrik-technical-professional.png" /></p>
<p><a href="https://polarclouds.co.uk/rubrik-technical-professional/">Rubrik Technical Professional</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on June 22, 2022.</p>
https://polarclouds.co.uk/nsx-t-overlay-lab-pt82022-05-14T01:00:00+01:002022-05-14T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX-T Logo" src="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-01.png" />
Over the last seven (!!) posts, we built our dual site NSX-T lab. We even <a href="/nsx-t-overlay-lab-pt7/#simulating-failure" target="_blank">simulated a site failure</a>.</p>
<p>Nice.</p>
<p>If you missed any of the previous parts of this series, find the them here:</p>
<ul>
<li>Part 1: <a href="/nsx-t-overlay-lab-pt1/" target="_blank">Lab Setup and Overview</a></li>
<li>Part 2: <a href="/nsx-t-overlay-lab-pt2/" target="_blank">Site A Build</a></li>
<li>Part 3: <a href="/nsx-t-overlay-lab-pt3/" target="_blank">Automated Site B Build</a></li>
<li>Part 4: <a href="/nsx-t-overlay-lab-pt4/" target="_blank">NSX-T Site Federation</a></li>
<li>Part 5: <a href="/nsx-t-overlay-lab-pt5/" target="_blank">Remote Tunnel Endpoints</a></li>
<li>Part 6: <a href="/nsx-t-overlay-lab-pt6/" target="_blank">Federated Tier-0 Gateway</a></li>
<li>Part 7: <a href="/nsx-t-overlay-lab-pt7/" target="_blank">Federated Tier-1 Gateways</a></li>
<li>Part 8: This Part: Egress Traffic and MEDdling with BGP</li>
</ul>
<p>As a reminder, in this series we have built the following lab:</p>
<p><a href="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-02.png"><img style="display:block;" src="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-02.png" alt="NSX-T Test Lab" /></a><sup>(Click image to zoom in)</sup></p>
<p>With all of that done, we were left with two items of business to address:</p>
<ol>
<li>BGP :confused: - As discussed at the time in part 7, BGP is… entertaining.</li>
<li>Egress traffic - Is traffic flowing out of the environment as we expect?</li>
</ol>
<p>Let’s address both of these items of business in this post.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#bgp" id="markdown-toc-bgp">BGP</a> <ul>
<li><a href="#the-issue" id="markdown-toc-the-issue">The Issue</a></li>
<li><a href="#the-fix-bgp-med" id="markdown-toc-the-fix-bgp-med">The Fix: BGP MED</a></li>
</ul>
</li>
<li><a href="#configuring-bgp-med-in-nsx-t" id="markdown-toc-configuring-bgp-med-in-nsx-t">Configuring BGP MED in NSX-T</a> <ul>
<li><a href="#ip-prefix-lists" id="markdown-toc-ip-prefix-lists">IP Prefix Lists</a></li>
<li><a href="#route-maps" id="markdown-toc-route-maps">Route Maps</a></li>
<li><a href="#route-filter" id="markdown-toc-route-filter">Route Filter</a></li>
</ul>
</li>
<li><a href="#ingress-testing-recap" id="markdown-toc-ingress-testing-recap">Ingress Testing Recap</a></li>
<li><a href="#egress-testing" id="markdown-toc-egress-testing">Egress Testing</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<p><br /></p>
<h2 id="bgp">BGP</h2>
<h3 id="the-issue">The Issue</h3>
<p>As we saw in <a href="/nsx-t-overlay-lab-pt7/#quick-note-about-bgp" target="_blank">this section of part 7</a>:</p>
<p><em>As alluded to above, keen readers will spot that traffic is ingressing via one site at a time. That is traffic bound for Site-B-APP (192.168.50.1) is, under normal circumstances entering the environment via Site A.</em></p>
<p>Let’s fix that.</p>
<h3 id="the-fix-bgp-med">The Fix: BGP MED</h3>
<p>The BGP Multi Exit Discriminator (MED) attribute, often referred to as BGP MED, provides a means to convey to a neighbouring Autonomous System (AS) a preferred entry point into the local AS. <a href="https://www.noction.com/blog/bgp-med-attribute" target="_blank">Learn more about BGP MED</a>.</p>
<p>The BGP MED attribute allows us to set a preferred path. The path with the <strong>lowest</strong> MED value is the preferred path.</p>
<p>With that in mind, let’s look at our NSX-T Tier-0 to LABROUTER set up. Let’s also plumb in some MED values for our Site-A-APP (192.168.40.0/24) and our Site-B-APP (192.168.50.0/24) overlay segments:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="NSX-T Tier-0 to LABROUTER set up" src="/images/nsx-t-overlay-lab-pt8/nsx-t-overlay-lab-pt8-01.png" /></p>
<p>As you can see, our Site-A-APP (192.168.40.0/24) segment has a MED of 100 on Site A where as it has a MED of 200 on Site B. Conversely, our Site-B-APP (192.168.50.0/24) segment has a MED of 200 on Site A where as it has a MED of 100 on Site B.</p>
<p>This means that Site-A-APP traffic is preferred on Site A and Site-B-APP traffic is preferred on Site B. Should a site failure occur, BGP will redirect our traffic to the site with the MED 200 value. Exactly what we want!</p>
<h2 id="configuring-bgp-med-in-nsx-t">Configuring BGP MED in NSX-T</h2>
<p>To configure BGP MED in NSX-T we need to configure three items:</p>
<ul>
<li>IP Prefix Lists - These will be used to hold our collection of networks at each site</li>
<li>Route Maps - These will be used to apply the MED values to each IP Prefix List at each site</li>
<li>Route Filter - These will be used to apply our Route Maps to our BGP traffic</li>
</ul>
<h3 id="ip-prefix-lists">IP Prefix Lists</h3>
<p>We will need two IP Prefix lists; one for Site A and one for Site B. Lets create them now.</p>
<p>Logon to the global NSX-T manager and select <strong>Networking > Tier-0 Gateways > Multi-Site-T0</strong>. Click the three dots next to the Multi-Site-T0 gateway and select <strong>Edit</strong>.</p>
<p>Scroll down and expand Routing and click the number next to IP Prefix Lists. In the Set IP Prefix List window, select <strong>Add IP Prefix List</strong>.</p>
<p>Name the list <strong>Site-A-IP-Prefix-List</strong> and click <strong>Set</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Name Site A IP Prefix List" src="/images/nsx-t-overlay-lab-pt8/nsx-t-overlay-lab-pt8-02.png" /></p>
<p>Click <strong>Add Prefix</strong>, enter <strong>192.168.40.0/24</strong> as a network and set the action to <strong>Permit</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Site A Prefix" src="/images/nsx-t-overlay-lab-pt8/nsx-t-overlay-lab-pt8-03.png" /></p>
<p>Click <strong>Add</strong>, <strong>Apply</strong> and <strong>Save</strong> to save the list.</p>
<p>Let’s create our Site B IP Prefix List. In the Set IP Prefix List window, select <strong>Add IP Prefix List</strong>.</p>
<p>Name the list <strong>Site-B-IP-Prefix-List</strong> and click <strong>Set</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Name IP Site B Prefix List" src="/images/nsx-t-overlay-lab-pt8/nsx-t-overlay-lab-pt8-04.png" /></p>
<p>Click <strong>Add Prefix</strong>, enter <strong>192.168.50.0/24</strong> as a network and set the action to <strong>Permit</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Site B Prefix" src="/images/nsx-t-overlay-lab-pt8/nsx-t-overlay-lab-pt8-05.png" /></p>
<p>Click <strong>Add</strong>, <strong>Apply</strong> and <strong>Save</strong> to save the list. Click <strong>Close</strong> to complete.</p>
<h3 id="route-maps">Route Maps</h3>
<p>Next, Let’s create our Route Maps. From the Global NSX-T manager interface, click the three dots next to the Multi-Site-T0 gateway and select <strong>Edit</strong>.</p>
<p>Scroll down and expand Routing and click <strong>Set</strong> next to Route Maps. Click <strong>Add Route Map</strong>.</p>
<p>Name the map <strong>Site-A-Route-Map-Out</strong> and click <strong>Set</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Site A Route Map" src="/images/nsx-t-overlay-lab-pt8/nsx-t-overlay-lab-pt8-06.png" /></p>
<p>Click <strong>Add Match Criteria</strong>.</p>
<p>Ensure Type is set to <strong>IP Prefix</strong> and click <strong>Set</strong>. From the selection list, select <strong>Site-A-IP-Prefix-List</strong> and click <strong>Save</strong>. Back at the Set Match Criteria dialogue, enter <strong>100</strong> in MED value and set Action to <strong>Permit</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Site A Match 1" src="/images/nsx-t-overlay-lab-pt8/nsx-t-overlay-lab-pt8-07.png" /></p>
<p>Click <strong>Add</strong> to save. Click <strong>Add Match Criteria</strong>.</p>
<p>Ensure Type is set to <strong>IP Prefix</strong> and click <strong>Set</strong>. From the selection list, select <strong>Site-B-IP-Prefix-List</strong> and click <strong>Save</strong>. Back at the Set Match Criteria dialogue, enter <strong>200</strong> in MED value and set Action to <strong>Permit</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Site A Match 2" src="/images/nsx-t-overlay-lab-pt8/nsx-t-overlay-lab-pt8-08.png" /></p>
<p>Click <strong>Add</strong>, <strong>Apply</strong> and <strong>Save</strong> to complete.</p>
<p>Repeat for Site B. Click <strong>Add Route Map</strong>.</p>
<p>Name the map <strong>Site-B-Route-Map-Out</strong> and click <strong>Set</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Site B Route Map" src="/images/nsx-t-overlay-lab-pt8/nsx-t-overlay-lab-pt8-09.png" /></p>
<p>Click <strong>Add Match Criteria</strong>.</p>
<p>Ensure Type is set to <strong>IP Prefix</strong> and click <strong>Set</strong>. From the selection list, select <strong>Site-B-IP-Prefix-List</strong> and click <strong>Save</strong>. Back at the Set Match Criteria dialogue, enter <strong>100</strong> in MED value and set Action to <strong>Permit</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Site B Match 1" src="/images/nsx-t-overlay-lab-pt8/nsx-t-overlay-lab-pt8-10.png" /></p>
<p>Click <strong>Add</strong> to save. Click <strong>Add Match Criteria</strong>.</p>
<p>Ensure Type is set to <strong>IP Prefix</strong> and click <strong>Set</strong>. From the selection list, select <strong>Site-A-IP-Prefix-List</strong> and click <strong>Save</strong>. Back at the Set Match Criteria dialogue, enter <strong>200</strong> in MED value and set Action to <strong>Permit</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Site B Match 2" src="/images/nsx-t-overlay-lab-pt8/nsx-t-overlay-lab-pt8-11.png" /></p>
<p>Click <strong>Add</strong>, <strong>Apply</strong> and <strong>Save</strong> to complete.</p>
<h3 id="route-filter">Route Filter</h3>
<p>Lastly, we need to hook our Route Maps into BGP. This is done with Route Filters.</p>
<p>From the Global NSX-T manager interface, click the three dots next to the Multi-Site-T0 gateway and select <strong>Edit</strong>.</p>
<p>Scroll down and expand BGP and click <strong>Set</strong> next to BGP Neighbours:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Set BGP Neighbours" src="/images/nsx-t-overlay-lab-pt8/nsx-t-overlay-lab-pt8-12.png" /></p>
<p>Click the three dots next to 192.168.12.1 (location Site-A) and select <strong>Edit</strong>. Then click on the number under Route Filter:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A Route Filter 1" src="/images/nsx-t-overlay-lab-pt8/nsx-t-overlay-lab-pt8-13.png" /></p>
<p>Click the three dots next to IPv4 and select <strong>Edit</strong>. Under Out Filter select <strong>Configure</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A Route Filter 2" src="/images/nsx-t-overlay-lab-pt8/nsx-t-overlay-lab-pt8-14.png" /></p>
<p>From the drop down list select <strong>Site-A-Route-Map-Out</strong> and click <strong>Save</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A Route Filter 3" src="/images/nsx-t-overlay-lab-pt8/nsx-t-overlay-lab-pt8-15.png" /></p>
<p>Confirm that the Out Filter is now set to “1”. Click <strong>Add</strong>, <strong>Apply</strong> and <strong>Save</strong> to complete the Site A route filter.</p>
<p>Let’s complete Site B’s route filter.</p>
<p>Click the three dots next to 192.168.12.2 (location Site-B) and select <strong>Edit</strong>. Then click on the number under Route Filter.</p>
<p>Click the three dots next to IPv4 and select <strong>Edit</strong>. Under Out Filter select <strong>Configure</strong>. This time select <strong>Site-B-Route-Map-Out</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site B Route Filter" src="/images/nsx-t-overlay-lab-pt8/nsx-t-overlay-lab-pt8-16.png" /></p>
<p>Click <strong>Save</strong>. Confirm that the Out Filter is now set to “1”. Click <strong>Add</strong>, <strong>Apply</strong> and <strong>Save</strong> to complete the Site B route filter.</p>
<p>Click <strong>Close</strong> to complete route filter configuration. Click <strong>Close Editing</strong> to close the configuration of the Tier-0 gateway.</p>
<h2 id="ingress-testing-recap">Ingress Testing Recap</h2>
<p>We did a lot of Ingress testing in Part 7, so lets do a quick test here too. First off, let’s look at the routing table on our OPNsense LABROUTER:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="LABROUTER Routing Table" src="/images/nsx-t-overlay-lab-pt8/nsx-t-overlay-lab-pt8-17.png" /></p>
<p>Looks good. Looking at (1), our routes with the lowest MED, our route to 192.168.40.0/24 is via 192.168.12.2 (Multi-Site-T0 Tier-0 Gateway uplink interface in Site A).</p>
<p>Where as our route to 192.168.50.0/24 is via 192.168.22.2 (Multi-Site-T0 Tier-0 Gateway uplink interface in Site B).</p>
<p>Secondary routes (2) for both networks exist on the opposite site Multi-Site-T0 Tier-0 Gateway uplink interfaces.</p>
<p>Let’s run some trace routes to our test VMs:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Ingress Tracert" src="/images/nsx-t-overlay-lab-pt8/nsx-t-overlay-lab-pt8-18.png" /></p>
<p>Nice! Traffic now flowing to the correct sites!</p>
<p>Let’s confirm where the extra hops are coming from. Looking at the Router Links dialogue of our Site A Tier-1 gateway:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A T1 Router Links" src="/images/nsx-t-overlay-lab-pt8/nsx-t-overlay-lab-pt8-19.png" /></p>
<p>And the same for our Site A Tier-1 gateway:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site B T1 Router Links" src="/images/nsx-t-overlay-lab-pt8/nsx-t-overlay-lab-pt8-20.png" /></p>
<h2 id="egress-testing">Egress Testing</h2>
<p>Let’s remind ourselves where our Site A test VM is located in the diagram and our preferred traffic flow out of the environment:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A VM Location" src="/images/nsx-t-overlay-lab-pt8/nsx-t-overlay-lab-pt8-21.png" />
Testing from our Site A test VM up to 192.168.99.1, a machine on our Wider LAN:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A VM Tracert" src="/images/nsx-t-overlay-lab-pt8/nsx-t-overlay-lab-pt8-22.png" /></p>
<p>Finally, testing from a Site B test VM is located in the diagram and our preferred traffic flow out of the environment:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Site B VM Location" src="/images/nsx-t-overlay-lab-pt8/nsx-t-overlay-lab-pt8-23.png" /></p>
<p>Testing from our Site B test VM up to 192.168.99.1, a machine on our Wider LAN:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site B VM Tracert" src="/images/nsx-t-overlay-lab-pt8/nsx-t-overlay-lab-pt8-24.png" /></p>
<p>Yep that’s working perfectly!</p>
<p>Ingress and Egress traffic flowing via our preferred routes.</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>So there we have it. In this post we fixed our outstanding BGP problem from Part 7. We were able to prove that our ingress traffic flow was fixed too. Finally we were also able to demonstrate that our egress traffic was exiting the environment via it’s preferred site.</p>
<p>This was part 8 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="/nsx-t-overlay-lab-pt1/" target="_blank">Lab Setup and Overview</a></li>
<li>Part 2: <a href="/nsx-t-overlay-lab-pt2/" target="_blank">Site A Build</a></li>
<li>Part 3: <a href="/nsx-t-overlay-lab-pt3/" target="_blank">Automated Site B Build</a></li>
<li>Part 4: <a href="/nsx-t-overlay-lab-pt4/" target="_blank">NSX-T Site Federation</a></li>
<li>Part 5: <a href="/nsx-t-overlay-lab-pt5/" target="_blank">Remote Tunnel Endpoints</a></li>
<li>Part 6: <a href="/nsx-t-overlay-lab-pt6/" target="_blank">Federated Tier-0 Gateway</a></li>
<li>Part 7: <a href="/nsx-t-overlay-lab-pt7/" target="_blank">Federated Tier-1 Gateways</a></li>
<li>Part 8: This Part: Egress Traffic and MEDdling with BGP</li>
</ul>
<p>That will be it for our NSX-T Overlay Lab Build series.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nsx-t-overlay-lab-pt8/">NSX-T 3.2: Overlay Lab Build - Part 8</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on May 14, 2022.</p>
https://polarclouds.co.uk/nsx-t-overlay-lab-pt72022-04-19T01:00:00+01:002022-04-19T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX-T Logo" src="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-01.png" />
In this post we will deploy our Tier-1 site specific gateways and create some network segments for our VMs.</p>
<p>This post is part 7 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="/nsx-t-overlay-lab-pt1/" target="_blank">Lab Setup and Overview</a></li>
<li>Part 2: <a href="/nsx-t-overlay-lab-pt2/" target="_blank">Site A Build</a></li>
<li>Part 3: <a href="/nsx-t-overlay-lab-pt3/" target="_blank">Automated Site B Build</a></li>
<li>Part 4: <a href="/nsx-t-overlay-lab-pt4/" target="_blank">NSX-T Site Federation</a></li>
<li>Part 5: <a href="/nsx-t-overlay-lab-pt5/" target="_blank">Remote Tunnel Endpoints</a></li>
<li>Part 6: <a href="/nsx-t-overlay-lab-pt6/" target="_blank">Federated Tier-0 Gateway</a></li>
<li>Part 7: This Part: Federated Tier-1 Gateways</li>
<li>Part 8: <a href="/nsx-t-overlay-lab-pt8/" target="_blank">Egress Traffic and MEDdling with BGP</a></li>
</ul>
<p>As a reminder, in this series we will be building the following lab:</p>
<p><a href="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-02.png"><img style="display:block;" src="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-02.png" alt="NSX-T Test Lab" /></a><sup>(Click image to zoom in)</sup></p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#what-is-a-tier-1-gateway" id="markdown-toc-what-is-a-tier-1-gateway">What is a Tier-1 Gateway?</a></li>
<li><a href="#create-tier-1-gateway" id="markdown-toc-create-tier-1-gateway">Create Tier-1 Gateway</a></li>
<li><a href="#create-segments" id="markdown-toc-create-segments">Create Segments</a></li>
<li><a href="#nsx-t-manager-diagrams" id="markdown-toc-nsx-t-manager-diagrams">NSX-T Manager Diagrams</a> <ul>
<li><a href="#site-a---topology-view" id="markdown-toc-site-a---topology-view">Site A - Topology View</a></li>
<li><a href="#site-a---fabric-view" id="markdown-toc-site-a---fabric-view">Site A - Fabric View</a></li>
<li><a href="#site-b---topology-view" id="markdown-toc-site-b---topology-view">Site B - Topology View</a></li>
<li><a href="#site-b---fabric-view" id="markdown-toc-site-b---fabric-view">Site B - Fabric View</a></li>
</ul>
</li>
<li><a href="#route-propagation-via-bgp" id="markdown-toc-route-propagation-via-bgp">Route Propagation via BGP</a></li>
<li><a href="#tracing-traffic-flows" id="markdown-toc-tracing-traffic-flows">Tracing Traffic Flows</a></li>
<li><a href="#simulating-failure" id="markdown-toc-simulating-failure">Simulating Failure</a></li>
<li><a href="#quick-note-about-bgp" id="markdown-toc-quick-note-about-bgp">Quick Note About BGP</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<p><br /></p>
<h2 id="what-is-a-tier-1-gateway">What is a Tier-1 Gateway?</h2>
<p>A Tier-1 gateway performs the functions of a Tier-1 logical router. It processes traffic between the Tier-0 router and the logical network segments used for VM connectivity. A tier-1 gateway can also be configured to span multiple sites. As with a tier-0 gateway, you can configure a site’s location as primary or secondary for the tier-1 gateway.</p>
<p>Using a tier-1 gateway enables more granular control on logical segments in the locations where it is deployed. You can also deploy multiple tier-1 gateways in any one location.</p>
<h2 id="create-tier-1-gateway">Create Tier-1 Gateway</h2>
<p>Lets create our first Tier-1 gateway. Select the Global Manager from the NSX web manager task bar drop down. From there, select <strong>Networking > Tier-1 Gateways</strong>. Select <strong>Add Tier-1 Gateway</strong>.</p>
<p><i><strong>NOTE: NSX 4.0.0.1+</strong>: Set Tier-1 to HA Mode to <strong>Distributed Only</strong>. This allows the Tier-1 to become Active across all sites, but removes services such as NAT and Gateway Firewalling.</i></p>
<p>Name the Gateway <strong>Site-A-Specific</strong> and link it to <strong>Multi-Site-T0</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site-A-T1 1" src="/images/nsx-t-overlay-lab-pt7/nsx-t-overlay-lab-pt7-01.png" /></p>
<p>Scroll down to <strong>Route Advertisement</strong>, open and enable <strong>All Connected Segments & Service Ports</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site-A-T1 2" src="/images/nsx-t-overlay-lab-pt7/nsx-t-overlay-lab-pt7-02.png" /></p>
<p>Click <strong>Save</strong> and <strong>No</strong> to complete the creation. Click <strong>Check Status</strong> and confirm that that gateway has successfully been created:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site-A-T1 3" src="/images/nsx-t-overlay-lab-pt7/nsx-t-overlay-lab-pt7-03.png" /></p>
<p>Repeat the above steps for the Site-B-Specific tier-1 gateway. Click <strong>Check Status</strong> and confirm that that gateway has successfully been created:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site-B-T1 " src="/images/nsx-t-overlay-lab-pt7/nsx-t-overlay-lab-pt7-04.png" /></p>
<h2 id="create-segments">Create Segments</h2>
<p>We can create as many segments in each of our sites as we like. It is these segments that we will be connecting our VMs into.</p>
<p>Initially however, we will create just two:</p>
<ul>
<li>Site-A-APP - 192.168.40.0/24 - For application servers primarily located on Site-A.</li>
<li>Site-B-APP - 192.168.50.0/24 - For application servers primarily located on Site-B.</li>
</ul>
<p>Select the Global Manager from the NSX web manager task bar drop down. From there, select <strong>Networking > Segments</strong>. Select <strong>Add Segment</strong>.</p>
<p>Name the Segment <strong>Site-A-APP</strong>, connect it to <strong>Site-A-Specific</strong> tier-1 and give it a gateway IP of <strong>192.168.40.1/24</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site-A APP Segment" src="/images/nsx-t-overlay-lab-pt7/nsx-t-overlay-lab-pt7-05.png" /></p>
<p>Repeat for <strong>Site-B-APP</strong>, connecting it to <strong>Site-B-Specific</strong> tier-1 and give it a gateway IP of <strong>192.168.50.1/24</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site-B APP Segment" src="/images/nsx-t-overlay-lab-pt7/nsx-t-overlay-lab-pt7-06.png" /></p>
<h2 id="nsx-t-manager-diagrams">NSX-T Manager Diagrams</h2>
<p>To help visualise this further, lets take a look at the diagrams as shown in our NSX site managers.</p>
<h3 id="site-a---topology-view">Site A - Topology View</h3>
<p>Using the topology view from the Site A NSX-T manager we can see the following:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A Topology" src="/images/nsx-t-overlay-lab-pt7/nsx-t-overlay-lab-pt7-14.png" /></p>
<h3 id="site-a---fabric-view">Site A - Fabric View</h3>
<p>Looking at the fabric view we see our Site-A edge server:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A Fabric" src="/images/nsx-t-overlay-lab-pt7/nsx-t-overlay-lab-pt7-15.png" /></p>
<h3 id="site-b---topology-view">Site B - Topology View</h3>
<p>Likewise, using the topology view from the Site B NSX-T manager we can see the following:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site B Topology" src="/images/nsx-t-overlay-lab-pt7/nsx-t-overlay-lab-pt7-16.png" /></p>
<h3 id="site-b---fabric-view">Site B - Fabric View</h3>
<p>Checking Site B’s fabric view:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site B Fabric" src="/images/nsx-t-overlay-lab-pt7/nsx-t-overlay-lab-pt7-17.png" /></p>
<p>All looking good.</p>
<h2 id="route-propagation-via-bgp">Route Propagation via BGP</h2>
<p>Now that we have two networks that we can connect VMs to, we need to confirm that BGP is doing its thing and propagating route information though to our Lab Router.</p>
<p>After logging into LABROUTER, checking <strong>Routing > Diagnostics > BGP > IPv4 Routing Table</strong> (See <a href="/opnsense-bgp-bfd-config/#configure-bgp-and-bfd" target="_blank">Configure BGP and BFD</a> for further details on OPNsense BGP configuration), the following can be seen:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Lab Router BGP Routes" src="/images/nsx-t-overlay-lab-pt7/nsx-t-overlay-lab-pt7-07.png" /></p>
<p>Two routes to our two networks via 192.168.12.2 and 192.168.22.2 connections on sites A and B respectively. <em>Keen readers see my BGP Note below.</em></p>
<h2 id="tracing-traffic-flows">Tracing Traffic Flows</h2>
<p>Using trace route, lets see how traffic makes its way to out Site-A-APP and Site-B-APP VM networks:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Trace Route 1" src="/images/nsx-t-overlay-lab-pt7/nsx-t-overlay-lab-pt7-08.png" /></p>
<p>Nice. Traffic is making it to our VM gateway IP addresses configured on our Tier-1 gateways earlier.</p>
<h2 id="simulating-failure">Simulating Failure</h2>
<p>Lets simulate the failure of the Site A uplink by disconnecting the connection shown in blue below. Traffic should still be able to flow via Site B as shown by the red arrows below:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Disable Site-A Uplink 2" src="/images/nsx-t-overlay-lab-pt7/nsx-t-overlay-lab-pt7-09a.png" /></p>
<p>Disabling (un-enabling) the Site A uplink OPNsense interface:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Disable Site-A Uplink 1" src="/images/nsx-t-overlay-lab-pt7/nsx-t-overlay-lab-pt7-09.png" /></p>
<p>Traffic is indeed able to route via Site B instead:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Trace Route 2" src="/images/nsx-t-overlay-lab-pt7/nsx-t-overlay-lab-pt7-10.png" /></p>
<p><strong>BOOM!</strong></p>
<p>After re-enabling Site A’s uplink, let’s fail Site B’s uplink shown in yellow below. Traffic should still be able to flow via Site A as shown by the red arrows below:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Disable Site-B Uplink 2" src="/images/nsx-t-overlay-lab-pt7/nsx-t-overlay-lab-pt7-11a.png" /></p>
<p>Disabling (un-enabling) the Site B uplink OPNsense interface:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Disable Site-B Uplink 1" src="/images/nsx-t-overlay-lab-pt7/nsx-t-overlay-lab-pt7-11.png" /></p>
<p>Traffic is indeed able to route via Site A instead:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Trace Route 3" src="/images/nsx-t-overlay-lab-pt7/nsx-t-overlay-lab-pt7-12.png" /></p>
<p><strong>DOUBLE BOOM!!</strong></p>
<h2 id="quick-note-about-bgp">Quick Note About BGP</h2>
<p>As alluded to above, keen readers will spot that traffic is ingressing via one site at a time. That is traffic bound for Site-B-APP (192.168.50.1) is, under normal circumstances entering the environment via Site A.</p>
<p>Yes this is true.</p>
<p>However this is wholly a problem with the BGP configuration on the Lab Router. A fix lies somewhere in the prefix lists and route maps configuration. Unfortunately understanding BGP is <em>hard</em>. <a href="https://blog.cloudflare.com/october-2021-facebook-outage/" target="_blank">Just ask Zuk</a>.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="BGP House Fire" src="/images/nsx-t-overlay-lab-pt7/nsx-t-overlay-lab-pt7-13.png" /></p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>So there we have it. Our Tier-1 routers have been deployed and configured. Our VM segments are up accessible from the wider LAN. We’ve even done a bit of failover testing and everything works as configured.</p>
<p>This was part 7 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="/nsx-t-overlay-lab-pt1/" target="_blank">Lab Setup and Overview</a></li>
<li>Part 2: <a href="/nsx-t-overlay-lab-pt2/" target="_blank">Site A Build</a></li>
<li>Part 3: <a href="/nsx-t-overlay-lab-pt3/" target="_blank">Automated Site B Build</a></li>
<li>Part 4: <a href="/nsx-t-overlay-lab-pt4/" target="_blank">NSX-T Site Federation</a></li>
<li>Part 5: <a href="/nsx-t-overlay-lab-pt5/" target="_blank">Remote Tunnel Endpoints</a></li>
<li>Part 6: <a href="/nsx-t-overlay-lab-pt5/" target="_blank">Federated Tier-0 Gateway</a></li>
<li>Part 7: This Part: Federated Tier-1 Gateways</li>
<li>Part 8: <a href="/nsx-t-overlay-lab-pt8/" target="_blank">Egress Traffic and MEDdling with BGP</a></li>
</ul>
<p>Will there be a part 8?</p>
<p>I’d love to fix the very minor BGP config issue, although ultimately as this is a lab it is not the end of the world if not. I’m sure those with more BGP knowledge than I can have this fixed quicker than a quick thing. Please comment below!</p>
<p>We also need to look at traffic egress from the environment… Stay tuned!</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nsx-t-overlay-lab-pt7/">NSX-T 3.2: Overlay Lab Build - Part 7</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 19, 2022.</p>
https://polarclouds.co.uk/nsx-t-overlay-lab-pt62022-04-05T01:00:00+01:002022-04-05T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX-T Logo" src="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-01.png" />
In this post we will create our uplink segments, deploy our Tier-0 gateway and establish our BGP connections to our lab router.</p>
<p>This post is part 6 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="/nsx-t-overlay-lab-pt1/" target="_blank">Lab Setup and Overview</a></li>
<li>Part 2: <a href="/nsx-t-overlay-lab-pt2/" target="_blank">Site A Build</a></li>
<li>Part 3: <a href="/nsx-t-overlay-lab-pt3/" target="_blank">Automated Site B Build</a></li>
<li>Part 4: <a href="/nsx-t-overlay-lab-pt4/" target="_blank">NSX-T Site Federation</a></li>
<li>Part 5: <a href="/nsx-t-overlay-lab-pt5/" target="_blank">Remote Tunnel Endpoints</a></li>
<li>Part 6: This Part: Federated Tier-0 Gateway</li>
<li>Part 7: <a href="/nsx-t-overlay-lab-pt7/" target="_blank">Federated Tier-1 Gateways</a></li>
<li>Part 8: <a href="/nsx-t-overlay-lab-pt8/" target="_blank">Egress Traffic and MEDdling with BGP</a></li>
</ul>
<p>As a reminder, in this series we will be building the following lab:</p>
<p><a href="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-02.png"><img style="display:block;" src="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-02.png" alt="NSX-T Test Lab" /></a><sup>(Click image to zoom in)</sup></p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#what-is-a-tier-0-gateway" id="markdown-toc-what-is-a-tier-0-gateway">What is a Tier-0 Gateway?</a></li>
<li><a href="#set-overlay-transport-zones-as-default" id="markdown-toc-set-overlay-transport-zones-as-default">Set Overlay Transport Zones as Default</a></li>
<li><a href="#create-uplink-segments" id="markdown-toc-create-uplink-segments">Create Uplink Segments</a></li>
<li><a href="#create-tier-0-gateway" id="markdown-toc-create-tier-0-gateway">Create Tier-0 Gateway</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<p><br /></p>
<h2 id="what-is-a-tier-0-gateway">What is a Tier-0 Gateway?</h2>
<p>A Tier-0 gateway performs the functions of a Tier-0 logical router. It processes traffic between the logical and physical networks; that is northbound traffic headed out from the NSX-T environment and southbound traffic headed in to the NSX-T environment. As the Tier-0 is federated, it is able to perform this function at both our Site A and Site B sites.</p>
<h2 id="set-overlay-transport-zones-as-default">Set Overlay Transport Zones as Default</h2>
<p>As we are using our own transport zones way that we created back in <a href="/nsx-t-overlay-lab-pt2/#site-a-transport-zones" target="_blank">Part 2</a> and <a href="/nsx-t-overlay-lab-pt3/#create-transport-zones" target="_blank">Part 3</a> rather than using the pre-defined system created zones, we need to set ours as the defaults.</p>
<p>Log into the Global NSX-T Manager and select <strong>Site-A</strong> from the task bar drop down. From there, select <strong>System > Fabric > Transport Zones</strong>. Select <strong>Site-A-Overlay-Transport-Zone > Actions > Set as Default Transport Zone</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Set as Default TZ 1" src="/images/nsx-t-overlay-lab-pt6/nsx-t-overlay-lab-pt6-01.png" /></p>
<p>Click <strong>OK</strong> when prompted:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Set as Default TZ 2" src="/images/nsx-t-overlay-lab-pt6/nsx-t-overlay-lab-pt6-02.png" /></p>
<p>Repeat the above for Site B and Site-B-Overlay-Transport-Zone.</p>
<h2 id="create-uplink-segments">Create Uplink Segments</h2>
<p>Lets create our Tier-0 uplink segments. These will be used for north/south traffic to and from the federated gateway to the site edges.</p>
<p>Select the Global Manager from the task bar drop down. From there, select <strong>Networking > Segments</strong> then select <strong>Add Segment</strong>.</p>
<p>Name the segment <strong>Site-A-Uplink</strong>, ensure connected gateway is <strong>None</strong>. Select Location <strong>Site-A</strong> and <strong>Site-A-VLAN-Transport-Zone</strong>. Finally, set VLAN to <strong>12</strong> as defined in <a href="/nsx-t-overlay-lab-pt1/#site-a-vlans-and-subnets" target="_blank">Part 1</a>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site-A-Uplink Segment" src="/images/nsx-t-overlay-lab-pt6/nsx-t-overlay-lab-pt6-03.png" /></p>
<p>Click <strong>Save</strong> and <strong>No</strong> to complete.</p>
<p>A quick peek at Site A’s vCenter networking confirms creation:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site-A-Uplink Segment vCenter" src="/images/nsx-t-overlay-lab-pt6/nsx-t-overlay-lab-pt6-04.png" /></p>
<p>Repeat for Site B, naming the uplink <strong>Site-B-Uplink</strong>, location as <strong>Site-B</strong>, selecting <strong>Site-B-VLAN-Transport-Zone</strong> and setting VLAN to <strong>22</strong> (again as defined in <a href="/nsx-t-overlay-lab-pt1/#site-b-vlans-and-subnets" target="_blank">Part 1</a>):</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site-B-Uplink Segment" src="/images/nsx-t-overlay-lab-pt6/nsx-t-overlay-lab-pt6-05.png" /></p>
<p>Yep, looks good:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site-B-Uplink Segment vCenter" src="/images/nsx-t-overlay-lab-pt6/nsx-t-overlay-lab-pt6-06.png" /></p>
<p>Back in NSX-T Global Manager, clicking <strong>Check Status</strong> returns <strong>Success</strong> for both:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Uplink Segment Status" src="/images/nsx-t-overlay-lab-pt6/nsx-t-overlay-lab-pt6-07.png" /></p>
<h2 id="create-tier-0-gateway">Create Tier-0 Gateway</h2>
<p>Lets create the federated Tier-0 gateway. Select the Global Manager from the task bar drop down. From there, select <strong>Networking > Tier-0 Gateways</strong>. Select <strong>Add Tier-0 Gateway</strong>.</p>
<p>Name the Gateway <strong>Multi-Site-T0</strong>, set the HA mode to <strong>Active</strong>, mark all locations as primary (i.e. both sites active rather than one active and one standby) and finally add both locations and edge clusters:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="T0 Config 1" src="/images/nsx-t-overlay-lab-pt6/nsx-t-overlay-lab-pt6-08.png" /></p>
<p>Click <strong>Save</strong> and <strong>Yes</strong> to continue the configuration of the Tier-0.</p>
<p>Scroll down to <strong>Interfaces</strong>, expand and click <strong>Set</strong>.</p>
<p>Click <strong>Add Interface</strong>, name the interface <strong>Site-A-Uplink</strong>, location <strong>Site-A</strong>, IP address of <strong>192.168.12.2/24</strong> (again as defined in <a href="/nsx-t-overlay-lab-pt1/#site-a-ip-allocation" target="_blank">Part 1</a>), connected to <strong>Site-A-Uplink</strong>, edge node <strong>ESG-SITE-A</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="T0 Site A Uplink" src="/images/nsx-t-overlay-lab-pt6/nsx-t-overlay-lab-pt6-09.png" /></p>
<p>Click <strong>Save</strong>.</p>
<p>Click <strong>Add Interface</strong> , name the interface <strong>Site-B-Uplink</strong>, location <strong>Site-B</strong>, IP address of <strong>192.168.22.2/24</strong> (again as defined in <a href="/nsx-t-overlay-lab-pt1/#site-b-ip-allocation" target="_blank">Part 1</a>), connected to <strong>Site-B-Uplink</strong>, edge node <strong>ESG-SITE-B</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="T0 Site B Uplink" src="/images/nsx-t-overlay-lab-pt6/nsx-t-overlay-lab-pt6-10.png" /></p>
<p>Click <strong>Save</strong>. Again, click <strong>Check Status</strong> to confirm that the configuration is correct:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="T0 Uplinks" src="/images/nsx-t-overlay-lab-pt6/nsx-t-overlay-lab-pt6-11.png" /></p>
<p>Click <strong>Close</strong>. Once back in the Multi-Site-T0 configuration, confirm that both sites have one interface each:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="T0 Interfaces" src="/images/nsx-t-overlay-lab-pt6/nsx-t-overlay-lab-pt6-12.png" /></p>
<p>Next, scroll down to Route Re-distribution and click <strong>Set</strong> next to Site-A.</p>
<p>Click <strong>Add Route Re-distribution</strong>, Enter name of <strong>Site-A-Route-Redistribution</strong> and click <strong>Set</strong>. Select options as shown below and click <strong>Apply</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="T0 Site A BGP" src="/images/nsx-t-overlay-lab-pt6/nsx-t-overlay-lab-pt6-13.png" /></p>
<p>Click <strong>Add</strong> and <strong>Apply</strong> to save.</p>
<p>Repeat route re-distribution settings for Site B and ensure both are enabled:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site Re-Redistribution" src="/images/nsx-t-overlay-lab-pt6/nsx-t-overlay-lab-pt6-14.png" /></p>
<p>Click <strong>Save</strong>. Scroll back up within the configuration of Multi-Site-T0, and open the <strong>BGP</strong> section.</p>
<p>Set <strong>Local AS</strong> to <strong>64605</strong> and <strong>Graceful Restart</strong> to <strong>Disable</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="T0 BGP" src="/images/nsx-t-overlay-lab-pt6/nsx-t-overlay-lab-pt6-15.png" /></p>
<p>Click <strong>Save</strong>.</p>
<p><strong>Set</strong> under <strong>BGP Neighbours</strong> and select <strong>Add BGP Neighbour</strong></p>
<p>Enter <strong>192.168.12.1</strong>, set <strong>Location</strong> to <strong>Site-A</strong>, set <strong>BFD</strong> <strong>Enabled</strong>. As per <a href="/opnsense-bgp-bfd-config/#configure-bgp-and-bfd">OPNsense BGP and BFD Configuration</a> we know that our OPNsense Labrouter has a BGP AS of 64600, so add that as <strong>Remote AS Number</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A BGP" src="/images/nsx-t-overlay-lab-pt6/nsx-t-overlay-lab-pt6-16.png" /></p>
<p>Click <strong>Save</strong>. Click <strong>Check Status</strong> to confirm BGP has established:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A BGP Established 1" src="/images/nsx-t-overlay-lab-pt6/nsx-t-overlay-lab-pt6-17.png" /></p>
<p>Click <strong>i</strong> to show further information and confirm <strong>“Established”</strong> status:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A BGP Established 2" src="/images/nsx-t-overlay-lab-pt6/nsx-t-overlay-lab-pt6-18.png" /></p>
<p>Click <strong>Add BGP Neighbour</strong> and configure for Site B location. As we are using Lab router as our site B uplink, set IP to <strong>192.168.22.1</strong> and remote AS as <strong>64600</strong> also:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site B BGP" src="/images/nsx-t-overlay-lab-pt6/nsx-t-overlay-lab-pt6-19.png" /></p>
<p>Click <strong>Save</strong>. Click <strong>Check Status</strong> to confirm BGP has established:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="All Established" src="/images/nsx-t-overlay-lab-pt6/nsx-t-overlay-lab-pt6-20.png" /></p>
<p>Again, click <strong>i</strong> to show further information and confirm <strong>“Established”</strong> status:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site B Established 2" src="/images/nsx-t-overlay-lab-pt6/nsx-t-overlay-lab-pt6-21.png" /></p>
<p>Click <strong>Close</strong> to close BGP Neighbours setting and <strong>Close Editing</strong> to close Tier-0 configuration.</p>
<p>Finally, click <strong>Check Status</strong> on the Multi-Site-T0 gateway and confirm <strong>Success</strong> status:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="T0 Success" src="/images/nsx-t-overlay-lab-pt6/nsx-t-overlay-lab-pt6-22.png" /></p>
<p>Nice. And as some “icing on the cake”, lets check our BGP summary in OPNsense:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="OPNsense BGP" src="/images/nsx-t-overlay-lab-pt6/nsx-t-overlay-lab-pt6-23.png" /></p>
<p>Two established neighbours! Perfect!</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>So there we have it. Our Tier-0 router has been deployed and configured. BGP has been established at both sites from the Tier-0 gateway up through the edges and uplinks to our Labrouter. Our last task is to deploy two Tier-1 gateways and we will look to complete that in part 7.</p>
<p>This was part 6 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="/nsx-t-overlay-lab-pt1/" target="_blank">Lab Setup and Overview</a></li>
<li>Part 2: <a href="/nsx-t-overlay-lab-pt2/" target="_blank">Site A Build</a></li>
<li>Part 3: <a href="/nsx-t-overlay-lab-pt3/" target="_blank">Automated Site B Build</a></li>
<li>Part 4: <a href="/nsx-t-overlay-lab-pt4/" target="_blank">NSX-T Site Federation</a></li>
<li>Part 5: <a href="/nsx-t-overlay-lab-pt5/" target="_blank">Remote Tunnel Endpoints</a></li>
<li>Part 6: This Part: Federated Tier-0 Gateway</li>
<li>Part 7: <a href="/nsx-t-overlay-lab-pt7/" target="_blank">Federated Tier-1 Gateways</a></li>
<li>Part 8: <a href="/nsx-t-overlay-lab-pt8/" target="_blank">Egress Traffic and MEDdling with BGP</a></li>
</ul>
<p>Look out for future parts coming soon!</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nsx-t-overlay-lab-pt6/">NSX-T 3.2: Overlay Lab Build - Part 6</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 05, 2022.</p>
https://polarclouds.co.uk/nsx-t-overlay-lab-pt52022-03-28T01:00:00+01:002022-03-28T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX-T Logo" src="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-01.png" />
In this post we will set up our Remote Tunnel Endpoints (RTEPs) to allow us to tunnel our overlay traffic across sites.</p>
<p>This post is part 5 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="/nsx-t-overlay-lab-pt1/" target="_blank">Lab Setup and Overview</a></li>
<li>Part 2: <a href="/nsx-t-overlay-lab-pt2/" target="_blank">Site A Build</a></li>
<li>Part 3: <a href="/nsx-t-overlay-lab-pt3/" target="_blank">Automated Site B Build</a></li>
<li>Part 4: <a href="/nsx-t-overlay-lab-pt4/" target="_blank">NSX-T Site Federation</a></li>
<li>Part 5: This Part: Remote Tunnel Endpoints</li>
<li>Part 6: <a href="/nsx-t-overlay-lab-pt6/" target="_blank">Federated Tier-0 Gateway</a></li>
<li>Part 7: <a href="/nsx-t-overlay-lab-pt7/" target="_blank">Federated Tier-1 Gateways</a></li>
<li>Part 8: <a href="/nsx-t-overlay-lab-pt8/" target="_blank">Egress Traffic and MEDdling with BGP</a></li>
</ul>
<p>As a reminder, in this series we will be building the following lab:</p>
<p><a href="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-02.png"><img style="display:block;" src="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-02.png" alt="NSX-T Test Lab" /></a><sup>(Click image to zoom in)</sup></p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#what-is-a-remote-tunnel-end-point-or-rtep" id="markdown-toc-what-is-a-remote-tunnel-end-point-or-rtep">What is a Remote Tunnel End Point or RTEP?</a></li>
<li><a href="#check-mtu" id="markdown-toc-check-mtu">Check MTU</a></li>
<li><a href="#rtep-ip-pools" id="markdown-toc-rtep-ip-pools">RTEP IP Pools</a></li>
<li><a href="#configure-inter-location-communication" id="markdown-toc-configure-inter-location-communication">Configure Inter-Location Communication</a></li>
<li><a href="#configuration-confirmation" id="markdown-toc-configuration-confirmation">Configuration Confirmation</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<p><br /></p>
<h2 id="what-is-a-remote-tunnel-end-point-or-rtep">What is a Remote Tunnel End Point or RTEP?</h2>
<p>Just like the host and edge TEPs, NSX-T Geneve traffic needs to be encapsulated and de-encapsulated by a Tunnel End Point (TEP). RTEPs are used for cross site traffic from Edge node to Edge node. If we want to pass encapsulated overlay traffic from one site to another site, we are going to need some RTEPs.</p>
<p>OK, so let’s get some RTEPs configured!</p>
<h2 id="check-mtu">Check MTU</h2>
<p>As discussed in the VMware article <a href="https://docs.vmware.com/en/VMware-Validated-Design/5.1/sddc-architecture-and-design-for-vmware-nsxt-workload-domains/GUID-3FF2471C-665B-4E84-8DE4-ED3F35A58DE8.html" target="_blank">NSX-T Network Requirements and Sizing for NSX-T Workload Domains</a>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="MTU Requirement" src="/images/nsx-t-overlay-lab-pt5/nsx-t-overlay-lab-pt5-01.png" /></p>
<p>Yep, we need to have a cross site maximum transmission unit (MTU) of <strong>at least 1600</strong>. So to save heart ache further down the road, let’s double check our site MTU settings at each site. Let’s also test our cross site MTU.</p>
<p>Open NSX-T Global Manager, select a site and navigate to <strong>System > Fabric > Settings</strong>. Confirm that both Tunnel End Point (TEP) and Remote Tunnel End Point (RTEP) settings are set to 1700 and click <strong>Check Now</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="NSX-T MTU Check" src="/images/nsx-t-overlay-lab-pt5/nsx-t-overlay-lab-pt5-02.png" /></p>
<p>If all OK, the overall MTU status should return “Consistent”. If not, make necessary adjustments and check again. Repeat for all other sites.</p>
<p>Next let’s check the cross site network MTU. Obviously the amount and complexity of testing will very much depend on the complexity of network between your NSX-T between sites. Luckily for us, as this is a lab and as you can see from the diagram above we have just the one device between our NSX-T sites; LABROUTER.</p>
<p>As we are using an OPNsense for our LABROUTER, confirmation of the RTEP VLAN MTU configuration is easy. Log in to OPNsense, select <strong>Interfaces > Diagnostics > Netstat</strong> and lets look at our Site A RTEP VLAN interface, SITE_A_RMOTE_TRANSPORT_VL13 <a href="/nsx-t-overlay-lab-pt1/#site-a-vlans-and-subnets" target="_blank">As defined in Part 1</a>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Labrouter Site A RTEP Interface" src="/images/nsx-t-overlay-lab-pt5/nsx-t-overlay-lab-pt5-03.png" /></p>
<p>Looks good. Repeat for Site B RTEP VLAN interface SITE_B_RMOTE_TRANSPORT_VL23.</p>
<h2 id="rtep-ip-pools">RTEP IP Pools</h2>
<p>Next let’s create some Remote Tunnel End Point IP pools.</p>
<p>Open NSX-T Global Manager, select a site, then select <strong>System > Networking > IP Address Pools > Add IP Address Pool</strong>.</p>
<p>Name the Pool <strong>Site-A-RTEP-Pool</strong>, click <strong>Set > Add Subnet > IP Ranges</strong>.</p>
<p>As per <a href="/nsx-t-overlay-lab-pt1/#site-a-ip-allocation" target="_blank">Site A IP Allocation</a>, set the IP range to <strong>192.168.13.2-192.168.13.254</strong>, the CIDR to <strong>192.168.13.0/24</strong>, the Gateway IP to <strong>192.168.13.1</strong> and click <strong>Add</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A RTEP Subnet" src="/images/nsx-t-overlay-lab-pt5/nsx-t-overlay-lab-pt5-04.png" /></p>
<p>Click <strong>Apply</strong> and <strong>Save</strong>. When complete you should have the following:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A IP Pools" src="/images/nsx-t-overlay-lab-pt5/nsx-t-overlay-lab-pt5-05.png" /></p>
<p>Again, repeat for Site B.</p>
<h2 id="configure-inter-location-communication">Configure Inter-Location Communication</h2>
<p>With that all done, lets enable come inter-site comms.</p>
<p>Open NSX-T Global Manager, select the Global Manager, then select <strong>Location Manager</strong>. From there select a location and click <strong>Networking</strong>.</p>
<p>Confirm that the correct edge cluster is selected and click <strong>Configure</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A Edge Cluster" src="/images/nsx-t-overlay-lab-pt5/nsx-t-overlay-lab-pt5-06.png" /></p>
<p>Select the edge cluster again and complete the RTEP Configuration:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Edge Cluster RTEP Config" src="/images/nsx-t-overlay-lab-pt5/nsx-t-overlay-lab-pt5-07.png" /></p>
<p>Click <strong>Save</strong> to complete. Repeat for Site B.</p>
<h2 id="configuration-confirmation">Configuration Confirmation</h2>
<p>We will build our Tier 0 and Tier 1 stretched gateways in part 6. Until then, let’s confirm that we are ready for them.</p>
<p>Open NSX-T Global Manager and select <strong>System > System Overview</strong>. Scroll down to the locations:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Locations" src="/images/nsx-t-overlay-lab-pt5/nsx-t-overlay-lab-pt5-08.png" /></p>
<p>Lets look closer at our RTEP “unknown” status:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="RTEP Status" src="/images/nsx-t-overlay-lab-pt5/nsx-t-overlay-lab-pt5-09.png" /></p>
<p>So our RTEP status looks good. Furthermore, clicking the <em>i</em> tells us that we are indeed ready:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="RTEPs Ready" src="/images/nsx-t-overlay-lab-pt5/nsx-t-overlay-lab-pt5-10.png" /></p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>So there we have it. Our federated NSX-T sites now have their remote tunnel endpoints. We still have to create our Global Tier 0 and Tier 1 Logical routers before we can hook any VMs into our NSX-T build. We will look at that in a later part of this series.</p>
<p>This was part 5 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="/nsx-t-overlay-lab-pt1/" target="_blank">Lab Setup and Overview</a></li>
<li>Part 2: <a href="/nsx-t-overlay-lab-pt2/" target="_blank">Site A Build</a></li>
<li>Part 3: <a href="/nsx-t-overlay-lab-pt3/" target="_blank">Automated Site B Build</a></li>
<li>Part 4: <a href="/nsx-t-overlay-lab-pt4/" target="_blank">NSX-T Site Federation</a></li>
<li>Part 5: This Part: Remote Tunnel Endpoints</li>
<li>Part 6: <a href="/nsx-t-overlay-lab-pt6/" target="_blank">Federated Tier-0 Gateway</a></li>
<li>Part 7: <a href="/nsx-t-overlay-lab-pt7/" target="_blank">Federated Tier-1 Gateways</a></li>
<li>Part 8: <a href="/nsx-t-overlay-lab-pt8/" target="_blank">Egress Traffic and MEDdling with BGP</a></li>
</ul>
<p>Look out for future parts coming soon!</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nsx-t-overlay-lab-pt5/">NSX-T 3.2: Overlay Lab Build - Part 5</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on March 28, 2022.</p>
https://polarclouds.co.uk/nsx-t-overlay-lab-pt42022-03-21T00:00:00+00:002022-03-21T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX-T Logo" src="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-01.png" />
In this post we will federate our previously deployed NSX-T sites, the imaginatively named Site A and Site B.</p>
<p>This post is part 4 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="/nsx-t-overlay-lab-pt1/" target="_blank">Lab Setup and Overview</a></li>
<li>Part 2: <a href="/nsx-t-overlay-lab-pt2/" target="_blank">Site A Build</a></li>
<li>Part 3: <a href="/nsx-t-overlay-lab-pt3/" target="_blank">Automated Site B Build</a></li>
<li>Part 4: This Part: Multi Site Federation</li>
<li>Part 5: <a href="/nsx-t-overlay-lab-pt5/" target="_blank">Remote Tunnel Endpoints</a></li>
<li>Part 6: <a href="/nsx-t-overlay-lab-pt6/" target="_blank">Federated Tier-0 Gateway</a></li>
<li>Part 7: <a href="/nsx-t-overlay-lab-pt7/" target="_blank">Federated Tier-1 Gateways</a></li>
<li>Part 8: <a href="/nsx-t-overlay-lab-pt8/" target="_blank">Egress Traffic and MEDdling with BGP</a></li>
</ul>
<p>As a reminder, in this series we will be building the following lab:</p>
<p><a href="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-02.png"><img style="display:block;" src="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-02.png" alt="NSX-T Test Lab" /></a><sup>(Click image to zoom in)</sup></p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#deploy-global-manager" id="markdown-toc-deploy-global-manager">Deploy Global Manager</a></li>
<li><a href="#create-site-vips" id="markdown-toc-create-site-vips">Create Site VIPs</a></li>
<li><a href="#obtain-site-cluster-thumbprints" id="markdown-toc-obtain-site-cluster-thumbprints">Obtain Site Cluster Thumbprints</a></li>
<li><a href="#global-manager-config" id="markdown-toc-global-manager-config">Global Manager Config</a></li>
<li><a href="#add-site-nsx-t-managers-to-global-manager" id="markdown-toc-add-site-nsx-t-managers-to-global-manager">Add Site NSX-T Managers to Global Manager</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<p><br /></p>
<h2 id="deploy-global-manager">Deploy Global Manager</h2>
<p>First step is to deploy our Global Manager. This being a lab we will make do with just one global manager. Production deployments should have a minimum of three global managers for quorum and redundancy. This is also the case for site NSX Managers.</p>
<p>As this is a lab, we can get away with the bare minimum of one global manager to match our one site manager per site model already deployed.</p>
<p>Deployment is the same as deploying an NSX manager, ensuring that <strong>NSX Global Manager</strong> is selected during the NSX Manager OVA deployment:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Select Global Manager" src="/images/nsx-t-overlay-lab-pt4/nsx-t-overlay-lab-pt4-01.png" /></p>
<p>Once deployment completes, power on the global manager VM and allow it time to settle.</p>
<h2 id="create-site-vips">Create Site VIPs</h2>
<p>As already mentioned, normal NSX-T site deployments consist of a cluster of three NSX-T managers per site. So that our global NSX-T manager can communicate with our cluster, we need to create a shared Virtual IP (VIP) that the global manager can use to communicate with our site NSX-T cluster.</p>
<p>Let’s setup our site VIPs.</p>
<p>Log on to a site NSX-T manager, select <strong>System > Appliances > Set Virtual IP</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Set VIP" src="/images/nsx-t-overlay-lab-pt4/nsx-t-overlay-lab-pt4-02.png" /></p>
<p>As per our IP schema discussed way back in <a href="/nsx-t-overlay-lab-pt1/#site-a-ip-allocation">part 1</a>, we will assign 192.168.10.17 and 192.168.20.17 to our Site A and Site B NSX-T manager VIPs respectively.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Set VIP IP" src="/images/nsx-t-overlay-lab-pt4/nsx-t-overlay-lab-pt4-03.png" /></p>
<p>Once complete, looks good:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VIP IP Set" src="/images/nsx-t-overlay-lab-pt4/nsx-t-overlay-lab-pt4-04.png" /></p>
<h2 id="obtain-site-cluster-thumbprints">Obtain Site Cluster Thumbprints</h2>
<p>As you will see below, registering the site NSX-T managers with the global manager involves supplying the global manager with the certificate thumbprints from each of the site NSX-T clusters. The thumbprints can be obtained by opening an SSH session to each of the site NSX-T managers and issuing the command:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">get certificate cluster thumbprint</code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="get certificate cluster thumbprint" src="/images/nsx-t-overlay-lab-pt4/nsx-t-overlay-lab-pt4-05.png" /></p>
<h2 id="global-manager-config">Global Manager Config</h2>
<p>Let’s log into our global manager for the first time. Good news is that we don’t need to licence the global manager, so after accepting the licence agreement, we are free to begin configuration.</p>
<p>Select <strong>System > Location Manager</strong>, select <strong>Make Active</strong> and supply a name. I’ll name mine <strong>NSX-T Lab</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="NSX-T Lab Named" src="/images/nsx-t-overlay-lab-pt4/nsx-t-overlay-lab-pt4-06.png" /></p>
<h2 id="add-site-nsx-t-managers-to-global-manager">Add Site NSX-T Managers to Global Manager</h2>
<p>Select <strong>System > Location Manager > Add On-Prem Location</strong>.</p>
<p>Complete the required information along with the thumbprint gained above and select <strong>Check Version Compatibility</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Check Compatibility" src="/images/nsx-t-overlay-lab-pt4/nsx-t-overlay-lab-pt4-07.png" /></p>
<p>Once saved, confirm that the global manager and site successfully sync:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site Sync" src="/images/nsx-t-overlay-lab-pt4/nsx-t-overlay-lab-pt4-08.png" /></p>
<p>Repeat above steps for Site B.</p>
<p>Log out and back into the global manager. Confirm that both sites are available on the global manager NSX-T taskbar:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Both Sites on Taskbar" src="/images/nsx-t-overlay-lab-pt4/nsx-t-overlay-lab-pt4-09.png" /></p>
<p>Finally, confirm via <strong>Site > System > Fabric > Compute Managers</strong> that both vCenters are listed in their respective sites:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="vCenter listed in Compute Manager Site A" src="/images/nsx-t-overlay-lab-pt4/nsx-t-overlay-lab-pt4-10.png" /></p>
<p>And:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="vCenter listed in Compute Manager Site B" src="/images/nsx-t-overlay-lab-pt4/nsx-t-overlay-lab-pt4-11.png" /></p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>We made it!</p>
<p>In this post we deployed our Global NSX-T Manager and federated our sites.</p>
<p>We still have to create our Remote Tunnel End Points (RTEPs) and cross site global tier 0 and tier 1 logical routers before we can hook any VMs into our NSX-T build. We will work on those in the following parts of this series.</p>
<p>This was post part 4 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="/nsx-t-overlay-lab-pt1/" target="_blank">Lab Setup and Overview</a></li>
<li>Part 2: <a href="/nsx-t-overlay-lab-pt2/" target="_blank">Site A Build</a></li>
<li>Part 3: <a href="/nsx-t-overlay-lab-pt3/" target="_blank">Automated Site B Build</a></li>
<li>Part 4: This Part: Multi Site Federation</li>
<li>Part 5: <a href="/nsx-t-overlay-lab-pt5/" target="_blank">Remote Tunnel Endpoints</a></li>
<li>Part 6: <a href="/nsx-t-overlay-lab-pt6/" target="_blank">Federated Tier-0 Gateway</a></li>
<li>Part 7: <a href="/nsx-t-overlay-lab-pt7/" target="_blank">Federated Tier-1 Gateways</a></li>
<li>Part 8: <a href="/nsx-t-overlay-lab-pt8/" target="_blank">Egress Traffic and MEDdling with BGP</a></li>
</ul>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nsx-t-overlay-lab-pt4/">NSX-T 3.2: Overlay Lab Build - Part 4</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on March 21, 2022.</p>
https://polarclouds.co.uk/nsx-t-overlay-lab-pt32022-03-15T00:00:00+00:002022-03-15T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX-T Logo" src="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-01.png" />
In this post we will configure our second NSX-T site, the also imaginatively named, Site B.</p>
<p>This post is part 3 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="/nsx-t-overlay-lab-pt1/" target="_blank">Lab Setup and Overview</a></li>
<li>Part 2: <a href="/nsx-t-overlay-lab-pt2/" target="_blank">Site A Build</a></li>
<li>Part 3: This Part: Automated Site B Build</li>
<li>Part 4: <a href="/nsx-t-overlay-lab-pt4/" target="_blank">Multi Site Federation</a></li>
<li>Part 5: <a href="/nsx-t-overlay-lab-pt5/" target="_blank">Remote Tunnel Endpoints</a></li>
<li>Part 6: <a href="/nsx-t-overlay-lab-pt6/" target="_blank">Federated Tier-0 Gateway</a></li>
<li>Part 7: <a href="/nsx-t-overlay-lab-pt7/" target="_blank">Federated Tier-1 Gateways</a></li>
<li>Part 8: <a href="/nsx-t-overlay-lab-pt8/" target="_blank">Egress Traffic and MEDdling with BGP</a></li>
</ul>
<p>As a reminder, in this series we will be building the following lab:</p>
<p><a href="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-02.png"><img style="display:block;" src="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-02.png" alt="NSX-T Test Lab" /></a><sup>(Click image to zoom in)</sup></p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#vsphere-pre-requisites" id="markdown-toc-vsphere-pre-requisites">vSphere Pre-Requisites</a></li>
<li><a href="#networking-pre-requisites" id="markdown-toc-networking-pre-requisites">Networking Pre-Requisites</a></li>
<li><a href="#the-tldr-deployment" id="markdown-toc-the-tldr-deployment">The TL,DR Deployment</a></li>
<li><a href="#the-automated-deployment-using-nsx-t-api-and-powershell" id="markdown-toc-the-automated-deployment-using-nsx-t-api-and-powershell">The Automated Deployment Using NSX-T API and PowerShell</a> <ul>
<li><a href="#a-link-to-the-full-script" id="markdown-toc-a-link-to-the-full-script">A Link To The Full Script</a></li>
<li><a href="#build-chunks" id="markdown-toc-build-chunks">Build Chunks</a></li>
<li><a href="#powershell-variables" id="markdown-toc-powershell-variables">PowerShell Variables</a></li>
<li><a href="#handling-api-response-exceptions" id="markdown-toc-handling-api-response-exceptions">Handling API Response Exceptions</a></li>
<li><a href="#accept-self-signed-certificates-and-handle-credentials" id="markdown-toc-accept-self-signed-certificates-and-handle-credentials">Accept Self-Signed Certificates and Handle Credentials</a></li>
<li><a href="#create-transport-zones" id="markdown-toc-create-transport-zones">Create Transport Zones</a></li>
<li><a href="#create-host-uplink-profile" id="markdown-toc-create-host-uplink-profile">Create Host Uplink Profile</a></li>
<li><a href="#create-edge-uplink-profile" id="markdown-toc-create-edge-uplink-profile">Create Edge Uplink Profile</a></li>
<li><a href="#create-tep-pool" id="markdown-toc-create-tep-pool">Create TEP Pool</a></li>
<li><a href="#attach-vcenter" id="markdown-toc-attach-vcenter">Attach vCenter</a></li>
<li><a href="#create-transport-node-profile" id="markdown-toc-create-transport-node-profile">Create Transport Node Profile</a></li>
<li><a href="#prepare-cluster" id="markdown-toc-prepare-cluster">Prepare Cluster</a></li>
<li><a href="#check-host-tep-connectivity" id="markdown-toc-check-host-tep-connectivity">Check Host TEP Connectivity</a></li>
<li><a href="#create-trunk-vlan-segment" id="markdown-toc-create-trunk-vlan-segment">Create Trunk VLAN Segment</a></li>
<li><a href="#create-edge-nodes" id="markdown-toc-create-edge-nodes">Create Edge Node(s)</a></li>
<li><a href="#check-edge-tep-connectivity" id="markdown-toc-check-edge-tep-connectivity">Check Edge TEP Connectivity</a></li>
<li><a href="#create-edge-cluster" id="markdown-toc-create-edge-cluster">Create Edge Cluster</a></li>
</ul>
</li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<p><br />
The build of Site B will mirror that of Site A.</p>
<p>Therefore, rather than creating another huge post with the same screenshots, lets make this a Too Lazy,Didn’t Read (TL,DR) and a “How to deploy with automation” all in one post.</p>
<p>That way, should you, I, anyone need to be reminded the steps, or indeed the order of the steps to build an NSX-T site, this post will come in handy. It will save time not having to leaf through pages of screenshots and explanation. It will also come in handy for someone looking to complete an automated deployment of an NSX-T site. The PowerShell NSX-T API calls below can be leveraged to build any size deployment.</p>
<p>As covered in part 1 <a href="/nsx-t-overlay-lab-pt1/" target="_blank">Lab Setup and Overview</a>, the following are required prior to an NSX-T deployment at a site:</p>
<h2 id="vsphere-pre-requisites">vSphere Pre-Requisites</h2>
<ul>
<li>vSphere 7.0 or later deployed</li>
<li>vSphere 7.0 or later distributed switches in use</li>
<li>Compute Hosts Clustered</li>
</ul>
<h2 id="networking-pre-requisites">Networking Pre-Requisites</h2>
<ul>
<li>MTU equal or greater than 1700 in use <strong>everywhere</strong></li>
<li>VLANS assigned for:
<ul>
<li>Management Traffic</li>
<li>Transport End Points (TEPS)</li>
<li>Uplinks</li>
<li>Remote Transport End Points (RTEPS)</li>
</ul>
</li>
</ul>
<h2 id="the-tldr-deployment">The TL,DR Deployment</h2>
<p>To Lazy, Didn’t Read? Simply complete the following:</p>
<ol>
<li>Deploy NSX-T OVA and create NSX-T local manager cluster</li>
<li>Licence</li>
<li>Create Transport Zones</li>
<li>Create Host Uplink Profile</li>
<li>Create Edge Uplink Profile</li>
<li>Create TEP Pool</li>
<li>Attach vCenter</li>
<li>Create Transport Node Profile</li>
<li>Prepare Cluster</li>
<li>Check Host TEP Connectivity</li>
<li>Create Trunk VLAN Segment</li>
<li>Create Edge Node(s)</li>
<li>Check Edge TEP Connectivity</li>
<li>Create Edge Cluster</li>
</ol>
<p>Once the above steps are complete, you are ready to federate!</p>
<h2 id="the-automated-deployment-using-nsx-t-api-and-powershell">The Automated Deployment Using NSX-T API and PowerShell</h2>
<p>The steps covered in part one and above are all well and good, but don’t you wish you could automate away a lot of that “point and click” stuff?</p>
<p>Sure no problem!</p>
<h3 id="a-link-to-the-full-script">A Link To The Full Script</h3>
<p>Whilst I’ll split out the build chunks of the PowerShell script required to complete each deployment step below, the full script can be found in my <a href="https://github.com/chall32/PowerShell/blob/main/NSXT-Build-API.ps1" target="_blank">PowerShell Github Repository</a>.</p>
<p>As mentioned, the script leverages NSX-T Data Center REST API (as detailed <a href="https://developer.vmware.com/apis/1198/nsx-t" target="_blank">here</a>) calls to the NSX-T manager to create the required configuration.</p>
<p>To my knowledge and after extensive Googling, this is the first time such a script has been posted to the internet - certainly for the v3.2.0 NSX-T REST API.</p>
<h3 id="build-chunks">Build Chunks</h3>
<p>As I say, rather than “swallowing the elephant whole”, lets break the script down into more manageable chunks.</p>
<p>For brevity, I’ll cover PowerShell required to complete steps 3 to 12 of the deployment. OVA deployment automations already exist elsewhere so I will not cover them here.</p>
<h3 id="powershell-variables">PowerShell Variables</h3>
<p>Lets create our PowerShell variables up front:</p>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="c"># =================================================================================================
</span><span class="w">
</span><span class="c"># Update These:
</span><span class="w">
</span><span class="nv">$NSXUser</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"admin"</span><span class="w"> </span><span class="c">## NSX-T Admin Username
</span><span class="w">
</span><span class="nv">$NSXPW</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"Password123!Password123!"</span><span class="w"> </span><span class="c">## NSX-T Admin Password
</span><span class="w">
</span><span class="nv">$baseuri</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"https://nsxt-site-b.lab"</span><span class="w"> </span><span class="c">## NSX-T Manager URL
</span><span class="w">
</span><span class="nv">$NSXTSite</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"Site-B"</span><span class="w"> </span><span class="c">## NSX-T Site Name
</span><span class="w">
</span><span class="c"># vCenter Connection # ============================
</span><span class="w">
</span><span class="nv">$vc</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"vc-site-b.lab"</span><span class="w"> </span><span class="c">## vCenter Hostname
</span><span class="w">
</span><span class="nv">$VCSSOUser</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"administrator@vsphere.local"</span><span class="w"> </span><span class="c">## vCenter SSO Admin Username
</span><span class="w">
</span><span class="nv">$VCSSOPass</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"Password123!"</span><span class="w"> </span><span class="c">## vCenter SSO Admin Password
</span><span class="w">
</span><span class="nv">$VCCluster</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"SITE-B-CLUSTER"</span><span class="w"> </span><span class="c">## Cluster Name
</span><span class="w">
</span><span class="nv">$DVSwitch</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"SITE-B-DSWITCH"</span><span class="w"> </span><span class="c">## Distributed Switch Name
</span><span class="w">
</span><span class="nv">$Datastore</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"ESXi7-SITE-B-LOCAL"</span><span class="w"> </span><span class="c">## Datastore to deploy edge to
</span><span class="w">
</span><span class="nv">$MgmtDVPrtGrp</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"Site-B-Management"</span><span class="w"> </span><span class="c">## Distributed Switch Port group for MGMT traffic
</span><span class="w">
</span><span class="c"># Transport Zones # ===============================
</span><span class="w">
</span><span class="nv">$TZOvLySuffix</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"Overlay-Transport-Zone"</span><span class="w"> </span><span class="c">## Overlay Transport Zone Name Suffix
</span><span class="w">
</span><span class="nv">$TZVlanSuffix</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"VLAN-Transport-Zone"</span><span class="w"> </span><span class="c">## VLAN Transport Zone Name Suffix
</span><span class="w">
</span><span class="c"># Host Uplink Profile # ===========================
</span><span class="w">
</span><span class="nv">$HUPSuffix</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"Host-Uplink-Profile"</span><span class="w"> </span><span class="c">## Host Uplink Profile Name Suffix
</span><span class="w">
</span><span class="nv">$HUP1Name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"Uplink-1"</span><span class="w"> </span><span class="c">## Host Uplink 1 Name
</span><span class="w">
</span><span class="nv">$HUP2Name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"Uplink-2"</span><span class="w"> </span><span class="c">## Host Uplink 2 Name
</span><span class="w">
</span><span class="nv">$HUPTeaming</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"FAILOVER_ORDER"</span><span class="w"> </span><span class="c">## Host Uplink Teaming Policy
</span><span class="w">
</span><span class="nv">$HTransVLAN</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"21"</span><span class="w"> </span><span class="c">## Host Transport VLAN ID
</span><span class="w">
</span><span class="c"># Edge Uplink Profile # ===========================
</span><span class="w">
</span><span class="nv">$EUPSuffix</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"Edge-Uplink-Profile"</span><span class="w"> </span><span class="c">## Edge Uplink Profile Name Suffix
</span><span class="w">
</span><span class="nv">$EUP1Name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"Uplink-1"</span><span class="w"> </span><span class="c">## Edge Uplink 1 Name
</span><span class="w">
</span><span class="nv">$EUP2Name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"Uplink-2"</span><span class="w"> </span><span class="c">## Edge Uplink 2 Name
</span><span class="w">
</span><span class="nv">$EUPTeaming</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"LOADBALANCE_SRCID"</span><span class="w"> </span><span class="c">## Edge Uplink Teaming Policy
</span><span class="w">
</span><span class="nv">$ETransVLAN</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"21"</span><span class="w"> </span><span class="c">## Edge Transport VLAN ID
</span><span class="w">
</span><span class="c"># TEP Pool # ======================================
</span><span class="w">
</span><span class="nv">$IPPSuffix</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"TEP-Pool"</span><span class="w"> </span><span class="c">## TEP Pool Name Suffix
</span><span class="w">
</span><span class="nv">$IPPDescription</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"Site-B TEP Pool"</span><span class="w"> </span><span class="c">## TEP Pool Description
</span><span class="w">
</span><span class="nv">$IPPStart</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"192.168.21.2"</span><span class="w"> </span><span class="c">## TEP Pool Start IP
</span><span class="w">
</span><span class="nv">$IPPEnd</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"192.168.21.254"</span><span class="w"> </span><span class="c">## TEP Pool End IP
</span><span class="w">
</span><span class="nv">$IPPCIDR</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"192.168.21.0/24"</span><span class="w"> </span><span class="c">## TEP Pool CIDR
</span><span class="w">
</span><span class="nv">$IPPGW</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"192.168.21.1"</span><span class="w"> </span><span class="c">## TEP Pool Gateway
</span><span class="w">
</span><span class="c"># Transport Node Profile # ========================
</span><span class="w">
</span><span class="nv">$TNPSuffix</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"Transport-Node-Profile"</span><span class="w"> </span><span class="c">## Transport Node Profile Name Suffix
</span><span class="w">
</span><span class="c"># Edge VMs # ======================================
</span><span class="w">
</span><span class="nv">$EdgeNodes</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="sh">@"
Edge,IP
esg-site-b,192.168.20.22
"@</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">ConvertFrom-Csv</span><span class="w"> </span><span class="c">## List of Edge Nodes "Name","IP"
</span><span class="w">
</span><span class="nv">$EdgeCIDR</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"24"</span><span class="w"> </span><span class="c">## Edge Management IP CIDR
</span><span class="w">
</span><span class="nv">$EdgeGWIP</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"192.168.20.1"</span><span class="w"> </span><span class="c">## Edge Management IP Gateway
</span><span class="w">
</span><span class="nv">$EdgeDNSIP</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"192.168.20.1"</span><span class="w"> </span><span class="c">## Edge DNS Server IP
</span><span class="w">
</span><span class="nv">$EdgeDNSSearch</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"lab"</span><span class="w"> </span><span class="c">## Edge DNS Search List
</span><span class="w">
</span><span class="nv">$EdgeNTPIP</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"192.168.20.1"</span><span class="w"> </span><span class="c">## Edge NTP Server List
</span><span class="w">
</span><span class="nv">$EdgeUplinks</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"Site-B-Trunk"</span><span class="w"> </span><span class="c">## Distributed Switch Port group for Edge Uplinks
</span><span class="w">
</span><span class="nv">$EdgerootPW</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$NSXPW</span><span class="w"> </span><span class="c">## Edge root User Password
</span><span class="w">
</span><span class="nv">$EdgeCLIPW</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$NSXPW</span><span class="w"> </span><span class="c">## Edge CLI User Password
</span><span class="w">
</span><span class="nv">$EdgeCluSuffix</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"Edge-Cluster"</span><span class="w"> </span><span class="c">## Edge Cluster Name Suffix</span></code></pre></figure>
<h3 id="handling-api-response-exceptions">Handling API Response Exceptions</h3>
<p>Lets create a PowerShell function so that we may correctly handle the API responses and exceptions returned from the NSX-T API:</p>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="c"># ==== HANDLE API RESPONSE EXCEPTIONS =============================================================
</span><span class="w">
</span><span class="kr">Function</span><span class="w"> </span><span class="nf">ResponseException</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="c">#Get response from the exception
</span><span class="w">
</span><span class="nv">$response</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="bp">$_</span><span class="o">.</span><span class="nf">exception</span><span class="o">.</span><span class="nf">response</span><span class="w">
</span><span class="kr">if</span><span class="w"> </span><span class="p">(</span><span class="nv">$response</span><span class="p">)</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="n">Write-Host</span><span class="w"> </span><span class="s2">""</span><span class="w">
</span><span class="n">Write-Host</span><span class="w"> </span><span class="s2">"Oops something went wrong, please check your API call"</span><span class="w"> </span><span class="nt">-ForegroundColor</span><span class="w"> </span><span class="nx">Red</span><span class="w"> </span><span class="nt">-BackgroundColor</span><span class="w"> </span><span class="nx">Black</span><span class="w">
</span><span class="n">Write-Host</span><span class="w"> </span><span class="s2">""</span><span class="w">
</span><span class="nv">$responseStream</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="bp">$_</span><span class="o">.</span><span class="nf">exception</span><span class="o">.</span><span class="nf">response</span><span class="o">.</span><span class="nf">GetResponseStream</span><span class="p">()</span><span class="w">
</span><span class="nv">$reader</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">New-Object</span><span class="w"> </span><span class="nx">system.io.streamreader</span><span class="p">(</span><span class="nv">$responseStream</span><span class="p">)</span><span class="w">
</span><span class="nv">$responseBody</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$reader</span><span class="o">.</span><span class="nf">readtoend</span><span class="p">()</span><span class="w">
</span><span class="bp">$Error</span><span class="n">String</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"Exception occured calling invoke-restmethod. </span><span class="si">$(</span><span class="nv">$response</span><span class="o">.</span><span class="nf">StatusCode</span><span class="o">.</span><span class="nf">value__</span><span class="si">)</span><span class="s2"> : </span><span class="si">$(</span><span class="nv">$response</span><span class="o">.</span><span class="nf">StatusDescription</span><span class="si">)</span><span class="s2"> : Response Body: </span><span class="si">$(</span><span class="nv">$responseBody</span><span class="si">)</span><span class="s2">"</span><span class="w">
</span><span class="kr">Throw</span><span class="w"> </span><span class="bp">$Error</span><span class="n">String</span><span class="w">
</span><span class="n">Write-Host</span><span class="w"> </span><span class="s2">""</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="kr">else</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="kr">Throw</span><span class="w"> </span><span class="bp">$_</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">}</span></code></pre></figure>
<h3 id="accept-self-signed-certificates-and-handle-credentials">Accept Self-Signed Certificates and Handle Credentials</h3>
<p>Let’s accept self-signed certificates:</p>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="c"># ==== ACCEPT CERTS + CREDENTIAL HANDLING =========================================================
</span><span class="w">
</span><span class="n">add-type</span><span class="w"> </span><span class="sh">@"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@</span><span class="w">
</span><span class="p">[</span><span class="n">System.Net.ServicePointManager</span><span class="p">]::</span><span class="n">CertificatePolicy</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">New-Object</span><span class="w"> </span><span class="nx">TrustAllCertsPolicy</span><span class="w">
</span><span class="nv">$pair</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"</span><span class="si">$(</span><span class="nv">$NSXUser</span><span class="si">)</span><span class="s2">:</span><span class="si">$(</span><span class="nv">$NSXPW</span><span class="si">)</span><span class="s2">"</span><span class="w">
</span><span class="nv">$bytes</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span><span class="n">System.Text.Encoding</span><span class="p">]::</span><span class="n">ASCII.GetBytes</span><span class="p">(</span><span class="nv">$pair</span><span class="p">)</span><span class="w">
</span><span class="nv">$base64</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span><span class="n">System.Convert</span><span class="p">]::</span><span class="n">ToBase64String</span><span class="p">(</span><span class="nv">$bytes</span><span class="p">)</span><span class="w">
</span><span class="nv">$headers</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">@{</span><span class="w">
</span><span class="s2">"Authorization"</span><span class="o">=</span><span class="s2">"basic </span><span class="nv">$base64</span><span class="s2">"</span><span class="w">
</span><span class="s2">"Content-Type"</span><span class="o">=</span><span class="s2">"application/json"</span><span class="w">
</span><span class="s2">"Accept"</span><span class="o">=</span><span class="s2">"application/json"</span><span class="w">
</span><span class="p">}</span></code></pre></figure>
<h3 id="create-transport-zones">Create Transport Zones</h3>
<p>This NSX-T API call will create our Overlay and VLAN Transport Zones:</p>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="c"># ==== CREATE TRANSPORT ZONES =====================================================================
</span><span class="w">
</span><span class="nv">$tzuri</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"</span><span class="nv">$baseuri</span><span class="s2">/policy/api/v1/transport-zones/"</span><span class="w">
</span><span class="nv">$body</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="sh">@"
{
"display_name": "</span><span class="si">$(</span><span class="nv">$NSXTSite</span><span class="si">)</span><span class="sh">-</span><span class="si">$(</span><span class="nv">$TZOvLySuffix</span><span class="si">)</span><span class="sh">",
"transport_type": "OVERLAY"
}
"@</span><span class="w">
</span><span class="kr">Try</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nv">$response</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">invoke-restmethod</span><span class="w"> </span><span class="nt">-uri</span><span class="w"> </span><span class="nv">$tzuri</span><span class="w"> </span><span class="nt">-headers</span><span class="w"> </span><span class="nv">$headers</span><span class="w"> </span><span class="nt">-method</span><span class="w"> </span><span class="nx">POST</span><span class="w"> </span><span class="nt">-body</span><span class="w"> </span><span class="nv">$body</span><span class="w">
</span><span class="nv">$response</span><span class="w">
</span><span class="n">Write-Host</span><span class="w"> </span><span class="s2">""</span><span class="p">}</span><span class="w">
</span><span class="kr">Catch</span><span class="w"> </span><span class="p">{</span><span class="n">ResponseException</span><span class="w"> </span><span class="c"># Call Function ResponseException to get error response from the exception
</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="nv">$body</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="sh">@"
{
"display_name": "</span><span class="si">$(</span><span class="nv">$NSXTSite</span><span class="si">)</span><span class="sh">-</span><span class="si">$(</span><span class="nv">$TZVlanSuffix</span><span class="si">)</span><span class="sh">",
"transport_type": "VLAN"
}
"@</span><span class="w">
</span><span class="kr">Try</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nv">$response</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">invoke-restmethod</span><span class="w"> </span><span class="nt">-uri</span><span class="w"> </span><span class="nv">$tzuri</span><span class="w"> </span><span class="nt">-headers</span><span class="w"> </span><span class="nv">$headers</span><span class="w"> </span><span class="nt">-method</span><span class="w"> </span><span class="nx">POST</span><span class="w"> </span><span class="nt">-body</span><span class="w"> </span><span class="nv">$body</span><span class="w">
</span><span class="nv">$response</span><span class="w">
</span><span class="n">Write-Host</span><span class="w"> </span><span class="s2">""</span><span class="p">}</span><span class="w">
</span><span class="kr">Catch</span><span class="w"> </span><span class="p">{</span><span class="n">ResponseException</span><span class="w"> </span><span class="c"># Call Function ResponseException to get error response from the exception
</span><span class="w">
</span><span class="p">}</span></code></pre></figure>
<h3 id="create-host-uplink-profile">Create Host Uplink Profile</h3>
<p>This NSX-T API call will create our Host uplink profile:</p>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="c"># ==== CREATE HOST UPLINK PROFILE =================================================================
</span><span class="w">
</span><span class="nv">$hupuri</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"</span><span class="nv">$baseuri</span><span class="s2">/policy/api/v1/infra/host-switch-profiles/</span><span class="nv">$NSXTSite</span><span class="s2">-</span><span class="nv">$HUPSuffix</span><span class="s2">"</span><span class="w">
</span><span class="nv">$body</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="sh">@"
{
"display_name": "</span><span class="si">$(</span><span class="nv">$NSXTSite</span><span class="si">)</span><span class="sh">-</span><span class="si">$(</span><span class="nv">$HUPSuffix</span><span class="si">)</span><span class="sh">",
"resource_type": "PolicyUplinkHostSwitchProfile",
"transport_vlan": </span><span class="si">$(</span><span class="nv">$HTransVLAN</span><span class="si">)</span><span class="sh">,
"teaming": {
"policy": "</span><span class="si">$(</span><span class="nv">$HUPTeaming</span><span class="si">)</span><span class="sh">",
"active_list": [
{
"uplink_name": "Uplink-1",
"uplink_type": "PNIC"
},
{
"uplink_name": "Uplink-2",
"uplink_type": "PNIC"
}
]
}
}
"@</span><span class="w">
</span><span class="kr">Try</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nv">$response</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">invoke-restmethod</span><span class="w"> </span><span class="nt">-uri</span><span class="w"> </span><span class="nv">$hupuri</span><span class="w"> </span><span class="nt">-headers</span><span class="w"> </span><span class="nv">$headers</span><span class="w"> </span><span class="nt">-method</span><span class="w"> </span><span class="nx">PATCH</span><span class="w"> </span><span class="nt">-body</span><span class="w"> </span><span class="nv">$body</span><span class="w">
</span><span class="nv">$response</span><span class="w">
</span><span class="n">Write-Host</span><span class="w"> </span><span class="s2">""</span><span class="p">}</span><span class="w">
</span><span class="kr">Catch</span><span class="w"> </span><span class="p">{</span><span class="n">ResponseException</span><span class="w"> </span><span class="c"># Call Function ResponseException to get error response from the exception
</span><span class="w">
</span><span class="p">}</span></code></pre></figure>
<h3 id="create-edge-uplink-profile">Create Edge Uplink Profile</h3>
<p>This NSX-T API call will create our Edge uplink profile:</p>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="c"># ==== CREATE EDGE UPLINK PROFILE =================================================================
</span><span class="w">
</span><span class="nv">$eupuri</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"</span><span class="nv">$baseuri</span><span class="s2">/policy/api/v1/infra/host-switch-profiles/</span><span class="nv">$NSXTSite</span><span class="s2">-</span><span class="nv">$EUPSuffix</span><span class="s2">"</span><span class="w">
</span><span class="nv">$body</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="sh">@"
{
"display_name": "</span><span class="si">$(</span><span class="nv">$NSXTSite</span><span class="si">)</span><span class="sh">-</span><span class="si">$(</span><span class="nv">$EUPSuffix</span><span class="si">)</span><span class="sh">",
"resource_type": "PolicyUplinkHostSwitchProfile",
"transport_vlan": </span><span class="si">$(</span><span class="nv">$ETransVLAN</span><span class="si">)</span><span class="sh">,
"teaming": {
"policy": "</span><span class="si">$(</span><span class="nv">$EUPTeaming</span><span class="si">)</span><span class="sh">",
"active_list": [
{
"uplink_name": "Uplink-1",
"uplink_type": "PNIC"
},
{
"uplink_name": "Uplink-2",
"uplink_type": "PNIC"
}
]
}
}
"@</span><span class="w">
</span><span class="kr">Try</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nv">$response</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">invoke-restmethod</span><span class="w"> </span><span class="nt">-uri</span><span class="w"> </span><span class="nv">$eupuri</span><span class="w"> </span><span class="nt">-headers</span><span class="w"> </span><span class="nv">$headers</span><span class="w"> </span><span class="nt">-method</span><span class="w"> </span><span class="nx">PATCH</span><span class="w"> </span><span class="nt">-body</span><span class="w"> </span><span class="nv">$body</span><span class="w">
</span><span class="nv">$response</span><span class="w">
</span><span class="n">Write-Host</span><span class="w"> </span><span class="s2">""</span><span class="p">}</span><span class="w">
</span><span class="kr">Catch</span><span class="w"> </span><span class="p">{</span><span class="n">ResponseException</span><span class="w"> </span><span class="c"># Call Function ResponseException to get error response from the exception
</span><span class="w">
</span><span class="p">}</span></code></pre></figure>
<h3 id="create-tep-pool">Create TEP Pool</h3>
<p>This NSX-T API call will create our TEP IP pool and subnet:</p>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="c"># ==== CREATE TEP POOL =======================================================================================================================================
</span><span class="w">
</span><span class="nv">$ippooluri</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"</span><span class="nv">$baseuri</span><span class="s2">/policy/api/v1/infra/ip-pools/</span><span class="nv">$NSXTSite</span><span class="s2">-</span><span class="nv">$IPPSuffix</span><span class="s2">"</span><span class="w">
</span><span class="nv">$body</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="sh">@"
{
"display_name": "</span><span class="si">$(</span><span class="nv">$NSXTSite</span><span class="si">)</span><span class="sh">-</span><span class="si">$(</span><span class="nv">$IPPSuffix</span><span class="si">)</span><span class="sh">"
}
"@</span><span class="w">
</span><span class="kr">Try</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nv">$response</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">invoke-restmethod</span><span class="w"> </span><span class="nt">-uri</span><span class="w"> </span><span class="nv">$ippooluri</span><span class="w"> </span><span class="nt">-headers</span><span class="w"> </span><span class="nv">$headers</span><span class="w"> </span><span class="nt">-method</span><span class="w"> </span><span class="nx">PATCH</span><span class="w"> </span><span class="nt">-body</span><span class="w"> </span><span class="nv">$body</span><span class="w">
</span><span class="nv">$response</span><span class="w">
</span><span class="n">Write-Host</span><span class="w"> </span><span class="s2">""</span><span class="p">}</span><span class="w">
</span><span class="kr">Catch</span><span class="w"> </span><span class="p">{</span><span class="n">ResponseException</span><span class="w"> </span><span class="c"># Call Function ResponseException to get error response from the exception
</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="c"># ==== CREATE TEP POOL SUBNET ================================================================================================================================
</span><span class="w">
</span><span class="nv">$ippoolsubneturi</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"</span><span class="nv">$baseuri</span><span class="s2">/policy/api/v1/infra/ip-pools/</span><span class="nv">$NSXTSite</span><span class="s2">-</span><span class="nv">$IPPSuffix</span><span class="s2">/ip-subnets/Subnet-1"</span><span class="w">
</span><span class="nv">$body</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="sh">@"
{
"resource_type": "IpAddressPoolStaticSubnet",
"allocation_ranges": [
{
"start": "</span><span class="nv">$IPPStart</span><span class="sh">",
"end": "</span><span class="nv">$IPPEnd</span><span class="sh">"
}
],
"cidr": "</span><span class="nv">$IPPCIDR</span><span class="sh">",
"gateway_ip": "</span><span class="nv">$IPPGW</span><span class="sh">"
}
"@</span><span class="w">
</span><span class="kr">Try</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nv">$response</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">invoke-restmethod</span><span class="w"> </span><span class="nt">-uri</span><span class="w"> </span><span class="nv">$ippoolsubneturi</span><span class="w"> </span><span class="nt">-headers</span><span class="w"> </span><span class="nv">$headers</span><span class="w"> </span><span class="nt">-method</span><span class="w"> </span><span class="nx">PATCH</span><span class="w"> </span><span class="nt">-body</span><span class="w"> </span><span class="nv">$body</span><span class="w">
</span><span class="nv">$response</span><span class="w">
</span><span class="n">Write-Host</span><span class="w"> </span><span class="s2">""</span><span class="p">}</span><span class="w">
</span><span class="kr">Catch</span><span class="w"> </span><span class="p">{</span><span class="n">ResponseException</span><span class="w"> </span><span class="c"># Call Function ResponseException to get error response from the exception
</span><span class="w">
</span><span class="p">}</span></code></pre></figure>
<h3 id="attach-vcenter">Attach vCenter</h3>
<p>This NSX-T API call will attach our vCenter as a Compute Manager in NSX-T:</p>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="c"># ==== ADD vCENTER ================================================================================
</span><span class="w">
</span><span class="kr">Try</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nv">$response</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">invoke-restmethod</span><span class="w"> </span><span class="nt">-uri</span><span class="w"> </span><span class="s2">"https://</span><span class="nv">$vc</span><span class="s2">"</span><span class="w"> </span><span class="nt">-Method</span><span class="w"> </span><span class="nx">Get</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Out-Null</span><span class="w">
</span><span class="nv">$response</span><span class="w">
</span><span class="n">Write-Host</span><span class="w"> </span><span class="s2">""</span><span class="p">}</span><span class="w">
</span><span class="kr">Catch</span><span class="w"> </span><span class="p">{</span><span class="n">ResponseException</span><span class="w"> </span><span class="c"># Call Function ResponseException to get error response from the exception
</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="nv">$EndPoint</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span><span class="n">System.Net.Webrequest</span><span class="p">]::</span><span class="n">Create</span><span class="p">(</span><span class="s2">"https://</span><span class="nv">$vc</span><span class="s2">"</span><span class="p">)</span><span class="w">
</span><span class="nv">$cert</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$EndPoint</span><span class="o">.</span><span class="nf">ServicePoint</span><span class="o">.</span><span class="nf">Certificate</span><span class="w">
</span><span class="nv">$BYTES</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$cert</span><span class="o">.</span><span class="nf">Export</span><span class="p">([</span><span class="n">Security.Cryptography.X509Certificates.X509ContentType</span><span class="p">]::</span><span class="nx">Cert</span><span class="p">)</span><span class="w">
</span><span class="n">Set-content</span><span class="w"> </span><span class="nt">-value</span><span class="w"> </span><span class="nv">$BYTES</span><span class="w"> </span><span class="nt">-encoding</span><span class="w"> </span><span class="nx">byte</span><span class="w"> </span><span class="nt">-path</span><span class="w"> </span><span class="nv">$</span><span class="nn">ENV</span><span class="p">:</span><span class="nv">TMP</span><span class="nx">\cert-temp</span><span class="w">
</span><span class="nv">$VCThumbprint</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">((</span><span class="n">Get-FileHash</span><span class="w"> </span><span class="nt">-Path</span><span class="w"> </span><span class="nv">$</span><span class="nn">ENV</span><span class="p">:</span><span class="nv">TMP</span><span class="nx">\cert-temp</span><span class="w"> </span><span class="nt">-Algorithm</span><span class="w"> </span><span class="nx">SHA256</span><span class="p">)</span><span class="o">.</span><span class="nf">Hash</span><span class="p">)</span><span class="w"> </span><span class="o">-replace</span><span class="w"> </span><span class="s1">'(..(?!$))'</span><span class="p">,</span><span class="s1">'$1:'</span><span class="w">
</span><span class="nv">$VCHost</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"</span><span class="si">$(</span><span class="nv">$EndPoint</span><span class="o">.</span><span class="nf">Host</span><span class="si">)</span><span class="s2">"</span><span class="w">
</span><span class="nv">$addcompmgruri</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"</span><span class="nv">$baseuri</span><span class="s2">/api/v1/fabric/compute-managers"</span><span class="w">
</span><span class="nv">$body</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="sh">@"
{
"server": "</span><span class="si">$(</span><span class="nv">$VCHost</span><span class="si">)</span><span class="sh">",
"origin_type": "vCenter",
"display_name": "</span><span class="si">$(</span><span class="nv">$VCHost</span><span class="o">.</span><span class="nf">ToUpper</span><span class="p">()</span><span class="si">)</span><span class="sh">",
"credential" : {
"credential_type" : "UsernamePasswordLoginCredential",
"username": "</span><span class="si">$(</span><span class="nv">$VCSSOUser</span><span class="si">)</span><span class="sh">",
"password": "</span><span class="si">$(</span><span class="nv">$VCSSOPass</span><span class="si">)</span><span class="sh">",
"thumbprint": "</span><span class="si">$(</span><span class="nv">$VCThumbprint</span><span class="si">)</span><span class="sh">"
}
}
"@</span><span class="w">
</span><span class="kr">Try</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nv">$response</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">invoke-restmethod</span><span class="w"> </span><span class="nt">-uri</span><span class="w"> </span><span class="nv">$addcompmgruri</span><span class="w"> </span><span class="nt">-headers</span><span class="w"> </span><span class="nv">$headers</span><span class="w"> </span><span class="nt">-method</span><span class="w"> </span><span class="nx">POST</span><span class="w"> </span><span class="nt">-body</span><span class="w"> </span><span class="nv">$body</span><span class="w">
</span><span class="nv">$response</span><span class="w">
</span><span class="n">Write-Host</span><span class="w"> </span><span class="s2">""</span><span class="p">}</span><span class="w">
</span><span class="kr">Catch</span><span class="w"> </span><span class="p">{</span><span class="n">ResponseException</span><span class="w"> </span><span class="c"># Call Function ResponseException to get error response from the exception
</span><span class="w">
</span><span class="p">}</span></code></pre></figure>
<h3 id="create-transport-node-profile">Create Transport Node Profile</h3>
<p>This NSX-T API call will create our Transport node profile:</p>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="c"># ==== CREATE TRANSPORT NODE PROFILE ==============================================================
</span><span class="w">
</span><span class="c"># Get DVS ID
</span><span class="w">
</span><span class="nv">$vctr</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">Connect-VIServer</span><span class="w"> </span><span class="nv">$vc</span><span class="w"> </span><span class="nt">-User</span><span class="w"> </span><span class="s2">"</span><span class="nv">$VCSSOUser</span><span class="s2">"</span><span class="w"> </span><span class="nt">-Password</span><span class="w"> </span><span class="nv">$VCSSOPass</span><span class="w"> </span><span class="c">#-WarningAction SilentlyContinue
</span><span class="w">
</span><span class="nv">$vds</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="n">Get-VDSwitch</span><span class="w"> </span><span class="nt">-Name</span><span class="w"> </span><span class="s2">"</span><span class="nv">$DVSwitch</span><span class="s2">"</span><span class="w"> </span><span class="nt">-Server</span><span class="w"> </span><span class="s2">"</span><span class="nv">$vc</span><span class="s2">"</span><span class="p">)</span><span class="o">.</span><span class="nf">ExtensionData</span><span class="w">
</span><span class="nv">$vdsuuid</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$vds</span><span class="o">.</span><span class="nf">Uuid</span><span class="w">
</span><span class="n">Disconnect-VIServer</span><span class="w"> </span><span class="nv">$vc</span><span class="w"> </span><span class="nt">-Confirm</span><span class="p">:</span><span class="bp">$false</span><span class="w">
</span><span class="c"># Get transport zone IDs
</span><span class="w">
</span><span class="nv">$uri</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"</span><span class="nv">$baseuri</span><span class="s2">/policy/api/v1/transport-zones"</span><span class="w">
</span><span class="kr">Try</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nv">$response</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">invoke-restmethod</span><span class="w"> </span><span class="nt">-uri</span><span class="w"> </span><span class="nv">$uri</span><span class="w"> </span><span class="nt">-headers</span><span class="w"> </span><span class="nv">$headers</span><span class="w"> </span><span class="nt">-method</span><span class="w"> </span><span class="nx">GET</span><span class="w">
</span><span class="nv">$response</span><span class="w">
</span><span class="n">Write-Host</span><span class="w"> </span><span class="s2">""</span><span class="p">}</span><span class="w">
</span><span class="kr">Catch</span><span class="w"> </span><span class="p">{</span><span class="n">ResponseException</span><span class="w"> </span><span class="c"># Call Function ResponseException to get error response from the exception
</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="kr">foreach</span><span class="w"> </span><span class="p">(</span><span class="nv">$zone</span><span class="w"> </span><span class="kr">in</span><span class="w"> </span><span class="err">$</span><span class="p">(</span><span class="nv">$response</span><span class="o">.</span><span class="nf">results</span><span class="p">))</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="kr">if</span><span class="w"> </span><span class="p">(</span><span class="nv">$zone</span><span class="o">.</span><span class="nf">display_name</span><span class="w"> </span><span class="o">-eq</span><span class="w"> </span><span class="s2">"</span><span class="si">$(</span><span class="nv">$NSXTSite</span><span class="si">)</span><span class="s2">-</span><span class="si">$(</span><span class="nv">$TZOvLySuffix</span><span class="si">)</span><span class="s2">"</span><span class="p">)</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nv">$ovlytzid</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$zone</span><span class="o">.</span><span class="nf">id</span><span class="w"> </span><span class="p">}</span><span class="w">
</span><span class="kr">if</span><span class="w"> </span><span class="p">(</span><span class="nv">$zone</span><span class="o">.</span><span class="nf">display_name</span><span class="w"> </span><span class="o">-eq</span><span class="w"> </span><span class="s2">"</span><span class="si">$(</span><span class="nv">$NSXTSite</span><span class="si">)</span><span class="s2">-</span><span class="si">$(</span><span class="nv">$TZVlanSuffix</span><span class="si">)</span><span class="s2">"</span><span class="p">)</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nv">$vlantzid</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$zone</span><span class="o">.</span><span class="nf">id</span><span class="w"> </span><span class="p">}</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="c"># Create Profile
</span><span class="w">
</span><span class="nv">$tnpuri</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"</span><span class="nv">$baseuri</span><span class="s2">/policy/api/v1/infra/host-transport-node-profiles/</span><span class="nv">$NSXTSite</span><span class="s2">-</span><span class="nv">$TNPSuffix</span><span class="s2">"</span><span class="w">
</span><span class="nv">$body</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="sh">@"
{
"host_switch_spec": {
"host_switches": [
{
"host_switch_name": "nsxDefaultHostSwitch",
"host_switch_id": "</span><span class="si">$(</span><span class="nv">$vdsuuid</span><span class="si">)</span><span class="sh">",
"host_switch_type": "VDS",
"host_switch_mode": "STANDARD",
"host_switch_profile_ids": [
{
"key": "UplinkHostSwitchProfile",
"value": "/infra/host-switch-profiles/</span><span class="si">$(</span><span class="nv">$NSXTSite</span><span class="si">)</span><span class="sh">-</span><span class="si">$(</span><span class="nv">$HUPSuffix</span><span class="si">)</span><span class="sh">"
}
],
"uplinks": [
{
"vds_uplink_name": "Uplink 1",
"uplink_name": "Uplink-1"
},
{
"vds_uplink_name": "Uplink 2",
"uplink_name": "Uplink-2"
}
],
"is_migrate_pnics": false,
"ip_assignment_spec": {
"ip_pool_id": "/infra/ip-pools/</span><span class="si">$(</span><span class="nv">$NSXTSite</span><span class="si">)</span><span class="sh">-</span><span class="si">$(</span><span class="nv">$IPPSuffix</span><span class="si">)</span><span class="sh">",
"resource_type": "StaticIpPoolSpec"
},
"cpu_config": [],
"transport_zone_endpoints": [
{
"transport_zone_id": "/infra/sites/default/enforcement-points/default/transport-zones/</span><span class="nv">$ovlytzid</span><span class="sh">"
},
{
"transport_zone_id": "/infra/sites/default/enforcement-points/default/transport-zones/</span><span class="nv">$vlantzid</span><span class="sh">"
}
],
"not_ready": false
}
],
"resource_type": "StandardHostSwitchSpec"
},
"ignore_overridden_hosts": false,
"resource_type": "PolicyHostTransportNodeProfile",
"display_name": "</span><span class="si">$(</span><span class="nv">$NSXTSite</span><span class="si">)</span><span class="sh">-</span><span class="si">$(</span><span class="nv">$TNPSuffix</span><span class="si">)</span><span class="sh">"
}
"@</span><span class="w">
</span><span class="kr">Try</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nv">$response</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">invoke-restmethod</span><span class="w"> </span><span class="nt">-uri</span><span class="w"> </span><span class="nv">$tnpuri</span><span class="w"> </span><span class="nt">-headers</span><span class="w"> </span><span class="nv">$headers</span><span class="w"> </span><span class="nt">-method</span><span class="w"> </span><span class="nx">PUT</span><span class="w"> </span><span class="nt">-body</span><span class="w"> </span><span class="nv">$body</span><span class="w">
</span><span class="nv">$response</span><span class="w">
</span><span class="n">Write-Host</span><span class="w"> </span><span class="s2">""</span><span class="p">}</span><span class="w">
</span><span class="kr">Catch</span><span class="w"> </span><span class="p">{</span><span class="n">ResponseException</span><span class="w"> </span><span class="c"># Call Function ResponseException to get error response from the exception
</span><span class="w">
</span><span class="p">}</span></code></pre></figure>
<h3 id="prepare-cluster">Prepare Cluster</h3>
<p>This NSX-T API call will apply our transport node profile to our compute cluster:</p>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="c"># ==== PREPARE CLUSTER ============================================================================
</span><span class="w">
</span><span class="c"># Get Compute Cluster ID
</span><span class="w">
</span><span class="nv">$uri</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"</span><span class="nv">$baseuri</span><span class="s2">/api/v1/fabric/compute-collections"</span><span class="w">
</span><span class="kr">Try</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nv">$response</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">invoke-restmethod</span><span class="w"> </span><span class="nt">-uri</span><span class="w"> </span><span class="nv">$uri</span><span class="w"> </span><span class="nt">-headers</span><span class="w"> </span><span class="nv">$headers</span><span class="w"> </span><span class="nt">-method</span><span class="w"> </span><span class="nx">GET</span><span class="w">
</span><span class="nv">$response</span><span class="w">
</span><span class="n">Write-Host</span><span class="w"> </span><span class="s2">""</span><span class="p">}</span><span class="w">
</span><span class="kr">Catch</span><span class="w"> </span><span class="p">{</span><span class="n">ResponseException</span><span class="w"> </span><span class="c"># Call Function ResponseException to get error response from the exception
</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="kr">foreach</span><span class="w"> </span><span class="p">(</span><span class="nv">$collection</span><span class="w"> </span><span class="kr">in</span><span class="w"> </span><span class="err">$</span><span class="p">(</span><span class="nv">$response</span><span class="o">.</span><span class="nf">results</span><span class="p">))</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="kr">if</span><span class="w"> </span><span class="p">(</span><span class="nv">$collection</span><span class="o">.</span><span class="nf">display_name</span><span class="w"> </span><span class="o">-eq</span><span class="w"> </span><span class="s2">"</span><span class="nv">$VCCluster</span><span class="s2">"</span><span class="p">)</span><span class="w"> </span><span class="p">{</span><span class="nv">$collectid</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$collection</span><span class="o">.</span><span class="nf">external_id</span><span class="p">}</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="c"># Prepare Cluster
</span><span class="w">
</span><span class="nv">$prepuri</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"</span><span class="nv">$baseuri</span><span class="s2">/policy/api/v1/infra/sites/default/enforcement-points/default/transport-node-collections/TNC"</span><span class="w">
</span><span class="nv">$body</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="sh">@"
{
"resource_type": "HostTransportNodeCollection",
"compute_collection_id": "</span><span class="nv">$collectid</span><span class="sh">",
"transport_node_profile_id": "/infra/host-transport-node-profiles/</span><span class="si">$(</span><span class="nv">$NSXTSite</span><span class="si">)</span><span class="sh">-</span><span class="si">$(</span><span class="nv">$TNPSuffix</span><span class="si">)</span><span class="sh">"
}
"@</span><span class="w">
</span><span class="kr">Try</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nv">$response</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">invoke-restmethod</span><span class="w"> </span><span class="nt">-uri</span><span class="w"> </span><span class="nv">$prepuri</span><span class="w"> </span><span class="nt">-headers</span><span class="w"> </span><span class="nv">$headers</span><span class="w"> </span><span class="nt">-method</span><span class="w"> </span><span class="nx">PUT</span><span class="w"> </span><span class="nt">-body</span><span class="w"> </span><span class="nv">$body</span><span class="w">
</span><span class="nv">$response</span><span class="w">
</span><span class="n">Write-Host</span><span class="w"> </span><span class="s2">""</span><span class="p">}</span><span class="w">
</span><span class="kr">Catch</span><span class="w"> </span><span class="p">{</span><span class="n">ResponseException</span><span class="w"> </span><span class="c"># Call Function ResponseException to get error response from the exception
</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="n">Sleep</span><span class="w"> </span><span class="nx">300</span><span class="w"> </span><span class="c"># Wait 5 mins for Cluster Preparation</span></code></pre></figure>
<h3 id="check-host-tep-connectivity">Check Host TEP Connectivity</h3>
<p>Lets log on to our host and confirm it can ping the TEP VLAN gateway:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Check Host TEP" src="/images/nsx-t-overlay-lab-pt3/nsx-t-overlay-lab-pt3-01.png" /></p>
<p>Yep, looks good.</p>
<h3 id="create-trunk-vlan-segment">Create Trunk VLAN Segment</h3>
<p>This NSX-T API call will create our Trunk VLAN segment:</p>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="c"># ==== CREATE TRUNK VLAN SEGMENT ==================================================================
</span><span class="w">
</span><span class="nv">$seguri</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"</span><span class="nv">$baseuri</span><span class="s2">/policy/api/v1/infra/segments/</span><span class="nv">$NSXTSite</span><span class="s2">-Trunk"</span><span class="w">
</span><span class="nv">$body</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="sh">@"
{
"display_name": "</span><span class="nv">$NSXTSite</span><span class="sh">-Trunk",
"vlan_ids": [
"0-4094"
],
"transport_zone_path": "/infra/sites/default/enforcement-points/default/transport-zones/</span><span class="nv">$vlantzid</span><span class="sh">"
}
"@</span><span class="w">
</span><span class="kr">Try</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nv">$response</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">invoke-restmethod</span><span class="w"> </span><span class="nt">-uri</span><span class="w"> </span><span class="nv">$seguri</span><span class="w"> </span><span class="nt">-headers</span><span class="w"> </span><span class="nv">$headers</span><span class="w"> </span><span class="nt">-method</span><span class="w"> </span><span class="nx">PUT</span><span class="w"> </span><span class="nt">-body</span><span class="w"> </span><span class="nv">$body</span><span class="w">
</span><span class="nv">$response</span><span class="w">
</span><span class="n">Write-Host</span><span class="w"> </span><span class="s2">""</span><span class="p">}</span><span class="w">
</span><span class="kr">Catch</span><span class="w"> </span><span class="p">{</span><span class="n">ResponseException</span><span class="w"> </span><span class="c"># Call Function ResponseException to get error response from the exception
</span><span class="w">
</span><span class="p">}</span></code></pre></figure>
<h3 id="create-edge-nodes">Create Edge Node(s)</h3>
<p>This NSX-T API call will create our Edge node:</p>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="c"># ==== CREATE EDGE NODES ==========================================================================
</span><span class="w">
</span><span class="c"># Get Edge Uplink Profile ID
</span><span class="w">
</span><span class="nv">$eupuri</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"</span><span class="nv">$baseuri</span><span class="s2">/policy/api/v1/infra/host-switch-profiles/</span><span class="nv">$NSXTSite</span><span class="s2">-</span><span class="nv">$EUPSuffix</span><span class="s2">"</span><span class="w">
</span><span class="kr">Try</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nv">$response</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">invoke-restmethod</span><span class="w"> </span><span class="nt">-uri</span><span class="w"> </span><span class="nv">$eupuri</span><span class="w"> </span><span class="nt">-headers</span><span class="w"> </span><span class="nv">$headers</span><span class="w"> </span><span class="nt">-method</span><span class="w"> </span><span class="nx">GET</span><span class="w">
</span><span class="nv">$response</span><span class="w">
</span><span class="n">Write-Host</span><span class="w"> </span><span class="s2">""</span><span class="p">}</span><span class="w">
</span><span class="kr">Catch</span><span class="w"> </span><span class="p">{</span><span class="n">ResponseException</span><span class="w"> </span><span class="c"># Call Function ResponseException to get error response from the exception
</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="nv">$eupid</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$response</span><span class="o">.</span><span class="nf">unique_id</span><span class="w">
</span><span class="c"># Get IP Pool ID
</span><span class="w">
</span><span class="nv">$ippooluri</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"</span><span class="nv">$baseuri</span><span class="s2">/policy/api/v1/infra/ip-pools/</span><span class="nv">$NSXTSite</span><span class="s2">-</span><span class="nv">$IPPSuffix</span><span class="s2">"</span><span class="w">
</span><span class="kr">Try</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nv">$response</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">invoke-restmethod</span><span class="w"> </span><span class="nt">-uri</span><span class="w"> </span><span class="nv">$ippooluri</span><span class="w"> </span><span class="nt">-headers</span><span class="w"> </span><span class="nv">$headers</span><span class="w"> </span><span class="nt">-method</span><span class="w"> </span><span class="nx">GET</span><span class="w">
</span><span class="nv">$response</span><span class="w">
</span><span class="n">Write-Host</span><span class="w"> </span><span class="s2">""</span><span class="p">}</span><span class="w">
</span><span class="kr">Catch</span><span class="w"> </span><span class="p">{</span><span class="n">ResponseException</span><span class="w"> </span><span class="c"># Call Function ResponseException to get error response from the exception
</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="nv">$ippid</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$response</span><span class="o">.</span><span class="nf">unique_id</span><span class="w">
</span><span class="c"># Get Overlay Transport Zone IDs
</span><span class="w">
</span><span class="nv">$tzuri</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"</span><span class="nv">$baseuri</span><span class="s2">/policy/api/v1/transport-zones/"</span><span class="w">
</span><span class="kr">Try</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nv">$response</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">invoke-restmethod</span><span class="w"> </span><span class="nt">-uri</span><span class="w"> </span><span class="nv">$tzuri</span><span class="w"> </span><span class="nt">-headers</span><span class="w"> </span><span class="nv">$headers</span><span class="w"> </span><span class="nt">-method</span><span class="w"> </span><span class="nx">GET</span><span class="w">
</span><span class="nv">$response</span><span class="w">
</span><span class="n">Write-Host</span><span class="w"> </span><span class="s2">""</span><span class="p">}</span><span class="w">
</span><span class="kr">Catch</span><span class="w"> </span><span class="p">{</span><span class="n">ResponseException</span><span class="w"> </span><span class="c"># Call Function ResponseException to get error response from the exception
</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="kr">foreach</span><span class="w"> </span><span class="p">(</span><span class="nv">$zone</span><span class="w"> </span><span class="kr">in</span><span class="w"> </span><span class="err">$</span><span class="p">(</span><span class="nv">$response</span><span class="o">.</span><span class="nf">results</span><span class="p">))</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="kr">if</span><span class="w"> </span><span class="p">(</span><span class="nv">$zone</span><span class="o">.</span><span class="nf">display_name</span><span class="w"> </span><span class="o">-eq</span><span class="w"> </span><span class="s2">"</span><span class="si">$(</span><span class="nv">$NSXTSite</span><span class="si">)</span><span class="s2">-</span><span class="si">$(</span><span class="nv">$TZOvLySuffix</span><span class="si">)</span><span class="s2">"</span><span class="p">)</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nv">$ovlytzid</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$zone</span><span class="o">.</span><span class="nf">id</span><span class="w"> </span><span class="p">}</span><span class="w">
</span><span class="kr">if</span><span class="w"> </span><span class="p">(</span><span class="nv">$zone</span><span class="o">.</span><span class="nf">display_name</span><span class="w"> </span><span class="o">-eq</span><span class="w"> </span><span class="s2">"</span><span class="si">$(</span><span class="nv">$NSXTSite</span><span class="si">)</span><span class="s2">-</span><span class="si">$(</span><span class="nv">$TZVlanSuffix</span><span class="si">)</span><span class="s2">"</span><span class="p">)</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nv">$vlantzid</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$zone</span><span class="o">.</span><span class="nf">id</span><span class="w"> </span><span class="p">}</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="c"># Get IDs from vCenter
</span><span class="w">
</span><span class="nv">$vctr</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">Connect-VIServer</span><span class="w"> </span><span class="nv">$vc</span><span class="w"> </span><span class="nt">-User</span><span class="w"> </span><span class="s2">"</span><span class="nv">$VCSSOUser</span><span class="s2">"</span><span class="w"> </span><span class="nt">-Password</span><span class="w"> </span><span class="nv">$VCSSOPass</span><span class="w"> </span><span class="c">#-WarningAction SilentlyContinue
</span><span class="w">
</span><span class="nv">$vds</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="n">Get-VDSwitch</span><span class="w"> </span><span class="nt">-Name</span><span class="w"> </span><span class="s2">"</span><span class="nv">$DVSwitch</span><span class="s2">"</span><span class="w"> </span><span class="nt">-Server</span><span class="w"> </span><span class="s2">"</span><span class="nv">$vc</span><span class="s2">"</span><span class="p">)</span><span class="o">.</span><span class="nf">ExtensionData</span><span class="w">
</span><span class="nv">$vdsuuid</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$vds</span><span class="o">.</span><span class="nf">Uuid</span><span class="w">
</span><span class="nv">$storid</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="n">Get-Datastore</span><span class="w"> </span><span class="nt">-Name</span><span class="w"> </span><span class="s2">"</span><span class="nv">$Datastore</span><span class="s2">"</span><span class="w"> </span><span class="nt">-Server</span><span class="w"> </span><span class="s2">"</span><span class="nv">$vc</span><span class="s2">"</span><span class="p">)</span><span class="o">.</span><span class="nf">ExtensionData</span><span class="o">.</span><span class="nf">MoRef</span><span class="o">.</span><span class="nf">Value</span><span class="w">
</span><span class="nv">$mgtprtgrp</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="n">Get-VirtualPortgroup</span><span class="w"> </span><span class="nt">-Name</span><span class="w"> </span><span class="s2">"</span><span class="nv">$MgmtDVPrtGrp</span><span class="s2">"</span><span class="p">)</span><span class="o">.</span><span class="nf">key</span><span class="w">
</span><span class="nv">$computeid</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="n">Get-Cluster</span><span class="w"> </span><span class="nt">-Name</span><span class="w"> </span><span class="nv">$VCCluster</span><span class="p">)</span><span class="o">.</span><span class="nf">ExtensionData</span><span class="o">.</span><span class="nf">moref</span><span class="o">.</span><span class="nf">value</span><span class="w">
</span><span class="n">Disconnect-VIServer</span><span class="w"> </span><span class="nv">$vc</span><span class="w"> </span><span class="nt">-Confirm</span><span class="p">:</span><span class="bp">$false</span><span class="w">
</span><span class="c"># Create Edges
</span><span class="w">
</span><span class="nv">$edgeuri</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"</span><span class="nv">$baseuri</span><span class="s2">/api/v1/transport-nodes"</span><span class="w">
</span><span class="kr">ForEach</span><span class="w"> </span><span class="p">(</span><span class="nv">$Node</span><span class="w"> </span><span class="kr">in</span><span class="w"> </span><span class="nv">$EdgeNodes</span><span class="p">){</span><span class="w">
</span><span class="nv">$body</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="sh">@"
{
"display_name": "</span><span class="si">$(</span><span class="p">(</span><span class="nv">$Node</span><span class="o">.</span><span class="nf">Edge</span><span class="si">)</span><span class="sh">.ToUpper())",
"host_switch_spec": {
"host_switches": [
{
"host_switch_name": "N-DVS-01",
"host_switch_type": "NVDS",
"host_switch_mode": "STANDARD",
"host_switch_profile_ids": [
{
"key": "UplinkHostSwitchProfile",
"value": "</span><span class="nv">$eupid</span><span class="sh">"
}
],
"pnics": [
{
"device_name": "fp-eth0",
"uplink_name": "Uplink-1"
},
{
"device_name": "fp-eth1",
"uplink_name": "Uplink-2"
}
],
"is_migrate_pnics": false,
"ip_assignment_spec": {
"ip_pool_id": "</span><span class="nv">$ippid</span><span class="sh">",
"resource_type": "StaticIpPoolSpec"
},
"cpu_config": [],
"transport_zone_endpoints": [
{
"transport_zone_id": "</span><span class="nv">$ovlytzid</span><span class="sh">",
"transport_zone_profile_ids": [
{
"resource_type": "BfdHealthMonitoringProfile",
"profile_id": "52035bb3-ab02-4a08-9884-18631312e50a"
}
]
},
{
"transport_zone_id": "</span><span class="nv">$vlantzid</span><span class="sh">",
"transport_zone_profile_ids": [
{
"resource_type": "BfdHealthMonitoringProfile",
"profile_id": "52035bb3-ab02-4a08-9884-18631312e50a"
}
]
}
],
"not_ready": false
}
],
"resource_type": "StandardHostSwitchSpec"
},
"maintenance_mode": "DISABLED",
"node_deployment_info": {
"deployment_type": "VIRTUAL_MACHINE",
"deployment_config": {
"vm_deployment_config": {
"vc_id": "</span><span class="nv">$vcid</span><span class="sh">",
"compute_id": "</span><span class="nv">$computeid</span><span class="sh">",
"storage_id": "</span><span class="nv">$storid</span><span class="sh">",
"management_network_id": "</span><span class="nv">$mgtprtgrp</span><span class="sh">",
"management_port_subnets": [
{
"ip_addresses": [
"</span><span class="si">$(</span><span class="nv">$Node</span><span class="o">.</span><span class="nf">IP</span><span class="si">)</span><span class="sh">"
],
"prefix_length": "</span><span class="nv">$EdgeCIDR</span><span class="sh">"
}
],
"default_gateway_addresses": [
"</span><span class="nv">$EdgeGWIP</span><span class="sh">"
],
"data_network_ids": [
"/infra/segments/</span><span class="nv">$EdgeUplinks</span><span class="sh">",
"/infra/segments/</span><span class="nv">$EdgeUplinks</span><span class="sh">"
],
"reservation_info": {
"memory_reservation": {
"reservation_percentage": 0
},
"cpu_reservation": {
"reservation_in_shares": "NORMAL_PRIORITY",
"reservation_in_mhz": 0
}
},
"placement_type": "VsphereDeploymentConfig"
},
"form_factor": "SMALL",
"node_user_settings": {
"cli_username": "admin",
"root_password":"</span><span class="nv">$EdgerootPW</span><span class="sh">",
"cli_password":"</span><span class="nv">$EdgeCLIPW</span><span class="sh">"
}
},
"node_settings": {
"hostname": "esg-site-b.lab",
"search_domains": [
"</span><span class="nv">$EdgeDNSSearch</span><span class="sh">"
],
"ntp_servers": [
"</span><span class="nv">$EdgeNTPIP</span><span class="sh">"
],
"dns_servers": [
"</span><span class="nv">$EdgeDNSIP</span><span class="sh">"
],
"enable_ssh": true,
"allow_ssh_root_login": true
},
"resource_type": "EdgeNode",
"ip_addresses": [
"</span><span class="si">$(</span><span class="nv">$Node</span><span class="o">.</span><span class="nf">IP</span><span class="si">)</span><span class="sh">"
]
}
}
"@</span><span class="w">
</span><span class="kr">Try</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nv">$response</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">invoke-restmethod</span><span class="w"> </span><span class="nt">-uri</span><span class="w"> </span><span class="nv">$edgeuri</span><span class="w"> </span><span class="nt">-headers</span><span class="w"> </span><span class="nv">$headers</span><span class="w"> </span><span class="nt">-method</span><span class="w"> </span><span class="nx">POST</span><span class="w"> </span><span class="nt">-body</span><span class="w"> </span><span class="nv">$body</span><span class="w">
</span><span class="nv">$response</span><span class="w">
</span><span class="n">Write-Host</span><span class="w"> </span><span class="s2">""</span><span class="p">}</span><span class="w">
</span><span class="kr">Catch</span><span class="w"> </span><span class="p">{</span><span class="n">ResponseException</span><span class="w"> </span><span class="c"># Call Function ResponseException to get error response from the exception
</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="n">Sleep</span><span class="w"> </span><span class="nx">300</span><span class="w"> </span><span class="c"># Wait 5 mins for Edge Deployment(s)
</span><span class="w">
</span><span class="p">}</span></code></pre></figure>
<h3 id="check-edge-tep-connectivity">Check Edge TEP Connectivity</h3>
<p>Lets log on to our edge and confirm it can ping the TEP VLAN gateway:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Check Edge TEP" src="/images/nsx-t-overlay-lab-pt3/nsx-t-overlay-lab-pt3-02.png" /></p>
<p>Looks good.</p>
<h3 id="create-edge-cluster">Create Edge Cluster</h3>
<p>This NSX-T API call will create our Edge node cluster:</p>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="c"># ==== CREATE EDGE CLUSTER ========================================================================
</span><span class="w">
</span><span class="c"># Get Edge Nodes
</span><span class="w">
</span><span class="nv">$edgeuri</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"</span><span class="nv">$baseuri</span><span class="s2">/api/v1/transport-nodes"</span><span class="w">
</span><span class="kr">Try</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nv">$response</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">invoke-restmethod</span><span class="w"> </span><span class="nt">-uri</span><span class="w"> </span><span class="nv">$edgeuri</span><span class="w"> </span><span class="nt">-headers</span><span class="w"> </span><span class="nv">$headers</span><span class="w"> </span><span class="nt">-method</span><span class="w"> </span><span class="nx">GET</span><span class="w">
</span><span class="nv">$response</span><span class="w">
</span><span class="n">Write-Host</span><span class="w"> </span><span class="s2">""</span><span class="p">}</span><span class="w">
</span><span class="kr">Catch</span><span class="w"> </span><span class="p">{</span><span class="n">ResponseException</span><span class="w"> </span><span class="c"># Call Function ResponseException to get error response from the exception
</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="nv">$Edgenodes</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$response</span><span class="o">.</span><span class="nf">results</span><span class="o">.</span><span class="nf">Where</span><span class="p">{</span><span class="bp">$_</span><span class="o">.</span><span class="nf">node_deployment_info</span><span class="o">.</span><span class="nf">deployment_type</span><span class="w"> </span><span class="o">-eq</span><span class="w"> </span><span class="s2">"VIRTUAL_MACHINE"</span><span class="p">}</span><span class="w">
</span><span class="nv">$memberlist</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">@()</span><span class="w">
</span><span class="kr">ForEach</span><span class="w"> </span><span class="p">(</span><span class="nv">$Edgenode</span><span class="w"> </span><span class="kr">in</span><span class="w"> </span><span class="nv">$Edgenodes</span><span class="p">){</span><span class="w">
</span><span class="nv">$out</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">new-object</span><span class="w"> </span><span class="nx">psobject</span><span class="w">
</span><span class="nv">$out</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Add-Member</span><span class="w"> </span><span class="nx">noteproperty</span><span class="w"> </span><span class="s2">"transport_node_id"</span><span class="w"> </span><span class="s2">"</span><span class="si">$(</span><span class="nv">$edgenode</span><span class="o">.</span><span class="nf">id</span><span class="si">)</span><span class="s2">"</span><span class="w">
</span><span class="nv">$out</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Add-Member</span><span class="w"> </span><span class="nx">noteproperty</span><span class="w"> </span><span class="s2">"display_name"</span><span class="w"> </span><span class="s2">"</span><span class="si">$(</span><span class="nv">$edgenode</span><span class="o">.</span><span class="nf">display_name</span><span class="si">)</span><span class="s2">"</span><span class="w">
</span><span class="nv">$memberlist</span><span class="w"> </span><span class="o">+=</span><span class="w"> </span><span class="nv">$out</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="nv">$memberlistjson</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$memberlist</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">ConvertTo-Json</span><span class="w">
</span><span class="c"># Create Edge Cluster
</span><span class="w">
</span><span class="nv">$edcluuri</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"</span><span class="nv">$baseuri</span><span class="s2">/api/v1/edge-clusters"</span><span class="w">
</span><span class="nv">$body</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="sh">@"
{
"member_node_type": "EDGE_NODE",
"resource_type": "EdgeCluster",
"display_name": "</span><span class="si">$(</span><span class="nv">$NSXTSite</span><span class="si">)</span><span class="sh">-</span><span class="si">$(</span><span class="nv">$EdgeCluSuffix</span><span class="si">)</span><span class="sh">",
"deployment_type": "VIRTUAL_MACHINE",
"members": </span><span class="si">$(</span><span class="nv">$memberlistjson</span><span class="si">)</span><span class="sh">,
"cluster_profile_bindings": [
{
"resource_type": "EdgeHighAvailabilityProfile",
"profile_id": "91bcaa06-47a1-11e4-8316-17ffc770799b"
}
]
}
"@</span><span class="w">
</span><span class="kr">Try</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nv">$response</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">invoke-restmethod</span><span class="w"> </span><span class="nt">-uri</span><span class="w"> </span><span class="nv">$edcluuri</span><span class="w"> </span><span class="nt">-headers</span><span class="w"> </span><span class="nv">$headers</span><span class="w"> </span><span class="nt">-method</span><span class="w"> </span><span class="nx">POST</span><span class="w"> </span><span class="nt">-body</span><span class="w"> </span><span class="nv">$body</span><span class="w">
</span><span class="nv">$response</span><span class="w">
</span><span class="n">Write-Host</span><span class="w"> </span><span class="s2">""</span><span class="p">}</span><span class="w">
</span><span class="kr">Catch</span><span class="w"> </span><span class="p">{</span><span class="n">ResponseException</span><span class="w"> </span><span class="c"># Call Function ResponseException to get error response from the exception
</span><span class="w">
</span><span class="p">}</span></code></pre></figure>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>We made it!</p>
<p>In this post we deployed NSX-T into and configured our second site (the imaginatively named) Site B ready to receive NSX-T federation, in double quick time.</p>
<p>Again the full script used above can be found in my <a href="https://github.com/chall32/PowerShell/blob/main/NSXT-Build-API.ps1" target="_blank">PowerShell Github Repository</a>.</p>
<p>Whilst we don’t yet have all the configuration in place in Site B to produce a half a working cross site NSX-T federated setup, we are well on the way.</p>
<p>We still have to create our Global Tier 0 and Tier 1 Logical routers before we can hook any VMs into our NSX-T build. We will look at that in the next part of this series.</p>
<p>This was part 3 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="/nsx-t-overlay-lab-pt1/" target="_blank">Lab Setup and Overview</a></li>
<li>Part 2: <a href="/nsx-t-overlay-lab-pt2/" target="_blank">Site A Build</a></li>
<li>Part 3: This Part: Automated Site B Build</li>
<li>Part 4: <a href="/nsx-t-overlay-lab-pt4/" target="_blank">Multi Site Federation</a></li>
<li>Part 5: <a href="/nsx-t-overlay-lab-pt5/" target="_blank">Remote Tunnel Endpoints</a></li>
<li>Part 6: <a href="/nsx-t-overlay-lab-pt6/" target="_blank">Federated Tier-0 Gateway</a></li>
<li>Part 7: <a href="/nsx-t-overlay-lab-pt7/" target="_blank">Federated Tier-1 Gateways</a></li>
<li>Part 8: <a href="/nsx-t-overlay-lab-pt8/" target="_blank">Egress Traffic and MEDdling with BGP</a></li>
</ul>
<p>Look out for future parts coming soon!</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nsx-t-overlay-lab-pt3/">NSX-T 3.2: Overlay Lab Build - Part 3</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on March 15, 2022.</p>
https://polarclouds.co.uk/nsx-t-overlay-lab-pt22022-03-07T00:00:00+00:002022-03-07T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX-T Logo" src="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-01.png" />
In this post we will configure our first NSX-T site, the imaginatively named, Site A.</p>
<p>This is where the “rubber meets the road”. In this post not only will we deploy an NSX-T manager appliance, we will hook it into vSphere and complete the configuration required to prepare the site so that it can be ‘paired’ with Site B in preparation to run stretched layer 2 networks across both sites Site A and Site B.</p>
<p>This post is part 2 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="/nsx-t-overlay-lab-pt1/" target="_blank">Lab Setup and Overview</a></li>
<li>Part 2: This Part: Site A Build</li>
<li>Part 3: <a href="/nsx-t-overlay-lab-pt3/" target="_blank">Automated Site B Build</a></li>
<li>Part 4: <a href="/nsx-t-overlay-lab-pt4/" target="_blank">Multi Site Federation</a></li>
<li>Part 5: <a href="/nsx-t-overlay-lab-pt5/" target="_blank">Remote Tunnel Endpoints</a></li>
<li>Part 6: <a href="/nsx-t-overlay-lab-pt6/" target="_blank">Federated Tier-0 Gateway</a></li>
<li>Part 7: <a href="/nsx-t-overlay-lab-pt7/" target="_blank">Federated Tier-1 Gateways</a></li>
<li>Part 8: <a href="/nsx-t-overlay-lab-pt8/" target="_blank">Egress Traffic and MEDdling with BGP</a></li>
</ul>
<p>As a reminder, in this series we will be building the following lab:</p>
<p><a href="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-02.png"><img style="display:block;" src="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-02.png" alt="NSX-T Test Lab" /></a><sup>(Click image to zoom in)</sup></p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#site-a-build" id="markdown-toc-site-a-build">Site A Build</a> <ul>
<li><a href="#ova-deployment--licencing" id="markdown-toc-ova-deployment--licencing">OVA Deployment + Licencing</a></li>
<li><a href="#site-a-transport-zones" id="markdown-toc-site-a-transport-zones">Site A Transport Zones</a></li>
<li><a href="#site-a-host-and-edge-uplink-profiles" id="markdown-toc-site-a-host-and-edge-uplink-profiles">Site A Host and Edge Uplink Profiles</a></li>
<li><a href="#site-a-tep-pool" id="markdown-toc-site-a-tep-pool">Site A TEP Pool</a></li>
<li><a href="#attach-vcenter" id="markdown-toc-attach-vcenter">Attach vCenter</a></li>
<li><a href="#create-transport-node-profile" id="markdown-toc-create-transport-node-profile">Create Transport Node Profile</a></li>
<li><a href="#prepare-host" id="markdown-toc-prepare-host">Prepare Host</a></li>
<li><a href="#check-tep-connectivity" id="markdown-toc-check-tep-connectivity">Check TEP Connectivity</a></li>
<li><a href="#create-trunk-vlan-segment" id="markdown-toc-create-trunk-vlan-segment">Create Trunk VLAN Segment</a></li>
<li><a href="#create-site-a-edge-node" id="markdown-toc-create-site-a-edge-node">Create Site A Edge Node</a></li>
<li><a href="#create-site-a-edge-cluster" id="markdown-toc-create-site-a-edge-cluster">Create Site A Edge Cluster</a></li>
</ul>
</li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="site-a-build">Site A Build</h2>
<h3 id="ova-deployment--licencing">OVA Deployment + Licencing</h3>
<p>See <a href="/nsx-t-3-2-manual-microsegmentation/#nsx-t-download" target="_blank">NSX-T Download</a> to get your very own copy of NSX-T and an evaluation licence too!</p>
<p>For brevity I’m not going to cover the deployment of the NSX-T manager OVA here, suffice to say that the following options should be selected when deploying the NSX-T OVA:</p>
<ul>
<li>VM Name = NSXT-SITE-A</li>
<li>VM Size = Small</li>
<li>Hostname = nsxt-site-a</li>
<li>Role = NSX Manager</li>
<li>IP = 192.168.10.16</li>
<li>Mask = 255.255.255.0</li>
<li>Gateway / DNS / NTP = 192.168.10.1</li>
<li>Enable SSH + SSH root login = ticked</li>
</ul>
<p>See <a href="/nsx-t-overlay-lab-pt1/#site-a-ip-allocation" target="_blank">Site A IP Allocation</a></p>
<h3 id="site-a-transport-zones">Site A Transport Zones</h3>
<p>See <a href="/nsx-t-3-2-manual-microsegmentation/#transport-zone" target="_blank">Transport Zone</a> for further details.</p>
<p>After logging into NSX-T manager, select <strong>System > Fabric > Transport Zones > Add Zone</strong> and create two zones, one overlay zone named <strong>Site-A-Overlay-Transport-Zone</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A Overlay TZ" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-01.png" /></p>
<p>And one VLAN transport zone named <strong>Site-A-VLAN-Transport-Zone</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A VLAN TZ" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-02.png" /></p>
<p>When complete you should have the following:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A TZs" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-03.png" /></p>
<h3 id="site-a-host-and-edge-uplink-profiles">Site A Host and Edge Uplink Profiles</h3>
<p>Next, lets create our uplink profiles. See <a href="/nsx-t-3-2-manual-microsegmentation/#uplink-profile" target="_blank">Uplink Profile</a> for further details.</p>
<p>Select <strong>System > Fabric > Profiles > Uplink Profiles > Add Profile</strong>.</p>
<p>Name the profile <strong>Site-A-Host-Uplink-Profile</strong> and scroll down to Teamings. Leave the teaming policy as <strong>Failover Order</strong> and name the Active Uplinks <strong>Uplink-1,Uplink-2</strong>. As per <a href="/nsx-t-overlay-lab-pt1/#site-a-vlans-and-subnets" target="_blank">Site A VLANs and Subnets</a>, set the Transport VLAN to <strong>11</strong>. As we are using a VDS, there is no need to set an MTU:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A Host Uplink Profile" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-04.png" /></p>
<p>Select <strong>Add Profile</strong> again and lets create a profile named <strong>Site-A-Edge-Uplink-Profile</strong>.</p>
<p>Scroll down to Teamings. Set the teaming policy to <strong>Load Balance Source</strong> and name the Active Uplinks <strong>Uplink-1,Uplink-2</strong>. As per <a href="/nsx-t-overlay-lab-pt1/#site-a-vlans-and-subnets" target="_blank">Site A VLANs and Subnets</a>, set the Transport VLAN to <strong>11</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A Edge Uplink Profile" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-05.png" /></p>
<p>When complete you should have the following:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A Uplink Profiles" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-06.png" /></p>
<h3 id="site-a-tep-pool">Site A TEP Pool</h3>
<p>Next, lets create our Tunnel End Point (TEP) pool. As per <a href="https://kb.vmware.com/s/article/83743" target="_blank">NSX-T Edge TEP networking options (83743)</a> we will create a single TEP pool for use by both our edges and hosts.</p>
<p>A Tunnel End Point is the IP address of a transport node (Edge node or Host) used for Geneve encapsulation within a location.</p>
<p>Select <strong>System > Networking > IP Address Pools > Add IP Address Pool</strong>.</p>
<p>Name the Pool <strong>Site-A-TEP-Pool</strong>, click <strong>Set > Add Subnet > IP Ranges</strong>.</p>
<p>As per <a href="/nsx-t-overlay-lab-pt1/#site-a-ip-allocation" target="_blank">Site A IP Allocation</a>, set the IP range to <strong>192.168.11.2-192.168.11.254</strong>, the CIDR to <strong>192.168.11.0/24</strong>, the Gateway IP to <strong>192.168.11.1</strong> and click <strong>Add</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A TEP Subnet" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-07.png" /></p>
<p>Click <strong>Apply</strong> and <strong>Save</strong>. When complete you should have the following:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A TEP Pool" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-08.png" /></p>
<h3 id="attach-vcenter">Attach vCenter</h3>
<p>Next, lets attach our Site A vCenter.</p>
<p>Select <strong>System > Compute Managers > Add Compute Manager</strong>, complete the wizard, click <strong>Add</strong> and accept the thumbprint when prompted:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A vCenter 1" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-09.png" />
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A vCenter 2" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-10.png" /></p>
<p>When complete you should have the following:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A vCenter" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-11.png" /></p>
<h3 id="create-transport-node-profile">Create Transport Node Profile</h3>
<p>Next, lets create our Transport Node profile. See <a href="/nsx-t-3-2-manual-microsegmentation/#transport-node-profile" target="_blank">Transport Node Profile</a> for further details.</p>
<p>Select <strong>System > Fabric > Profiles > Transport Node Profiles > Add Profile</strong>.</p>
<p>Name the profile <strong>Site-A-Transport-Node-Profile</strong>.</p>
<p>Select <strong>VDS</strong> and <strong>Standard</strong>.</p>
<p>Select <strong>VC-SITE-A</strong> and <strong>SITE-A-DSWITCH</strong>.</p>
<p>Add both <strong>Site-A-Overlay-Transport-Zone</strong> and <strong>Site-A-VLAN-Transport-Zone</strong> transport zones</p>
<p>Select <strong>Site-A-Host-Uplink-Profile</strong></p>
<p>Select <strong>Use IP Pool</strong> and <strong>Site-A-TEP-Pool</strong></p>
<p>Finally, select <strong>Uplink1</strong> and <strong>Uplink 2</strong></p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Trans Profile 1" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-12.png" />
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Trans Profile 2" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-13.png" /></p>
<p>When complete you should have the following:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A Trans Profiles" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-14.png" /></p>
<h3 id="prepare-host">Prepare Host</h3>
<p>Next we need to apply our configuration to our compute node cluster.</p>
<p>Select <strong>System > Fabric > Nodes</strong>. In the drop down, select <strong>VC-SITE-A</strong>.</p>
<p>Next select <strong>SITE-A-CLUSTER</strong> and <strong>Configure NSX</strong>.</p>
<p>Select <strong>Site-A-Transport-Node-Profile</strong> and click Apply:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Cluster Install" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-15.png" /></p>
<p>Allow time for the host preparation to complete:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Cluster Install in Progress" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-16.png" /></p>
<h3 id="check-tep-connectivity">Check TEP Connectivity</h3>
<p>Make a note of the Host’s assigned TEP IP address:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Find host TEP IP" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-17.png" /></p>
<p>Open a SSH connect to the lab router and lets see if we can ping the Host TEP IP over VLAN 11:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Ping Host TEP IP" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-18.png" /></p>
<p>Yep, looks good.</p>
<h3 id="create-trunk-vlan-segment">Create Trunk VLAN Segment</h3>
<p>So that we may also put our Edge TEPs onto VLAN 11, we need to create a VLAN Trunk segment within NSX-T.</p>
<p>Select <strong>System > Networking > Segments > Add Segment</strong>.</p>
<p>Name the Segment <strong>Site-A-Trunk</strong>, Connected Gateway to <strong>None</strong>, Transport Zone to <strong>Site-A-VLAN-Transport-Zone</strong> and enter VLAN of <strong>0-4094</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A Trunk" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-19.png" /></p>
<p>Click <strong>Save</strong> when complete and <strong>No</strong> to continuing configuration. When complete:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A Segments" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-20.png" /></p>
<p>The trunk segment should be visible in vCenter:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A Trunk vCenter" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-21.png" /></p>
<h3 id="create-site-a-edge-node">Create Site A Edge Node</h3>
<p>As this edge node is purely for our lab, lets size it accordingly.</p>
<p>Select <strong>System > Fabric > Nodes > Edge Transport Nodes > Add Edge Node</strong>.</p>
<p>Name the node <strong>ESG-SITE-A</strong>, FQDN to <strong>esg-site-a.lab</strong>. Set Form Factor to <strong>Small</strong></p>
<p>Set CPU Reservation priority to <strong>Normal</strong> and Memory Reservation to <strong>0</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Edge Config 1" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-22.png" />
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Edge Config 2" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-23.png" /></p>
<p>Click <strong>Next</strong>. Complete credentials and enable SSH logins:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Edge Config 3" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-24.png" /></p>
<p>Click <strong>Next</strong>. Select vCenter, Cluster and Datastore:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Edge Config 4" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-25.png" /></p>
<p>Click <strong>Next</strong>. As per <a href="/nsx-t-overlay-lab-pt1/#site-a-ip-allocation" target="_blank">Site A IP Allocation</a>, assign static IP of <strong>192.168.10.22/24</strong> and gateway of <strong>192.168.10.1</strong>.</p>
<p>Click <strong>Select Interface</strong> and select <strong>Site-A-Management</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Edge Config 5" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-26.png" /></p>
<p>Click <strong>Save</strong> and set DNS search domain to <strong>lab</strong>, DNS and NTP servers to <strong>192.168.10.1</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Edge Config 6" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-27.png" /></p>
<p>Click <strong>Next</strong>. Name the switch <strong>N-VDS-1</strong>.</p>
<p>Add both <strong>Site-A-Overlay-Transport-Zone</strong> and <strong>Site-A-VLAN-Transport-Zone</strong> transport zones.</p>
<p>Set Uplink profile to <strong>Site-A-Edge-Uplink-Profile</strong>.</p>
<p>Select <strong>Use IP Pool</strong> and <strong>Site-A-TEP-Pool</strong>.</p>
<p>Finally, Set Uplink-1 and Uplink-2 to Type <strong>VLAN Segment</strong> and <strong>Site-A-Trunk</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Edge Config 7" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-28.png" /></p>
<p>Click <strong>Save</strong> and confirm configuration matches below:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Edge Config 8" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-29.png" />
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Edge Config 9" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-30.png" /></p>
<p>Finally, click <strong>Finish</strong>.</p>
<p>Allow time (circa 5 to 10 minutes) for the edge node to be deployed and configured:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Edge Deploy" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-31.png" /></p>
<p>Upon successful completion of initial configuration, the edge should have been deployed, configured and received two TEP IP addresses:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Edge Deploy Complete" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-32.png" /></p>
<p>Lets open an SSH connect to the lab router and lets see if we can ping the Edge TEP IPs over VLAN 11:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Edge TEP Ping" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-33.png" /></p>
<p>Yep, they look good.</p>
<h3 id="create-site-a-edge-cluster">Create Site A Edge Cluster</h3>
<p>Select <strong>System > Fabric > Nodes > Edge Clusters > Add Edge Cluster</strong>.</p>
<p>Name the cluster <strong>Site-A-Edge-Cluster</strong> and use the arrow to move ESG-SITE-A from the Available box to the Selected box:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Edge Cluster Config" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-34.png" /></p>
<p>Click <strong>Add</strong>. Upon completion the following should be seen:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A Edge Cluster" src="/images/nsx-t-overlay-lab-pt2/nsx-t-overlay-lab-pt2-35.png" /></p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>We made it!</p>
<p>In this post we deployed NSX-T into and configured our first site (the imaginatively named) Site A ready to receive NSX-T federation, and some overlay configuration.</p>
<p>Whilst we don’t yet have all the configuration in place in Site A to produce a half a working cross site NSX-T federated setup, we are well on the way.</p>
<p>We still have to create our Global Tier 0 and Tier 1 Logical routers before we can hook any VMs into our NSX-T build. We will look at that in a later part of this series.</p>
<p>This was part 2 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="/nsx-t-overlay-lab-pt1/" target="_blank">Lab Setup and Overview</a></li>
<li>Part 2: This Part: Site A build</li>
<li>Part 3: <a href="/nsx-t-overlay-lab-pt3/" target="_blank">Automated Site B Build</a></li>
<li>Part 4: <a href="/nsx-t-overlay-lab-pt4/" target="_blank">Multi Site Federation</a></li>
<li>Part 5: <a href="/nsx-t-overlay-lab-pt5/" target="_blank">Remote Tunnel Endpoints</a></li>
<li>Part 6: <a href="/nsx-t-overlay-lab-pt6/" target="_blank">Federated Tier-0 Gateway</a></li>
<li>Part 7: <a href="/nsx-t-overlay-lab-pt7/" target="_blank">Federated Tier-1 Gateways</a></li>
<li>Part 8: <a href="/nsx-t-overlay-lab-pt8/" target="_blank">Egress Traffic and MEDdling with BGP</a></li>
</ul>
<p>Look out for future parts coming soon!</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nsx-t-overlay-lab-pt2/">NSX-T 3.2: Overlay Lab Build - Part 2</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on March 07, 2022.</p>
https://polarclouds.co.uk/nsx-t-overlay-lab-pt12022-02-28T00:00:00+00:002022-02-28T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX-T Logo" src="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-01.png" />
Here we go then, eyes down for our second look at NSX-T.</p>
<p>If you missed the first look, have a read now: <a href="/nsx-t-3-2-manual-microsegmentation/" target="_blank">NSX-T 3.2: Micro-Segmentation Only Deployment - Manual Setup</a> Its a cracking read honest! :wink:</p>
<p>In this series of posts, we’ll be looking at deploying NSX-T 3.2 into a lab environment. Within the lab we will be emulating a two site enterprise with active services running from either site. On to of that, we will configure stretched layer 2 networking that will allow for us to host and failover services from one site to the other without the need for reconfiguration of those services.</p>
<p>This post is part 1 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: This part - Lab Setup and Overview</li>
<li>Part 2: <a href="/nsx-t-overlay-lab-pt2/" target="_blank">Site A Build</a></li>
<li>Part 3: <a href="/nsx-t-overlay-lab-pt3/" target="_blank">Automated Site B Build</a></li>
<li>Part 4: <a href="/nsx-t-overlay-lab-pt4/" target="_blank">Multi Site Federation</a></li>
<li>Part 5: <a href="/nsx-t-overlay-lab-pt5/" target="_blank">Remote Tunnel Endpoints</a></li>
<li>Part 6: <a href="/nsx-t-overlay-lab-pt6/" target="_blank">Federated Tier-0 Gateway</a></li>
<li>Part 7: <a href="/nsx-t-overlay-lab-pt7/" target="_blank">Federated Tier-1 Gateways</a></li>
<li>Part 8: <a href="/nsx-t-overlay-lab-pt8/" target="_blank">Egress Traffic and MEDdling with BGP</a></li>
</ul>
<p>Right then, lets get on with part 1 of the series and take a look at the lab setup.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#the-nsx-t-dual-site-lab-diagram" id="markdown-toc-the-nsx-t-dual-site-lab-diagram">The NSX-T Dual Site Lab Diagram</a></li>
<li><a href="#lab-components" id="markdown-toc-lab-components">Lab Components</a></li>
<li><a href="#lab-networking-configuration" id="markdown-toc-lab-networking-configuration">Lab Networking Configuration</a> <ul>
<li><a href="#site-a-vlans-and-subnets" id="markdown-toc-site-a-vlans-and-subnets">Site A VLANs and Subnets</a></li>
<li><a href="#site-a-ip-allocation" id="markdown-toc-site-a-ip-allocation">Site A IP Allocation</a></li>
<li><a href="#site-b-vlans-and-subnets" id="markdown-toc-site-b-vlans-and-subnets">Site B VLANs and Subnets</a></li>
<li><a href="#site-b-ip-allocation" id="markdown-toc-site-b-ip-allocation">Site B IP Allocation</a></li>
</ul>
</li>
<li><a href="#lab-router-configuration" id="markdown-toc-lab-router-configuration">Lab Router Configuration</a></li>
<li><a href="#top-level-configuration" id="markdown-toc-top-level-configuration">Top Level Configuration</a></li>
<li><a href="#lab-vcenter-configuration" id="markdown-toc-lab-vcenter-configuration">Lab vCenter Configuration</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="the-nsx-t-dual-site-lab-diagram">The NSX-T Dual Site Lab Diagram</h2>
<p>In this series we will be creating following lab:
<a href="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-02.png"><img style="display:block;" src="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-02.png" alt="NSX-T Test Lab" /></a><sup>(Click image to zoom in)</sup></p>
<p>A dual site setup consisting of (imaginatively named) sites “SITE A” and “SITE B”. The grey dotted line running down the middle of the diagram represents the demarcation between the sites.</p>
<h2 id="lab-components">Lab Components</h2>
<p>Lets work our way around the lab to understand the layout. Starting top left.</p>
<p><strong>NSXT Global Manager</strong> - This is our federated NSX-T manager. This manager provides us our single point of management and control for the three NSX-T managers located in the lab (including the this Global Manager). The global manager is also used to apply networking configuration that spans both sites. Read more here: <a href="https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-D5B6DC79-6733-44A7-8072-50221CF2122A.html" target="_blank">NSX Federation</a>.</p>
<p><strong>VC-SITE-A / VC-SITE-B</strong> - vSphere 7 vCenter servers for each site. Both vCenter servers are in enhance link mode. Read more here: <a href="https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vcenter.install.doc/GUID-4394EA1C-0800-4A6A-ADBF-D35C41868C53.html" target="_blank">vCenter Enhanced Linked Mode</a>.</p>
<p><strong>NSXT-SITE-A / NSXT-SITE-B</strong> - The local NSX-T manager responsible for the management and control of local NSX-T resources based in their respective site.</p>
<p><strong>Wider LAN</strong> - The rest of my home network. Nothing to see here, move along…</p>
<p><strong>LABROUTER</strong> - An OPNsense router the configuration of which is discussed here: <a href="/opnsense-bgp-bfd-config/" target="_blank">OPNsense BGP and BFD Configuration</a>.</p>
<p><strong>ESXI-SITE-A / ESXI-SITE-B</strong> - The ESXi host running the our production VMs and NSX-T edge located in either site.</p>
<p><strong>TIER 0 GATEWAY</strong> - A cross site stretched top level logical router that spans across both sites A and B. Read more here: <a href="https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-3F163DEE-1EE6-4D80-BEBF-8D109FDB577C.html" target="_blank">Tier-0 Logical Router</a>.</p>
<p><strong>ESG-SITE-A / ESG-SITE-B</strong> - Our (singular) NSXT-T edge. This being a lab, we only need one edge per site. Production deployments would (SHOULD!) have more than one edge per site. Read more here: <a href="https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/installation/GUID-53295329-F02F-44D7-A6E0-2E3A9FAE6CF9.html" target="_blank">Create an NSX Edge Transport Node</a>.</p>
<p><strong>VMs</strong> - Our production VMs connected to either of our Tier 1 gateways / logical routers.</p>
<p><strong>TIER 1 Gateway (SITE-A Preferred)</strong>: A cross site stretched logical router that spans both sites A and B. Ingress / Egress traffic to VMs connected to this gateway is preferentially routed to run through Site A with failover to Site B should it be required. Read more here: <a href="https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-DAEF8457-8363-4F33-84DA-68AA36A2DE3C.html" target="_blank">Tier-1 Logical Router</a>.</p>
<p><strong>TIER 1 Gateway (SITE-B Preferred)</strong>: A cross site stretched logical router that spans both sites A and B. Ingress / Egress traffic to VMs connected to this gateway is preferentially routed to run through Site B with failover to Site A should it be required. Read more here: <a href="https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-DAEF8457-8363-4F33-84DA-68AA36A2DE3C.html" target="_blank">Tier-1 Logical Router</a>.</p>
<h2 id="lab-networking-configuration">Lab Networking Configuration</h2>
<p>Being that the lab is a collapsed NSX-T setup - that is our edge VMs are running alongside our production VMs on our ESXi hosts - we need to make fairly extensive use of VLANs to segregate traffic to and from our NSX-T lab.</p>
<p>As per <a href="https://kb.vmware.com/s/article/83743" target="_blank">NSX-T Edge TEP networking options (83743)</a>:
Edge TEP and ESXi host TEP can be configured on the same VLAN in the following configurations:</p>
<ul>
<li>Edge VM TEP interface connected to a logical switch on a vDS7 with NSX-T 3.1.0 or above</li>
</ul>
<p>The lab is being built with vSphere 7 and NSX-T 3.2. We will be sharing TEP VLAN for our hosts and our edges.</p>
<h3 id="site-a-vlans-and-subnets">Site A VLANs and Subnets</h3>
<p>The following VLANs and subnets are used on Site A:</p>
<style>
table, th, td {
border: 1px solid black;
border-collapse: collapse;
}
tr:nth-child(even) {background-color: #f2f2f2;}
</style>
<table>
<thead>
<tr>
<th style="text-align: center">VLAN ID</th>
<th style="text-align: left">Subnet</th>
<th style="text-align: left">Use</th>
<th style="text-align: left">OPNsense Interface</th>
<th style="text-align: center">Colour in Diagram</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: center">1</td>
<td style="text-align: left">192.168.10.0/24</td>
<td style="text-align: left">Management Traffic</td>
<td style="text-align: left">SITE_A_MGMT</td>
<td style="text-align: center"><span style="color:#FF0000">Red</span></td>
</tr>
<tr>
<td style="text-align: center">11</td>
<td style="text-align: left">192.168.11.0/24</td>
<td style="text-align: left">Transport End Points (TEPS)</td>
<td style="text-align: left">SITE_A_TRANSPORT_VL11</td>
<td style="text-align: center"><span style="color:#009999">Light Blue</span></td>
</tr>
<tr>
<td style="text-align: center">12</td>
<td style="text-align: left">192.168.12.0/24</td>
<td style="text-align: left">Uplinks</td>
<td style="text-align: left">SITE_A_UPLINK_VL12</td>
<td style="text-align: center"><span style="color:#009999">Light Blue</span></td>
</tr>
<tr>
<td style="text-align: center">13</td>
<td style="text-align: left">192.168.13.0/24</td>
<td style="text-align: left">Remote Transport End Points (RTEPS)</td>
<td style="text-align: left">SITE_A_RMOTE_TRANSPORT_VL13</td>
<td style="text-align: center"><span style="color:#009999">Light Blue</span></td>
</tr>
</tbody>
</table>
<h3 id="site-a-ip-allocation">Site A IP Allocation</h3>
<p>The following IP allocations are in use on Site A:</p>
<style>
table, th, td {
border: 1px solid black;
border-collapse: collapse;
}
tr:nth-child(even) {background-color: #f2f2f2;}
</style>
<table>
<thead>
<tr>
<th style="text-align: left">IP Address</th>
<th style="text-align: center">VLAN ID</th>
<th style="text-align: left">Use</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left">192.168.10.10</td>
<td style="text-align: center">1</td>
<td style="text-align: left">ESXI-SITE-A Management Interface</td>
</tr>
<tr>
<td style="text-align: left">192.168.10.15</td>
<td style="text-align: center">1</td>
<td style="text-align: left">VC-SITE-A Management Interface</td>
</tr>
<tr>
<td style="text-align: left">192.168.10.16</td>
<td style="text-align: center">1</td>
<td style="text-align: left">NSXT-SITE-A Management Interface</td>
</tr>
<tr>
<td style="text-align: left">192.168.10.17</td>
<td style="text-align: center">1</td>
<td style="text-align: left">VC-SITE-A Management (Cluster Virtual IP)</td>
</tr>
<tr>
<td style="text-align: left">192.168.10.19</td>
<td style="text-align: center">1</td>
<td style="text-align: left">NSXT Global Management Interface</td>
</tr>
<tr>
<td style="text-align: left">192.168.10.22</td>
<td style="text-align: center">1</td>
<td style="text-align: left">ESG-SITE-A Management Interface</td>
</tr>
<tr>
<td style="text-align: left">192.168.11.2-254</td>
<td style="text-align: center">11</td>
<td style="text-align: left">Site A Tunnel End Point (TEP) Pool</td>
</tr>
<tr>
<td style="text-align: left">192.168.12.2</td>
<td style="text-align: center">12</td>
<td style="text-align: left">Global Tier 0 Uplink - Site A</td>
</tr>
<tr>
<td style="text-align: left">192.168.13.2-254</td>
<td style="text-align: center">13</td>
<td style="text-align: left">Site A Remote Tunnel End Point (RTEP) Pool</td>
</tr>
</tbody>
</table>
<h3 id="site-b-vlans-and-subnets">Site B VLANs and Subnets</h3>
<p>The following VLANs and subnets are used on Site B:</p>
<style>
table, th, td {
border: 1px solid black;
border-collapse: collapse;
}
tr:nth-child(even) {background-color: #f2f2f2;}
</style>
<table>
<thead>
<tr>
<th style="text-align: center">VLAN ID</th>
<th style="text-align: left">Subnet</th>
<th style="text-align: left">Use</th>
<th style="text-align: left">OPNsense Interface</th>
<th style="text-align: center">Colour in Diagram</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: center">1</td>
<td style="text-align: left">192.168.20.0/24</td>
<td style="text-align: left">Management Traffic</td>
<td style="text-align: left">SITE_B_MGMT</td>
<td style="text-align: center"><span style="color:#3333FF">Blue</span></td>
</tr>
<tr>
<td style="text-align: center">21</td>
<td style="text-align: left">192.168.21.0/24</td>
<td style="text-align: left">Transport End Points (TEPS)</td>
<td style="text-align: left">SITE_B_TRANSPORT_VL21</td>
<td style="text-align: center"><span style="color:#CCCC00">Dark Yellow</span></td>
</tr>
<tr>
<td style="text-align: center">22</td>
<td style="text-align: left">192.168.22.0/24</td>
<td style="text-align: left">Uplinks</td>
<td style="text-align: left">SITE_B_UPLINK_VL22</td>
<td style="text-align: center"><span style="color:#CCCC00">Dark Yellow</span></td>
</tr>
<tr>
<td style="text-align: center">23</td>
<td style="text-align: left">192.168.23.0/24</td>
<td style="text-align: left">Remote Transport End Points (RTEPS)</td>
<td style="text-align: left">SITE_B_RMOTE_TRANSPORT_VL23</td>
<td style="text-align: center"><span style="color:#CCCC00">Dark Yellow</span></td>
</tr>
</tbody>
</table>
<h3 id="site-b-ip-allocation">Site B IP Allocation</h3>
<p>The following IP allocations are in use on Site A:</p>
<style>
table, th, td {
border: 1px solid black;
border-collapse: collapse;
}
tr:nth-child(even) {background-color: #f2f2f2;}
</style>
<table>
<thead>
<tr>
<th style="text-align: left">IP Address</th>
<th style="text-align: center">VLAN ID</th>
<th style="text-align: left">Use</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left">192.168.20.10</td>
<td style="text-align: center">1</td>
<td style="text-align: left">ESXI-SITE-B Management Interface</td>
</tr>
<tr>
<td style="text-align: left">192.168.20.15</td>
<td style="text-align: center">1</td>
<td style="text-align: left">VC-SITE-B Management Interface</td>
</tr>
<tr>
<td style="text-align: left">192.168.20.16</td>
<td style="text-align: center">1</td>
<td style="text-align: left">NSXT-SITE-B Management Interface</td>
</tr>
<tr>
<td style="text-align: left">192.168.20.17</td>
<td style="text-align: center">1</td>
<td style="text-align: left">VC-SITE-B Management (Cluster Virtual IP)</td>
</tr>
<tr>
<td style="text-align: left">192.168.20.22</td>
<td style="text-align: center">1</td>
<td style="text-align: left">ESG-SITE-B Management Interface</td>
</tr>
<tr>
<td style="text-align: left">192.168.21.2-254</td>
<td style="text-align: center">21</td>
<td style="text-align: left">Site B Tunnel End Point (TEP) Pool</td>
</tr>
<tr>
<td style="text-align: left">192.168.22.2</td>
<td style="text-align: center">22</td>
<td style="text-align: left">Global Tier 0 Uplink - Site B</td>
</tr>
<tr>
<td style="text-align: left">192.168.23.2-254</td>
<td style="text-align: center">23</td>
<td style="text-align: left">Site B Remote Tunnel End Point (RTEP) Pool</td>
</tr>
</tbody>
</table>
<h2 id="lab-router-configuration">Lab Router Configuration</h2>
<p>Looking at interfaces as configured on LABROUTER:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="OPNsense Interfaces" src="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-03.png" /></p>
<p>As previously detailed, the .1 IP address of each subnets are assigned to the interfaces and VLANs configured on the lab router.</p>
<p>The WAN interface is used for connectivity to the rest of my home network.</p>
<p>The only other in use services running on the lab router are:</p>
<ul>
<li>Unbound DNS: Used for name resolution within the lab</li>
<li>NTP: Time synchronization</li>
<li>FRR BGP and BFD: Used for receiving and sending routing info from and to the lab</li>
</ul>
<p>Checkout <a href="/opnsense-bgp-bfd-config/" target="_blank">OPNsense BGP and BFD Configuration</a> for further details</p>
<h2 id="top-level-configuration">Top Level Configuration</h2>
<p>Unsurprisingly, I’m running this whole setup as a “nested” deployment:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="NSX-T vAPP" src="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-08.png" /></p>
<p>Looking closer at the top level networks used by the lab, there are just the three:</p>
<ul>
<li>VM-GREEN-LAN: Provides “WAN” connectivity for the lab up to the rest of my home network.</li>
<li>VM-LAB-LAN1: Connectivity for all servers on Site A</li>
<li>VM-LAB-LAN2: Connectivity for all servers on Site B</li>
</ul>
<p>VM-LAB-LAN3 and VM-LAB-LAN4 are not used in this Lab.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="NSX-T vAPP Networks" src="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-09.png" /></p>
<p>Looking closer at the Lab Distributed switch, no uplinks to the outside world:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Lab Networking" src="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-10.png" /></p>
<p>All lab portgroups set with the following security with VLAN trunking enabled:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Lab Networking Config" src="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-11.png" /></p>
<p>MTU is set to 9000:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Lab Networking Config - MTU" src="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-12.png" /></p>
<h2 id="lab-vcenter-configuration">Lab vCenter Configuration</h2>
<p>Lets look at the vCenter configuration. Clusters view; Nothing complicated, two linked vCenters, two hosts and a test APP VM per site:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="vCenter Clusters" src="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-04.png" /></p>
<p>Networking overview, again, nothing complicated, one distributed switch per site:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Networking Overview" src="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-05.png" /></p>
<p>Finally, looking closer at the configuration of the single untagged portgroup per site for management traffic. Site A:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A mgmt portgroup" src="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-06.png" /></p>
<p>Site B:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site B mgmt portgroup" src="/images/nsx-t-overlay-lab-pt1/nsx-t-overlay-lab-pt1-07.png" /></p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>That’ll just about do it for the first post of the series. Sure, on it’s own this post is a little <em>dry</em>, however as we get to building out our NSX-T lab, this post will come into its own for reference purposes down the line.</p>
<p>This was part 1 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: This part - Lab Setup and Overview</li>
<li>Part 2: <a href="/nsx-t-overlay-lab-pt2/" target="_blank">Site A Build</a></li>
<li>Part 3: <a href="/nsx-t-overlay-lab-pt3/" target="_blank">Automated Site B Build</a></li>
<li>Part 4: <a href="/nsx-t-overlay-lab-pt4/" target="_blank">Multi Site Federation</a></li>
<li>Part 5: <a href="/nsx-t-overlay-lab-pt5/" target="_blank">Remote Tunnel Endpoints</a></li>
<li>Part 6: <a href="/nsx-t-overlay-lab-pt6/" target="_blank">Federated Tier-0 Gateway</a></li>
<li>Part 7: <a href="/nsx-t-overlay-lab-pt7/" target="_blank">Federated Tier-1 Gateways</a></li>
<li>Part 8: <a href="/nsx-t-overlay-lab-pt8/" target="_blank">Egress Traffic and MEDdling with BGP</a></li>
</ul>
<p>Look out for future parts coming soon!</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nsx-t-overlay-lab-pt1/">NSX-T 3.2: Overlay Lab Build - Part 1</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 28, 2022.</p>
https://polarclouds.co.uk/vmware-vexpert-20222022-02-18T00:00:00+00:002022-02-18T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VMware vExpert" src="/images/vmware-vexpert/vexpert.png" />
<br />
Yup, that’s right… Again for the third year running!</p>
<p>I’ve again been appraised, approved and selected to be a VMware vExpert for the third year running!</p>
<p>Reading through the <a href="https://blogs.vmware.com/vexpert/2022/02/16/vexpert-2022-awards-announcement/" target="_blank">vExpert 2022 Award Announcement</a>:</p>
<p>All of the new and returning vExperts have demonstrated significant contributions to the community and a willingness to share their expertise with others. Contributing is not always blogging or Twitter as there are many VMUG leaders, public speakers, book authors, script writers, VCDX, VMTN community moderators and internal champions among this group.</p>
<p>Check me out in the <a href="https://vexpert.vmware.com/directory/5800" target="_blank">vExpert Directory</a>.</p>
<p>-Chris
<br />
<img style="display: block; margin-left: auto; margin-right: auto;" alt="VMware vExpert 2022" src="/images/pages/vexpert2022.png" /></p>
<p><a href="https://polarclouds.co.uk/vmware-vexpert-2022/">VMware vExpert 2022</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 18, 2022.</p>
https://polarclouds.co.uk/opnsense-bgp-bfd-config2022-02-15T00:00:00+00:002022-02-15T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="OPNsense Logo" src="/images/opnsense-bgp-bfd-config/opnsense-bgp-bfd-config-01.png" />
In preparation for our next look into NSX-T overlay networking and stretched layer 2 networks, we need to take a look into configuring our NSX-T lab router. Specifically BGP and BFD.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#what-is-opnsense" id="markdown-toc-what-is-opnsense">What is OPNsense</a></li>
<li><a href="#what-is-bgp" id="markdown-toc-what-is-bgp">What is BGP?</a></li>
<li><a href="#what-is-bfd" id="markdown-toc-what-is-bfd">What is BFD?</a></li>
<li><a href="#opnsense-lab-router" id="markdown-toc-opnsense-lab-router">OPNsense Lab Router</a></li>
<li><a href="#installing-opnsense" id="markdown-toc-installing-opnsense">Installing OPNsense</a></li>
<li><a href="#configuring-opnsense-for-an-nsx-t-lab" id="markdown-toc-configuring-opnsense-for-an-nsx-t-lab">Configuring OPNsense for an NSX-T Lab</a> <ul>
<li><a href="#disable-the-firewall" id="markdown-toc-disable-the-firewall">Disable the Firewall</a></li>
<li><a href="#install-frr-package" id="markdown-toc-install-frr-package">Install FRR Package</a></li>
<li><a href="#configure-bgp-and-bfd" id="markdown-toc-configure-bgp-and-bfd">Configure BGP and BFD</a></li>
<li><a href="#pulling-it-altogether" id="markdown-toc-pulling-it-altogether">Pulling it Altogether</a></li>
</ul>
</li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="what-is-opnsense">What is OPNsense</h2>
<p>OPNsense is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources. Find out more here: <a href="https://opnsense.org/" target="_blank">OPNsense.org</a></p>
<h2 id="what-is-bgp">What is BGP?</h2>
<p>Border Gateway Protocol (BGP) refers to a gateway protocol that enables the internet to exchange routing information between autonomous systems (AS). As networks interact with each other, they need a way to communicate. This is accomplished through peering. BGP makes peering possible. Without it, networks would not be able to send and receive information with each other. Find out more here: <a href="https://www.cloudflare.com/en-gb/learning/security/glossary/what-is-bgp/" target="_blank">What is BGP?</a></p>
<h2 id="what-is-bfd">What is BFD?</h2>
<p>Bidirectional Forwarding Detection (BFD) is a network protocol that is used to detect faults between two routers or switches connected by a link. It provides low-overhead detection of faults even on physical media that doesn’t support failure detection of any kind, such as Ethernet, virtual circuits, tunnels and MPLS Label Switched Paths. Find out more here: <a href="https://www.juniper.net/documentation/en_US/junos/topics/concept/bgp-bfd-understanding.html" target="_blank">Understanding BFD for BGP</a></p>
<h2 id="opnsense-lab-router">OPNsense Lab Router</h2>
<p>Without giving too much away of my upcoming NSX-T lab posts, lets take a look at where the OPNsense lab router setup sits within the context of the lab:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Lab Router" src="/images/opnsense-bgp-bfd-config/opnsense-bgp-bfd-config-02.png" /></p>
<p>Effectively the lab router is connected between the NSX-T lab environment and my wider home network. It’s primary job is to emulate a wider enterprise network that the NSX-T lab environment plugs in to. As part of that role, the lab router runs both BGP and BFD to push and receive network routing to and from the NSX-T lab.</p>
<p>This post details how to install and configure the FRR BGP service on OPNsense in preparation for building out the NSX-T lab.</p>
<h2 id="installing-opnsense">Installing OPNsense</h2>
<p>I wont duplicate the <a href="https://docs.opnsense.org/manual/install.html" target="_blank">install guide</a> other than saying that I did a full install into a VM using the ISO image, rather than an embedded install from the IMG file.</p>
<h2 id="configuring-opnsense-for-an-nsx-t-lab">Configuring OPNsense for an NSX-T Lab</h2>
<p>Follows is a configuration guide to configure OPNsense for use as described above.</p>
<h3 id="disable-the-firewall">Disable the Firewall</h3>
<p>As the lab router sits between my NSX-T lab and my wider home network, there is no real need to have the OPNsense firewall operational.</p>
<p>Select <strong>Firewall > Advanced > Disable Firewall</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Disable Firewall" src="/images/opnsense-bgp-bfd-config/opnsense-bgp-bfd-config-03.png" /></p>
<h3 id="install-frr-package">Install FRR Package</h3>
<p>FRRouting (FRR) is a free and open source Internet routing protocol suite for Linux, Unix and BSD platforms. It implements BGP and BFD amongst other protocols. Read more about it at <a href="https://frrouting.org/" target="_blank">FRRouting.org</a></p>
<p>Select <strong>System > Firmware > Plugins</strong>, search for “FRR” and click <strong>+</strong> to install:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Install FRR" src="/images/opnsense-bgp-bfd-config/opnsense-bgp-bfd-config-04.png" /></p>
<h3 id="configure-bgp-and-bfd">Configure BGP and BFD</h3>
<p>Once the FRR package is installed, refresh the browser to populate the left hand menu, select <strong>Routing > General > Enable</strong> and <strong>Save</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Enable FRR" src="/images/opnsense-bgp-bfd-config/opnsense-bgp-bfd-config-05.png" /></p>
<p>Select <strong>BGP</strong> and <strong>Enable</strong>. Enter your local <strong><a href="https://www.thousandeyes.com/learning/glossary/as-autonomous-system" target="_blank">BGP AS Number</a></strong> and set Route Redistribution to <strong>Connected routes (directly attached subnet or host)</strong>. Click <strong>Save</strong> when done:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="BGP General Config" src="/images/opnsense-bgp-bfd-config/opnsense-bgp-bfd-config-06.png" /></p>
<p>Select the <strong>Prefix Lists</strong> tab and click <strong>+</strong>.<br />
We want to allow any <a href="https://packetlife.net/blog/2010/feb/1/understanding-ip-prefix-lists/" target="_blank">Prefix List</a>, so configure as follows, Again click <strong>Save</strong> when done:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="BGP Prefix List" src="/images/opnsense-bgp-bfd-config/opnsense-bgp-bfd-config-07.png" /></p>
<p>Select the <strong>Route Maps</strong> tab and click <strong>+</strong>. <br />
Again, this being a lab, we are not interested in any <a href="https://www.interxion.com/hr/blogs/2017/07/using-the-route-maps-for-bgp-filtering" target="_blank">route filtering</a>, so configure to permit as follows. Click <strong>Save</strong> when done:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="BGP Route Maps" src="/images/opnsense-bgp-bfd-config/opnsense-bgp-bfd-config-08.png" /></p>
<p>Finally, lets enable BFD. Select <strong>Routing > BFD > Enable</strong> and <strong>Save</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Enable BFD" src="/images/opnsense-bgp-bfd-config/opnsense-bgp-bfd-config-09.png" /></p>
<h3 id="pulling-it-altogether">Pulling it Altogether</h3>
<p>We couldn’t complete all of the above without taking a quick sneak peak at how all of the above configuration is pulled together when setting up a BGP neighbour.</p>
<p>In the top highlight box of the screenshot below, we see specifics relating to our BGP neighbour. We have our peer device’s description, IP address, AS number and the local interface we expect to use to peer with the device.</p>
<p>The middle highlight box shows that we will also use BFD with this peer.</p>
<p>Finally, the bottom highlight box shows that we will be allowing any prefix lists with no filtering both in and out:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="BGP Neighbour" src="/images/opnsense-bgp-bfd-config/opnsense-bgp-bfd-config-10.png" /></p>
<p>The BFD neighbour setup is super simple:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="BFD Neighbour" src="/images/opnsense-bgp-bfd-config/opnsense-bgp-bfd-config-11.png" /></p>
<p>For our upcoming NSX-T Overlay lab, we’ll configure our BGP and BFD neighbours as part of the lab build.</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>In this post we looked at OPNsense, it’s position in our upcoming NSX-T lab and installing the FRRouting package onto OPNsense.</p>
<p>Finally we configured Boarder Gateway Protocol (BGP) and Bidirectional Forwarding Detection (BFD).</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/opnsense-bgp-bfd-config/">OPNsense BGP and BFD Configuration</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 15, 2022.</p>
https://polarclouds.co.uk/one-wire-openwrt-dsl-modem2022-02-07T00:00:00+00:002022-02-07T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX-T Logo" src="/images/one-wire-openwrt-dsl-modem/one-wire-openwrt-dsl-modem-01.png" />
As you may have noticed, I’m just a tiny bit of a <a href="https://polarclouds.co.uk/pages/categories/#ADSL" target="_blank">broadband nut</a>. Don’t worry, I wont get into fibre to the premises, fibre to the home, types of cabinets, G.998.4 or G.INP, etc, etc, etc…</p>
<p>Up until recently I’d been using an old <a href="https://kitz.co.uk/routers/hg612unlock.htm" target="_blank">unlocked Huawei HG612</a> modem for my home broadband fibre to the cabinet service. Given that I <a href="https://polarclouds.co.uk/monitor-your-adsl-vdsl-connection/" target="_blank">like to keep an eye on my connection</a> and as you can probably guess, the old HG612 started to give up the ghost and started dropping my broadband connection at the slightest hint of a bit of noise on the line.</p>
<p>Time for a new modem.<br /></p>
<p>Fair warning: This posts gets a bit geeky… and that’s saying something for this site!</p>
<p>After searching for something that will work with G.INP and the Huawei cabinet that BT had seen fit to use in my local area, I settled on a <a href="https://service-provider.zyxel.com/global/en/products/dsl-cpes/vdsl/modemresidential-gateways/vmg1312-b-series" target="_blank">Zyxel VMG1312-B10A</a>. Before you rush to the comments section to tell me that it is already end of life - I know and what’s more I’m not bothered.</p>
<p>Why? Read on…<br /></p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#bridge-mode" id="markdown-toc-bridge-mode">Bridge Mode</a> <ul>
<li><a href="#why" id="markdown-toc-why">Why?</a></li>
</ul>
</li>
<li><a href="#the-old-setup" id="markdown-toc-the-old-setup">The Old Setup</a></li>
<li><a href="#the-problem" id="markdown-toc-the-problem">The Problem</a></li>
<li><a href="#the-fix" id="markdown-toc-the-fix">The Fix</a> <ul>
<li><a href="#getting-stats-from-the-lan" id="markdown-toc-getting-stats-from-the-lan">Getting Stats from the LAN</a></li>
</ul>
</li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h1 id="bridge-mode">Bridge Mode</h1>
<p>Putting a router with a built in modem into bridge mode disables its routing, firewall and wireless functions. Essentially you have a device that functions as a simple modem with all routing is switched off.</p>
<h2 id="why">Why?</h2>
<p>Splitting the modem and routing functions gets you the best of both worlds. With this setup you get:</p>
<ul>
<li>A compatible (in my case a Broadcom) modem with all its early life bugs fixed</li>
<li>A modern router that quite possibly will not be the upmost compatible with your ADSL/VDSL service</li>
</ul>
<p>Also, British Telecom’s UK VDSL service employs <a href="https://kitz.co.uk/adsl/DLM.htm" target="_blank">Dynamic Line Management (DLM)</a>. Rebooting your modem too may times in a given amount of time is frowned upon by the DLM - at the expense of internet connection speed… And speed is king!</p>
<p>In bridge mode, whilst the modem is responsible for the underlying VDSL connection, the upstream router is responsible for the “dial up” / Point-to-Point Protocol over Ethernet (PPPoE) data connection to the ISP. Which means I can reboot my router as many times as I want without incurring the wrath of the DLM; something I could not do with an all in one modem and router device.</p>
<p>Now that we understand bridge mode, lets look at the old and new and improved setups.</p>
<h1 id="the-old-setup">The Old Setup</h1>
<p>So that I could monitor my old HG612 Huawei modem using something like <a href="http://dslstats.me.uk/" target="_blank">DSLstats</a>, the following setup had worked fine for years and years:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="HG612 Setup" src="/images/one-wire-openwrt-dsl-modem/one-wire-openwrt-dsl-modem-02.png" /></p>
<p>Two cabled connections from my OpenWRT router to my modem:</p>
<ul>
<li>One for the PPPoE connection to my internet service provider (as initiated by the router)</li>
<li>One for modem statistics (internal access to the modem NOT over the PPPoE connection)</li>
</ul>
<p>Nice.</p>
<h1 id="the-problem">The Problem</h1>
<p>Whilst the Zyxel modem absolutely supports bridge mode, it had problems with the two wire (PPPoE plus stats) setup. After connecting both cables and rebooting the modem the router and modem combo would not re-initiate the PPPoE connection out to the ISP. I could see line stats but I could not access the internet. Alternatively, I could remove the stats cable and the immediately the PPPoE connection would come up and I had internet access again.</p>
<p>So we could have EITHER an internet connection OR modem statistics… BUT NOT BOTH!</p>
<h1 id="the-fix">The Fix</h1>
<p>When two wires won’t work, just use one:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VMG1312-B10A Setup" src="/images/one-wire-openwrt-dsl-modem/one-wire-openwrt-dsl-modem-03.png" /></p>
<p>Lets look closer at how this works.</p>
<p>On closer inspection of the Zyxel in bridge mode the following can be seen:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VMG1312-B10A Bridge Setup" src="/images/one-wire-openwrt-dsl-modem/one-wire-openwrt-dsl-modem-04.png" /></p>
<p>Whilst the modem is in bridge mode it does have a internal access IP address of 192.168.2.1. Nice.</p>
<p>The $1M question: Can this be used to gather modem stats? <strong>it absolutely can!</strong></p>
<p>Hooking a laptop up to the Zyxel:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Yay Stats!" src="/images/one-wire-openwrt-dsl-modem/one-wire-openwrt-dsl-modem-05.png" /></p>
<p>Side note: I’m using custom Zyxel firmware from johnson442 available via GitHub <a href="https://github.com/johnson442/custom-zyxel-firmware" target="_blank">HERE</a> to generate these stats.</p>
<h2 id="getting-stats-from-the-lan">Getting Stats from the LAN</h2>
<p>So we have stats, but how can we get to them <em>without</em> connecting a laptop to the Zyxel every time?</p>
<p>We need some configuration on the OpenWRT router. Lets look at our initial OpenWRT configuration for the moment:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="OpenWRT Base Config" src="/images/one-wire-openwrt-dsl-modem/one-wire-openwrt-dsl-modem-06.png" /></p>
<p>We have a LAN connection and we have the PPPoE connection. However, neither of these connections are in the 192.168.2.x subnet.</p>
<p>Wouldn’t it be good if we could add a third ‘virtual’ interface to the OpenWRT setup on the router that is on the 192.168.2.x subnet that we can then use to for modem stats?</p>
<p>Let’s use that <strong>Add new interface</strong> button as seen in the above screenshot. Click and configure as follows:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add interface" src="/images/one-wire-openwrt-dsl-modem/one-wire-openwrt-dsl-modem-07.png" /></p>
<p>Back at the interfaces page, click <strong>Edit</strong> next to the DSLSTATS interface and complete as follows:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="DSLSTATS Config 1" src="/images/one-wire-openwrt-dsl-modem/one-wire-openwrt-dsl-modem-08.png" /></p>
<p>Click <strong>Firewall Settings</strong> and assign the interface to the wan firewall zone:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="DSLSTATS Config 2" src="/images/one-wire-openwrt-dsl-modem/one-wire-openwrt-dsl-modem-09.png" /></p>
<p>Finally we some Network Address Translation (NAT) to handle LAN traffic heading to 192.168.2.1. Back in OpenWRT, select <strong>Network > Firewall > NAT Rules</strong>.</p>
<p>Click <strong>Add</strong> and complete as follows:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="DSLSTATS NAT" src="/images/one-wire-openwrt-dsl-modem/one-wire-openwrt-dsl-modem-10.png" /></p>
<p>Source address is a device on our internal network, destination address is our modem, action is SNAT (source NAT) and finally our source address is a custom address in the same subnet as our modem, in this case 192.168.2.2.</p>
<p>Click <strong>Save</strong>. The config should resemble the following:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="NAT Config" src="/images/one-wire-openwrt-dsl-modem/one-wire-openwrt-dsl-modem-11.png" /> and test from the internal device specified above:</p>
<p>Finally, test from the LAN device specified in the NAT rule:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Boom!" src="/images/one-wire-openwrt-dsl-modem/one-wire-openwrt-dsl-modem-12.png" /></p>
<p>Boom! Modem stats and a stable PPPoE connection!</p>
<h1 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h1>
<p>In this (albeit edge case) post, we were able to configure our OpenWRT router with a source NAT (SNAT) which in turn allows us to obtain VDSL modem stats over the same cable used by our router for our PPPoE internet connection.</p>
<p>Happy NATing!</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/one-wire-openwrt-dsl-modem/">One-Wire OpenWRT and DSL Modem Setup</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 07, 2022.</p>
https://polarclouds.co.uk/nsx-t-nested-host-prep-failed2022-01-31T00:00:00+00:002022-01-31T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX-T Logo" src="/images/nsx-t-nested-host-prep-failed/nsx-t-nested-host-prep-failed-01.jpg" />
I’ve just spent a large chunk of my day trying to complete and then troubleshoot something that should have been an easy task…</p>
<p>The task was to deploy a quick NSX-T into a vSphere 7.0 environment nested under vSphere 6.7. One ESXi, one vCenter, one NSX-T manager. The same as I had done for my post <a href="https://polarclouds.co.uk/nsx-t-3-2-manual-microsegmentation/" target="_blank">NSX-T 3.2: Micro-Segmentation Only Deployment - Manual Setup</a>.</p>
<p>What’s more is that the lab deployed for that post was also nested - albeit nested under vSphere 7.0 environment and that lab deployed just fine, no issues at all!!</p>
<p>However I approached it (NSX-T wizard or no wizard), I could not get the host prepared beyond “Waiting for connection to Managers”:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Stuck!" src="/images/nsx-t-nested-host-prep-failed/nsx-t-nested-host-prep-failed-02.png" /></p>
<p>The hard part - VIB installation - was all over and done. What’s happening here?</p>
<p>After a lot of trial and error, a bit of Googling led me to a blog post <a href="https://vxsan.com/nsx-t-esxi-host-preparation-fails-errno-1-operation-not-permitted-it-is-not-safe-to-continue/" target="_blank">NSX-T Nested ESXi host preparation fails</a> from Sjors Robroek.</p>
<p>After checking, yep I had secure boot enabled:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Secure Boot" src="/images/nsx-t-nested-host-prep-failed/nsx-t-nested-host-prep-failed-03.png" /></p>
<p>Power the host off, tweak it’s firmware back to BIOS:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="BIOS Please" src="/images/nsx-t-nested-host-prep-failed/nsx-t-nested-host-prep-failed-04.png" /></p>
<p>A manual clean up of the ESXi host following: <a href="https://patrik.kernstock.net/2020/07/quick-tip-nsx-t-3-0-removing-vibs-manually-from-esxi-host/" target="_blank">Quick Tip: NSX-T 3.0: Removing VIBs manually from ESXi host</a> by Patrik Kernstock.</p>
<p><strong>Do read and take heed of Patriks warnings before running!</strong> I had zero VMs and I already reinstalled my ESXi server once, so nothing to loose. :unamused:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">nsxcli
del nsx
vsipioctl clearallfilters <span class="nt">-Override</span>
esxcli software vib remove <span class="nt">-n</span><span class="o">=</span>nsx-adf <span class="nt">-n</span><span class="o">=</span>nsx-context-mux <span class="nt">-n</span><span class="o">=</span>nsx-exporter <span class="nt">-n</span><span class="o">=</span>nsx-host <span class="nt">-n</span><span class="o">=</span>nsx-monitoring <span class="nt">-n</span><span class="o">=</span>nsx-netopa <span class="nt">-n</span><span class="o">=</span>nsx-opsagent <span class="nt">-n</span><span class="o">=</span>nsx-proxy <span class="nt">-n</span><span class="o">=</span>nsx-python-logging <span class="nt">-n</span><span class="o">=</span>nsx-python-utils <span class="nt">-n</span><span class="o">=</span>nsxcli <span class="nt">-n</span><span class="o">=</span>nsx-sfhc <span class="nt">-n</span><span class="o">=</span>nsx-platform-client <span class="nt">-n</span><span class="o">=</span>nsx-cfgagent <span class="nt">-n</span><span class="o">=</span>nsx-mpa <span class="nt">-n</span><span class="o">=</span>nsx-nestdb <span class="nt">-n</span><span class="o">=</span>nsx-python-gevent <span class="nt">-n</span><span class="o">=</span>nsx-python-greenlet <span class="nt">-n</span><span class="o">=</span>nsx-python-protobuf <span class="nt">-n</span><span class="o">=</span>nsx-vdpi <span class="nt">-n</span><span class="o">=</span>nsx-ids<span class="p">;</span> esxcli software vib remove <span class="nt">-n</span><span class="o">=</span>nsx-esx-datapath <span class="nt">--no-live-install</span><span class="p">;</span> esxcli software vib remove <span class="nt">-n</span><span class="o">=</span>vsipfwlib <span class="nt">-n</span><span class="o">=</span>nsx-cpp-libs <span class="nt">-n</span><span class="o">=</span>nsx-proto2-libs <span class="nt">-n</span><span class="o">=</span>nsx-shared-libs</code></pre></figure>
<p>Reboot the host, try again and oh look, hey presto:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Host Prepared!" src="/images/nsx-t-nested-host-prep-failed/nsx-t-nested-host-prep-failed-05.png" /></p>
<p>File this one under:</p>
<ul>
<li>Differences between vSphere 6.7 and vSphere 7.0</li>
<li>Update your host firmware BEFORE deploying NSX-T (if deploying to physical servers)</li>
<li>Secure boot? Secure pain in the …!</li>
<li>:musical_note: <em>U h8 UEFI, I h8 UEFI, lets got back to BIOS</em> :musical_note:</li>
</ul>
<p>Joy. I’m off to find a darkened room.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nsx-t-nested-host-prep-failed/">NSX-T Nested ESXi Host Preparation Failed or Timed Out</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 31, 2022.</p>
https://polarclouds.co.uk/nsx-t-3-2-manual-microsegmentation2022-01-24T00:00:00+00:002022-01-24T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX-T Logo" src="/images/nsx-t-3-2-manual-microsegmentation/nsx-t-3-2-manual-microsegmentation-01.png" />
One of the simpler VMware NSX-T deployments is a Micro-Segmentation only deployment. Talking with other VMware consultants, typically 60 to 70% of projects start off with the deployment of just Micro-segmentation and then build up from there.</p>
<p>Thus this makes a good starting point on our journey into NSX-T.</p>
<p>But what is Micro-segmentation? The <a href="https://www.vmware.com/topics/glossary/content/micro-segmentation.html" target="_blank">VMware Glossary</a> defines Micro-segmentation as follows:</p>
<blockquote>
<p>Micro-segmentation is a network security technique that enables security architects to logically divide the data center into distinct security segments down to the individual workload level, and then define security controls and deliver services for each unique segment. Micro-segmentation enables IT to deploy flexible security policies deep inside a data center using network virtualization technology instead of installing multiple physical firewalls. Also, micro-segmentation can be used to protect every virtual machine (VM) in an enterprise network with policy-driven, application-level security controls. Because security policies are applied to separate workloads, micro-segmentation software can significantly bolster a company’s resistance to attack.</p>
</blockquote>
<p>With the above in mind, how can we deploy NSX-T into our vSphere environment to allow us to micro-segment our workloads and improve our resistance to attack?</p>
<p>Why, with a NSX-T Micro-Segmentation deployment - that’s how! :sunglasses:</p>
<p>As this is the first NSX-T related post on this site, I’m going to break down the required NSX-T configuration items first, after which we will go through a manual deployment into a ready built vSphere 7.0 environment. As I will cover in a separate post, yes there is a an NSX-T configuration wizard built into NSX-T that can be used to implement a Micro-segmentation only setup, however for our first run through let’s configure this manually. In a later post, I’ll go though the Micro-segmentation setup wizard.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#why-configure-manually" id="markdown-toc-why-configure-manually">Why Configure Manually?</a></li>
<li><a href="#nsx-t-micro-segmentation-configuration-items" id="markdown-toc-nsx-t-micro-segmentation-configuration-items">NSX-T Micro-Segmentation Configuration Items</a> <ul>
<li><a href="#segments" id="markdown-toc-segments">Segments</a></li>
<li><a href="#transport-zone" id="markdown-toc-transport-zone">Transport Zone</a></li>
<li><a href="#uplink-profile" id="markdown-toc-uplink-profile">Uplink Profile</a></li>
<li><a href="#transport-node-profile" id="markdown-toc-transport-node-profile">Transport Node Profile</a></li>
</ul>
</li>
<li><a href="#the-lab-setup" id="markdown-toc-the-lab-setup">The Lab Setup</a></li>
<li><a href="#nsx-t-download" id="markdown-toc-nsx-t-download">NSX-T Download</a></li>
<li><a href="#the-how-to" id="markdown-toc-the-how-to">The How To</a> <ul>
<li><a href="#environment-preparation" id="markdown-toc-environment-preparation">Environment Preparation</a></li>
<li><a href="#manually-configure-nsx-t-for-micro-segmentation" id="markdown-toc-manually-configure-nsx-t-for-micro-segmentation">Manually Configure NSX-T for Micro-Segmentation</a> <ul>
<li><a href="#transport-zone-1" id="markdown-toc-transport-zone-1">Transport Zone</a></li>
<li><a href="#uplink-profile-1" id="markdown-toc-uplink-profile-1">Uplink Profile</a></li>
</ul>
</li>
<li><a href="#transport-node-profile-1" id="markdown-toc-transport-node-profile-1">Transport Node Profile</a></li>
<li><a href="#host-cluster-configuration" id="markdown-toc-host-cluster-configuration">Host Cluster Configuration</a></li>
<li><a href="#segments-1" id="markdown-toc-segments-1">Segments</a></li>
<li><a href="#hooking-up-vms" id="markdown-toc-hooking-up-vms">Hooking Up VMs</a></li>
</ul>
</li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h1 id="why-configure-manually">Why Configure Manually?</h1>
<p>Configuring an NSX-T Micro-segmentation setup manually (that is not following the wizard) will allow us to:</p>
<ul>
<li>Improve our understanding in concepts behind the configuration</li>
<li>Correctly create the configuration items</li>
<li>See where configuration items are stored in the NSX-T interface</li>
</ul>
<p>And finally:</p>
<ul>
<li>Improve our chances for reconfiguration and / or troubleshooting in the future.</li>
</ul>
<p>Whilst this post will include everything needed create an NSX-T Micro-segmentation deployment, along with explanations of the configuration items required, I will link to official NSX-T 3.2 documentation for further reading.</p>
<h1 id="nsx-t-micro-segmentation-configuration-items">NSX-T Micro-Segmentation Configuration Items</h1>
<p>To enable us to deliver a correctly configured environment the following NSX-T configuration items need to be understood:</p>
<h2 id="segments">Segments</h2>
<p>If we are going to deploy Micro-segmentation, we need to understand segments!</p>
<p>In NSX-T, a segment is a virtual layer 2 domain. Whilst there are two types of segments that can be defined in NSX-T, overlay and VLAN, when deploying a Micro-segmentation only environment the we are only interested in VLAN backed segments.</p>
<p>A VLAN backed segment is a layer 2 broadcast domain that is implemented as a traditional VLAN in the physical infrastructure. As you will see later on, a NSX-T VLAN backed segment appears within vSphere as a VLAN backed portgroup on our NSX vSphere Distributed Switch (VDS).</p>
<p>Further reading: <a href="https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-316E5027-E588-455C-88AD-A7DA930A4F0B.html" target="_blank">Segments</a>.</p>
<h2 id="transport-zone">Transport Zone</h2>
<p>Transport zones dictate which hosts and VMs can participate in which networks. This is achieved by limiting which hosts (and therefore which VMs) can participate which network segments. Transport zones are used to group segments.</p>
<p>A host may belong to one or more transport zones. A segment can belong to only one transport zone.</p>
<p>There are two types of transport zones; Overlay and VLAN. A segment created in a VLAN transport zone will be a VLAN backed segment, while, as you can guess, a segment created in an overlay transport zone will be an overlay backed segment.</p>
<p>Again, for a Micro-segmentation only deployment we will be using just VLAN transport zones.</p>
<p>Further reading: <a href="https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/installation/GUID-F739DC79-4358-49F4-9C58-812475F33A66.html" target="_blank">Create Transport Zones</a>.</p>
<h2 id="uplink-profile">Uplink Profile</h2>
<p>Those familiar with vSphere should be familiar with the concept of uplinks. Essentially an uplink is the connection between your virtual switch and the physical network external to your host.</p>
<p>An uplink profile defines configuration policies for the uplinks. Further reading: <a href="https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/installation/GUID-50FDFDFB-F660-4269-9503-39AE2BBA95B4.html" target="_blank">Create an Uplink Profile</a>.</p>
<h2 id="transport-node-profile">Transport Node Profile</h2>
<p>A transport node is essentially our ESXi host, our KVM host or our physical server that we wish to participate in our NSX-T networking deployment.</p>
<p>A transport node profile defines configuration policies for our vSphere cluster of ESXi hosts. Further reading: <a href="https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/installation/GUID-37BC3CEF-DCC1-4C6F-960D-CFBB31908D1C.html" target="_blank">Add a Transport Node Profile</a>.</p>
<h1 id="the-lab-setup">The Lab Setup</h1>
<p>First lets take a very quick look at the layout of the lab that I’m going to be deploying NSX-T into:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Lab Layout" src="/images/nsx-t-3-2-manual-microsegmentation/nsx-t-3-2-manual-microsegmentation-02.png" /></p>
<p>Yep, as simple as can be. Breaking the servers down:</p>
<ul>
<li>LABROUTER: pfSense Router Server (all firewalling disabled)</li>
<li>ESXI7-SITE-A: ESXi 7 Host</li>
<li>VC-SITE-A: vCenter 7 Server</li>
<li>NSXT-SITE-A: NSX-T 3.2.0.1 Management Server</li>
<li>App1 + App2: Application Servers (Win 2019)</li>
</ul>
<p>Yes, I could deploy my vCenter and my NSX-T servers <em>inside</em> my ESXI7-SITE-A server, however given that this all running nested inside ESXi anyway, there is hardly any point. Also, having vCenter and NSX-T manager external to ESXi7-SITE-A mimics a setup where you would potentially have them running on a separate management cluster anyway. That’s my excuse and I’m sticking to it! :wink:</p>
<p>Also in a production NSX-T deployment there must be a cluster of three NSX Managers. This is to avoid the potential of an outage to the management and control planes should any of the managers fail, however this being a lab environment, one manager will do us just fine.</p>
<p>Looking closer at the datacenter and cluster configuration of SITE-A in the Lab:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="SITE-A Config" src="/images/nsx-t-3-2-manual-microsegmentation/nsx-t-3-2-manual-microsegmentation-26.png" /></p>
<p>A cluster containing a single host. Looking closer at the networking configuration of my ESX7-SITE-A host:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="ESX7-SITE-A Config" src="/images/nsx-t-3-2-manual-microsegmentation/nsx-t-3-2-manual-microsegmentation-03.png" /></p>
<p>The host is using a vSphere 7 distributed switch called DS-SITE-A for connectivity with:</p>
<ul>
<li>A single “Management” port group defined</li>
<li>Two active uplinks configured</li>
</ul>
<p>Again as simple as can be.</p>
<h1 id="nsx-t-download">NSX-T Download</h1>
<p>Unlike NSX-v, you can download a free 60 day trial of NSX-T.<br />
Grab your copy now from <a href="https://customerconnect.vmware.com/group/vmware/evalcenter?p=nsx-t-eval" target="_blank">VMware NSX-T
Product Evaluation Center</a>.</p>
<h1 id="the-how-to">The How To</h1>
<p>Finally, the “meat and potatoes” or “TL,DR” of this post. Yep, you made it!</p>
<h2 id="environment-preparation">Environment Preparation</h2>
<p>This being our first NSX-T deployment, we will quickly look at how to hook our newly deployed NSX-T manager into our vCenter. For brevity, let’s pickup at the first logon after deploying and powering on the NSX-T manager for the first time.</p>
<p>Logon to NSX-T manager using <strong>admin</strong> and the password set during OVA deployment. Once logged on, accept the licence agreement, choose whether to join the Customer Experience Improvement Program and complete the product tour - if you wish.</p>
<p>Next, navigate to <strong>System > Licences</strong> and enter your NSX-T (evaluation) licence key:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Eval Licence" src="/images/nsx-t-3-2-manual-microsegmentation/nsx-t-3-2-manual-microsegmentation-04.png" /></p>
<p>Next, navigate to <strong>System > Fabric > Compute Managers</strong> and click <strong>Add Compute Manager</strong>. Complete the wizard, click <strong>Add</strong> and accept the thumbprint when prompted:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add compute mgr 1" src="/images/nsx-t-3-2-manual-microsegmentation/nsx-t-3-2-manual-microsegmentation-05.png" />
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add compute mgr 2" src="/images/nsx-t-3-2-manual-microsegmentation/nsx-t-3-2-manual-microsegmentation-06.png" /></p>
<p>Confirm registration status and connection status are both good:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Registration good" src="/images/nsx-t-3-2-manual-microsegmentation/nsx-t-3-2-manual-microsegmentation-07.png" /></p>
<h2 id="manually-configure-nsx-t-for-micro-segmentation">Manually Configure NSX-T for Micro-Segmentation</h2>
<p>Next, let’s enter the configuration items discussed above.</p>
<h3 id="transport-zone-1">Transport Zone</h3>
<p>Navigate to <strong>System > Fabric > Transport Zones</strong> and click <strong>Add Zone</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Transport Zone" src="/images/nsx-t-3-2-manual-microsegmentation/nsx-t-3-2-manual-microsegmentation-08.png" /></p>
<p>Name the Zone and set the traffic type to <strong>VLAN</strong>. As discussed above, we are not leveraging any overlay networking in this setup. Click <strong>Add</strong> when done:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VLAN Transport Zone" src="/images/nsx-t-3-2-manual-microsegmentation/nsx-t-3-2-manual-microsegmentation-09.png" /></p>
<h3 id="uplink-profile-1">Uplink Profile</h3>
<p>Navigate to <strong>System > Fabric > Profiles > Uplink Profiles</strong> and click <strong>Add Profile</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Uplink Profile" src="/images/nsx-t-3-2-manual-microsegmentation/nsx-t-3-2-manual-microsegmentation-10.png" /></p>
<p>Name the Uplink Profile:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Uplink Profile 1" src="/images/nsx-t-3-2-manual-microsegmentation/nsx-t-3-2-manual-microsegmentation-11.png" /></p>
<p>Configure the Teaming Policy. <strong>Load Balanced Source</strong> in my case. Yours may be different depending on configuration of your physical network and / or the configuration of your existing VDS.</p>
<p>Configure the Active Uplinks. In my case my VDS is using two uplinks, so I enter <strong>uplink-1,uplink-2</strong>.</p>
<p>The Transport VLAN can be left at <strong>0</strong> and the MTU can be left blank. Finally, click <strong>Add</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Uplink Profile 2" src="/images/nsx-t-3-2-manual-microsegmentation/nsx-t-3-2-manual-microsegmentation-12.png" /></p>
<h2 id="transport-node-profile-1">Transport Node Profile</h2>
<p>Navigate to <strong>System > Fabric > Profiles > Transport Node Profiles</strong> and click <strong>Add Profile</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Trans Node Profile" src="/images/nsx-t-3-2-manual-microsegmentation/nsx-t-3-2-manual-microsegmentation-13.png" /></p>
<p>Name the profile, select <strong>VDS</strong> (vSphere Distributed Switch) and <strong>Standard</strong>.<br /></p>
<p>From the dropdowns, select the vCenter added earlier and the correct distributed switch to be leveraged by NSX-T. Then select the Transport Zone created earlier:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Trans Node Profile 1" src="/images/nsx-t-3-2-manual-microsegmentation/nsx-t-3-2-manual-microsegmentation-14.png" /></p>
<p>From the dropdown, select the Uplink Profile created earlier. Finally select the uplinks and click <strong>Add</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Trans Node Profile 2" src="/images/nsx-t-3-2-manual-microsegmentation/nsx-t-3-2-manual-microsegmentation-15.png" /></p>
<h2 id="host-cluster-configuration">Host Cluster Configuration</h2>
<p>We are now ready to configure our host cluster for our Micro-segmentation deployment.</p>
<p>Navigate to <strong>System > Fabric > Nodes > Host Transport Nodes</strong>, select the vCenter added earlier, select the cluster and click <strong>Configure NSX</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Configure Cluster" src="/images/nsx-t-3-2-manual-microsegmentation/nsx-t-3-2-manual-microsegmentation-16.png" /></p>
<p>Select the Transport Profile created earlier and click <strong>Apply</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Configure Cluster Apply" src="/images/nsx-t-3-2-manual-microsegmentation/nsx-t-3-2-manual-microsegmentation-17.png" /></p>
<p>Monitor the configuration:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Cluster Configuration Monitor" src="/images/nsx-t-3-2-manual-microsegmentation/nsx-t-3-2-manual-microsegmentation-18.png" /></p>
<p>Once complete the following should be seen:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Cluster Configuration Complete" src="/images/nsx-t-3-2-manual-microsegmentation/nsx-t-3-2-manual-microsegmentation-19.png" /></p>
<h2 id="segments-1">Segments</h2>
<p>Finally, lets create some Segments for our VMs to connect to.<br /></p>
<p>Select <strong>Networking > Segments</strong> and click <strong>Add Segment</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Segment" src="/images/nsx-t-3-2-manual-microsegmentation/nsx-t-3-2-manual-microsegmentation-20.png" /></p>
<p>Name the segment, select the transport zone created earlier, enter a VLAN ID (to match a physical VLAN ID), scroll down and click <strong>Save</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Segment Config 1" src="/images/nsx-t-3-2-manual-microsegmentation/nsx-t-3-2-manual-microsegmentation-21.png" /></p>
<p>When prompted, click <strong>No</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Segment Config 2" src="/images/nsx-t-3-2-manual-microsegmentation/nsx-t-3-2-manual-microsegmentation-22.png" /></p>
<p>Repeat for any further segments as required.</p>
<h2 id="hooking-up-vms">Hooking Up VMs</h2>
<p>Back in vSphere, simply modify a VM’s network config and select the required NSX-T segment:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VM Network Config" src="/images/nsx-t-3-2-manual-microsegmentation/nsx-t-3-2-manual-microsegmentation-23.png" /></p>
<p>Take a look at the VDS configuration and you should see the NSX-T segment listed with VMs connected:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VDS Check" src="/images/nsx-t-3-2-manual-microsegmentation/nsx-t-3-2-manual-microsegmentation-24.png" /></p>
<p>Test that you can still access your newly migrated VMs:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="App1 Ping Tracert" src="/images/nsx-t-3-2-manual-microsegmentation/nsx-t-3-2-manual-microsegmentation-25.png" /></p>
<p>Nice :thumbsup: And we are done!</p>
<h1 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h1>
<p>“<em>But Chris, what about firewall rules?!?</em>” I hear you ask.<br /></p>
<p>OK dear reader you are correct, the whole point of Micro-segmentation is firewall rules!</p>
<p>Having said that, this post is quite long enough as it is already…<br /></p>
<p>In this post we have taken a vanilla vSphere 7 environment, deployed an NSX-T 3.2 manager, hooked the manager up to the vSphere environment and configured the whole ‘shebang’ for a Micro-segmentation deployment. Along the way we have also learnt about Segments, Transport Zones, Uplink Profiles and Transport Node Profiles.</p>
<p>Next time, we’ll look at deploying the same setup using the NSX Configuration Wizard - for completeness. After that, we will look at setting up those elusive firewall rules - I promise!</p>
<p>For those that simply cannot wait, take a look in <strong>NSX-T Manager > Security > Distributed Firewall > Category Specific Rules</strong>. You’ll find what you need there. :wink:</p>
<p>Oh and doesn’t NSX-T do more than Micro-segmentation?<br /></p>
<p>Yes, yes it does. Much, much more!<br /></p>
<p>Baby steps!!<br /></p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nsx-t-3-2-manual-microsegmentation/">NSX-T 3.2: Micro-Segmentation Only Deployment - Manual Setup</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 24, 2022.</p>
https://polarclouds.co.uk/vcenter-without-dns-ntp2022-01-19T00:00:00+00:002022-01-19T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="vSphere Logo" src="/images/vcenter-without-dns-ntp/vcenter-without-dns-ntp-01.png" />
In this post, I’m going to talk about a “greenfield deployment”. For those unfamiliar with the term, let us get accustomed with the term greenfield deployment.</p>
<p>A greenfield deployment refers to the installation of some IT infrastructure where previously there was none. This term is derived from the construction industry, where new development on previously undeveloped land is often called a greenfield development. Greenfield deployment may refer to a network, datacenter or other major IT projects when they are built from the ground up.</p>
<p>This type of development is often beneficial because it is not subject to constraints posed by existing networks, infrastructure, etc.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#the-problem" id="markdown-toc-the-problem">The Problem</a></li>
<li><a href="#ntp-easy" id="markdown-toc-ntp-easy">NTP: Easy</a></li>
<li><a href="#dns-vcenter-server-installer-gui" id="markdown-toc-dns-vcenter-server-installer-gui">DNS: vCenter Server Installer GUI</a></li>
<li><a href="#dns-vcenter-server-installer-cli" id="markdown-toc-dns-vcenter-server-installer-cli">DNS: vCenter Server Installer CLI</a></li>
<li><a href="#using-the-vcenter-server-installer-cli" id="markdown-toc-using-the-vcenter-server-installer-cli">Using the vCenter Server Installer CLI</a></li>
<li><a href="#when-dns-returns" id="markdown-toc-when-dns-returns">When DNS Returns</a></li>
<li><a href="#configuring-ntp" id="markdown-toc-configuring-ntp">Configuring NTP</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="the-problem">The Problem</h2>
<p>Imagine the following scenario: you are installing vSphere to a greenfield site. The only infrastructure that you have on site are the ESXi server or servers that you have already built. You may / may not have some shared storage (iSCSI / NFS / etc) set up ready for deploying VMs on to.</p>
<p>You do however have enough storage available to deploy a vCenter server.</p>
<p>What’s more, you need to install vCenter to proceed to the next stage of the build. To deploy vCenter you require DNS and optionally NTP. See <a href="https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vcenter.install.doc/GUID-8F62E118-4805-4B0A-904C-C561C1A692E7.html#network-prerequisites-3" target="_blank">Prerequisites for Deploying the vCenter Server Appliance - Network</a></p>
<p>BUT WAIT! Your environment does not yet have a either DNS or NTP servers setup, however according to the vCenter prerequisites cannot deploy vCenter without them.</p>
<p>How do you deploy vCenter?</p>
<p>You <em>could</em> deploy a quick Linux or Windows DNS and NTP server to get you over this hurdle, but who has time for that? Surely there has to be a simpler / cleverer way.</p>
<p>Keep reading. There is…</p>
<h2 id="ntp-easy">NTP: Easy</h2>
<p>The easy one first. The vCenter installer will allow the use of the ESXi server as a time source. It achieves this via the VMtools package that comes bundled with vCenter. Simple. Easy fix.</p>
<h2 id="dns-vcenter-server-installer-gui">DNS: vCenter Server Installer GUI</h2>
<p>After some research of various blogs, forum posts, etc it was suggested that when using the vCenter Installer Graphical User Interface (GUI) you can either:</p>
<ol>
<li>Point the vCenter installer DNS setting to use the Gateway IP - so that the installer could at least <em>see</em> an online IP address</li>
<li>Point the vCenter installer at itself for DNS - use <code class="language-plaintext highlighter-rouge">127.0.0.1</code> as the DNS server IP address</li>
</ol>
<p>After much testing with vCenter 7.0U3a, solution 1 (setting the installer to use the Gateway IP) results in:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Failed to run vdcpromo" src="/images/vcenter-without-dns-ntp/vcenter-without-dns-ntp-13.png" /></p>
<p>During stage 2 of the GUI installer, the VMware Authentication Framework fails to start resulting in the above “Failed to run vdcpromo” error.</p>
<p>Solution 2 (setting the vCenter installer to use 127.0.0.1) is deemed by the GUI installer as an invalid configuration:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="127.0.0.1 invalid" src="/images/vcenter-without-dns-ntp/vcenter-without-dns-ntp-02.png" /></p>
<p>So what is the fix then?</p>
<h2 id="dns-vcenter-server-installer-cli">DNS: vCenter Server Installer CLI</h2>
<p>Luckily enough for us, the Command Line Interface (CLI) installer is much more forgiving. It will allow us to implement solution 2 from above - namely to set <code class="language-plaintext highlighter-rouge">127.0.0.1</code> as the DNS server for the vCenter.</p>
<h2 id="using-the-vcenter-server-installer-cli">Using the vCenter Server Installer CLI</h2>
<p>To use the CLI installer, you need to provide it with a JSON formatted answer file.</p>
<p>Templates of the installer JSON files can be found at <code class="language-plaintext highlighter-rouge">\vcsa-cli-installer\templates\install</code> within the vCenter Installer ISO file.</p>
<p>Below follows vCenter CLI Installer json updated to use:</p>
<ul>
<li>127.0.0.1 as the vCenter DNS server via <code class="language-plaintext highlighter-rouge">"dns_servers": ["127.0.0.1"]</code> setting</li>
<li>Use VMtools to sync time via <code class="language-plaintext highlighter-rouge">"time_tools_sync": true</code> setting</li>
</ul>
<figure class="highlight"><pre><code class="language-json" data-lang="json"><span class="p">{</span><span class="w">
</span><span class="nl">"__version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2.13.0"</span><span class="p">,</span><span class="w">
</span><span class="nl">"__comments"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Template: Deploy vCenter to ESXi without DNS+NTP"</span><span class="p">,</span><span class="w">
</span><span class="nl">"new_vcsa"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"esxi"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"hostname"</span><span class="p">:</span><span class="w"> </span><span class="s2">"<ESXI_IP_ADDRESS>"</span><span class="p">,</span><span class="w">
</span><span class="nl">"username"</span><span class="p">:</span><span class="w"> </span><span class="s2">"root"</span><span class="p">,</span><span class="w">
</span><span class="nl">"password"</span><span class="p">:</span><span class="w"> </span><span class="s2">"<ESXI_PASSWORD>"</span><span class="p">,</span><span class="w">
</span><span class="nl">"deployment_network"</span><span class="p">:</span><span class="w"> </span><span class="s2">"<VM_PORTGROUP>"</span><span class="p">,</span><span class="w">
</span><span class="nl">"datastore"</span><span class="p">:</span><span class="w"> </span><span class="s2">"<DATASTORE_NAME>"</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="nl">"appliance"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"thin_disk_mode"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w">
</span><span class="nl">"deployment_option"</span><span class="p">:</span><span class="w"> </span><span class="s2">"<VC_SIZE>"</span><span class="p">,</span><span class="w">
</span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"<VC_INVENTORY_NAME>"</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="nl">"network"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"ip_family"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ipv4"</span><span class="p">,</span><span class="w">
</span><span class="nl">"mode"</span><span class="p">:</span><span class="w"> </span><span class="s2">"static"</span><span class="p">,</span><span class="w">
</span><span class="nl">"system_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"<VC_IP_ADDRESS>"</span><span class="p">,</span><span class="w">
</span><span class="nl">"ip"</span><span class="p">:</span><span class="w"> </span><span class="s2">"<VC_IP_ADDRESS>"</span><span class="p">,</span><span class="w">
</span><span class="nl">"prefix"</span><span class="p">:</span><span class="w"> </span><span class="s2">"<SUBNET_MASK_PREFIX>"</span><span class="p">,</span><span class="w">
</span><span class="nl">"gateway"</span><span class="p">:</span><span class="w"> </span><span class="s2">"<GATEWAY_IP_ADDRESS>"</span><span class="p">,</span><span class="w">
</span><span class="nl">"dns_servers"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
</span><span class="s2">"127.0.0.1"</span><span class="w">
</span><span class="p">]</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="nl">"os"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"password"</span><span class="p">:</span><span class="w"> </span><span class="s2">"<VC_PASSWORD>"</span><span class="p">,</span><span class="w">
</span><span class="nl">"time_tools_sync"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w">
</span><span class="nl">"ssh_enable"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="nl">"sso"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"password"</span><span class="p">:</span><span class="w"> </span><span class="s2">"<SSO_PASSWORD>"</span><span class="p">,</span><span class="w">
</span><span class="nl">"domain_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"vsphere.local"</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="nl">"ceip"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"settings"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"ceip_enabled"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">}</span></code></pre></figure>
<p>The above generic settings are broken down as below and should be updated / replaced prior to vCenter deployment:</p>
<style>
table, th, td {
border: 1px solid black;
border-collapse: collapse;
}
tr:nth-child(even) {background-color: #f2f2f2;}
</style>
<table>
<thead>
<tr>
<th style="text-align: left">JSON File Setting</th>
<th style="text-align: left">Details</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left"><code class="language-plaintext highlighter-rouge"><ESXI_IP_ADDRESS></code></td>
<td style="text-align: left">IP Address of ESXi Host to run vCenter</td>
</tr>
<tr>
<td style="text-align: left"><code class="language-plaintext highlighter-rouge"><ESXI_PASSWORD></code></td>
<td style="text-align: left">ESXi Host root password</td>
</tr>
<tr>
<td style="text-align: left"><code class="language-plaintext highlighter-rouge"><VM_PORTGROUP></code></td>
<td style="text-align: left">vSwitch Portgroup for the new vCenter</td>
</tr>
<tr>
<td style="text-align: left"><code class="language-plaintext highlighter-rouge"><DATASTORE_NAME></code></td>
<td style="text-align: left">Datastore for the new vCenter</td>
</tr>
<tr>
<td style="text-align: left"><code class="language-plaintext highlighter-rouge"><VC_SIZE></code></td>
<td style="text-align: left">New vCenter deployment size. One of the following: <br />tiny / small / medium / large / x-large</td>
</tr>
<tr>
<td style="text-align: left"><code class="language-plaintext highlighter-rouge"><VC_INVENTORY_NAME></code></td>
<td style="text-align: left">VM Inventory Name for the new vCenter VM <br />(Cosmetic - Not used by vCenter or DNS)</td>
</tr>
<tr>
<td style="text-align: left"><code class="language-plaintext highlighter-rouge"><VC_IP_ADDRESS></code></td>
<td style="text-align: left">IP Address for the new vCenter</td>
</tr>
<tr>
<td style="text-align: left"><code class="language-plaintext highlighter-rouge"><SUBNET_MASK_PREFIX></code></td>
<td style="text-align: left">Subnet prefix for the new vCenter eg “24” = 255.255.255.0</td>
</tr>
<tr>
<td style="text-align: left"><code class="language-plaintext highlighter-rouge"><GATEWAY_IP_ADDRESS></code></td>
<td style="text-align: left">Gateway IP address for the new vCenter</td>
</tr>
<tr>
<td style="text-align: left"><code class="language-plaintext highlighter-rouge"><VC_PASSWORD></code></td>
<td style="text-align: left">root account password for the new vCenter</td>
</tr>
<tr>
<td style="text-align: left"><code class="language-plaintext highlighter-rouge"><SSO_PASSWORD></code></td>
<td style="text-align: left">administrator@vsphere.local password <br />(Best practice: <code class="language-plaintext highlighter-rouge"><VC_PASSWORD></code> should match <code class="language-plaintext highlighter-rouge"><SSO_PASSWORD></code>)</td>
</tr>
</tbody>
</table>
<p>For further details on any of the above settings, see <a href="https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vcenter.install.doc/GUID-077C7523-E0EA-4922-8D48-C026916323C4.html" target="_blank">Required Information for Deploying a vCenter Server Appliance</a>.</p>
<p>Next we need to construct our vCenter CLI installer command. I open a command prompt and run command from the folder containing the CLI installer exe file. This can be found in <code class="language-plaintext highlighter-rouge">\vcsa-cli-installer\win32\</code> folder of the downloaded vCenter installer ISO file.</p>
<p>The CLI installer switches are pretty self explanatory so I won’t go into detail here. For further details on any of the installer switches, see <a href="https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vcenter.install.doc/GUID-15F4F48B-44D9-4E3C-B9CF-5FFC71515F71.html" target="_blank">Syntax of the CLI Deployment Command</a>.</p>
<p>To test the constructed json file and test vCenter deployment readiness, use the following command. My updated copy of the above json file is available to the installer at <code class="language-plaintext highlighter-rouge">D:\Deploy-VC.json</code>:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">vcsa-deploy.exe <span class="nb">install</span> <span class="nt">--accept-eula</span> <span class="nt">--acknowledge-ceip</span> <span class="nt">--no-ssl-certificate-verification</span> <span class="nt">--precheck-only</span> <span class="s2">"D:</span><span class="se">\D</span><span class="s2">eploy-VC.json"</span></code></pre></figure>
<p>Should the precheck complete OK, you should see something like this being returned:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Pre-check OK" src="/images/vcenter-without-dns-ntp/vcenter-without-dns-ntp-03.png" /></p>
<p>OK, let’s deploy vCenter for real. Use the following command. Again, my json file is available to the installer at <code class="language-plaintext highlighter-rouge">D:\Deploy-VC.json</code>:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">vcsa-deploy.exe <span class="nb">install</span> <span class="nt">--accept-eula</span> <span class="nt">--acknowledge-ceip</span> <span class="nt">--no-ssl-certificate-verification</span> <span class="s2">"D:</span><span class="se">\D</span><span class="s2">eploy-VC.json"</span></code></pre></figure>
<p>When the installer successfully completes, something like the following will be returned:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VC Installed OK" src="/images/vcenter-without-dns-ntp/vcenter-without-dns-ntp-04.png" /></p>
<p>Nice. vCenter installed without the need for DNS and NTP. :smile:</p>
<h2 id="when-dns-returns">When DNS Returns</h2>
<p>OK, so you are further down the road and you now have access to DNS. First step is to confirm that you can both forward are reverse resolve your vCenter in DNS:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Check DNS" src="/images/vcenter-without-dns-ntp/vcenter-without-dns-ntp-14.png" /></p>
<p>The following should NOT be completed until this is the case.</p>
<p>OK, let’s login to the vCenter appliance management interface at <code class="language-plaintext highlighter-rouge">https://<VC_IP_ADDRESS>:5480</code>. Credentials are typically <code class="language-plaintext highlighter-rouge">root</code> and <code class="language-plaintext highlighter-rouge"><VC_PASSWORD></code> set during the CLI deployment above.</p>
<p>Upon selecting <strong>Networking</strong> from the menu, the following can be seen:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VCSA Config 1" src="/images/vcenter-without-dns-ntp/vcenter-without-dns-ntp-05.png" /></p>
<p>The hostname is set to <code class="language-plaintext highlighter-rouge">localhost</code> and the DNS servers setting is blank.</p>
<p>Click <strong>Edit</strong> in the top right hand corner. Select the interface that you wish to modify:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VCSA Config 2" src="/images/vcenter-without-dns-ntp/vcenter-without-dns-ntp-06.png" /></p>
<p>Enter Fully Qualified Domain Name (FQDN) of the vCenter server (lowercase recommended) and the IP address of the DNS server:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VCSA Config 3" src="/images/vcenter-without-dns-ntp/vcenter-without-dns-ntp-07.png" /></p>
<p>Credentials are typically <code class="language-plaintext highlighter-rouge">administrator@vsphere.local</code> and the <code class="language-plaintext highlighter-rouge"><SSO_PASSWORD></code> set during the CLI deployment above.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VCSA Config 4" src="/images/vcenter-without-dns-ntp/vcenter-without-dns-ntp-08.png" /></p>
<p>Acknowledge that you have a backup of vCenter.</p>
<p>You do backup your vCenter don’t you? (<a href="https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vcenter.install.doc/GUID-3EAED005-B0A3-40CF-B40D-85AD247D7EA4.html" target="_blank">HERE</a> you go :wink:)</p>
<p>Also confirm that any vCenter plug-ins (SRM, etc) if you have them may need to be re-registered due to the name change:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VCSA Config 5" src="/images/vcenter-without-dns-ntp/vcenter-without-dns-ntp-09.png" /></p>
<p>Once launched, the wizard will stop vCenter services:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VCSA Config 6" src="/images/vcenter-without-dns-ntp/vcenter-without-dns-ntp-10.png" /></p>
<p>Login again at <code class="language-plaintext highlighter-rouge">https://VCENTER-FQDN:5480</code>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VCSA Config 7" src="/images/vcenter-without-dns-ntp/vcenter-without-dns-ntp-11.png" /></p>
<p>Job done:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VCSA Config 8" src="/images/vcenter-without-dns-ntp/vcenter-without-dns-ntp-12.png" /></p>
<h2 id="configuring-ntp">Configuring NTP</h2>
<p>OK, an NTP server is now available. Lets configure our deployed vCenter to use it.</p>
<p>Login to the vCenter appliance management interface at <code class="language-plaintext highlighter-rouge">https://<VC_IP_ADDRESS>:5480</code>. Credentials are typically <code class="language-plaintext highlighter-rouge">root</code> and <code class="language-plaintext highlighter-rouge"><VC_PASSWORD></code> set during the CLI deployment above.</p>
<p>Select <strong>Time</strong> from the menu. Click <strong>Edit</strong> and set the correct time zone.</p>
<p>Click <strong>Edit</strong>, set the Mode to <code class="language-plaintext highlighter-rouge">NTP</code> and enter the IP address of your NTP server:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VCSA NTP Config" src="/images/vcenter-without-dns-ntp/vcenter-without-dns-ntp-15.png" /></p>
<p>Once saved, a green tick is is placed against the NTP server IP address set to signify that the vCenter is receiving valid NTP information.</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>So there we have it. A deployment of vCenter without DNS or NTP.</p>
<p>All we really needed was an ESXi server with enough storage space to house the vCenter VM to be deployed. In my testing a newly deployed tiny v7.0 Update 3a vCenter when thin provisioned runs at under 45GB storage space used:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VCSA Storage" src="/images/vcenter-without-dns-ntp/vcenter-without-dns-ntp-16.png" /></p>
<p>Of course you mileage may and will vary - especially with later versions of vCenter.</p>
<p>Nice. :thumbsup::grin::thumbsup:</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/vcenter-without-dns-ntp/">vCenter Installation Without DNS or NTP</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 19, 2022.</p>
https://polarclouds.co.uk/esxi-rpi-ups-pt22021-05-04T01:00:00+01:002021-05-04T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="APC UPS Triggered shut down of ESXi from Raspberry Pi" src="/images/esxi-rpi-ups-pt1/esxi-rpi-ups-pt1-00.png" />
Last time we looked at what needs to happen should we loose the input mains electricity supply to our newly acquired Uninterruptable Power Supply (UPS). For example during a power cut.</p>
<p>We also got familiar with the hardware and software needed to action a controlled shutdown should it be required. If you’ve not seen that post, catch up now. It’s a great read. :wink:</p>
<p>As mentioned, this post is part 2 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="/esxi-rpi-ups-pt1/" target="_blank">Hardware, Requirement, Software, Solution</a></li>
<li>Part 2: This part - Connectivity and Software Installation</li>
<li>Part 3: <a href="/esxi-rpi-ups-pt3/" target="_blank">Scripting for the win… or should that be for the failure?</a></li>
</ul>
<p>To recap, we are going to make our Raspberry Pi “the brains of the operation” in our solution.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#solution-refresher" id="markdown-toc-solution-refresher">Solution (Refresher)</a></li>
<li><a href="#hardware-connectivity" id="markdown-toc-hardware-connectivity">Hardware Connectivity</a> <ul>
<li><a href="#check-raspberry-pi--apc-ups-connectivity" id="markdown-toc-check-raspberry-pi--apc-ups-connectivity">Check Raspberry Pi + APC UPS Connectivity</a></li>
</ul>
</li>
<li><a href="#software-installation" id="markdown-toc-software-installation">Software Installation</a> <ul>
<li><a href="#install-apc-ups-daemon-apcupsd" id="markdown-toc-install-apc-ups-daemon-apcupsd">Install APC UPS Daemon (apcupsd)</a></li>
<li><a href="#install-powershell-core-on-raspberry-pi" id="markdown-toc-install-powershell-core-on-raspberry-pi">Install PowerShell Core on Raspberry Pi</a></li>
<li><a href="#install-vmware-powercli-on-raspberry-pi" id="markdown-toc-install-vmware-powercli-on-raspberry-pi">Install VMware PowerCLI on Raspberry Pi</a></li>
</ul>
</li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="solution-refresher">Solution (Refresher)</h2>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="The Solution" src="/images/esxi-rpi-ups-pt1/esxi-rpi-ups-pt1-01.png" /></p>
<ol>
<li>Mains electricity fails… power cut!</li>
<li>The UPS signals to the Raspberry Pi that there is a power cut</li>
<li>The UPS signals its battery charge state to the Raspberry Pi</li>
<li>The UPS battery charge falls below a predetermined threshold and signals this to the Raspberry Pi</li>
<li>The Raspberry Pi runs a script to shut down all powered on VMs</li>
<li>The Raspberry Pi runs a script to shut down the ESXi host</li>
<li>The Raspberry Pi runs a script to shut itself down</li>
<li>The UPS stops supplying power from battery and shuts down which also shuts down the modem, router and network switch</li>
</ol>
<p>Let’s get to it.</p>
<h2 id="hardware-connectivity">Hardware Connectivity</h2>
<p>Like this:</p>
<figure><img style="display: block; margin-left: auto; margin-right: auto;" alt="Hardware Connectivity" src="/images/esxi-rpi-ups-pt2/esxi-rpi-ups-pt2-05.png" />
<figcaption><i>Chris-CRAP-Cad</i> :wink:</figcaption>
</figure>
<ul>
<li>The UPS is connected to the incoming mains electricity supply</li>
<li>The UPS and Raspberry Pi are connected via a USB cable</li>
<li>All kit is powered via the UPS</li>
</ul>
<h3 id="check-raspberry-pi--apc-ups-connectivity">Check Raspberry Pi + APC UPS Connectivity</h3>
<p>After connecting the UPS and Raspberry Pi via a USB cable, lets check UPS to RPi USB connectivity:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span>lsusb</code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="RPi UPS USB Connectivity" src="/images/esxi-rpi-ups-pt2/esxi-rpi-ups-pt2-01.png" /></p>
<p>Yep, one APC UPS found. So far, so good.</p>
<h2 id="software-installation">Software Installation</h2>
<h3 id="install-apc-ups-daemon-apcupsd">Install APC UPS Daemon (apcupsd)</h3>
<p>Next, lets install the APC UPS Daemon on the Raspberry Pi:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span><span class="nb">sudo </span>apt-get <span class="nb">install </span>apcupsd</code></pre></figure>
<p>Once installed, we need to configure apcupsd to work with our UPS. This is achieved via editing the <code class="language-plaintext highlighter-rouge">/etc/apcupsd/apcupsd.conf</code> config file:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span><span class="nb">sudo </span>nano /etc/apcupsd/apcupsd.conf</code></pre></figure>
<p>Within the file you will find lots of comments detailing each configuration item. Rather than list the whole file comments and all, I’ve listed just our configuration items below:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">UPSNAME SMC1500I
UPSCABLE usb
UPSTYPE usb
LOCKFILE /var/lock
SCRIPTDIR /etc/apcupsd
PWRFAILDIR /etc/apcupsd
NOLOGINDIR /etc
ONBATTERYDELAY 6
BATTERYLEVEL 10
MINUTES 10
TIMEOUT 0
ANNOY 300
ANNOYDELAY 60
NOLOGON disable
KILLDELAY 0
NETSERVER on
NISIP 127.0.0.1
NISPORT 3551
EVENTSFILE /var/log/apcupsd.events
EVENTSFILEMAX 10
UPSCLASS standalone
UPSMODE disable
STATTIME 0
STATFILE /var/log/apcupsd.status
LOGSTATS off
DATATIME 0</code></pre></figure>
<p>Next step is to mark apcupsd as configured:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span><span class="nb">sudo </span>nano /etc/default/apcupsd</code></pre></figure>
<p>Set to equal <code class="language-plaintext highlighter-rouge">yes</code>:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">ISCONFIGURED</span><span class="o">=</span><span class="nb">yes</span></code></pre></figure>
<p>Finally lets restart the apcupsd service and test to see if apcupsd discovers our UPS:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span><span class="nb">sudo </span>apcupsd restart
<span class="nv">$ </span>apcaccess status</code></pre></figure>
<p>Nice:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="RPi UPS USB Status" src="/images/esxi-rpi-ups-pt2/esxi-rpi-ups-pt2-02.png" /></p>
<p>That is apcupsd daemon installed and working.</p>
<h3 id="install-powershell-core-on-raspberry-pi">Install PowerShell Core on Raspberry Pi</h3>
<p>Next step is to install PowerShell Core.</p>
<p>There are two packages that we need to install prior to downloading and extracting PowerShell: <code class="language-plaintext highlighter-rouge">libssl1.0</code> and <code class="language-plaintext highlighter-rouge">libunwind8</code>.</p>
<p>We then download a copy of PowerShell for ARM64 and extract.
Finally we link the pwsh executable to <code class="language-plaintext highlighter-rouge">/usr/bin</code> so that it can be launched from any folder on the Raspberry Pi:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span><span class="nb">sudo </span>apt-get <span class="nb">install</span> <span class="s1">'^libssl1.0.[0-9]$'</span> libunwind8 <span class="nt">-y</span>
<span class="nv">$ </span><span class="nb">cd</span> ~/
<span class="nv">$ </span>wget https://github.com/PowerShell/PowerShell/releases/download/v7.1.3/powershell-7.1.3-linux-arm64.tar.gz
<span class="nv">$ </span><span class="nb">mkdir</span> ~/powershell
<span class="nv">$ </span><span class="nb">tar</span> <span class="nt">-xvf</span> ./powershell-7.1.3-linux-arm64.tar.gz <span class="nt">-C</span> ~/powershell
<span class="nv">$ </span><span class="nb">sudo ln</span> <span class="nt">-s</span> ~/powershell/pwsh /usr/bin/pwsh</code></pre></figure>
<p>OK, lets launch PowerShell to see if it runs OK:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nv">$ </span>pwsh</code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="PowerShell on RPi" src="/images/esxi-rpi-ups-pt2/esxi-rpi-ups-pt2-03.png" /></p>
<p>Yep that works!</p>
<h3 id="install-vmware-powercli-on-raspberry-pi">Install VMware PowerCLI on Raspberry Pi</h3>
<p>OK, lets next install PowerCLI using the PowerShell <code class="language-plaintext highlighter-rouge">Install-Module</code> cmdlet and set our PowerCLI configuration options:</p>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="err">$</span><span class="w"> </span><span class="n">sudo</span><span class="w"> </span><span class="nx">pwsh</span><span class="w">
</span><span class="n">Install-Module</span><span class="w"> </span><span class="nx">VMware.PowerCLI</span><span class="w"> </span><span class="nt">-Scope</span><span class="w"> </span><span class="nx">AllUsers</span><span class="w">
</span><span class="n">Set-PowerCLIConfiguration</span><span class="w"> </span><span class="nt">-Scope</span><span class="w"> </span><span class="nx">AllUsers</span><span class="w"> </span><span class="nt">-InvalidCertificateAction</span><span class="w"> </span><span class="nx">Ignore</span><span class="w"> </span><span class="nt">-ParticipateInCEIP</span><span class="w"> </span><span class="bp">$false</span><span class="w"> </span><span class="nt">-Confirm</span><span class="p">:</span><span class="bp">$false</span></code></pre></figure>
<p>Finally, lets take PowerCLI for a little spin and connect to a test lab ESXi host:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="PowerCLI on RPi" src="/images/esxi-rpi-ups-pt2/esxi-rpi-ups-pt2-04.png" /></p>
<p>Boom! That’s the end of our software installations :smile:</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>That’ll do it for part two.</p>
<p>In this post we hooked up our hardware, checked UPS and Raspberry Pi connectivity via USB and installed all of our required software. Next time we’ll look at getting everything to work nicely together.</p>
<p>This post is part 2 of a multipart series.</p>
<p>Find the other parts here:</p>
<ul>
<li>Part 1: <a href="/esxi-rpi-ups-pt1/" target="_blank">Hardware, Requirement, Software, Solution</a></li>
<li>Part 2: This part - Connectivity and Software Installation</li>
<li>Part 3: <a href="/esxi-rpi-ups-pt3/" target="_blank">Scripting for the win… or should that be for the failure?</a></li>
</ul>
<p>Look out for future parts coming soon!</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/esxi-rpi-ups-pt2/">UPS Triggered Shut Down of ESXi from Raspberry Pi - Part 2</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on May 04, 2021.</p>
https://polarclouds.co.uk/esxi-rpi-ups-pt12021-04-21T01:00:00+01:002021-04-21T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="APC UPS Triggered shut down of ESXi from Raspberry Pi" src="/images/esxi-rpi-ups-pt1/esxi-rpi-ups-pt1-00.png" />
By the shear luck of being in the right place at the right time, I managed to get my hands on an APC Smart-UPS C1500 Uninterruptable Power Supply (UPS) for my home lab use.</p>
<p>A UPS is a piece of hardware that will provide emergency power from batteries should the incoming mains electricity supply fail. Nice!</p>
<p>However, depending upon the state of the UPS battery when the mains power fails and the power requirements of the infrastructure being supplied by the UPS, on battery runtimes can be variable.</p>
<p>Because of this on battery runtime variability, it is necessary to have the UPS monitor its battery capacity and signal when the batteries reach a low level, assuming that the mains electricity supply has not returned yet. This signal can then be used to trigger an automated clean, controlled automated shut down of the protected infrastructure.</p>
<p>Over the posts in this series I’ll put together a solution to monitor the UPS as well as handle UPS low battery level signalling and the clean automated shut down my infrastructure prior to the UPS batteries running out.</p>
<p>This post is part 1 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: This part - Hardware, Requirement, Software, Solution<br /></li>
<li>Part 2: <a href="/esxi-rpi-ups-pt2/" target="_blank">Hardware Connectivity and Software Installation</a></li>
<li>Part 3: <a href="/esxi-rpi-ups-pt3/" target="_blank">Scripting for the win… or should that be for the failure?</a></li>
</ul>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#hardware" id="markdown-toc-hardware">Hardware</a></li>
<li><a href="#requirement" id="markdown-toc-requirement">Requirement</a></li>
<li><a href="#solution" id="markdown-toc-solution">Solution</a></li>
<li><a href="#software" id="markdown-toc-software">Software</a> <ul>
<li><a href="#apc-ups-daemon-apcupsd" id="markdown-toc-apc-ups-daemon-apcupsd">APC UPS Daemon (apcupsd)</a></li>
<li><a href="#powershell-core" id="markdown-toc-powershell-core">PowerShell Core</a></li>
<li><a href="#vmware-powercli" id="markdown-toc-vmware-powercli">VMware PowerCLI</a></li>
<li><a href="#optional-telegram" id="markdown-toc-optional-telegram">(Optional) Telegram</a></li>
</ul>
</li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="hardware">Hardware</h2>
<p>Lets look at list of hardware that I wish to run from the <a href="https://www.apc.com/shop/uk/en/products/APC-Smart-UPS-C-1500VA-LCD-230V/P-SMC1500I">APC Smart-UPS C1500</a> UPS:</p>
<ul>
<li>One fibre broadband modem</li>
<li>One router</li>
<li>One 24 port network switch</li>
<li>One Raspberry pi 4</li>
<li>One Dell R710 ESXi server</li>
</ul>
<p>Of the above, the “thirstiest” device will be the Dell R710 ESXi server, typically pulling 150 Watts on average. Therefore this needs to be the device that is shut down first. Also, of all the infrastructure being protected by the UPS, it is the data in VMs run on the ESXi server that I wish to protect the most. There is also a small amount of data on the Raspberry Pi that I would also like to protect.</p>
<p>The other devices (modem, router, switch) hold no data and are happy to be powered off without the need to be shut down first.</p>
<h2 id="requirement">Requirement</h2>
<p>Unfortunately, ESXi’s mission is to be a hypervisor not a UPS monitor; there is no such capability available within ESXi. Therefore UPS monitoring needs to be handled elsewhere.</p>
<p>Handling this on a VM run on the ESXi host is tricky as the VM will need to signal to the host to shut down but for the host to shut down all VMs need to be shut down first. Hmmm chicken, egg, egg, chicken. Let’s give the job to the Raspberry Pi. :thumbsup:</p>
<h2 id="solution">Solution</h2>
<p>Pulling this together then:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="The Solution" src="/images/esxi-rpi-ups-pt1/esxi-rpi-ups-pt1-01.png" /></p>
<ol>
<li>Mains electricity fails… power cut!</li>
<li>The UPS signals to the Raspberry Pi that there is a power cut</li>
<li>The UPS signals its battery charge state to the Raspberry Pi</li>
<li>The UPS battery charge falls below a predetermined threshold and signals this to the Raspberry Pi</li>
<li>The Raspberry Pi runs a script to shut down all powered on VMs</li>
<li>The Raspberry Pi runs a script to shut down the ESXi host</li>
<li>The Raspberry Pi runs a script to shut itself down</li>
<li>The UPS stops supplying power from battery and shuts down which also shuts down the modem, router and network switch</li>
</ol>
<h2 id="software">Software</h2>
<p>To achieve the above, we will need some software to help make this happen:</p>
<ul>
<li>APC UPS Daemon (apcupsd)</li>
<li>PowerShell Core</li>
<li>VMware PowerCLI</li>
<li>(Optional) Telegram</li>
</ul>
<p>Not included above, but taken as a given are the operating systems running on the hardware:</p>
<ul>
<li>Raspberry Pi: Ubuntu 20.04 LTS (Raspbian would work too)</li>
<li>Dell R710: VMware ESXi 6.7 (or later)</li>
</ul>
<p>Let’s take a closer look at the other software.</p>
<h3 id="apc-ups-daemon-apcupsd">APC UPS Daemon (apcupsd)</h3>
<p><a href="http://www.apcupsd.org/">APC UPS Daemon</a> is a program for monitoring UPSes. It runs on Linux, Mac OS/X, Win32, BSD, Solaris, and other OSes. It is open source and available in most Linux distribution software repositories.</p>
<p>In our solution we will be running APC UPS Daemon on the Raspberry Pi.</p>
<h3 id="powershell-core">PowerShell Core</h3>
<p>Yep, that’s correct, <a href="https://github.com/PowerShell/PowerShell#readme">PowerShell Core</a> runs on Linux too! In our solution we will be running PowerShell Core on the Raspberry Pi.</p>
<p>Question: <em>Why not use a “built in” Linux scripting solution such as BASH or Perl etc?</em><br /></p>
<p>Yep, whilst VMware release an <a href="https://code.vmware.com/web/sdk/7.0/vsphere-perl">SDK for Perl</a>, I’m personally not as familiar with it as I am with PowerShell. PowerShell Core is available for Linux, so why not just use that instead? Also, having PowerShell script cross operating system portability might be an important consideration in the future too.</p>
<h3 id="vmware-powercli">VMware PowerCLI</h3>
<p><a href="https://developer.vmware.com/powercli">VMware PowerCLI</a> is a PowerShell based command line and scripting interface for managing VMware vSphere.</p>
<p>In our solution we will be running PowerCLI on the Raspberry Pi.</p>
<h3 id="optional-telegram">(Optional) Telegram</h3>
<p><a href="https://telegram.org/">Telegram</a> is a cloud based messaging solution. In this solution we will be sending Telegram messages from PowerShell for alerting and status updates.</p>
<p>For further details on sending of Telegram messages from PowerShell, take a look at <a href="https://polarclouds.co.uk/send-telegram-from-powershell/">Send Telegram Messages from PowerShell</a> it’s a great read! :wink:</p>
<p>In our solution we will be sending Telegram messages from the Raspberry Pi.</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>That’ll do it for part one.</p>
<p>In this post we gathered our requirements, put a solution together to meet those requirements and took a look at our hardware and our software. Next time we’ll look at installing the required software and getting everything to work nicely together.</p>
<p>This post is part 1 of a multipart series.</p>
<p>Find the other parts here:</p>
<ul>
<li>Part 1: This part - Hardware, Requirement, Software, Solution</li>
<li>Part 2: <a href="/esxi-rpi-ups-pt2/" target="_blank">Hardware Connectivity and Software Installation</a></li>
<li>Part 3: <a href="/esxi-rpi-ups-pt3/" target="_blank">Scripting for the win… or should that be for the failure?</a></li>
</ul>
<p>Look out for future parts coming soon!</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/esxi-rpi-ups-pt1/">UPS Triggered Shut Down of ESXi from Raspberry Pi - Part 1</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 21, 2021.</p>
https://polarclouds.co.uk/send-telegram-from-powershell2021-04-03T01:00:00+01:002021-04-03T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Telegram from PowerShell" src="/images/send-telegram-from-powershell/telegram-from-powershell-00.png" />
I’m sure by now, everyone is familiar with cloud based messaging apps such as WhatsApp, Signal and Telegram.</p>
<p>As these services are cloud based, some have Application Programming Interfaces (APIs) that can easily leveraged by programming languages such as Microsoft PowerShell.</p>
<p>In this post we will use PowerShell to send Telegram messages.</p>
<p>I wont go through the process of installing Telegram on your mobile device and signing up / sign in. I’ll take it for granted that you have done this already. It’s simple enough to do using the app store of your choice.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#telegram-bots" id="markdown-toc-telegram-bots">Telegram Bots</a></li>
<li><a href="#creating-a-telegram-bot" id="markdown-toc-creating-a-telegram-bot">Creating a Telegram Bot</a></li>
<li><a href="#the-powershell-script" id="markdown-toc-the-powershell-script">The PowerShell Script</a></li>
<li><a href="#testing" id="markdown-toc-testing">Testing</a></li>
<li><a href="#a-word-about-security" id="markdown-toc-a-word-about-security">A Word About Security</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="telegram-bots">Telegram Bots</h2>
<p>In Telegram parlance, accounts operated by software are known as “bots”. So that we can receive messages sent by PowerShell, we need to setup a bot first.</p>
<h2 id="creating-a-telegram-bot">Creating a Telegram Bot</h2>
<p>Telegram bots are created via an automated account called BotFather.</p>
<p>Open the Telegram app, click the search button and search for <strong>BotFather</strong>.<br />Click BotFather to open a chat.</p>
<ol>
<li>Next enter the command <strong>/newbot</strong></li>
<li>When prompted, enter the friendly name of your bot. In the example below I setup a bot called <strong>PowerShell Alerts</strong>. You can call your bot whatever you like</li>
<li>Enter a username for the bot</li>
<li>Take note of the API token. We will need this later. <strong>Note:</strong> it is case sensitive</li>
<li>Finally click the link to open a chat with the newly created bot</li>
</ol>
<p>The full process can be seen in the screenshot below:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Bot Configured" src="/images/send-telegram-from-powershell/telegram-from-powershell-02.png" /></p>
<p>Next you need to find your Telegram Chat ID.</p>
<ol>
<li>From the Telegram home screen, search for <strong>chatid_echo_bot</strong>. Click Chat ID Echo to open a chat</li>
<li>Enter <strong>/start</strong> to get the bot to send you your Telegram Chat ID</li>
<li>Take note of the Telegram Chat ID returned</li>
</ol>
<p>For example:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Get Telegram Chat ID" src="/images/send-telegram-from-powershell/telegram-from-powershell-03.png" /></p>
<h2 id="the-powershell-script">The PowerShell Script</h2>
<p>The PowerShell script required to send a Telegram message is as follows:</p>
<figure>
<figcaption><b>Filename:</b> send-telegram.ps1</figcaption>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="kr">Function</span><span class="w"> </span><span class="nf">Send-Telegram</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="kr">Param</span><span class="p">([</span><span class="n">Parameter</span><span class="p">(</span><span class="n">Mandatory</span><span class="o">=</span><span class="bp">$true</span><span class="p">)][</span><span class="n">String</span><span class="p">]</span><span class="nv">$Message</span><span class="p">)</span><span class="w">
</span><span class="nv">$Telegramtoken</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"Your_Telegram_Token"</span><span class="w">
</span><span class="nv">$Telegramchatid</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"Your_Telegram_Chat_ID"</span><span class="w">
</span><span class="p">[</span><span class="n">Net.ServicePointManager</span><span class="p">]::</span><span class="n">SecurityProtocol</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span><span class="n">Net.SecurityProtocolType</span><span class="p">]::</span><span class="n">Tls12</span><span class="w">
</span><span class="nv">$Response</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">Invoke-RestMethod</span><span class="w"> </span><span class="nt">-Uri</span><span class="w"> </span><span class="s2">"https://api.telegram.org/bot</span><span class="si">$(</span><span class="nv">$Telegramtoken</span><span class="si">)</span><span class="s2">/sendMessage?chat_id=</span><span class="si">$(</span><span class="nv">$Telegramchatid</span><span class="si">)</span><span class="s2">&text=</span><span class="si">$(</span><span class="nv">$Message</span><span class="si">)</span><span class="s2">"</span><span class="p">}</span></code></pre></figure>
</figure>
<p>After adding your token and ID, the above PowerShell function can either cut an pasted into your individual PowerShell scripts or saved in your PowerShell path to be called using the command <strong>Send-Telegram</strong>.</p>
<p>See <a href="https://docs.microsoft.com/en-us/powershell/scripting/learn/ps101/09-functions?view=powershell-7.1">PowerShell Functions</a> for further info if needed.</p>
<p>Breaking the script down:</p>
<ul>
<li>Lines 1 + 2 : These identify the piece of code as a PowerShell function</li>
<li>Lines 3 + 4 : Your individual Telegram token and ID. Update these with your info</li>
<li>Line 5 : This configures PowerShell to use the security protocol to TLS 1.2 when running the next command</li>
<li>Line 6 : The command doing “the heavy lifting” - <a href="https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/invoke-restmethod?view=powershell-7.1">Invoke-RestMethod</a> sends an HTTPS request to Telegram. The request contains all of the elements gathered so far plus the message to be sent</li>
</ul>
<h2 id="testing">Testing</h2>
<p>Running the function and sending some test messages:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Run function and send messages" src="/images/send-telegram-from-powershell/telegram-from-powershell-04.png" /></p>
<p>Checking the Telegram chat:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Messages received" src="/images/send-telegram-from-powershell/telegram-from-powershell-05.png" /></p>
<p>:smiley: <strong>BOOOOM!!!</strong> :smiley:</p>
<h2 id="a-word-about-security">A Word About Security</h2>
<p>Whilst the connection via PowerShell Invoke-RestMethod is encrypted using TLS 1.2, it is not possible to know what is done by the Telegram API when receiving the message and sending it on. With this in mind, I personally wouldn’t send sensitive data via a Telegram. As a work around, should I need to send sensitive data I store the data securely and send a link via Telegram to that securely stored data instead.</p>
<p>The hard part is over.</p>
<p>Now it’s time to start using Telegram in all sorts of PowerShell scripts! :satisfied:</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/send-telegram-from-powershell/">Send Telegram Messages from PowerShell</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 03, 2021.</p>
https://polarclouds.co.uk/vmware-vexpert-20212021-02-12T00:00:00+00:002021-02-12T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VMware vExpert" src="/images/vmware-vexpert/vexpert.png" />
<br />
Yup, thats right… Again!</p>
<p>I’ve again been appraised, approved and selected to be a VMware vExpert for the second year running!</p>
<p>Reading through the <a href="https://blogs.vmware.com/vexpert/2021/02/11/vexpert-2021-award-announcement/">vExpert 2021 Award Announcement</a>:</p>
<p>All of the new and returning vExperts have demonstrated significant contributions to the community and a willingness to share their expertise with others. Contributing is not always blogging or Twitter as there are many VMUG leaders, public speakers, book authors, script writers, VCDX, VMTN community moderators and internal champions among this group.</p>
<p>We are on-boarding just under 2,100 vExperts from 40+ countries.</p>
<p>Nice!</p>
<p>Check me out in the <a href="https://vexpert.vmware.com/directory/5800">vExpert Directory</a></p>
<p>-Chris
<br />
<img style="display: block; margin-left: auto; margin-right: auto;" alt="VMware vExpert 2021" src="/images/pages/vexpert2021.png" /></p>
<p><a href="https://polarclouds.co.uk/vmware-vexpert-2021/">VMware vExpert 2021</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 12, 2021.</p>
https://polarclouds.co.uk/nsx-load-balancer-firewall-problem2021-01-18T00:00:00+00:002021-01-18T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX" src="/images/nsx-upgrade/nsx-upgrade-00.jpg" />
Super quick tip time…</p>
<p>I discovered this little nugget of configuration joy today, a case where an NSX-v edge configured as a load balancer was not firewalling traffic as expected. Bit of a head scratcher to start with, however the answer is out there in the documentation… The problem was finding it!</p>
<p>Hopefully this post will serve as a point of reference / reminder for me should this issue come up again in the future.</p>
<h2 id="scenario">Scenario</h2>
<p>Using an NSX load balancer to host a load balanced Virtual IP (VIP) for SMTP email relay to Microsoft Exchange.</p>
<p>So not all LAN hosts can relay email to Exchange as this would be a security risk, the load balancer edge firewall was configured with an allow IP set of IP addresses approved to relay SMTP email. LAN clients not in the allow IP set should be blocked from relaying SMTP email to Exchange.</p>
<h2 id="problem">Problem</h2>
<p>Upon testing, it was found that SMTP traffic from <strong><em>ALL</em></strong> LAN hosts was being allowed to Exchange via the load balancer despite the firewall rule described above.</p>
<h2 id="resolution">Resolution</h2>
<p>After much edge firewall diagnosis and spot of Googling, I found this article: <a href="https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.admin.doc/GUID-B45A6901-E1EA-42A6-98F1-7AEAD5BAB193.html">Configure Load Balancer Service</a>.</p>
<p>Within this article, I found these nuggets of information:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="NSX Load Balancer Acceleration" src="/images/nsx-load-balancer-firewall-problem/nsx-load-balancer-firewall-problem-01.png" /></p>
<p>To quote:</p>
<blockquote>
<p>When disabled, all virtual IP addresses (VIPs) use the L7 LB engine.</p>
</blockquote>
<blockquote>
<p>The L7 HTTP/HTTPS VIPs (“acceleration disabled” or L7 setting such as AppProfile with cookie persistence or SSL-Offload) are processed after the edge firewall, and require an edge firewall allow rule to reach the VIP.</p>
</blockquote>
<p>Further,</p>
<blockquote>
<p>The L4 VIP (“acceleration enabled” in the VIP configuration and no L7 setting such as AppProfile with cookie persistence or SSL-Offload) is processed before the edge firewall, and no edge firewall rule is required to reach the VIP.</p>
</blockquote>
<p>As I want to use the edge load balancer firewall rule to govern the relaying of SMTP email to Exchange, clearly I need to use the L7 load balancer engine - I.E. <strong><em>Ensure acceleration is set to “Disabled”</em></strong>.</p>
<p>Double checking my config:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Ooops!" src="/images/nsx-load-balancer-firewall-problem/nsx-load-balancer-firewall-problem-02.png" /></p>
<p>Opps!<br /></p>
<p>With acceleration being enabled, the firewall rules were are not being applied to the traffic, hence all LAN hosts were able to relay email to the Exchange!</p>
<p>Right, simple enough, fix:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Fixed" src="/images/nsx-load-balancer-firewall-problem/nsx-load-balancer-firewall-problem-03.png" /></p>
<p>Fixed!</p>
<p>Sometimes acceleration isn’t needed. Sometimes slow and steady wins the race :turtle:</p>
<p>Nice little fix anyway.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nsx-load-balancer-firewall-problem/">NSX for vSphere Load Balancer Firewall Problem</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 18, 2021.</p>
https://polarclouds.co.uk/esxi-wds-uefi2020-12-29T00:00:00+00:002020-12-29T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="vSphere Logo" src="/images/esxi-wds-uefi/esxi-wds-uefi-00.png" />
Just over five years ago (yep… time flies!) <br />I posted a simple method to boot and install a VMware ESXi server from a Microsoft Windows Deployment Services (WDS) Server. <br />Back then I was using Windows Server 2012 to boot ESXi 5.5. Check out that post <a href="https://polarclouds.co.uk/deploying-vmware-esxi-via-wds/">here</a>.</p>
<p>Prompted by a recent <a href="http://disq.us/p/2dcu804">comment from Tariq</a> on that post:</p>
<blockquote>
<p>The procedure works fine when BIOS set to Legacy mode. But, it is not working when set to UEFI mode.</p>
</blockquote>
<p>Got me thinking. Let’s update that post.</p>
<p>Not only will we go for UEFI booting, lets use WDS from Windows Server 2019 and ESXi 7.0 too. What follows is a whistle stop process to go from zero to
booting ESXi via UEFI from WDS.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#what-why-when" id="markdown-toc-what-why-when">What, Why, When?</a> <ul>
<li><a href="#what" id="markdown-toc-what">What?</a></li>
<li><a href="#why" id="markdown-toc-why">Why?</a></li>
<li><a href="#when" id="markdown-toc-when">When?</a></li>
</ul>
</li>
<li><a href="#install-wds-and-dhcp-services" id="markdown-toc-install-wds-and-dhcp-services">Install WDS and DHCP Services</a></li>
<li><a href="#configure-wds-and-dhcp-services" id="markdown-toc-configure-wds-and-dhcp-services">Configure WDS and DHCP Services</a> <ul>
<li><a href="#dhcp-service" id="markdown-toc-dhcp-service">DHCP Service</a></li>
<li><a href="#wds-service" id="markdown-toc-wds-service">WDS Service</a></li>
</ul>
</li>
<li><a href="#esxi-on-wds" id="markdown-toc-esxi-on-wds">ESXi on WDS</a></li>
<li><a href="#testing-and-troubleshooting" id="markdown-toc-testing-and-troubleshooting">Testing and Troubleshooting</a> <ul>
<li><a href="#confirm-settings-after-reboot" id="markdown-toc-confirm-settings-after-reboot">Confirm Settings after Reboot</a></li>
<li><a href="#slow-esxi-boot" id="markdown-toc-slow-esxi-boot">Slow ESXi Boot</a></li>
<li><a href="#if-all-else-fails" id="markdown-toc-if-all-else-fails">If All Else Fails</a></li>
</ul>
</li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="what-why-when">What, Why, When?</h2>
<h3 id="what">What?</h3>
<ul>
<li><strong>UEFI</strong>: Unified Extensible Firmware Interface: Replaces the legacy Basic Input/Output System (BIOS) firmware interface originally present in all IBM PC-compatible PCs/Servers. <a href="https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface">Learn more about UEFI here</a>.</li>
<li><strong>WDS</strong>: Windows Deployment Services is a server technology from Microsoft for network-based installation of Windows operating systems - although we are going to leverage our WDS server for ESXi. <a href="https://docs.microsoft.com/en-us/windows/deployment/windows-deployment-scenarios-and-tools#windows-deployment-services">Learn more about WDS here</a></li>
<li><strong>ESXi</strong>: A bare-metal hypervisor that is capable of running Virtual Machines. <a href="https://www.vmware.com/uk/products/esxi-and-esx.html">Learn more about ESXi here</a></li>
</ul>
<h3 id="why">Why?</h3>
<p>ESXi is shipped by VMware in the form of an ISO disk image file. To install ESXi, the administrator either has to create a USB device (stick, hard disk, etc) from the image or burn the image onto a CD-ROM or finally use some other third party method (HP iLO, Dell iDRAC, IBM RSA) to boot the ESXi installer in order to install ESXi.</p>
<p>Instead of all that, how about just extracting the ESXi ISO file to a folder, updating two files and booting the server to have ESXi installed over the network? Much quicker and simpler!</p>
<h3 id="when">When?</h3>
<p>Typically and to get the most of of the VMware portfolio of products, ESXi is not installed on just one server per datacentre or solution. Clustered ESXi deployments can number from two to thirty two ESXi hosts per cluster, per solution.</p>
<p>Imagine having to deploy thirty two ESXi hosts from a handful of boot CD’s or USB sticks…</p>
<p>What’s more, using VMware Workstation / VMware Workstation Player, you <em>could</em> install your WDS server into a VM and use that VM to boot and deploy ESXi.</p>
<h2 id="install-wds-and-dhcp-services">Install WDS and DHCP Services</h2>
<p>First off, grab a copy of Windows Server 2019. If you don’t already have a copy, you can download a 180 day trial <a href="https://www.microsoft.com/en-gb/windows-server/trial">from here</a>.</p>
<p>I’m not going to cover deploying Windows Server, it’s simple enough and there are plenty of other sites that cover that (<a href="https://computingforgeeks.com/install-windows-server-2019/">for example</a>). Once installed, make a note of the IP address you assign to the WDS server. You’ll need that later. For example, I gave my WDS server an IP address of 192.168.123.2. Yours maybe different.</p>
<p>Once you Windows server has been installed, open <strong>Server Manager</strong> and select <strong>Add Roles and Features</strong>. From there click <strong>Next</strong> two or three times (depending on your server configuration and tick the following roles to be installed. Click <strong>Add Features</strong> when prompted to add role features:</p>
<ul>
<li>DHCP Server</li>
<li>Windows Deployment Services</li>
</ul>
<p>As shown below:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Install WDS Roles" src="/images/esxi-wds-uefi/esxi-wds-uefi-01.png" /></p>
<p>Click <strong>Next</strong> four times, ensure both <strong>Deployment Server</strong> and <strong>Transport Server</strong> are selected, click <strong>Next</strong> again and finally click <strong>Install</strong>.</p>
<p>Once complete, click on the orange triangle and select <strong>Complete DHCP Configuration</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Post Deployment DHCP Config" src="/images/esxi-wds-uefi/esxi-wds-uefi-02.png" /></p>
<p>Click <strong>Commit</strong> and <strong>Close</strong> to complete the DHCP server post install configuration.</p>
<p>Lets go ahead and reboot the server at this point.</p>
<h2 id="configure-wds-and-dhcp-services">Configure WDS and DHCP Services</h2>
<p>Now that we have DHCP and WDS installed, it’s time to configure both of them.</p>
<h3 id="dhcp-service">DHCP Service</h3>
<p>Click <strong>Start, Windows Administrative Tools, DHCP</strong>, right click <strong>IPv4</strong> and select <strong>New Scope</strong>.</p>
<p>Name the scope (I called mine ESXi Deployment), click <strong>Next</strong> and define your DHCP scope. Remember to use IP addresses in the same range as your WDS server (As above, I chose to give my WDS server an IP address of 192.168.123.2, so I’ll use 192.168.123.10 as my start IP address and 192.168.123.250 as my end IP address - again, yours maybe different).</p>
<p>Click <strong>Next</strong>, set any scope exclusions (if required), <strong>Next</strong>, set the DHCP lease duration (again, if required), click <strong>Next</strong>, click <strong>Yes I want to configure these options now</strong> and <strong>Next</strong>. Set your gateway IP (I’m using 192.168.123.1), click <strong>Add</strong> and <strong>Next</strong>.</p>
<p>Configure your DNS settings if required (I’m not using any DNS in my deployment as the ESXi installer has no need for DNS, so I left everything blank) and clicked <strong>Next</strong>.</p>
<p>I cant remember when anyone last used WINS, so click <strong>Next</strong>.</p>
<p>Finally, click <strong>Yes I want to activate this scope now</strong>, <strong>Next</strong> and <strong>Finish</strong></p>
<p>My completed DHCP scope looked like this:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="DHCP Scope" src="/images/esxi-wds-uefi/esxi-wds-uefi-03.png" /></p>
<h3 id="wds-service">WDS Service</h3>
<p>Click <strong>Start, Windows Administrative Tools, Windows Deployment Services</strong>. Open up Servers right click your server and select <strong>Configure Server</strong>.</p>
<p>Click <strong>Next</strong>, <strong>Standalone Server</strong>, set path to <strong>C:\RemoteInstall</strong>, click <strong>Next</strong> and <strong>Yes</strong> to continue if you receive a warning.</p>
<p>Ensure that only <strong>Do not listen on DHCP and DHCPv6 ports</strong> is ticked. If needed, untick <strong>Configure DHCP options for Proxy DHCP</strong> and click <strong>Next</strong></p>
<p>Ensure that <strong>Do not respond to any client computers</strong> is selected, click <strong>Next</strong> and <strong>Finish</strong>. Ignore the error regarding unable to start WDS services in a timely fashion should you receive it.</p>
<p>Next we need to add two entries into the registry to allow WDS to support deploying ESXi.</p>
<p>Open regedit and navigate to the following key:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDSTFTP</code></pre></figure>
<p>Double click <strong>ReadFilter</strong> and add the following to the bottom of the list and click <strong>OK</strong>:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">/boot/*
boot/*</code></pre></figure>
<p>If you receive an error regarding empty strings, just click <strong>OK</strong>. Your saved entry should look like this:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="WDSTFTP Registry" src="/images/esxi-wds-uefi/esxi-wds-uefi-14.png" /></p>
<p>Exit regedit, back in the WDS management window opened earlier, right click your WDS server select <strong>All Tasks</strong> and <strong>Start</strong> (or <strong>Restart</strong> if services are already running). Ensure that the WDS server has a green play button as shown below:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="WDS Configured" src="/images/esxi-wds-uefi/esxi-wds-uefi-04.png" /></p>
<h2 id="esxi-on-wds">ESXi on WDS</h2>
<p>Extract the ESXi ISO image to a folder under the <strong>C:\RemoteInstall\Boot</strong> folder. I’m going to deploy ESXi 7.0 Update 1, so I’ll put my ESXi files in <strong>C:\RemoteInstall\Boot\ESXi-7.0.1</strong>, keeping the folder structure from the ISO image:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="ESXi Copied" src="/images/esxi-wds-uefi/esxi-wds-uefi-05.png" /></p>
<p>Next, copy the file <strong>C:\RemoteInstall\Boot\ESXi-7.0.1\EFI\BOOT\BOOTX64.EFI</strong> to <strong>C:\RemoteInstall\Boot\ESXi-7.0.1</strong> and rename the file to <strong>mboot.efi</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="mboot.efi" src="/images/esxi-wds-uefi/esxi-wds-uefi-06.png" /></p>
<p>Next we need to update the <strong>boot.cfg</strong> file in <strong>C:\RemoteInstall\Images\ESXi-7.0.1</strong> folder. There are three changes we need to make:</p>
<style>
table, th, td {
border: 1px solid black;
border-collapse: collapse;
}
</style>
<table>
<tr>
<td style="height:5%; width:33%;">
<b>Original Config</b>
</td>
<td style="height:5%; width:33%;">
<b>Modified Config</b>
</td>
<td style="height:5%; width:33%;">
<b>Changes Made</b>
</td>
</tr>
<tr>
<td style="height:5%; width:33%;">
modules=/jumpstrt.gz <i>(etc)</i>
</td>
<td style="height:5%; width:33%;">
modules=jumpstrt.gz <i>(etc)</i>
</td>
<td style="height:5%; width:33%;">
Remove the '/' prefix from all modules
</td>
</tr>
<tr>
<td style="height:5%; width:33%;">
prefix=/
</td>
<td style="height:5%; width:33%;">
prefix=/Boot/ESXi-7.0.1
</td>
<td style="height:5%; width:33%;">
Change to match ESXi files location
</td>
</tr>
<tr>
<td style="height:5%; width:33%;">
kernel=/b.b00
</td>
<td style="height:5%; width:33%;">
kernel=b.b00
</td>
<td style="height:5%; width:33%;">
Remove the '/' prefix
</td>
</tr>
<tr>
<td style="height:5%; width:33%;">
kernelopt=cdromBoot runweasel
</td>
<td style="height:5%; width:33%;">
kernelopt=runweasel
</td>
<td style="height:5%; width:33%;">
Remove 'cdromBoot'
</td>
</tr>
</table>
<p>The final file after changes should resemble the following:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="modified boot.cfg" src="/images/esxi-wds-uefi/esxi-wds-uefi-07.png" /></p>
<p>Next, lets configure the DHCP server to use the ESXi image.</p>
<p>Click <strong>Start, Windows Administrative Tools, DHCP</strong>, expand the ESXi deployment scope created above, right click <strong>IPv4</strong> and select <strong>Define Vendor Classes</strong>.</p>
<p>Click <strong>Add</strong> and enter the following:</p>
<ul>
<li>Display Name = PXEClient (UEFI x64)</li>
<li>Description = PXEClient:Arch:00007</li>
<li>ASCII = PXEClient:Arch:00007</li>
</ul>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="UEFI Vendor Class" src="/images/esxi-wds-uefi/esxi-wds-uefi-08.png" /></p>
<p>Click <strong>OK</strong> and <strong>Close</strong> to save.</p>
<p>Next, lets create a boot policy to tie all of the above up.</p>
<p>Open the ESXi Deployment scope created earlier and select <strong>Policies</strong> for the scope (as opposed to Polices for the whole DHCP server):</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Scope Policies" src="/images/esxi-wds-uefi/esxi-wds-uefi-09.png" /></p>
<p>Name the policy <strong>ESXi UEFI Boot Policy</strong> and click <strong>Next</strong>.</p>
<p>Click <strong>Add</strong>, and set the following:</p>
<ul>
<li>Criteria = Vendor Class</li>
<li>Operator = Equals</li>
<li>Value = PXEClient (UEFI x64)</li>
<li>Append Wildcard = Ticked</li>
</ul>
<p>Click <strong>Add</strong>. Confirm configuration resembles the following, click <strong>OK</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Boot Policy Condition" src="/images/esxi-wds-uefi/esxi-wds-uefi-10.png" /></p>
<p>Click <strong>Next</strong>, <strong>No</strong> to configuring an IP range and <strong>Next</strong>.</p>
<p>At the Options dialogue, tick and configure the following:</p>
<ul>
<li><strong>66 Boot Server Host Name</strong> = IP Address of the WDS Sever (In my case 192.168.123.2)</li>
<li><strong>67 Boot File Name</strong> = Path to mboot.efi file moved earlier (In my case \Boot\ESXi-7.0.1\mboot.efi)</li>
</ul>
<p>Click <strong>Next</strong> and confirm that the configuration resembles the following:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Boot Policy Summary" src="/images/esxi-wds-uefi/esxi-wds-uefi-11.png" /></p>
<p>Finally, click <strong>Finish</strong></p>
<p>To double check, select <strong>Scope Options</strong> and confirm that the configuration resembles the following:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="DHCP Scope Options" src="/images/esxi-wds-uefi/esxi-wds-uefi-12.png" /></p>
<p>Restart DHCP server by clicking on the server name in the DHCP Server tree, choosing <strong>All Tasks</strong> and <strong>Restart</strong>.</p>
<h2 id="testing-and-troubleshooting">Testing and Troubleshooting</h2>
<p>Before we test, lets double check a few things.</p>
<h3 id="confirm-settings-after-reboot">Confirm Settings after Reboot</h3>
<p>Lets reboot the WDS server one more time, check a couple of settings are as we left them before the reboot.</p>
<p>After the reboot, let’s double check our DHCP scope options:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Unwanted PXEClient Option" src="/images/esxi-wds-uefi/esxi-wds-uefi-15.png" /></p>
<p>We seem to have picked up an additional unwanted <strong>060 PXEClient</strong> scope option, even though we did not have it set earlier!</p>
<p>To remove, open WDS management, right click on server name, select <strong>Properties</strong> and <strong>DHCP</strong>. Untick the <strong>Configure DHCP ooptions to indicate that this is also a PXE Server</strong> option:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Trun Off PXEClient Option" src="/images/esxi-wds-uefi/esxi-wds-uefi-16.png" /></p>
<p>Click <strong>Apply</strong> and <strong>OK</strong> (if you receive a file not found error, just ignore it and close the option dialogue using <strong>Cancel</strong>). Restart both WDS service and DHCP services - or reboot again. Double check that the <strong>060 PXEClient</strong> scope option has disappeared.</p>
<h3 id="slow-esxi-boot">Slow ESXi Boot</h3>
<p>If you test and find that the ESXi image is taking an age to boot, there are two settings we can change to drastically improve the speed of the ESXi boot.</p>
<p>Open WDS management, right click on server name, select <strong>Properties</strong> and <strong>TFTP</strong>.<br />
Set:</p>
<ul>
<li><strong>Maximum Block Size</strong> = 1450</li>
<li><strong>Enable Variable Window Extension</strong> = Unticked</li>
</ul>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="WDS TFTP Tuning" src="/images/esxi-wds-uefi/esxi-wds-uefi-13.png" /></p>
<p>Click <strong>Apply</strong> and <strong>OK</strong>. Restart the WDS service - or reboot again and test again.</p>
<h3 id="if-all-else-fails">If All Else Fails</h3>
<p>Remember <a href="https://www.wireshark.org/">Wireshark</a> is your friend!</p>
<p>Install on your WDS server and kick off a capture. You should be able to see the whole network boot process from start to finish:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="WDS Wireshark" src="/images/esxi-wds-uefi/esxi-wds-uefi-17.png" /></p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>So there we have it. In this post we:</p>
<ul>
<li>Installed a DHCP server</li>
<li>Installed a Windows Deployment Services (WDS) server</li>
<li>Configured both DHCP and WDS</li>
<li>Extracted and configured an ESXi image to be deployed via WDS</li>
<li>Fixed a couple of common pitfalls</li>
<li>Detailed a way of diagnosing issues further using Wireshark</li>
</ul>
<p>Nice!</p>
<p>Oh and we found out that it has been just over five years since I last looked at this!</p>
<p>Am I feeling old? Probably… :laughing:</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/esxi-wds-uefi/">Deploying ESXi via Windows Deployment Services: UEFI Edition</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on December 29, 2020.</p>
https://polarclouds.co.uk/esxi-arm-first-thoughts2020-10-11T01:00:00+01:002020-10-11T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="vSphere Logo" src="/images/esxi-arm-first-thoughts/esxi-arm-first-thoughts-01.png" />
With the news this week of the release of the <a href="https://blogs.vmware.com/vsphere/2020/10/announcing-the-esxi-arm-fling.html">ESXi-Arm fling</a>, coupled with me already having a Raspberry Pi (RPi) version 4 with 4GB in my possession, you’d think that I’d be all over ESXi-Arm, wanting to immediately take it out for a test drive.</p>
<p>Well, no, not really…</p>
<p>Getting into the whole RPi game a little late, I’ve had my RPi since May this year. In the time between my RPi purchase and the ESXi-Arm announcement earlier this week, ESXi has not been an option for my RPi.</p>
<p>Therefore after doing all the usual stuff like:</p>
<ul>
<li>Installing <a href="https://www.raspbian.org/">Raspbian</a></li>
<li>Turning RPi into a <a href="https://retropie.org.uk/">retro gaming rig</a></li>
<li>Turning RPi into a <a href="https://kodi.wiki/view/Raspberry_Pi">Media Player</a> with <a href="https://mediaexperience.com/raspberry-pi-xbmc-with-raspbmc/">Plex support</a></li>
</ul>
<p>All of which is a super cool and all. Props to all those involved in all of the above projects, keep up the good work!</p>
<p>I wanted to try turning my RPi into more of a server platform and perhaps migrate some of the workload of my existing R710 ESXi host onto the RPi. With ESXi-Arm not being available back then and after weighing up the other options, I felt I was left with one option that interested me:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Docker!" src="/images/esxi-arm-first-thoughts/esxi-arm-first-thoughts-04.png" /></p>
<p>Besides, if ESX-Arm <em>had</em> been available at the time, where’s the fun in just installing that?</p>
<p>To me - as a virtualisation admin - docker offered something new that I wanted to learn more about: <strong>containerisation</strong>.</p>
<p>Sure, I’d played with docker a number of times in labs before, but nothing “production ready”.</p>
<p>Plus, what better way to learn than by doing? I had:</p>
<ul>
<li>A need: To migrate some workloads off of ESXi</li>
<li>A target: Docker on RPi running on Ubuntu 20.04LTS Server</li>
<li>An interest to learn about Docker</li>
</ul>
<p>So after following some guides - there is little point in posting how to guides here when many, excellent guides already exist:</p>
<ul>
<li>Installing Ubuntu 20.04LTS Server on RPi: <a href="https://ubuntu.com/tutorials/how-to-install-ubuntu-on-your-raspberry-pi#1-overview">Ubuntu Tutorials</a></li>
<li>Installing and using Docker on Ubuntu 20.04 <a href="https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-20-04">Digital Ocean Tutorial</a></li>
<li>Running Portainer within Docker <a href="https://www.portainer.io/installation/">Portainer.io Install Guide</a></li>
</ul>
<p>Today I have six containers running on my RPi so far:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="RPi Containers" src="/images/esxi-arm-first-thoughts/esxi-arm-first-thoughts-02.png" /></p>
<p>With my RPi barely breaking a sweat:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="RPi top" src="/images/esxi-arm-first-thoughts/esxi-arm-first-thoughts-03.png" /></p>
<p>With plans for more containers in the pipeline.</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>So in conclusion; no I’m not running ESXi-Arm on my Raspberry Pi. That would have been the easy option.</p>
<p>Like millions of others, I’m using my Raspberry Pi for education. In my case containerisation education. Once I have the basics of containerisation down, I can then look at <a href="https://kubernetes.io/">Kubernetes</a> and maybe <a href="https://tanzu.vmware.com/tanzu">VMware Tanzu</a> one day.</p>
<p>Until then, I’m happy to continue to use my Raspberry Pi to add the containerisation <a href="https://www.collinsdictionary.com/dictionary/english/a-string-to-ones-bow#:~:text=If%20someone%20has%20more%20than,many%20strings%20to%20my%20bow.&text=Collins!">string to my bow</a>.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/esxi-arm-first-thoughts/">ESXi-Arm First Thoughts</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on October 11, 2020.</p>
https://polarclouds.co.uk/vmware-carbon-black-cloud-workload2020-09-29T01:00:00+01:002020-09-29T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p>Just announced at VMworld 2020!
<a href="https://www.vmworld.com/en/index.html" target="_blank"><img style="display: block; margin-left: auto; margin-right: auto;" alt="VMworld 2020" src="/images/vmware-carbon-black-cloud-workload/vmworld2020.png" /></a></p>
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="carbon black cloud workload" src="/images/vmware-carbon-black-cloud-workload/vmware-carbon-black-cloud-workload01.png" />
If you think about your typical deployment today, you’ve probably got the following infrastructure deployed:</p>
<ol>
<li>An estate of workload VMs running various tasks and (possibly) operating systems</li>
<li>Cluster(s) of virtualisation hosts to host your workload VMs</li>
<li>Management/orchestration server(s) to manage your virtualisation hosts</li>
<li>An update manager to manage the patching of your virtualisation hosts</li>
</ol>
<p>Chances are you are achieving the above today via VMware vSphere; ESXi for 2. and vCenter for 3. and 4. above.</p>
<p><strong>Question:</strong> how do you handle the security of your workload VMs?</p>
<p>Let’s look at the 2020 Gartner market guide for cloud workload protection platforms:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Workload Security Requirements" src="/images/vmware-carbon-black-cloud-workload/vmware-carbon-black-cloud-workload02.png" /></p>
<p>Chances are today you are running several disparate solutions outside of VMware vSphere solution to handle some or all of the the above requirements. What if you could combine these disparate tools into a single solution?</p>
<p>This is where vMware Carbon Black Cloud Workload comes in.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#what-is-vmware-carbon-black-cloud-workload" id="markdown-toc-what-is-vmware-carbon-black-cloud-workload">What is VMware Carbon Black Cloud Workload?</a> <ul>
<li><a href="#identify-risk" id="markdown-toc-identify-risk">Identify Risk</a></li>
<li><a href="#prevent" id="markdown-toc-prevent">Prevent</a></li>
<li><a href="#detect-and-respond" id="markdown-toc-detect-and-respond">Detect and Respond</a></li>
</ul>
</li>
<li><a href="#in-action" id="markdown-toc-in-action">In Action</a></li>
<li><a href="#versions" id="markdown-toc-versions">Versions</a></li>
<li><a href="#free-trial---why-yes" id="markdown-toc-free-trial---why-yes">Free Trial? - Why Yes!</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a> <ul>
<li><a href="#busy" id="markdown-toc-busy">Busy</a></li>
</ul>
</li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="what-is-vmware-carbon-black-cloud-workload">What is VMware Carbon Black Cloud Workload?</h2>
<p>VMware Carbon Black Cloud Workload addresses modern day security challenges in the following ways:</p>
<ul>
<li>Integrates with existing vSphere infrastructure</li>
<li>Easy deployment and lifecycle management</li>
<li>Replace legacy antivirus to reduce agents on production workloads</li>
<li>Increase visibility of workloads</li>
<li>Provide asset context via audit and/or remediation</li>
<li>Provide focus on common exploits and high-risk vulnerabilities</li>
<li>Help IT operationalize security</li>
<li>Provide shared visibility for infrastructure and Security teams</li>
<li>Make it easy to respond quickly to incidents and vulnerabilities</li>
</ul>
<p>Breaking this down further VMware Carbon Black Cloud Workload can:</p>
<h3 id="identify-risk">Identify Risk</h3>
<ul>
<li>Risk-prioritized vulnerability assessment of workloads in vCenter</li>
<li>Workload inventory status visibility in vCenter</li>
<li>Query over 2000 workload artefacts on-demand</li>
<li>Run ongoing assessments to track infrastructure hygiene</li>
<li>Take immediate action with live, remote access</li>
</ul>
<h3 id="prevent">Prevent</h3>
<ul>
<li>Stop advanced malware</li>
<li>Shut down file-less attacks</li>
<li>Easily adapt prevention</li>
<li>Replace Legacy antivirus on workload VMs</li>
</ul>
<h3 id="detect-and-respond">Detect and Respond</h3>
<ul>
<li>Enhance visibility for Security and IT teams</li>
<li>Detect anomalous activity</li>
<li>Feed response actions into hardening and prevention</li>
<li>Correlate attacks to vulnerabilities via alerts</li>
</ul>
<h2 id="in-action">In Action</h2>
<p>As this has only just been announced, screenshots of Carbon Black Cloud Workload in action are a little scarce. However, I’ve managed to snag the following:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="In action 1" src="/images/vmware-carbon-black-cloud-workload/vmware-carbon-black-cloud-workload03.png" /></p>
<p>From the above you can see the Carbon Black Cloud Workload plugin installed into vCenter and the VMware admin is taking a look at their 136 infrastructure assets - VMs, ESXi hosts and vCenters. From there they can see that across those 136 assets they have 27 critical vulnerabilities that they need to address.</p>
<p>Drilling into one of the detected vulnerabilities:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="In action 2" src="/images/vmware-carbon-black-cloud-workload/vmware-carbon-black-cloud-workload04.png" /></p>
<p>From the above we can see that our VMware admin can understand vulnerability context along with with risk score. There are also links to the <a href="https://nvd.nist.gov/">National Vulnerability Database</a>.</p>
<p>What’s more is that the VMware admin managed to gather all of the above information without having to leave the comfort of their vSphere client.</p>
<h2 id="versions">Versions</h2>
<p>Carbon Black Cloud Workload is available in the following versions:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Versions" src="/images/vmware-carbon-black-cloud-workload/vmware-carbon-black-cloud-workload05.png" />
Abbreviations:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Abbreviations" src="/images/vmware-carbon-black-cloud-workload/vmware-carbon-black-cloud-workload06.png" /></p>
<h2 id="free-trial---why-yes">Free Trial? - Why Yes!</h2>
<p>What’s more, I would like to bring your attention to this:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Special Offerings" src="/images/vmware-carbon-black-cloud-workload/vmware-carbon-black-cloud-workload07.png" /></p>
<p>Yep, there will be a free trial of Carbon Black Cloud Workload Essentials available for current vSphere and vCloud Foundation customers through to April 2021!</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>Given VMware’s purchase of Carbon Black back in October 2019, the writing was on the wall for VMware to move into the security arena. Carbon Black Cloud Workload is a culmination of that purchase.</p>
<p>As I have already mentioned throughout this post, Carbon Black Cloud Workload is a brand new product announced by VMware at VMworld 2020. Therefore details are a little scarce at present.</p>
<h3 id="busy">Busy</h3>
<p>So lets see. Over and above the 15 reasons why your VMware admin once again became your most valuable asset I gave seven years ago back in 2013 <a href="https://polarclouds.co.uk/vmware-component-integration/">HERE</a> (which doesn’t include network admin via NSX and storage admin via vSAN), your VMware admin is now even more valuable to your business; your VMware admin is now very much an integral member of your security team too!</p>
<p>Busy times for us VMware admins!! :sunglasses:</p>
<p>Back to Carbon Black Cloud Workload - I’ll try to post updates to this post when more information becomes available. :thumbsup:</p>
<p>In the meantime, checkout the <a href="https://www.carbonblack.com/products/vmware-carbon-black-cloud-workload/">VMware Carbon Black Cloud Workload product information site</a>.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/vmware-carbon-black-cloud-workload/">Introducing VMware Carbon Black Cloud Workload</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on September 29, 2020.</p>
https://polarclouds.co.uk/failed-to-expand-vmfs-datastore2020-09-16T02:00:00+01:002020-09-16T02:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX" src="/images/failed-to-expand-vmfs-datastore/failed-to-expand-01.png" />
Spun up a quick nested ESXi 7.0 VM for some testing and noticed I needed to expand VMFS datatstore to fit my VMs. As is usual, I’d sized my VM on the slightly small side.</p>
<p><em>Rather than ‘being tight’ with vSphere resources, I like to think of it as <strong>being frugal</strong> when allocating resources to VMs. The more frugal you are with resources when allocating to VMs, the more VMs you can get into the environment.<br />
More VMs equals more fun!</em> :smiley:</p>
<p>Anyway, back to the topic in hand.</p>
<p>Simple enough I thought, I’ll increase the nested ESXi’s diskspace and then expand the VMFS datastore into the newly added space. One, two, three, and oh…</p>
<p>Here is a screenshot of the error I encountered:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Failed to Expand Error Close Up" src="/images/failed-to-expand-vmfs-datastore/failed-to-expand-00.png" /></p>
<blockquote>
<p>Failed to expand VMFS datastore datatstore1 - Cannot change the host configuration.</p>
</blockquote>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Failed to Expand Error" src="/images/failed-to-expand-vmfs-datastore/failed-to-expand-02.png" /></p>
<p>So how did we get to this error? Is there a way to expand the VMFS datastore?<br /></p>
<p><strong>Spoiler Alert:</strong> Yes! There is a way to expand the VMFS, and no you don’t need to trash your datastore first!</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#reproducing-the-error" id="markdown-toc-reproducing-the-error">Reproducing the Error</a></li>
<li><a href="#solved-how-to-expand-the-datastore" id="markdown-toc-solved-how-to-expand-the-datastore">[Solved] How to Expand the Datastore</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="reproducing-the-error">Reproducing the Error</h2>
<p>Simple. Try to expand a VMFS datastore that was created on the boot disks of an ESXi install using the host web client:</p>
<p>Step 1 - select <strong>Increase capacity</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Step 1" src="/images/failed-to-expand-vmfs-datastore/failed-to-expand-03.png" /></p>
<p>Step 2 - select <strong>Expand an existing VMFS darastore</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Step 2" src="/images/failed-to-expand-vmfs-datastore/failed-to-expand-04.png" /></p>
<p>Step 3 - select the datastore to expand:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Step 3" src="/images/failed-to-expand-vmfs-datastore/failed-to-expand-05.png" /></p>
<p>Step 4 - move the slider to allocate the free space to the VMFS partition:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Step 4" src="/images/failed-to-expand-vmfs-datastore/failed-to-expand-06.png" /></p>
<p>Step 5 - confirm and click <strong>Finish</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Step 5" src="/images/failed-to-expand-vmfs-datastore/failed-to-expand-07.png" /></p>
<p>Oh look an error:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Step 6 - Error" src="/images/failed-to-expand-vmfs-datastore/failed-to-expand-08.png" /></p>
<p>Doh!</p>
<h2 id="solved-how-to-expand-the-datastore">[Solved] How to Expand the Datastore</h2>
<p>So if we can’t expand a boot drive datastore through the host web client, we are going to have to drop to the command line to achieve the expansion.</p>
<p>:warning: <strong><em>Standard disclaimers apply! Proceed at your own risk. Follows is for information only. YOU CONTROL YOUR DATA! Back it up first perhaps?</em></strong> :warning:</p>
<p>First, we need some information regarding the disks upon which the partitions are located and the partition number of the VMFS datastore to be expanded. Simple enough; browse to the datastore in the web client and find it’s extent details:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VMFS Info" src="/images/failed-to-expand-vmfs-datastore/failed-to-expand-15.png" /></p>
<p><code>Extent 0: mpx.vmhba0:C0:T0:L0, partition 8</code> is the information we are interested in.</p>
<p>Next, lets fire up an SSH session or use the <a href="https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-94F0C54F-05E3-4E16-8027-0280B9ED1009.html">DCUI</a> doesn’t matter which.</p>
<p>Lets use the information gained above to get some further info on the partition table:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">partedUtil getptbl "/vmfs/devices/disks/DeviceName"</code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Get Partition Table" src="/images/failed-to-expand-vmfs-datastore/failed-to-expand-09.png" /></p>
<p>Yep, <code>8 268437504 419430366 AA31E02A400F11DB9590000C2911D1B8 vmfs 0</code> is the VMFS partition we want to work on.</p>
<p>Next, lets confirm that the partition structure is OK before we make any changes:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">partedUtil fixGpt "/vmfs/devices/disks/DeviceName"</code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Fix Partition Table" src="/images/failed-to-expand-vmfs-datastore/failed-to-expand-10.png" /></p>
<p>Perfect. Next, let’s find the starting sector of our VMFS partition.</p>
<p>As we can see from the above screenshot, the first number after the partition number of our VMFS in the above figure is our starting sector:<br />
<code>8 <mark>268437504</mark> 419430366 AA31E02A400F11DB9590000C2911D1B8 vmfs 0</code></p>
<p>Our VMFS partition starts at sector 268437504.</p>
<p>Next, let’s find the end usable sector on the disk:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">partedUtil getUsableSectors "/vmfs/devices/disks/DeviceName"</code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Get Usable Sectors" src="/images/failed-to-expand-vmfs-datastore/failed-to-expand-11.png" /></p>
<p>As we can see from the above screenshot, the second number returned is the last usable sector on the disk:
<code>34 <mark>524287966</mark></code></p>
<p>524287966 is the last usable sector on our disk.</p>
<p>So putting the info gleamed from the previous commands, we easily can construct the partition expand command. Here is the syntax:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">partedUtil resize "/vmfs/devices/disks/DeviceName" PartitionNumber NewStartSector NewEndSector</code></pre></figure>
<p>Using the above information, our command will look like this:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">partedUtil resize "/vmfs/devices/disks/mpx.vmhba0:C0:T0:L0" 8 268437504 524287966</code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Resize" src="/images/failed-to-expand-vmfs-datastore/failed-to-expand-12.png" /></p>
<p>Nice. Partition expanded. :thumbsup:</p>
<p>Next we need to expand the VMFS file system into the expanded partition. Here is the syntax:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">vmkfstools --growfs "/vmfs/devices/disks/DeviceName:PartitionNumber" "/vmfs/devices/disks/DeviceName:PartitionNumber"</code></pre></figure>
<p>Using the above information, our command will look like this:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">vmkfstools --growfs "/vmfs/devices/disks/mpx.vmhba0:C0:T0:L0:8" "/vmfs/devices/disks/mpx.vmhba0:C0:T0:L0:8"</code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Grow VMFS" src="/images/failed-to-expand-vmfs-datastore/failed-to-expand-13.png" /></p>
<p>After refreshing the web client:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Job Done" src="/images/failed-to-expand-vmfs-datastore/failed-to-expand-14.png" /></p>
<p>BOOM! :boom: Job done! :thumbsup: :sunglasses: :thumbsup:</p>
<p>All in all, not difficult if you know which commands to run and where to glean the information to put into the commands.</p>
<p>For more information on the ESXi partedUtil command line utility, take a look at <a href="https://kb.vmware.com/s/article/1036609">VMware KB 1036609</a>.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/failed-to-expand-vmfs-datastore/">Failed to Expand VMFS Datastore - Cannot Change the Host Configuration</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on September 16, 2020.</p>
https://polarclouds.co.uk/esxi7-missing-percs-pt22020-09-10T01:00:00+01:002020-09-10T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Controller" src="/images/esxi7-missing-percs/esxi7-missing-percs-00.png" />
Regular readers will know that at in part 3 of the Workaround ESXi CPU Unsupported Error series (<a href="https://polarclouds.co.uk/workaround-esxi-cpu-unsupported/">Check the series out</a>), during my very limited testing I found that whilst my Dell R710 home server was booting and running ESXi 7.0 quite happily; with just the one exception…. No datastores.</p>
<p>I followed that discovery up with a tentative - yet ultimately unsuccessful attempt to re-add support for the Dell PERC H700 array controller into ESXi 7.0. Read about my exploits in <a href="https://polarclouds.co.uk/esxi7-missing-percs/">ESXi 7.0: The Missing PERC(s), Lost Control-er</a>. What follows is an update to that post.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#hopes-and-dreams" id="markdown-toc-hopes-and-dreams">Hopes and Dreams</a></li>
<li><a href="#upgrade-to-perc-h710" id="markdown-toc-upgrade-to-perc-h710">Upgrade to PERC H710</a></li>
<li><a href="#but-wait-theres-more" id="markdown-toc-but-wait-theres-more">But Wait There’s More</a> <ul>
<li><a href="#bonus-1---cabling" id="markdown-toc-bonus-1---cabling">Bonus 1 - Cabling</a></li>
<li><a href="#bonus-2---esxi-70-driver" id="markdown-toc-bonus-2---esxi-70-driver">Bonus 2 - ESXi 7.0 Driver</a></li>
</ul>
</li>
<li><a href="#upgrading-from-h700-to-h710" id="markdown-toc-upgrading-from-h700-to-h710">Upgrading From H700 to H710</a> <ul>
<li><a href="#backup-backup-backup" id="markdown-toc-backup-backup-backup">Backup, Backup, Backup</a></li>
<li><a href="#removing-the-h700-and-fitting-the-h710" id="markdown-toc-removing-the-h700-and-fitting-the-h710">Removing the H700 and Fitting the H710</a></li>
<li><a href="#first-power-on" id="markdown-toc-first-power-on">First Power On</a></li>
</ul>
</li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="hopes-and-dreams">Hopes and Dreams</h2>
<p>At time of writing this post, it has been just over four and a half months since my original missing PERC post and unfortunately - although not really unexpectedly - there has been no release of an ESXi 7.0 compatible native driver for the H700 or LSI 2108 based array controllers in general.</p>
<p>Along with the brilliant feedback from the community (you guys rule :thumbsup:) even with the driver shenanigans, my initial hopes and dreams of LSI 2108 support in ESXi 7.0 where not to come to pass. Sure, it’s the way it goes, older hardware whilst still fully functional ends up obsolete purely due to lack of software support.</p>
<p>Galling? Yes. Very.</p>
<h2 id="upgrade-to-perc-h710">Upgrade to PERC H710</h2>
<p>Yep, so I bit the bullet and invested in a H710 RAID adapter.</p>
<p>The plan being to get the H710 installed and running under ESXi 6.7 first and then upgrade to ESXi 7.0 later, once the H710 has settled in.</p>
<p>Looking through the <a href="https://www.dell.com/downloads/global/products/pvaul/en/dell-perc-h710p-spec-sheet.pdf">Dell spec sheet</a>, the H710 is based on the LSI SAS2208 chipset. Again, LSI being LSI, the SAS2208 chipset is used in many, many other array controllers. Here’s just a small selection of some of the more popular cards:</p>
<ul>
<li>LSI MegaRAID SAS 9265-8i - <a href="https://docs.broadcom.com/doc/12352136">pdf</a></li>
<li>IBM / Lenovo ServeRAID M5110 and M5110e - <a href="https://lenovopress.com/tips0857.pdf">pdf</a></li>
<li>IBM / Lenovo ServeRAID M5120 - <a href="https://lenovopress.com/tips0858.pdf">pdf</a></li>
<li>Fujitsu Server MegaRAID SAS 9286CV-8e SAS -<a href="https://sp.ts.fujitsu.com/dmsp/Publications/public/ds-py-raid-5-6-SAS-9286CV-8e.pdf">pdf</a></li>
<li>Intel RS25DB080 - <a href="https://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/raid-controller-rs25db080-brief.pdf">pdf</a></li>
<li>Intel RMS25PB0x0 / RMS25CB0x0 - <a href="https://www.intel.com/content/dam/support/us/en/documents/motherboards/server/sb/g37519003_rms25pb080_rms25pb040_rms25cb080_rms25cb.pdf">pdf</a></li>
<li>Cisco UCS B420 M3 UCS blade - <a href="https://www.cisco.com/c/dam/global/en_in/assets/ucs/matrix/r_hcl_B_2-11.pdf">pdf</a></li>
<li>HP H210 / H220 HBA - <a href="https://h20195.www2.hpe.com/v2/getpdf.aspx/c04111455.pdf">pdf</a></li>
<li>Dell PERC H810 - <a href="https://www.dell.com/downloads/global/products/pvaul/en/dell-perc-h810-spec-sheet.pdf">pdf</a></li>
</ul>
<p>A more complete list of LSI SAS2208 based controllers is available on the <a href="https://forums.servethehome.com/index.php?threads/lsi-raid-controller-and-hba-complete-listing-plus-oem-models.599/post-4319">Serve The Home Forums</a>.</p>
<p>The H710 mini is designed to fit into a later 12th generation (PowerEdge Rx20) servers as can be seen from it’s proprietary connector:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="H710 Mini" src="/images/esxi7-missing-percs-pt2/esxi7-missing-percs2-01.jpg" /></p>
<p>Where as the H710P adapter has a standard PCIe connector:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="H710P" src="/images/esxi7-missing-percs-pt2/esxi7-missing-percs2-02.jpg" /></p>
<p>Luckily enough, I was able to pick up my H710P adapter on ebay from a UK seller for £50 including postage. Bargain!</p>
<h2 id="but-wait-theres-more">But Wait There’s More</h2>
<h3 id="bonus-1---cabling">Bonus 1 - Cabling</h3>
<p>As mentioned in a <a href="http://disq.us/p/2ba915j">comment by Mike Vasquez</a> (cheers Mike!) in an R710 server, the H700 cables work just fine with the H710. Yep they sure do:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="H710 Fitment" src="/images/esxi7-missing-percs-pt2/esxi7-missing-percs2-03.jpg" /></p>
<h3 id="bonus-2---esxi-70-driver">Bonus 2 - ESXi 7.0 Driver</h3>
<p>Checking the <a href="https://www.vmware.com/resources/compatibility/detail.php?deviceCategory=io&productid=21816&vcl=true">VMware Compatibility Guide for the H710 adapter</a>, surprise upon surprise there is a separate ESXi 7.0 driver available!!! <a href="https://my.vmware.com/group/vmware/downloads/details?downloadGroup=DT-ESXI65-AVAGO-DELL-SHARED-PERC8-068069000-1OEM&productId=614&download=true&fileId=121def8bb0401e05ad993f36f7ce0343&uuId=0ea62858-446c-4924-bc08-29d0739edc31">Check it out here</a>.</p>
<p>Strangely the release notes for the driver talk about ESXi 6.5 support:</p>
<blockquote>
<p>VMware ESXi 6.5 GA support for the Dell Shared Perc H710 Adapter 6Gbps Family of SAS controllers<br />
Driver name and version:dell-shared-perc8-06.806.90.00-1OEM.650.0.0.4598673<br />
Compatible ESX version: VMware ESXi 6.5<br />
Controller Firmware Package:23.14.06.0013<br />
Dependencies: None<br />
Bugs fixed (compared to earlier release of driver): Fixes a potential issue where in a clustered configuration snapshot, VMotion, and cloning operations could fail when writing to shared storage.<br />
Known Issues and Workarounds: None<br />
Additional configuration options supported by the driver: None<br /></p>
</blockquote>
<p>Having said that, I think I’ll stick with the “in box” lsi-mr3 ESXi 7.0 native driver.</p>
<p>…but I’m getting ahead of myself.</p>
<h2 id="upgrading-from-h700-to-h710">Upgrading From H700 to H710</h2>
<p>Let’s talk about the worrying part of all of this: is it possible to upgrade from a H700 to a H710 <strong>WITHOUT DATA LOSS</strong>?</p>
<p>Will an LSI 2208 controller read, accept and run with an array created by an LSI 2108 controller? Let’s find out!</p>
<h3 id="backup-backup-backup">Backup, Backup, Backup</h3>
<p>Yep, I spent the best part of a day backing up all of my data. Finding out the hard way that such an upgrade is indeed not possible was at the forefront of my day spent preparing for the upgrade.</p>
<h3 id="removing-the-h700-and-fitting-the-h710">Removing the H700 and Fitting the H710</h3>
<p>Simple enough, power off the server, unplug and remove the H700 array controller and plug in the H710 array controller.</p>
<p>As the H710 array controller isn’t “an official option” for the PowerEdge R710 server, chances are that it won’t work in the R710’s dedicated storage adapter slot. I didn’t bother taking the time to find out, I simply plugged my H710 controller into PCI slot 2 as can be seen from the picture above.</p>
<p>Plug in the SAS cables and it’s job done.</p>
<h3 id="first-power-on">First Power On</h3>
<p>Let’s power on…</p>
<p>Remember, the plan is to get the H710 installed and running under ESXi 6.7 first and then upgrade to ESXi 7.0 later, once the H710 has settled in.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Power On 1" src="/images/esxi7-missing-percs-pt2/esxi7-missing-percs2-04.png" /></p>
<p>OK, so H710 initialising OK. Looks like firmware is latest version too, version <a href="https://www.dell.com/support/home/en-uk/drivers/driversdetails?driverid=9mhj5">21.3.5-0002</a>.</p>
<p>Lets quickly press <strong>F</strong> to import the foreign configuration (to the controller) from the disks:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Power On 2" src="/images/esxi7-missing-percs-pt2/esxi7-missing-percs2-05.png" /></p>
<p>Hmmm, slightly more worrying…</p>
<blockquote>
<p>All of the disks from your previous configuration are gone</p>
</blockquote>
<p>Lets hope it’s talking about the configuration on the controller… :worried:</p>
<p>Press <strong>Y</strong> to continue and make configuration changes and hold my breath:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Power On 3" src="/images/esxi7-missing-percs-pt2/esxi7-missing-percs2-06.png" /></p>
<p>:boom:<strong>BOOM!</strong>:boom: Two RAID5 sets, six disks… <strong>HORRAY!!!</strong> :grin:</p>
<p>Right let’s look further. Yep, six online disks:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Power On 4" src="/images/esxi7-missing-percs-pt2/esxi7-missing-percs2-07.png" /></p>
<p>Controller BIOS is enabled. I’m booting from USB anyway, so not a big deal:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Power On 5" src="/images/esxi7-missing-percs-pt2/esxi7-missing-percs2-08.png" /></p>
<p>Yep, firmware up to date and card fitted into slot 2:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Power On 6" src="/images/esxi7-missing-percs-pt2/esxi7-missing-percs2-09.png" /></p>
<p>Let’s exit out of the H710 configuration utility and continue to boot back into ESXi 6.7:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Power On 7" src="/images/esxi7-missing-percs-pt2/esxi7-missing-percs2-10.png" /></p>
<p>Once ESXi boots, lets take a look at the ESXi host Web client. Yep H710 recognised:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Power On 8" src="/images/esxi7-missing-percs-pt2/esxi7-missing-percs2-11.png" /></p>
<p>What’s more is that it’s using the in box ESXi 6.7 lsi_mr3 driver:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Power On 9" src="/images/esxi7-missing-percs-pt2/esxi7-missing-percs2-12.png" /></p>
<p>Checking using the <a href="https://www.dell.com/support/article/en-uk/sln283135/how-to-use-the-poweredge-raid-controller-perc-command-line-interface-cli-utility-to-manage-your-raid-controller?lang=en">perccli add in</a>, looks good:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Power On 10" src="/images/esxi7-missing-percs-pt2/esxi7-missing-percs2-13.png" /></p>
<p>Finally, checking via Dell OpenManage, looks like the array controller is re-initialising the arrays in the background:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Power On 11" src="/images/esxi7-missing-percs-pt2/esxi7-missing-percs2-14.png" /></p>
<p>Lets bring all of the VMs back online and leave the background initialisation to continue in the er, background. :grin:</p>
<p>All in all, it took just under 12 hours to finish the background initialisation of both RAID5 sets.</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>So there we have it. From this we have learned that:</p>
<ul>
<li>a PERC H710 will import and run with a PERC H700 created RAID set quite happily<br />
or<br /></li>
<li>an LSI 2208 chipset will run with an LSI 2108 created RAID set quite happily<br />
or<br /></li>
<li>an LSI MegaRAID SAS 9265 run with an LSILSI MegaRAID SAS 9260 created RAID set quite happily</li>
</ul>
<p>Potentially you could cross vendors too - say replace an Lenovo / IBM ServeRAID M5015 with a Intel RS25DB080… well, you get my drift.</p>
<p>Anyway, I’ll let this settle in a little further after which it’s ESXi 7.0 time. Don’t worry, rest assured, I’ll post here when I complete the upgrade. :wink:</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/esxi7-missing-percs-pt2/">ESXi 7.0: The Missing PERC(s) - Part 2</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on September 10, 2020.</p>
https://polarclouds.co.uk/budget-vm-recovery-pt32020-09-02T01:00:00+01:002020-09-02T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="VM Recovery" src="/images/budget-vm-recovery-pt1/budget-vm-recovery-00.png" />
Last time we paired our sites and kicked off some VM replication, <a href="https://polarclouds.co.uk/budget-vm-recovery-pt2/">catch up now</a>. It’s a great read. :wink:</p>
<p>This time we will look at how to recover from a disaster using our replicated VM.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#oooops-i-broke-it" id="markdown-toc-oooops-i-broke-it">Oooops, I broke It!</a></li>
<li><a href="#step-1-recovery-to-secondary-site" id="markdown-toc-step-1-recovery-to-secondary-site">Step 1: Recovery to Secondary Site</a></li>
<li><a href="#step-2-replicate-changes-back-to-primary-site" id="markdown-toc-step-2-replicate-changes-back-to-primary-site">Step 2: Replicate Changes Back to Primary Site</a></li>
<li><a href="#step-3-power-on-recovered-vm" id="markdown-toc-step-3-power-on-recovered-vm">Step 3: Power on Recovered VM</a></li>
<li><a href="#post-recovery-clean-up-and-reprotection" id="markdown-toc-post-recovery-clean-up-and-reprotection">Post Recovery Clean Up and Reprotection</a> <ul>
<li><a href="#clean-up-secondary-site" id="markdown-toc-clean-up-secondary-site">Clean Up Secondary Site</a></li>
<li><a href="#reprotection-of-primary-vm" id="markdown-toc-reprotection-of-primary-vm">Reprotection of Primary VM</a></li>
</ul>
</li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<p><br />First off, let’s double check that our VM is still being replicated. Yep looks good:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 1" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-01.png" /></p>
<h2 id="oooops-i-broke-it">Oooops, I broke It!</h2>
<p>Let’s <del>intentionally</del> accidently cause a disaster by breaking our replicated VM. Shall we uninstall the storage controller driver? Yes, let’s:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 2" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-02.png" /></p>
<p>For good measure, let’s rename the driver file too. <em>Belt and braces breakage</em> :wink:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 3" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-03.png" /></p>
<p>Cheeky reboot… <strong>Oh noes! :dizzy_face: It’s BSODing broke:</strong></p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 4" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-04.png" /></p>
<p>Oh dear! Looks like I need to recover my VM! :astonished:</p>
<h2 id="step-1-recovery-to-secondary-site">Step 1: Recovery to Secondary Site</h2>
<p>Firstly <strong>power off the failed VM</strong>. Don’t delete the failed VM from the inventory. We’ll need it later.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Dead Already" src="/images/budget-vm-recovery-pt3/DeadAlready.png" />
<em>Leave it… Besides, <a href="https://www.youtube.com/watch?v=fHAOWLhrxhQ" target="_blank">it’s dead already</a></em></p>
<p>Next, let’s head into Site Recovery on Site B, navigate to incoming replications and select <strong>Recover</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 5" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-05.png" /></p>
<p>As our source VM is dead (Jim), let’s recover from the latest data already replicated to Site B:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 6" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-06.png" /></p>
<p>We’ll select Site B to house our recovered VM:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 7" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-07.png" /></p>
<p>Select our Site B ESXi Host:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 8" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-08.png" /></p>
<p>And finish. For the moment, we don’t care that our recovered VM will be disconnected from the network:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 9" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-09.png" /></p>
<p>Boom! Recovery to Site B complete:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 10" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-10.png" /></p>
<p>Power on the recovered VM in Site B and let’s see if it boots OK. Looks good:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 11" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-11.png" /></p>
<p>If it didn’t boot for whatever reason, we have the opportunity to go back in time via reverting to snapshots taken as per our replication interval setup in <a href="https://polarclouds.co.uk/budget-vm-recovery-pt2/#configure-vm-replication">Part 2</a>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 12" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-12.png" /></p>
<p>As we are good, let’s delete those old snapshots:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 13" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-13.png" /></p>
<p>As we have recovered the VM into site B and all is good, let’s clean up replication:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 14" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-14.png" /></p>
<p>Gracefully:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 15" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-15.png" /></p>
<h2 id="step-2-replicate-changes-back-to-primary-site">Step 2: Replicate Changes Back to Primary Site</h2>
<p>So we have a good VM, but it’s running off the network in our secondary site. How do we get it back onto our primary site and back on the network?</p>
<p>Here’s how.</p>
<p>Firstly, login to the site recovery on the secondary site. From there, select <strong>Replications - Outgoing - New</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 16" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-16.png" /></p>
<p>Setup replication from secondary site back to primary site, as previously completed in <a href="https://polarclouds.co.uk/budget-vm-recovery-pt2/#configure-vm-replication">Part 2</a>, however when prompted tick <strong>Select seeds</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 17" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-17.png" /></p>
<p>Selecting seeds will allow us to compare our working VM on our secondary site with the previously failed VM on primary site and replicate <strong>only the changes</strong> back to the primary site. Replicating just the changes back to our primary site will save on both time and network bandwidth.</p>
<p>Confirm seeds are correct and tick the confirmation box:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 18" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-18.png" /></p>
<p>Configure replication settings:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 19" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-19.png" /></p>
<p>Review and click <strong>Finish</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 20" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-20.png" /></p>
<p>As can be seen, only changes are replicated back to the primary site:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 21" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-21.png" /></p>
<p>Replication from secondary site to primary site complete:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 22" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-22.png" /></p>
<h2 id="step-3-power-on-recovered-vm">Step 3: Power on Recovered VM</h2>
<p>Let’s power on our recovered VM back on our primary site. Looks good:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 23" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-23.png" /></p>
<p>Checking for snapshots, there are none:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 24" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-24.png" /></p>
<p>VM recovered, back on the network, service restored, day saved, everyone happy, :sunglasses: bonus payment in the post :moneybag::moneybag:</p>
<h2 id="post-recovery-clean-up-and-reprotection">Post Recovery Clean Up and Reprotection</h2>
<p>A couple of house keeping jobs now that our VM bas been recovered.</p>
<h3 id="clean-up-secondary-site">Clean Up Secondary Site</h3>
<p>Let’s power off the replica on our secondary site:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 25" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-25.png" /></p>
<p>To avoid future confusion, let’s remove it from the secondary site inventory.</p>
<p>As you’ll see below, just removing the VM from the inventory rather than deleting it will save us time and network bandwidth later on:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 26" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-26.png" /></p>
<p>Yep, confirm removal from inventory:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 27" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-27.png" /></p>
<h3 id="reprotection-of-primary-vm">Reprotection of Primary VM</h3>
<p>As we’ve already covered configuring replication in <a href="https://polarclouds.co.uk/budget-vm-recovery-pt2/#configure-vm-replication">Part 2</a>, using seeds <a href="https://polarclouds.co.uk/budget-vm-recovery-pt3/#step-2-replicate-changes-back-to-primary-site">just above</a>, I won’t cover that again. Suffice to say that replicating just the initial changes back to the secondary site will save both time and bandwidth (but you knew that already :wink:):</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 28" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-28.png" /></p>
<p>aaaand we’re done:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Part 3 - 29" src="/images/budget-vm-recovery-pt3/budget-vm-recovery3-29.png" /></p>
<p>Not only has our primary site production VM recovered, it’s also being replicated to our secondary site just as it was at the beginning of this post.</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>So there we have it. In this series we (click a link to take another look):</p>
<ul>
<li><a href="https://polarclouds.co.uk/budget-vm-recovery-pt1/">Discovered vSphere Replication</a></li>
<li><a href="https://polarclouds.co.uk/budget-vm-recovery-pt1/#deploying-vsphere-recovery-appliances">Setup vSphere Replication appliances</a></li>
<li><a href="https://polarclouds.co.uk/budget-vm-recovery-pt2/#configure-vm-replication">Configured VM replication</a></li>
<li><a href="https://polarclouds.co.uk/budget-vm-recovery-pt3/#oooops-i-broke-it">Killed our primary VM</a></li>
<li><a href="https://polarclouds.co.uk/budget-vm-recovery-pt3/#step-1-recovery-to-secondary-site">Recovered our failed VM to our secondary / recovery site</a></li>
<li><a href="https://polarclouds.co.uk/budget-vm-recovery-pt3/#step-2-replicate-changes-back-to-primary-site">Replicated our recovered VM back to our primary site</a></li>
<li><a href="https://polarclouds.co.uk/budget-vm-recovery-pt3/#post-recovery-clean-up-and-reprotection">Reprotected our primary VM again</a></li>
</ul>
<p>Links to the other parts of series are as follows:</p>
<ul>
<li>Part 1: <a href="https://polarclouds.co.uk/budget-vm-recovery-pt1/">No money, no problem: Introduction and Deployment</a></li>
<li>Part 2: <a href="https://polarclouds.co.uk/budget-vm-recovery-pt2/">Site Pairing and Replication Configuration</a></li>
<li>Part 3: This part - Disaster Strikes!</li>
</ul>
<p>As we saw, recovering replicated VMs from disaster is quite a simple process.</p>
<p>Until next time :thumbsup::sunglasses::thumbsup:</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/budget-vm-recovery-pt3/">vSphere VM Recovery on a Budget - Part 3</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on September 02, 2020.</p>
https://polarclouds.co.uk/budget-vm-recovery-pt22020-08-28T01:00:00+01:002020-08-28T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="VM Recovery" src="/images/budget-vm-recovery-pt1/budget-vm-recovery-00.png" />
Last time we deployed and configured our vSphere replication appliances, <a href="https://polarclouds.co.uk/budget-vm-recovery-pt1/">catch up now</a>. It’s a great read. :wink:</p>
<p>This time we will configure our vSphere replication appliances and kick off some replications.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#the-lab" id="markdown-toc-the-lab">The Lab</a></li>
<li><a href="#site-pairing" id="markdown-toc-site-pairing">Site Pairing</a></li>
<li><a href="#configure-vm-replication" id="markdown-toc-configure-vm-replication">Configure VM Replication</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="the-lab">The Lab</h2>
<p>We have vSphere replication deployed into my two site lab:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VRA Lab" src="/images/budget-vm-recovery-pt1/budget-vm-recovery-01.png" /></p>
<p>Which looks like this in vCenter - Site Recovery:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Two Replication Appliances" src="/images/budget-vm-recovery-pt1/budget-vm-recovery-20.png" /></p>
<h2 id="site-pairing">Site Pairing</h2>
<p>Before we can replicate VMs across sites, we need to set up our site pairing.</p>
<p>From vCenter - Site Recovery, click <strong>OPEN Site Recovery</strong> for our first site (lab: vc-site-a.lab, Site A):</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Open SRA in Site A" src="/images/budget-vm-recovery-pt2/budget-vm-recovery2-01.png" /></p>
<p>Click <strong>New Site Pair</strong>, select our local vCenter (lab: vc-site-a.lab), enter the details of our remote vCenter (lab: vc-site-b.lab) and click <strong>Next</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Pair Sites 1" src="/images/budget-vm-recovery-pt2/budget-vm-recovery2-02.png" /></p>
<p>If prompted, accept certificate warning.</p>
<p>Select second site vCenter along with it’s replication appliance and click <strong>Next</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Pair Sites 2" src="/images/budget-vm-recovery-pt2/budget-vm-recovery2-03.png" /></p>
<p>Confirm configuration and click <strong>Finish</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Pair Sites 3" src="/images/budget-vm-recovery-pt2/budget-vm-recovery2-04.png" /></p>
<p>Back in Site Recovery, the site pair should now be detailed:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Pair Sites 4" src="/images/budget-vm-recovery-pt2/budget-vm-recovery2-05.png" /></p>
<h2 id="configure-vm-replication">Configure VM Replication</h2>
<p>Now that we have the sites paired, let’s get some VM replication up and running.</p>
<p>From Site Recovery, click <strong>View Details</strong> under the site pair created above. Confirm that the appliances are connected:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Sites Connected" src="/images/budget-vm-recovery-pt2/budget-vm-recovery2-06.png" /></p>
<p>Click <strong>Replications</strong> and <strong>New</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="New VM Replication 1" src="/images/budget-vm-recovery-pt2/budget-vm-recovery2-07.png" /></p>
<p>Confirm target site and click <strong>Next</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="New VM Replication 2" src="/images/budget-vm-recovery-pt2/budget-vm-recovery2-08.png" /></p>
<p>Select a VM from the inventory and click <strong>Next</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="New VM Replication 3" src="/images/budget-vm-recovery-pt2/budget-vm-recovery2-09.png" /></p>
<p>Select target datastore, modify disk format if required and click <strong>Next</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="New VM Replication 4" src="/images/budget-vm-recovery-pt2/budget-vm-recovery2-10.png" /></p>
<p>Configure <a href="https://en.wikipedia.org/wiki/Disaster_recovery#Recovery_Point_Objective">RPO</a>, Enable point in time instances if required, enable network compression for VR data (recommended) as required and click <strong>Next</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="New VM Replication 5" src="/images/budget-vm-recovery-pt2/budget-vm-recovery2-11.png" /></p>
<p>Review configuration and click <strong>Finish</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="New VM Replication 6" src="/images/budget-vm-recovery-pt2/budget-vm-recovery2-12.png" /></p>
<p>Back under Replications - Outgoing, confirm that initial sync begins:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="New VM Replication Initial Sync" src="/images/budget-vm-recovery-pt2/budget-vm-recovery2-13.png" /></p>
<p>Repeat for any further VMs to be replicated.</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>In this post we paired our sites, configured vSphere replication and got our VM(s) replicated.</p>
<p>Next time we’ll try to recover a replicated VM from a disaster… :dizzy_face: :astonished:</p>
<p>This was part 2 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="https://polarclouds.co.uk/budget-vm-recovery-pt1/">No money, no problem: Introduction and Deployment</a></li>
<li>Part 2: This part - Site Pairing and Replication Configuration</li>
<li>Part 3: <a href="https://polarclouds.co.uk/budget-vm-recovery-pt3/">Disaster Strikes!</a></li>
</ul>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/budget-vm-recovery-pt2/">vSphere VM Recovery on a Budget - Part 2</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on August 28, 2020.</p>
https://polarclouds.co.uk/budget-vm-recovery-pt12020-08-19T01:00:00+01:002020-08-19T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="VM Recovery" src="/images/budget-vm-recovery-pt1/budget-vm-recovery-00.png" />
Recently an opportunity came up to to assist a team with deploying two new vSphere environments.</p>
<p>Within these new environments, they wanted to have a level of VM by VM recovery across the two sites without breaking the bank. For their use case, I suggested they use vSphere Replication.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#what-is-vsphere-replication" id="markdown-toc-what-is-vsphere-replication">What is vSphere Replication?</a></li>
<li><a href="#the-lab" id="markdown-toc-the-lab">The Lab</a></li>
<li><a href="#deploying-vsphere-recovery-appliances" id="markdown-toc-deploying-vsphere-recovery-appliances">Deploying vSphere Recovery Appliances</a> <ul>
<li><a href="#first-site" id="markdown-toc-first-site">First Site</a></li>
<li><a href="#second-site" id="markdown-toc-second-site">Second Site</a></li>
</ul>
</li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="what-is-vsphere-replication">What is vSphere Replication?</h2>
<p>VMware vSphere Replication is an asynchronous replication and recovery solution that offers VM protection at a lower cost than some third party solutions. vSphere replication can be leveraged for data protection:</p>
<ul>
<li>Locally within a single vSphere site</li>
<li>Across two or more vSphere sites</li>
<li>To a service provider cloud</li>
</ul>
<p>Additionally, vSphere Replication provides flexible recovery options, ensures consistent application and VM data as well as nicely integrating into the vSphere stack. Finally, vSphere replication can also be used in data centre migration scenarios.</p>
<p>Cost wise, vSphere Replication does not have a separate license as it is a feature of certain vSphere license editions. Those editions are:</p>
<ul>
<li>vSphere Essentials Plus</li>
<li>vSphere Standard</li>
<li>vSphere Enterprise</li>
<li>vSphere Enterprise Plus</li>
</ul>
<p>If you have the correct vSphere license, there is no limit on the number of virtual machines that you can replicate by using vSphere Replication.</p>
<p>Further information can be found on the <a href="https://www.vmware.com/uk/products/vsphere/replication.html">VMware vSphere Replication Site</a>.</p>
<h2 id="the-lab">The Lab</h2>
<p>For this series, I’m going to deploy vSphere replication into my two site lab:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VRA Lab" src="/images/budget-vm-recovery-pt1/budget-vm-recovery-01.png" /></p>
<p>Regular readers may recognise this lab from my VMware NSX Data Center for vSphere Failover/Failback series. Wait, what, you haven’t checked those out yet?</p>
<p>Here you go: <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt1/">VMware NSX Data Center for vSphere Failover/Failback - Part 1</a>. You’ll love them! Don’t forget to come back when you’re done :wink:</p>
<p>Finally, NSX is not needed for vSphere replication and with the shameless plug over, lets get on with the deployment.</p>
<h2 id="deploying-vsphere-recovery-appliances">Deploying vSphere Recovery Appliances</h2>
<h3 id="first-site">First Site</h3>
<p>Download the replication appliance from the <a href="https://my.vmware.com/group/vmware/get-download?downloadGroup=VR8302">VMware download site</a>. For this post I’ll be using VMware vSphere Replication v8.3.0.2.</p>
<p>Mount the ISO file. If deploying from Windows 10, simply double click the ISO file to mount it as a virtual optical drive.</p>
<p>Right click the ESXi host, and select <strong>Deploy OVF Template</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Deploy 1" src="/images/budget-vm-recovery-pt1/budget-vm-recovery-02.png" /></p>
<p>Select the following five files from the bin folder of the ISO:</p>
<ul>
<li>vSphere_Replication_OVF10.cert</li>
<li>vSphere_Replication_OVF10.mf</li>
<li>vSphere_Replication_OVF10.ovf</li>
<li>vSphere_Replication-support.vmdk</li>
<li>vSphere_Replication-system.vmdk</li>
</ul>
<p>and click <strong>Open</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Deploy 2" src="/images/budget-vm-recovery-pt1/budget-vm-recovery-03.png" /></p>
<p>Name the appliance and click <strong>Next</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Deploy 3" src="/images/budget-vm-recovery-pt1/budget-vm-recovery-04.png" /></p>
<p>Select the appropriate ESXi host and click <strong>Next</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Deploy 4" src="/images/budget-vm-recovery-pt1/budget-vm-recovery-05.png" /></p>
<p>Review the appliance details and click <strong>Next</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Deploy 5" src="/images/budget-vm-recovery-pt1/budget-vm-recovery-06.png" /></p>
<p>Accept the agreement and click <strong>Next</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Deploy 6" src="/images/budget-vm-recovery-pt1/budget-vm-recovery-07.png" /></p>
<p>Select the number of vCPUs to provision the appliance with. In my lab, I’m going to stick with two and click <strong>Next</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Deploy 7" src="/images/budget-vm-recovery-pt1/budget-vm-recovery-08.png" /></p>
<p>Select virtual disk format, appropriate datastore and click <strong>Next</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Deploy 8" src="/images/budget-vm-recovery-pt1/budget-vm-recovery-09.png" /></p>
<p>Select appropriate network to connect the VRA to. As per my diagram above, I’m plugging mine into the Management LAN on Site A:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Deploy 9" src="/images/budget-vm-recovery-pt1/budget-vm-recovery-10.png" /></p>
<p>Complete the remaining configuration items such as passwords, IP details etc:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Deploy 10" src="/images/budget-vm-recovery-pt1/budget-vm-recovery-11.png" /></p>
<p>Click <strong>Next</strong> to accept the vCenter binding:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Deploy 11" src="/images/budget-vm-recovery-pt1/budget-vm-recovery-12.png" /></p>
<p>Review the configuration and click <strong>Finish</strong> to kick off the OVF deployment:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Deploy 12" src="/images/budget-vm-recovery-pt1/budget-vm-recovery-13.png" /></p>
<p>Once the appliance has deployed, power it on and browse to https://VRA:5480 (lab: https://vra-site-a.lab:5480) and login with the credentials:</p>
<p>Username: root <br />
Password: (as set above)</p>
<p>Select <strong>System - Time Zone</strong> and configure your correct time zone and click <strong>Save Settings</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Time Zone" src="/images/budget-vm-recovery-pt1/budget-vm-recovery-14.png" /></p>
<p>Select <strong>System - Information</strong> and <strong>Reboot</strong> to reboot the appliance now that the correct time zone is set.</p>
<p>Once the appliance has rebooted, browse to https://VRA:5480 (lab: https://vra-site-a.lab:5480) and login again.</p>
<p>Select <strong>VR - Configuration</strong> confirm the following are correct, change if not:</p>
<ul>
<li>Lookup Service Address</li>
<li>SSO Credentials</li>
<li>VRM Host</li>
<li>VRM Site Name</li>
<li>vCenter Details</li>
</ul>
<p>Click <strong>Save and Restart Service</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Configure Service" src="/images/budget-vm-recovery-pt1/budget-vm-recovery-15.png" /></p>
<p>If prompted, accept the SSL certificate presented.</p>
<p>Should you run into problems, confirm that the VRM Host name set is EXACTLY the same as that set in <strong>Network - Address - Hostname</strong>, including upper/lower case.</p>
<p>Once configuration has completed, both the VRM and Tomcat services should show as running:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Services Running" src="/images/budget-vm-recovery-pt1/budget-vm-recovery-16.png" /></p>
<p>Back at vCenter, log out and back in which will allow the SRM vCenter plugin to load. If prompted refresh your browser.</p>
<p>Click <strong>Menu</strong> and select <strong>Site Recovery</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site Recovery Option" src="/images/budget-vm-recovery-pt1/budget-vm-recovery-17.png" /></p>
<p>The newly deployed replication appliance should be listed. Click <strong>Open Site Recovery</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site Recovery" src="/images/budget-vm-recovery-pt1/budget-vm-recovery-18.png" /></p>
<p>Once logged into site recovery, the Replications within the same vCenter Server dialogue should be shown:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site Recovery Interface" src="/images/budget-vm-recovery-pt1/budget-vm-recovery-19.png" /></p>
<p>That’s it for Site A.</p>
<h3 id="second-site">Second Site</h3>
<p>Simply repeat the above process above, selecting an ESXi host located in Site B in step one as well as using Site B appropriate configuration details when prompted.</p>
<p>Once deployed, logout of vCenter, login and open site recovery. Confirm both replication appliances are now shown:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Two Replication Appliances" src="/images/budget-vm-recovery-pt1/budget-vm-recovery-20.png" /></p>
<p>Finally from within site recovery confirm that both vCenters are listed in the Replications within the same vCenter Server dialogue:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site Recovery Interface with Two VSRs" src="/images/budget-vm-recovery-pt1/budget-vm-recovery-21.png" /></p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>In this post we had a quick introduction into vSphere Replication. Additionally, we deployed two vSphere replication appliances. Next time in part two we’ll get into configuring replication between the appliances and getting our VMs replicated.</p>
<p>Finally we’ll try to recover from a disaster… :dizzy_face: :astonished:</p>
<p>This was part 1 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: This part - No money, no problem: Introduction and Deployment</li>
<li>Part 2: <a href="https://polarclouds.co.uk/budget-vm-recovery-pt2/">Site Pairing and Replication Configuration</a></li>
<li>Part 3: <a href="https://polarclouds.co.uk/budget-vm-recovery-pt3/">Disaster Strikes!</a></li>
</ul>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/budget-vm-recovery-pt1/">vSphere VM Recovery on a Budget - Part 1</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on August 19, 2020.</p>
https://polarclouds.co.uk/nsx-data-center-failover-pt42020-08-12T01:00:00+01:002020-08-12T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX" src="/images/nsx-upgrade/nsx-upgrade-00.jpg" />
Last time we recovered from the loss of our NSX Data Center primary site. If you’ve not seen that post, <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt3/">catch up now</a>. It’s a great read. :wink:</p>
<p>As mentioned, this post is part 4 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt1/">Why and Getting Familiar</a></li>
<li>Part 2: <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt2/">Bye-bye Site A!</a></li>
<li>Part 3: <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt3/">Site A Back from the Dead!</a></li>
<li>Part 4: This Part - Making Site A Primary Again</li>
</ul>
<p>To recap, the NSX Data Center control plane components (consisting of the NSX Controller cluster and the Universal Logical Distributed Router (UDLR) control VMs) can only exist on one site; the primary site. In the event of loss of the primary site the control VMs must be recreated at a secondary site to reinstate the NSX control plane. When we lost the primary site, we recreated them at secondary site to reinstate the NSX control plane. In this post we will promote Site A back to being our primary site.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#the-lab" id="markdown-toc-the-lab">The Lab</a></li>
<li><a href="#tldr---process-overview" id="markdown-toc-tldr---process-overview">TL,DR - Process Overview</a> <ul>
<li><a href="#remove-primary-role-and-assign-to-site-a-nsx-manager" id="markdown-toc-remove-primary-role-and-assign-to-site-a-nsx-manager">Remove Primary Role and Assign to Site A NSX Manager</a></li>
<li><a href="#deploy-site-a-controller-cluster" id="markdown-toc-deploy-site-a-controller-cluster">Deploy Site A Controller Cluster</a></li>
<li><a href="#deploy-primary-site-udlr-control-vms" id="markdown-toc-deploy-primary-site-udlr-control-vms">Deploy Primary Site UDLR Control VMs</a></li>
<li><a href="#delete-site-b-controller-cluster" id="markdown-toc-delete-site-b-controller-cluster">Delete Site B Controller Cluster</a></li>
<li><a href="#assign-secondary-role-to-site-b-nsx-manager" id="markdown-toc-assign-secondary-role-to-site-b-nsx-manager">Assign Secondary Role to Site B NSX Manager</a></li>
<li><a href="#confirm-site-a-udlr-controller-vm-clean-up" id="markdown-toc-confirm-site-a-udlr-controller-vm-clean-up">Confirm Site A UDLR Controller VM Clean Up</a></li>
<li><a href="#verify-configuration-of-the-udlrs" id="markdown-toc-verify-configuration-of-the-udlrs">Verify Configuration of the UDLRs</a></li>
<li><a href="#verify-dynamic-routing-configuration-of-udlrs-and-esgs" id="markdown-toc-verify-dynamic-routing-configuration-of-udlrs-and-esgs">Verify Dynamic Routing Configuration of UDLRs and ESGs</a></li>
<li><a href="#test" id="markdown-toc-test">Test</a></li>
</ul>
</li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="the-lab">The Lab</h2>
<p><a target="_blank" href="/images/nsx-data-center-failover-pt4/nsx-data-center-failover4-01.png"><img style="display:block;" src="/images/nsx-data-center-failover-pt4/nsx-data-center-failover4-01.png" alt="Site A Back" /></a><sup>(Click image to zoom in)</sup><br />
As a refresher, here is where we are:</p>
<ul>
<li>NSX Controller cluster has been rebuilt on Site B</li>
<li>Universal Site A UDLR control VM has been rebuilt on Site B</li>
<li>Universal Site B UDLR control VM has been rebuilt on Site B</li>
</ul>
<p>Additionally, Site B NSX Manager is now our primary manager.</p>
<p>We need to make Site A our primary site again.</p>
<h2 id="tldr---process-overview">TL,DR - Process Overview</h2>
<p>To Lazy, Didn’t Read?<br />
Yep, still got you covered:</p>
<ol>
<li>Remove Primary Role and Assign to Site A NSX Manager</li>
<li>Deploy Site A controller cluster</li>
<li>Deploy Site A UDLR control VMs</li>
<li>Delete Site B controller cluster</li>
<li>Assign Secondary role to Site B NSX Manager</li>
<li>Confirm Site A UDLR controller VM clean up</li>
<li>Verify configuration of the UDLRs</li>
<li>Verify dynamic routing configuration of the UDLRs and ESGs</li>
<li>Test</li>
</ol>
<h3 id="remove-primary-role-and-assign-to-site-a-nsx-manager">Remove Primary Role and Assign to Site A NSX Manager</h3>
<p>Log onto Site A vCenter (lab: https://vc-site-a.lab/), navigate to <strong>Network and Security - Installation and Upgrade - Management - NSX Managers</strong>, select primary NSX Manager, click <strong>Actions - Remove Primary Role</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Remove Primary Role" src="/images/nsx-data-center-failover-pt4/nsx-data-center-failover4-02.png" /></p>
<p>Answer <strong>Yes</strong> to continue.</p>
<p>Once complete, both NSX Managers will be placed into transit mode:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Transit Mode" src="/images/nsx-data-center-failover-pt4/nsx-data-center-failover4-03.png" /></p>
<p>Select Site A NSX Manager and click <strong>Actions - Assign Primary Role</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Assign Primary Role" src="/images/nsx-data-center-failover-pt4/nsx-data-center-failover4-04.png" /></p>
<h3 id="deploy-site-a-controller-cluster">Deploy Site A Controller Cluster</h3>
<p>Navigate to <strong>Network and Security - Installation and Upgrade - Management - NSX Controller Nodes</strong>
Confirm that Primary (Site A) NSX Manager is selected, confirm common controller attributes and click <strong>Add</strong> to deploy the first Site A controller:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Create Controller" src="/images/nsx-data-center-failover-pt4/nsx-data-center-failover4-05.png" /></p>
<p>Once the deployment of the first controller is complete and the controller shows as Connected, repeat the process twice more to deploy two more controllers.</p>
<p>Once all three controllers have been deployed, confirm that they have correctly peered:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Controllers Peered" src="/images/nsx-data-center-failover-pt4/nsx-data-center-failover4-06.png" /></p>
<h3 id="deploy-primary-site-udlr-control-vms">Deploy Primary Site UDLR Control VMs</h3>
<p>Navigate to <strong>Network and Security - NSX Edges</strong>, confirm that Primary (Site A) NSX Manager is selected and select one of the previously deployed UDLRs. From there, select <strong>Configure - Appliance Settings - Add Edge Appliance VM</strong> and complete the wizard:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="UDLR Deployment" src="/images/nsx-data-center-failover-pt4/nsx-data-center-failover4-07.png" /></p>
<p>Once deployment completes, repeat for remining UDLRs in the environment until deployment status for all primary site Edges equals <strong>Deployed</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Primary Edges" src="/images/nsx-data-center-failover-pt4/nsx-data-center-failover4-08.png" /></p>
<h3 id="delete-site-b-controller-cluster">Delete Site B Controller Cluster</h3>
<p>Navigate to <strong>Network and Security - Installation and Upgrade - Management - NSX Controller Nodes</strong> and confirm that Transit (Site B) NSX Manager is selected. Select each controller in turn and select Delete, allowing time for deletion between each:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Delete Controllers" src="/images/nsx-data-center-failover-pt4/nsx-data-center-failover4-09.png" /></p>
<p>Upon deletion of the final controller, tick <strong>Proceed to Force Delete</strong> and click <strong>Delete</strong>:</p>
<h3 id="assign-secondary-role-to-site-b-nsx-manager">Assign Secondary Role to Site B NSX Manager</h3>
<p>Navigate to <strong>Network and Security - Installation and Upgrade - Management - NSX Managers</strong>, select primary NSX Manager, click <strong>Actions - Add Secondary Manager</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Secondary Manager" src="/images/nsx-data-center-failover-pt4/nsx-data-center-failover4-10.png" /></p>
<p>Complete wizard and click <strong>Add</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Complete Secondary Manager Wizard" src="/images/nsx-data-center-failover-pt4/nsx-data-center-failover4-11.png" /></p>
<p>Accept thumbprint and confirm that Site B NSX Manager is now listed as a Secondary Manager:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="New Secondary Manager" src="/images/nsx-data-center-failover-pt4/nsx-data-center-failover4-12.png" /></p>
<h3 id="confirm-site-a-udlr-controller-vm-clean-up">Confirm Site A UDLR Controller VM Clean Up</h3>
<p>Navigate to <strong>Network and Security - NSX Edges</strong>, confirm that Secondary (Site B) NSX Manager is selected and confirm status of UDLRs is listed as <strong>Active</strong> instead of <strong>Deployed</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="UDLRs Active" src="/images/nsx-data-center-failover-pt4/nsx-data-center-failover4-13.png" /></p>
<p>Finally, confirm that the controller VMs have been deleted from the secondary site:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Inventory" src="/images/nsx-data-center-failover-pt4/nsx-data-center-failover4-14.png" /></p>
<h3 id="verify-configuration-of-the-udlrs">Verify Configuration of the UDLRs</h3>
<p>Navigate to <strong>Network and Security - NSX Edges</strong> in the primary site and select one of the UDLRs. Select <strong>Configure - Interfaces</strong> and confirm that connectivity is as expected:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="UDLR Interfaces" src="/images/nsx-data-center-failover-pt4/nsx-data-center-failover4-15.png" /></p>
<p>Confirm other settings such as firewall, DHCP Relay (if configured), etc.</p>
<p>Repeat verification checks on remining UDLRs in the environment.</p>
<h3 id="verify-dynamic-routing-configuration-of-udlrs-and-esgs">Verify Dynamic Routing Configuration of UDLRs and ESGs</h3>
<p><em>In my test lab, I’m using BGP for my dynamic routing. Your environment may be using OSPF so modify the following commands to fit your circumstance.</em></p>
<p>Open a console to both of the Edge VMs in turn and issue the command:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">show ip bgp neighbours summary</code></pre></figure>
<p>Confirm that the Site A Edge appliance shows and “E” (Established) status with all its configured neighbouring UDLRs (lab UDLRs: 192.168.100.15 and 192.168.200.15) and the upstream router (lab LABROUTER: 192.168.111.1):</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="ESG A Established" src="/images/nsx-data-center-failover-pt4/nsx-data-center-failover4-16.png" /></p>
<p>Confirm that the Site A Edge appliance shows and “E” (Established) status with all its configured neighbouring UDLRs (lab UDLRs: 192.168.100.15 and 192.168.200.15) and the upstream router (lab LABROUTER: 192.168.222.1):</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="ESG B Established" src="/images/nsx-data-center-failover-pt4/nsx-data-center-failover4-17.png" /></p>
<p>Next, issue the command:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">show ip route</code></pre></figure>
<p>Confirm that the both edges are receiving routes from both the UDLRs and the upstream router:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A ESG Routes" src="/images/nsx-data-center-failover-pt4/nsx-data-center-failover4-18.png" /></p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site B ESG Routes" src="/images/nsx-data-center-failover-pt4/nsx-data-center-failover4-19.png" /></p>
<h3 id="test">Test</h3>
<p>Finally, run some trace routes to confirm that traffic is following the correct path into the environment:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Traffic Ingress" src="/images/nsx-data-center-failover-pt4/nsx-data-center-failover4-20.png" /></p>
<p>and out of the environment. Site A:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A Traffic Egress" src="/images/nsx-data-center-failover-pt4/nsx-data-center-failover4-21.png" /></p>
<p>Site B:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site B Traffic Egress" src="/images/nsx-data-center-failover-pt4/nsx-data-center-failover4-22.png" /></p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>So there we have it. The complete failure of an NSX Data Center primary site, promotion of secondary site to primary site status and subsequent recovery of control plane in remaining site. Once the failed site came back online the repromotion of the site to primary status and the clean up of temporary control plane in the newly demoted site.</p>
<p>Phew! That’s it for this multipart series. Hope you enjoyed it. Remember to a link to this series safe. You never know when you may need it!</p>
<p>Find the other parts here:</p>
<ul>
<li>Part 1: <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt1/">Why and Getting Familiar</a></li>
<li>Part 2: <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt2/">Bye-bye Site A!</a></li>
<li>Part 3: <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt3/">Site A Back from the Dead!</a></li>
<li>Part 4: This Part - Making Site A Primary Again</li>
</ul>
<p>All in all, a bit of a mission this one, but well worth it should disaster ever strike. :grimacing:</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nsx-data-center-failover-pt4/">VMware NSX Data Center for vSphere Failover/Failback - Part 4</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on August 12, 2020.</p>
https://polarclouds.co.uk/nsx-data-center-failover-pt32020-08-09T01:00:00+01:002020-08-09T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX" src="/images/nsx-upgrade/nsx-upgrade-00.jpg" />
Last time we recovered from the loss of our NSX Data Center primary site. If you’ve not seen that post, <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt2/">catch up now</a>. It’s a great read. :wink:</p>
<p>As mentioned, this post is part 3 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt1/">Why and Getting Familiar</a></li>
<li>Part 2: <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt2/">Bye-bye Site A!</a></li>
<li>Part 3: This part - Site A Back from the Dead!</li>
<li>Part 4: <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt4/">Making Site A Primary Again</a></li>
</ul>
<p>To recap, the NSX Data Center control plane components (consisting of the NSX Controller cluster and the Universal Logical Distributed Router (UDLR) control VMs) can only exist on one site; the primary site. In the event of loss of the primary site the control VMs must be recreated at a secondary site to reinstate the NSX control plane. When we lost the primary site, we recreated them at secondary site to reinstate the NSX control plane.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#the-lab" id="markdown-toc-the-lab">The Lab</a></li>
<li><a href="#tldr---process-overview" id="markdown-toc-tldr---process-overview">TL,DR - Process Overview</a> <ul>
<li><a href="#site-a-start-up" id="markdown-toc-site-a-start-up">Site A Start Up</a></li>
<li><a href="#check-site-a-nsx-manager-configuration-and-status" id="markdown-toc-check-site-a-nsx-manager-configuration-and-status">Check Site-A NSX Manager Configuration and Status</a></li>
<li><a href="#demote-site-a-nsx-manager" id="markdown-toc-demote-site-a-nsx-manager">Demote Site A NSX Manager</a></li>
<li><a href="#delete-site-a-controller-cluster" id="markdown-toc-delete-site-a-controller-cluster">Delete Site A Controller Cluster</a></li>
<li><a href="#delete-site-a-udlr-control-vms" id="markdown-toc-delete-site-a-udlr-control-vms">Delete Site A UDLR Control VMs</a></li>
<li><a href="#assign-site-a-nsx-manager-secondary-role" id="markdown-toc-assign-site-a-nsx-manager-secondary-role">Assign Site A NSX Manager Secondary Role</a></li>
<li><a href="#verify-dynamic-routing-configuration-of-udlrs-and-esgs" id="markdown-toc-verify-dynamic-routing-configuration-of-udlrs-and-esgs">Verify Dynamic Routing Configuration of UDLRs and ESGs</a></li>
<li><a href="#test" id="markdown-toc-test">Test</a></li>
</ul>
</li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="the-lab">The Lab</h2>
<p><a target="_blank" href="/images/nsx-data-center-failover-pt1/nsx-data-center-failover-02.png"><img style="display:block;" src="/images/nsx-data-center-failover-pt1/nsx-data-center-failover-02.png" alt="Site A Failed" /></a><sup>(Click image to zoom in)</sup><br />
As a refresher, here is where we are:</p>
<ul>
<li>NSX Controller cluster has been rebuilt on Site B</li>
<li>Universal Site A UDLR control VM has been rebuilt on Site B</li>
<li>Universal Site B UDLR control VM has been rebuilt on Site B</li>
</ul>
<p>Additionally, Site B NSX Manager is now our primary manager.</p>
<h2 id="tldr---process-overview">TL,DR - Process Overview</h2>
<p>To Lazy, Didn’t Read?<br />
Again here are the process steps for those TL,DRs among us:</p>
<ol>
<li>Start Site A</li>
<li>Check Site A NSX Manager Configuration and Status</li>
<li>Demote Site A NSX Manager</li>
<li>Delete Site A Controller Cluster</li>
<li>Delete Site A UDLR Control VMs</li>
<li>Assign Site A NSX Manager Secondary Role</li>
<li>Verify Dynamic Routing Configuration of UDLRs and ESGs</li>
<li>Test</li>
</ol>
<h3 id="site-a-start-up">Site A Start Up</h3>
<p>OK, so site A is back from the dead. Lets get the site powered back on so we can reinstate it as an NSX secondary site in the first instance. From there we can promote it to primary again. Lets power on Site A in the following order:</p>
<ul>
<li>ESXi Host(s)</li>
<li>vCenter Server</li>
<li>NSX Manager</li>
<li>Controller Cluster</li>
<li>Universal Logical Distributed Router (UDLR) Control VMs</li>
<li>Edge Service Gateways (ESG) VMs</li>
</ul>
<h3 id="check-site-a-nsx-manager-configuration-and-status">Check Site-A NSX Manager Configuration and Status</h3>
<p>Just as we did with Site B’s NSX manager during failover in part 2, let’s confirm that Site A’s NSX Manager is happy and registered with vCenter. Access Site A NSX manager via web browser (lab: https://nsx-site-a.lab), login and navigate to <strong>View Summary</strong>. Confirm that the NSX Management Components are running:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="NSX Management Components" src="/images/nsx-data-center-failover-pt3/nsx-data-center-failover3-01.png" /></p>
<p>and confirm vCenter Registration <strong>Home - Manage vCenter Registration</strong> shows as green:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="vCenter Registration" src="/images/nsx-data-center-failover-pt3/nsx-data-center-failover3-02.png" /></p>
<h3 id="demote-site-a-nsx-manager">Demote Site A NSX Manager</h3>
<p>Log onto Site A vCenter (lab: https://vc-site-a.lab/), navigate to <strong>Network and Security - Installation and Upgrade - Management - NSX Managers</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Two Primary Managers" src="/images/nsx-data-center-failover-pt3/nsx-data-center-failover3-03.png" /></p>
<p>As you can see, both Site A and Site B NSX Managers believe that they are the primary NSX Manager. Lets look closer at the sync issue:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Sync Issue" src="/images/nsx-data-center-failover-pt3/nsx-data-center-failover3-04.png" /></p>
<p>Fair enough, we disconnected Site B NSX Manager from Site A NSX Manager during the failover.</p>
<p>Select Site A NSX Manager and select <strong>Actions - Remove Secondary Manager</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Remove Secondary Manager" src="/images/nsx-data-center-failover-pt3/nsx-data-center-failover3-05.png" /></p>
<p>Tick select <strong>Perform Operation even if NSX Manager is inaccessible</strong> and <strong>Remove</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Perform Removal" src="/images/nsx-data-center-failover-pt3/nsx-data-center-failover3-06.png" /></p>
<p>Next, select Site A NSX Manager again and select <strong>Actions - Remove Primary Role</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Remove Primary Role" src="/images/nsx-data-center-failover-pt3/nsx-data-center-failover3-07.png" /></p>
<p>Answer <strong>Yes</strong> to the warning (we’ll clean up our controllers in the next step):</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Yes to Warning" src="/images/nsx-data-center-failover-pt3/nsx-data-center-failover3-08.png" /></p>
<p>Site A NSX Manager will then be placed into Transit mode:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site A Manager in Transit Mode" src="/images/nsx-data-center-failover-pt3/nsx-data-center-failover3-09.png" /></p>
<h3 id="delete-site-a-controller-cluster">Delete Site A Controller Cluster</h3>
<p>Navigate to <strong>Network and Security - Installation and Upgrade - NSX Controller Nodes</strong> and select the NSX Manager in Transit (lab: NSX Manager 192.168.10.4). Select each controller in turn and select <strong>Delete</strong>, allowing time for deletion between each:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Delete Controllers" src="/images/nsx-data-center-failover-pt3/nsx-data-center-failover3-10.png" /></p>
<p>Upon deletion of the final controller, tick <strong>Proceed to Force Delete</strong> and click <strong>Delete</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Force Delete" src="/images/nsx-data-center-failover-pt3/nsx-data-center-failover3-11.png" /></p>
<h3 id="delete-site-a-udlr-control-vms">Delete Site A UDLR Control VMs</h3>
<p>Navigate to <strong>Network and Security - NSX Edges</strong> and select the NSX Manager in Transit (lab: NSX Manager 192.168.10.4).
Select first UDLR VM listed and select <strong>Delete</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Delete UDLR" src="/images/nsx-data-center-failover-pt3/nsx-data-center-failover3-12.png" /></p>
<p>Confirm deletion by clicking <strong>Delete</strong> again.</p>
<p>Repeat for remaining UDLR control VMs, leaving only ESG(s) listed:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Just ESG remaining" src="/images/nsx-data-center-failover-pt3/nsx-data-center-failover3-13.png" /></p>
<h3 id="assign-site-a-nsx-manager-secondary-role">Assign Site A NSX Manager Secondary Role</h3>
<p>Navigate to <strong>Network and Security - Installation and Upgrade - Management - NSX Managers</strong>, select NSX Manager with primary role (lab: nsx-site-b.lab) and select <strong>Actions - Add Secondary Manager</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Secondary Manager" src="/images/nsx-data-center-failover-pt3/nsx-data-center-failover3-14.png" /></p>
<p>Complete wizard entering Site A NSX Manager details and click <strong>Add</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Secondary Manager Wizard" src="/images/nsx-data-center-failover-pt3/nsx-data-center-failover3-15.png" /></p>
<p>Accept thumbprint and confirm that Site A NSX Manager is now listed as a Secondary Manager:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Secondary Manager Added" src="/images/nsx-data-center-failover-pt3/nsx-data-center-failover3-16.png" /></p>
<p>Navigate to back to <strong>Network and Security - NSX Edges</strong> select NSX Manager with the newly assigned secondary role (lab: nsx-site-a.lab) and confirm that UDLRs are again listed:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="UDLRs are back" src="/images/nsx-data-center-failover-pt3/nsx-data-center-failover3-17.png" /></p>
<h3 id="verify-dynamic-routing-configuration-of-udlrs-and-esgs">Verify Dynamic Routing Configuration of UDLRs and ESGs</h3>
<p><em>In my test lab, I’m using BGP for my dynamic routing. Your environment may be using OSPF so modify the following commands to fit your circumstance.</em></p>
<p>Open a console to the Site A Edge VM and issue the command:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">show ip bgp neighbours summary</code></pre></figure>
<p>Confirm that the Edge appliance shows and “E” (Established) status with all its configured neighbouring UDLRs (lab UDLRs: 192.168.100.15 and 192.168.200.15) and the upstream router (lab LABROUTER: 192.168.111.1):</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="BGP Established" src="/images/nsx-data-center-failover-pt3/nsx-data-center-failover3-18.png" /></p>
<p>Next, issue the command:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">show ip route</code></pre></figure>
<p>Confirm that the edge is receiving routes from both the UDLRs and the upstream router:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Routes" src="/images/nsx-data-center-failover-pt3/nsx-data-center-failover3-19.png" /></p>
<h3 id="test">Test</h3>
<p>Finally, run some trace routes to confirm that traffic is following the correct path into the environment:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Trace Route In" src="/images/nsx-data-center-failover-pt3/nsx-data-center-failover3-20.png" /></p>
<p>and out of the environment:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Trace Route Out" src="/images/nsx-data-center-failover-pt3/nsx-data-center-failover3-21.png" /></p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>In this post we recovered our primary NSX for Data Center site, Site A. With the steps detailed in this post, we demoted our back from the dead Site A to secondary site status, regained our NSX control plane and proved correct traffic ingress/egress to and from our previously dead site.</p>
<p>This was part 3 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt1/">Why and Getting Familiar</a></li>
<li>Part 2: <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt2/">Bye-bye Site A!</a></li>
<li>Part 3: This part - Site A Back from the Dead!</li>
<li>Part 4: <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt4/">Making Site A Primary Again</a></li>
</ul>
<p>Next time, in part 4, we’ll look at promoting Site A back to primary status again.</p>
<p><em>Stay tuned..!</em> :smiley:</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nsx-data-center-failover-pt3/">VMware NSX Data Center for vSphere Failover/Failback - Part 3</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on August 09, 2020.</p>
https://polarclouds.co.uk/nsx-data-center-failover-pt22020-08-05T01:00:00+01:002020-08-05T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX" src="/images/nsx-upgrade/nsx-upgrade-00.jpg" />
Last time we looked at what needs to happen should we loose an NSX Data Center primary site. We also got familiar with our NSX test lab. If you’ve not seen that post, <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt1/">catch up now</a>. It’s a great read. :wink:</p>
<p>As mentioned, this post is part 2 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt1/">Why and Getting Familiar</a></li>
<li>Part 2: This part - Bye-bye Site A!</li>
<li>Part 3: <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt3/">Site A Back from the Dead!</a></li>
<li>Part 4: <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt4/">Making Site A Primary Again</a></li>
</ul>
<p>To recap, the NSX Data Center control plane components (consisting of the NSX Controller cluster and the Universal Logical Distributed Router (UDLR) control VMs) can only exist on one site; the primary site. In the event of loss of the primary site the control VMs must be recreated at a secondary site to reinstate the NSX control plane.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#the-lab" id="markdown-toc-the-lab">The Lab</a></li>
<li><a href="#tldr---process-overview" id="markdown-toc-tldr---process-overview">TL,DR - Process Overview</a> <ul>
<li><a href="#optional-step-for-planned-failover-shutdown-site-a" id="markdown-toc-optional-step-for-planned-failover-shutdown-site-a">[Optional Step for Planned Failover] Shutdown Site A</a></li>
<li><a href="#check-site-b-nsx-manager-registration" id="markdown-toc-check-site-b-nsx-manager-registration">Check Site B NSX Manager Registration</a></li>
<li><a href="#disconnect-secondary-nsx-manger-from-primary" id="markdown-toc-disconnect-secondary-nsx-manger-from-primary">Disconnect Secondary NSX Manger from Primary</a></li>
<li><a href="#promote-site-b-nsx-manager-to-primary-role" id="markdown-toc-promote-site-b-nsx-manager-to-primary-role">Promote Site B NSX Manager to Primary Role</a></li>
<li><a href="#deploy-new-controller-cluster" id="markdown-toc-deploy-new-controller-cluster">Deploy New Controller Cluster</a></li>
<li><a href="#deploy-new-udlr-control-vms" id="markdown-toc-deploy-new-udlr-control-vms">Deploy New UDLR Control VMs</a></li>
<li><a href="#verify-configuration-of-the-udlrs" id="markdown-toc-verify-configuration-of-the-udlrs">Verify Configuration of the UDLRs</a></li>
<li><a href="#verify-dynamic-routing-configuration-of-udlrs-and-esgs" id="markdown-toc-verify-dynamic-routing-configuration-of-udlrs-and-esgs">Verify Dynamic Routing Configuration of UDLRs and ESGs</a></li>
<li><a href="#test" id="markdown-toc-test">Test</a></li>
</ul>
</li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<p>In this post we will perform a controlled failover of Site A to Site B.<br />
Why controlled? Because it includes the additional steps of preparing for the failover. Those thrust into the situation of having to recover from an unplanned failover can simply pickup the process at the <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt2/#check-site-b-nsx-manager-registration">Check Site B NSX Manager Registration</a> step below.</p>
<h2 id="the-lab">The Lab</h2>
<p><a target="_blank" href="/images/nsx-data-center-failover-pt1/nsx-data-center-failover-02.png"><img style="display:block;" src="/images/nsx-data-center-failover-pt1/nsx-data-center-failover-02.png" alt="Site A Failed" /></a><sup>(Click image to zoom in)</sup><br />
As a refresher, here is where we are trying to get to:</p>
<ul>
<li>NSX Controller cluster is rebuilt on Site B</li>
<li>Universal Site A UDLR control VM is rebuilt on Site B</li>
<li>Universal Site B UDLR control VM is rebuilt on Site B</li>
</ul>
<p>Additionally, Site B NSX Manager promoted to primary. The rebuilt VMs are shown in red at Site B in the above diagram.</p>
<h2 id="tldr---process-overview">TL,DR - Process Overview</h2>
<p>To Lazy, Didn’t Read?<br />
Look I get it. You are in a failure situation and need a simple overview of the steps required. You don’t need a big long article to follow. You just need simple steps. Well here you go:</p>
<ol>
<li>In case of a planned failover, shutdown the whole of Site A, including ESGs, UDLR control VMs, controller cluster and NSX Manager</li>
<li>Check Site B NSX Manager registration</li>
<li>Disconnect secondary NSX Manger from primary</li>
<li>Promote Site B NSX manager to primary role</li>
<li>Deploy new controller cluster</li>
<li>Deploy new UDLR control VMs</li>
<li>Verify configuration of the UDLRs</li>
<li>Verify dynamic routing configuration of the UDLRs and ESGs</li>
<li>Test</li>
</ol>
<p>Breaking this down into chunks then:</p>
<h3 id="optional-step-for-planned-failover-shutdown-site-a">[Optional Step for Planned Failover] Shutdown Site A</h3>
<p>First, lets double check our failover prerequisites as discussed in <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt1/#failover-prerequisites">here in part 1</a></p>
<p>Next, lets shutdown the whole of Site-A. That includes it’s Edge Service Gateway (ESG), the UDLR control VMs, controller cluster, NSX Manager and vCenter.</p>
<h3 id="check-site-b-nsx-manager-registration">Check Site B NSX Manager Registration</h3>
<p>Access Site B NSX manager via web browser (lab: https://nsx-site-b.lab), login and navigate to <strong>Manage vCenter Registration</strong>.</p>
<p>If needed, edit (not reconfigure) <strong>Lookup Service URL</strong> to point to remaining vCenter (lab: vc-site-b.lab):</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Lookup Service" src="/images/nsx-data-center-failover-pt2/nsx-data-center-failover2-01.png" /></p>
<p>Confirm both connectivity status indicators show <strong>Connected</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="NSX Status Connected" src="/images/nsx-data-center-failover-pt2/nsx-data-center-failover2-02.png" /></p>
<h3 id="disconnect-secondary-nsx-manger-from-primary">Disconnect Secondary NSX Manger from Primary</h3>
<p>Log into vCenter using the Site B URL (lab: https://vc-site-b.lab) and navigate to <strong>Network and Security - Installation and Upgrade - Management - NSX Managers</strong></p>
<p>Select the secondary NSX manager (lab: nsx-site-b.lab). Click <strong>Actions - Disconnect from the Primary NSX Manager</strong> and answer <strong>Yes</strong> to the prompt:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Disconnect from Primary" src="/images/nsx-data-center-failover-pt2/nsx-data-center-failover2-03.png" /></p>
<p>The NSX manager will now be in Transit Mode:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Transit Mode" src="/images/nsx-data-center-failover-pt2/nsx-data-center-failover2-04.png" /></p>
<h3 id="promote-site-b-nsx-manager-to-primary-role">Promote Site B NSX Manager to Primary Role</h3>
<p>Select the NSX Manager in Transit mode (lab: nsx-site-b.lab) and Click <strong>Actions - Assign Primary Role</strong> and answer <strong>Yes</strong> to the prompt:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Transit Mode" src="/images/nsx-data-center-failover-pt2/nsx-data-center-failover2-05.png" /></p>
<p>The NSX manager will now be in assigned role:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="New Primary" src="/images/nsx-data-center-failover-pt2/nsx-data-center-failover2-06.png" /></p>
<h3 id="deploy-new-controller-cluster">Deploy New Controller Cluster</h3>
<p>Navigate to <strong>Network and Security - Installation and Upgrade - Management - NSX Controller Nodes</strong>
Click <strong>Edit</strong> and complete common controller attributes:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Common Controller Config" src="/images/nsx-data-center-failover-pt2/nsx-data-center-failover2-07.png" /></p>
<p>Navigate to <strong>Network and Security - Groups and Tags - IP Pools</strong> and confirm that you have a IP pool already defined for controllers on Site B:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Site B Controller IP Pool" src="/images/nsx-data-center-failover-pt2/nsx-data-center-failover2-08.png" /></p>
<p>Back in <strong>Network and Security - Installation and Upgrade - Management - NSX Controller Nodes</strong>, click <strong>Add</strong> and complete the wizard to deploy the first controller:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Controller" src="/images/nsx-data-center-failover-pt2/nsx-data-center-failover2-09.png" /></p>
<p>Once the deployment of the first controller is complete and the controller shows as Connected, repeat the process twice more to deploy two more controllers.</p>
<p>Once all three controllers have been deployed, confirm that they have correctly peered:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Controllers Peered" src="/images/nsx-data-center-failover-pt2/nsx-data-center-failover2-10.png" /></p>
<h3 id="deploy-new-udlr-control-vms">Deploy New UDLR Control VMs</h3>
<p>Navigate to <strong>Network and Security - NSX Edges</strong> and select one of the previously deployed UDLRs. From there, select <strong>Configure - Appliance Settings - Add Edge Appliance VM</strong> and complete the wizard:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="UDLR Deployment" src="/images/nsx-data-center-failover-pt2/nsx-data-center-failover2-11.png" /></p>
<p>Once deployment completes, repeat for remining UDLRs in the environment.</p>
<h3 id="verify-configuration-of-the-udlrs">Verify Configuration of the UDLRs</h3>
<p>Navigate to <strong>Network and Security - NSX Edges</strong> and select one of the UDLRs. Select <strong>Configure - Interfaces</strong> and confirm that connectivity is as expected:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="UDLR Interfaces" src="/images/nsx-data-center-failover-pt2/nsx-data-center-failover2-12.png" /></p>
<p>Confirm other settings such as firewall, DHCP Relay (if configured), etc.</p>
<p>Repeat verification checks on remining UDLRs in the environment.</p>
<h3 id="verify-dynamic-routing-configuration-of-udlrs-and-esgs">Verify Dynamic Routing Configuration of UDLRs and ESGs</h3>
<p><em>In my test lab, I’m using BGP for my dynamic routing. Your environment may be using OSPF so modify the following commands to fit your circumstance.</em></p>
<p>Open a console to the Edge VM and issue the command:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">show ip bgp neighbours summary</code></pre></figure>
<p>Confirm that the Edge appliance shows and “E” (Established) status with all its configured neighbouring UDLRs (lab UDLRs: 192.168.100.15 and 192.168.200.15) and the upstream router (lab LABROUTER: 192.168.222.1):</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="BGP Established" src="/images/nsx-data-center-failover-pt2/nsx-data-center-failover2-13.png" /></p>
<p>Next, issue the command:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">show ip route</code></pre></figure>
<p>Confirm that the edge is receiving routes from both the UDLRs and the upstream router:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Routes" src="/images/nsx-data-center-failover-pt2/nsx-data-center-failover2-14.png" /></p>
<h3 id="test">Test</h3>
<p>Finally, run some trace routes to confirm that traffic is following the correct path into the environment:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Trace Route In" src="/images/nsx-data-center-failover-pt2/nsx-data-center-failover2-15.png" /></p>
<p>and out of the environment:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Trace Route Out" src="/images/nsx-data-center-failover-pt2/nsx-data-center-failover2-16.png" /></p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>In this post we recovered from an outage at our primary NSX for Data Center site, Site A. With the steps detailed in this post, we were able to regain our NSX control plane and prove correct traffic ingress/egress to and from our environment.</p>
<p>This was part 2 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt1/">Why and Getting Familiar</a></li>
<li>Part 2: This part - Bye-bye Site A!</li>
<li>Part 3: <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt3/">Site A Back from the Dead!</a></li>
<li>Part 4: <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt4/">Making Site A Primary Again</a></li>
</ul>
<p>Next time in part 3, we’ll look at what happens when Site A returns from the dead. :ghost:</p>
<p><em>Stay tuned..!</em> :smiley:</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nsx-data-center-failover-pt2/">VMware NSX Data Center for vSphere Failover/Failback - Part 2</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on August 05, 2020.</p>
https://polarclouds.co.uk/nsx-data-center-failover-pt12020-07-31T01:00:00+01:002020-07-31T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="NSX" src="/images/nsx-upgrade/nsx-upgrade-00.jpg" /></p>
<p>Whilst the newer version of VMware NSX, NSX-T is gaining some traction in the wider community of late, it has yet to reach the level of business adoption that NSX Data Center (formally/affectionately known as NSX-v) has. There are still many, many organisations running NSX Data Center.</p>
<p>With that in mind, I wanted to post a series of articles performing a site failover and recovery of my NSX Data Center test lab.</p>
<p>This post is part 1 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: This part - Why and Getting Familiar</li>
<li>Part 2: <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt2/">Bye-bye Site A!</a></li>
<li>Part 3: <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt3/">Site A Back from the Dead!</a></li>
<li>Part 4: <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt4/">Making Site A Primary Again</a></li>
</ul>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#why" id="markdown-toc-why">Why?</a> <ul>
<li><a href="#management-plane" id="markdown-toc-management-plane">Management Plane</a></li>
<li><a href="#control-plane" id="markdown-toc-control-plane">Control Plane</a></li>
<li><a href="#data-plane" id="markdown-toc-data-plane">Data Plane</a></li>
</ul>
</li>
<li><a href="#types-of-failover" id="markdown-toc-types-of-failover">Types of Failover</a> <ul>
<li><a href="#planned-failover" id="markdown-toc-planned-failover">Planned Failover</a></li>
<li><a href="#unplanned-failover" id="markdown-toc-unplanned-failover">Unplanned Failover</a></li>
</ul>
</li>
<li><a href="#getting-familiar-with-the-lab" id="markdown-toc-getting-familiar-with-the-lab">Getting Familiar with the Lab</a> <ul>
<li><a href="#lab-items-worthy-of-note" id="markdown-toc-lab-items-worthy-of-note">Lab Items Worthy of Note</a></li>
</ul>
</li>
<li><a href="#failover-prerequisites" id="markdown-toc-failover-prerequisites">Failover Prerequisites</a></li>
<li><a href="#component-placement-after-a-failover" id="markdown-toc-component-placement-after-a-failover">Component Placement After a Failover</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="why">Why?</h2>
<p>As can be seen below, an NSX Data Center installation requires several components to operate:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="NSX Components" src="/images/nsx-data-center-failover-pt1/nsx-data-center-failover-00.jpg" /></p>
<p>Working down from the top of the image -</p>
<h3 id="management-plane">Management Plane</h3>
<p>These components consist of vCenter and NSX Manager. Typically these are “doubled up” - that is they are deployed on each site of an NSX for Data Center solution/environment.</p>
<h3 id="control-plane">Control Plane</h3>
<p>These components consist of our NSX Controller cluster and our Universal Logical Distributed Router (UDLR) control VMs.</p>
<p style="color:red">The control plane VMs can only exist on <strong>ONE SITE</strong>, typically the primary site. Because they can only exist on one site, <strong>in the event of loss of the site containing the control VMs, they must be recreated at a secondary site to reinstate the NSX control plane.</strong></p>
<h3 id="data-plane">Data Plane</h3>
<p>These components consist of the ESXi hosts and the NSX Edge (also known as Edge Service Gateway or ESG) VMs. Again, typically these are “doubled up” - that is they are deployed on each site of an NSX for Data Center solution/environment.</p>
<h2 id="types-of-failover">Types of Failover</h2>
<p>Essentially there are two types of failover scenario:</p>
<h3 id="planned-failover">Planned Failover</h3>
<p>The primary site is going offline for an extended period of time.<br />
For example a relocation of the site to a new building. Any service outages are known about ahead of time and can be planned for and mitigated as much as possible up front.</p>
<h3 id="unplanned-failover">Unplanned Failover</h3>
<p>The primary site is suddenly offline and will remain so for an extended period of time.<br />
It is what it is. Pieces need picking up and any service outages need to be addressed as soon as possible.</p>
<h2 id="getting-familiar-with-the-lab">Getting Familiar with the Lab</h2>
<p>We will be performing failover in the following lab:
<a target="_blank" href="/images/nsx-data-center-failover-pt1/nsx-data-center-failover-01.png"><img style="display:block;" src="/images/nsx-data-center-failover-pt1/nsx-data-center-failover-01.png" alt="NSX Test Lab" /></a><sup>(Click image to zoom in)</sup></p>
<h3 id="lab-items-worthy-of-note">Lab Items Worthy of Note</h3>
<ul>
<li>Two site model with vCenters and NSX Managers deployed at each site</li>
<li>Site A is the primary site</li>
<li>Site B is the secondary site</li>
<li>Site A houses NSX controller cluster and the UDLR control VMs</li>
<li>“UNIVERSAL-SITE-A” and “UNIVERSAL-SITE-B” represent the universal layer 2 VXLANs spanning both A and B sites</li>
<li>VMs plugged in to “UNIVERSAL-SITE-A” use ESG-SITE-A as their preferred north/south egress/ingress point</li>
<li>VMs plugged in to “UNIVERSAL-SITE-B” use ESG-SITE-B as their preferred north/south egress/ingress point</li>
<li>BGP peering is used between UDLRs, ESGs and LABROUTER (a pfSense router) for dynamic routing</li>
</ul>
<h2 id="failover-prerequisites">Failover Prerequisites</h2>
<p>The following should ideally be configured / captured prior to a failover event:</p>
<ul>
<li>Ensure that <a href="https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.admin.doc/GUID-9302DCCA-12E9-409D-858E-110A91639A69.html">Controller Disconnected Operation (CDO) mode</a> is enabled on all NSX Managers in the environment</li>
<li>Setup an IP Pool for the NSX Controllers on the secondary site</li>
<li>UDLR configuration captured - including interfaces, ECMP status, static routes (if any) and BGP config</li>
<li>Admin credentials for all ESGs, UDLR control VMs, NSX Managers and vCenters at both sites</li>
</ul>
<h2 id="component-placement-after-a-failover">Component Placement After a Failover</h2>
<p><a target="_blank" href="/images/nsx-data-center-failover-pt1/nsx-data-center-failover-02.png"><img style="display:block;" src="/images/nsx-data-center-failover-pt1/nsx-data-center-failover-02.png" alt="Site A Failed" /></a><sup>(Click image to zoom in)</sup><br />
Following a failover of Site A to Site B, the following can be observed:</p>
<ul>
<li>NSX Controller cluster is rebuilt on Site B</li>
<li>Universal Site A UDLR control VM is rebuilt on Site B</li>
<li>Universal Site B UDLR control VM is rebuilt on Site B</li>
</ul>
<p>Additionally, Site B NSX Manager promoted to primary. The rebuilt VMs are shown in red at Site B in the above diagram.</p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>That’ll do it for part one.</p>
<p>In this part we looked at failure scenarios, became familiar with our NSX test lab. We also looked at prerequisites to enable a smooth failover. Over the next couple of posts we will get into performing a primary site failover along with a failback once our failed site returns.</p>
<p>This was part 1 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: This part - Why and Getting Familiar</li>
<li>Part 2: <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt2/">Bye-bye Site A!</a></li>
<li>Part 3: <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt3/">Site A Back from the Dead!</a></li>
<li>Part 4: <a href="https://polarclouds.co.uk/nsx-data-center-failover-pt4/">Making Site A Primary Again</a></li>
</ul>
<p>Look out for future parts coming soon!</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nsx-data-center-failover-pt1/">VMware NSX Data Center for vSphere Failover/Failback - Part 1</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on July 31, 2020.</p>
https://polarclouds.co.uk/vmware-vexpert2020-07-20T01:00:00+01:002020-07-20T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VMware vExpert" src="/images/vmware-vexpert/vexpert.png" />
<br />
Yup, thats right!</p>
<p>After missing many, many applications, I’ve finally applied, been appraised, approved and selected to be a VMware vExpert!</p>
<p>Reading through the <a href="https://blogs.vmware.com/vexpert/2020/07/17/vexpert-2020-second-half-award-announcement/">vExpert 2020 Second Half Award Announcement</a> I am one of just 269 newly onboarded vExperts for the second half of 2020.</p>
<h2 id="program-overview">Program Overview</h2>
<p>The VMware vExpert program is VMware’s global evangelism and advocacy program. The program is designed to put VMware’s marketing resources towards your advocacy efforts. Promotion of your articles, exposure at our global events, co-op advertising, traffic analysis, and early access to beta programs and VMware’s roadmap. The awards are for individuals, not companies, and last for one year. Employees of both customers and partners can receive the awards. In the application, we consider various community activities from the previous year as well as the current year’s (only for 2nd half applications) activities in determining who gets awards. We look to see that not only were you active but are still active in the path you chose to apply for.</p>
<p>Nice!</p>
<p>-Chris
<br />
<img style="display: block; margin-left: auto; margin-right: auto;" alt="VMware vExpert 2020" src="/images/pages/vexpert2020.png" /></p>
<p><a href="https://polarclouds.co.uk/vmware-vexpert/">VMware vExpert 2020</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on July 20, 2020.</p>
https://polarclouds.co.uk/windows-terminal-customisation2020-05-23T01:00:00+01:002020-05-23T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Windows Terminal" src="/images/windows-terminal-customisation/windows-terminal-customisation-00.png" />
Windows Terminal is the new -er- terminal application from Microsoft. It features tabbed terminal access to shells like Command Prompt, PowerShell and Windows Subsystem for Linux (WSL). On top of that, Windows Terminal features Unicode and UTF-8 character support, a GPU accelerated text rendering engine and custom themes, styles, and configurations.</p>
<p>What’s more is that it’s free and open source, with the source code hosted on GitHub. <a href="https://github.com/microsoft/terminal/">Take a look!</a></p>
<p>Install Windows Terminal from the <a href="https://aka.ms/terminal">Microsoft Store</a></p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#customisation" id="markdown-toc-customisation">Customisation</a> <ul>
<li><a href="#accessing-windows-terminal-settings" id="markdown-toc-accessing-windows-terminal-settings">Accessing Windows Terminal Settings</a></li>
<li><a href="#default-terminal" id="markdown-toc-default-terminal">Default Terminal</a></li>
<li><a href="#starting-folder" id="markdown-toc-starting-folder">Starting Folder</a></li>
<li><a href="#background-image" id="markdown-toc-background-image">Background Image</a></li>
</ul>
</li>
<li><a href="#but-wait-theres-more" id="markdown-toc-but-wait-theres-more">But Wait, There’s More!</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="customisation">Customisation</h2>
<p>Once installed, You’ll want to customise. Here’s how.</p>
<h3 id="accessing-windows-terminal-settings">Accessing Windows Terminal Settings</h3>
<p>Access windows Terminal via the drop down menu option:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Settings" src="/images/windows-terminal-customisation/windows-terminal-customisation-01.png" /></p>
<p>This will then open your Windows Terminal user settings in either notepad or (depending on your file association setup) the much preferred <a href="https://notepad-plus-plus.org/">notepad++</a> as I’m using below.</p>
<h3 id="default-terminal">Default Terminal</h3>
<p>Out of the box, Windows Terminal opens a PowerShell shell by default. Lets change that back to Command Prompt.</p>
<p>Replace the <code class="language-plaintext highlighter-rouge">"defaultProfile"</code> GUID with the GUID from Command Prompt:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Command Prompt GUID" src="/images/windows-terminal-customisation/windows-terminal-customisation-02.png" /></p>
<p>Save and restart windows terminal to test.</p>
<h3 id="starting-folder">Starting Folder</h3>
<p>To change the Windows Terminal opening folder, add the option <code class="language-plaintext highlighter-rouge">"startingDirectory": "",</code> to the profile of the terminal you wish to change.</p>
<p><strong>NOTE:</strong> Use forward slashes rather than the usual backslashes used by Windows - yeah, “reasons” I guess.</p>
<p>For example, to open PowerShell in C:\Scripts folder:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="PowerShell Start Folder" src="/images/windows-terminal-customisation/windows-terminal-customisation-03.png" /></p>
<p>Save and restart windows terminal to test.</p>
<h3 id="background-image">Background Image</h3>
<p>To add a background image, add the <code class="language-plaintext highlighter-rouge">"backgroundImage": "",</code> option the the profile of your choice. Image opacity is set using values of <code class="language-plaintext highlighter-rouge">"backgroundImageOpacity":</code> between 0 and 1:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Background Image" src="/images/windows-terminal-customisation/windows-terminal-customisation-04.png" /></p>
<p>Which in-turn results as:</p>
<figure>
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Cover Me, I'm Going In!" src="/images/windows-terminal-customisation/windows-terminal-customisation-05.png" />
<figcaption>Cover me... I'm going in! :smile:</figcaption>
</figure>
<h2 id="but-wait-theres-more">But Wait, There’s More!</h2>
<p>There are plenty of other Windows Terminal tweaks possible.</p>
<p>For further details, take a look at <a href="https://docs.microsoft.com/en-gb/windows/terminal/customize-settings/profile-settings">Profile settings in Windows Terminal</a> on Microsoft Docs for the full run down.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/windows-terminal-customisation/">Windows Terminal Customisation</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on May 23, 2020.</p>
https://polarclouds.co.uk/vcenter-is-non-operational2020-05-06T01:00:00+01:002020-05-06T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Old vSphere Logo" src="/images/vcenter-is-non-operational/vcenter-is-non-operational-00.png" />
Patching lab and production vCenters this fault often pops up and every time it does it does give me the one of those terrible heart stopping moments.</p>
<p>You’d think with an error this bad, it would be the end of your vCenter server, time to start looking round for some vCenter installation files right?</p>
<p>Wrong! (phew)</p>
<p>Here is a screenshot of the error so you can enjoy the terror too:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="OMG!" src="/images/vcenter-is-non-operational/vcenter-is-non-operational-01.png" /></p>
<p>A closer view for your delectation:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="OMG! Close Up" src="/images/vcenter-is-non-operational/vcenter-is-non-operational-02.png" /></p>
<blockquote>
<p>Update installation failed, vCenter is non-operational</p>
</blockquote>
<p>Don’t panic! Simply carry on and patch vCenter using the workaround below. No rebuild necessary. :sunglasses::thumbsup:</p>
<h2 id="the-workaround">The Workaround</h2>
<p>Here’s how I update vCenter. In my experience this method allows for a much smoother patch experience.</p>
<p>First step: BACKUP!! You do backup your vCenter don’t you? (<a href="https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vcenter.install.doc/GUID-3EAED005-B0A3-40CF-B40D-85AD247D7EA4.html">HERE you go</a>) :wink:</p>
<p>Next, check for free disk space on the vCenter server. SSH to vCeneter, open shell and issue the <code class="language-plaintext highlighter-rouge">df -h</code> command:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="vC df -h" src="/images/vcenter-is-non-operational/vcenter-is-non-operational-03.png" /></p>
<p>From there, exit shell and enter back into the appliance shell (see <a href="https://kb.vmware.com/s/article/2100508">VMware KB2100508</a> for vCenter shell details and toggling between them).</p>
<p>Mount the vCenter patch ISO file via a VMRC session to the vCenter VM initiated from the ESXi server currently running vCenter server.</p>
<p>To stage the packages in the update ISO:<br /></p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">software-packages stage <span class="nt">--iso</span></code></pre></figure>
<p>Accept the licence agreement. To list the staged content:<br /></p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">software-packages list <span class="nt">--staged</span></code></pre></figure>
<p>Finally, kick off the patch install:</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell">software-packages <span class="nb">install</span> <span class="nt">--staged</span></code></pre></figure>
<p>All of which looks like this in practice:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Patching vC" src="/images/vcenter-is-non-operational/vcenter-is-non-operational-04.png" /></p>
<p>Once done, exit SSH session and reboot vCenter via the console:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Reboot vC" src="/images/vcenter-is-non-operational/vcenter-is-non-operational-05.png" /></p>
<p>Unmount the ISO and it’s job done. Much easier on the heart! :sparkling_heart::sunglasses::thumbsup:</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/vcenter-is-non-operational/">Update Installation Failed: vCenter is Non-Operational</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on May 06, 2020.</p>
https://polarclouds.co.uk/esxi-7-the-unsupported2020-04-29T01:00:00+01:002020-04-29T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Controller" src="/images/esxi7-missing-percs/esxi7-missing-percs-00.png" />
In researching for a solution to my recent troubles trying to get the storage controller in my home server seen when booted into ESXi 7.0 (see <a href="https://polarclouds.co.uk/esxi7-missing-percs/">The Missing PERC(s)</a> for the full details), I happened to download a copy of the Dell customised ESXi 7.0 ISO file VMware-VMvisor-Installer-7.0.0-15843807.x86_64-DellEMC_Customized-A00.iso via <a href="https://www.dell.com/support/article/en-us/sln288152/how-to-download-the-dell-customized-esxi-embedded-iso-image?lang=en">this guide</a>.</p>
<p>Upon looking in \UPGRADE\PRECHECK.PY file, I tripped over a veritable “treasure trove” list of devices that are not supported due to the <a href="https://blogs.vmware.com/vsphere/2019/04/what-is-the-impact-of-the-vmklinux-driver-stack-deprecation.html">VMKLinux Driver Stack Deprecation</a> in ESXi 7.0.</p>
<p>After some crunching of the list in Excel, the results make for some interesting reading.</p>
<p>Here are the “scores on the doors”:</p>
<div>
<style scoped="">
table{
margin: 0 auto;
width: 70%;
border-collapse: collapse;
border-spacing: 0;
border:1px solid #000000; }
th{
text-align: center;
border:1px solid #000000; }
td{
text-align: center;
border:1px solid #000000;}
tr:nth-child(even) {
background-color: #efefef;}
</style>
</div>
<table>
<thead>
<tr>
<th style="text-align: center">Vendor</th>
<th style="text-align: center">Number of Devices without ESXi 7.0 Support</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: center">Adaptec Inc</td>
<td style="text-align: center">72</td>
</tr>
<tr>
<td style="text-align: center">Advanced Micro Devices</td>
<td style="text-align: center">8</td>
</tr>
<tr>
<td style="text-align: center">American Megatrends Inc.</td>
<td style="text-align: center">3</td>
</tr>
<tr>
<td style="text-align: center">Broadcom</td>
<td style="text-align: center">80</td>
</tr>
<tr>
<td style="text-align: center">Broadcom / ServerWorks</td>
<td style="text-align: center">13</td>
</tr>
<tr>
<td style="text-align: center">Compaq Computer Corp.</td>
<td style="text-align: center">9</td>
</tr>
<tr>
<td style="text-align: center">Dell Inc.</td>
<td style="text-align: center">13</td>
</tr>
<tr>
<td style="text-align: center">Digital Equipment Corporation</td>
<td style="text-align: center">5</td>
</tr>
<tr>
<td style="text-align: center">Emulex Corporation</td>
<td style="text-align: center">124</td>
</tr>
<tr>
<td style="text-align: center">Hewlett-Packard</td>
<td style="text-align: center">11</td>
</tr>
<tr>
<td style="text-align: center">HighPoint Technologies, Inc.</td>
<td style="text-align: center">5</td>
</tr>
<tr>
<td style="text-align: center">Intel Corporation</td>
<td style="text-align: center">153</td>
</tr>
<tr>
<td style="text-align: center">International Business Machines Corp.</td>
<td style="text-align: center">2</td>
</tr>
<tr>
<td style="text-align: center">LSI Logic</td>
<td style="text-align: center">83</td>
</tr>
<tr>
<td style="text-align: center">Mellanox Technology</td>
<td style="text-align: center">25</td>
</tr>
<tr>
<td style="text-align: center">Neterion Inc.</td>
<td style="text-align: center">2</td>
</tr>
<tr>
<td style="text-align: center">NetXen Incorporated</td>
<td style="text-align: center">17</td>
</tr>
<tr>
<td style="text-align: center">NVIDIA</td>
<td style="text-align: center">58</td>
</tr>
<tr>
<td style="text-align: center">Promise Technology</td>
<td style="text-align: center">24</td>
</tr>
<tr>
<td style="text-align: center">QLogic Corporation</td>
<td style="text-align: center">15</td>
</tr>
<tr>
<td style="text-align: center">Silicon Image, Inc.</td>
<td style="text-align: center">12</td>
</tr>
<tr>
<td style="text-align: center">VIA Technologies, Inc.</td>
<td style="text-align: center">1</td>
</tr>
<tr>
<td style="text-align: center"><strong>Grand Total</strong></td>
<td style="text-align: center"><strong>735</strong></td>
</tr>
</tbody>
</table>
<p><br />
I’ve pushed a copy of the spreadsheet into Google Sheets for your full perusal, along with links to the relevant VMware Compatibility Guide (VCG) entries:</p>
<p><a href="https://docs.google.com/spreadsheets/d/1uWjL0zVi9vQDhhxRo6uWAKjItQY1dkKVmvR0YA7Ocbc/edit?usp=sharing" title="ESXi 7.0 Unsupported Hardware Google Sheet"><img style="display: block; margin-left: auto; margin-right: auto;" alt="Google Sheet" src="/images/esxi-7-the-unsupported/esxi-7-the-unsupported-01.png" /></a></p>
<p>Have a look to see whether your storage controller / network interface / host bus adapter devices are included in the list and hence currently unsupported under ESXi 7.0.</p>
<p>After all, it is often easier to see a complete list in a spreadsheet (Control+F or Command+F to search :wink:) than looking up individual devices in the VCG.</p>
<p>For completeness, I’ve posted a copy of the original Dell \UPGRADE\PRECHECK.PY file (renamed to precheck.txt) <a href="https://polarclouds.co.uk/documents/precheck.zip">HERE</a>. See Lines 240 to 1006 of the precheck file for the original list along with the comment <em>“Devices that are deprecated because of VMKLinux removal”</em>.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/esxi-7-the-unsupported/">ESXi 7.0: The Unsupported</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 29, 2020.</p>
https://polarclouds.co.uk/esxi7-missing-percs2020-04-19T01:00:00+01:002020-04-19T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Controller" src="/images/esxi7-missing-percs/esxi7-missing-percs-00.png" />
Regular readers will know that at in part 3 of the Workaround ESXi CPU Unsupported Error series (<a href="https://polarclouds.co.uk/workaround-esxi-cpu-unsupported/">Check them out</a>), during my very limited testing I found that whilst my Dell R710 home server was booting and running ESXi 7.0 quite happily; with just the one exception…. No datastores.</p>
<p>My Dell PERC H700 RAID controller had gone AWOL under ESXi 7.0.</p>
<p><em><strong>Update: Since writing this post things have moved on.</strong> Checkout <a href="https://polarclouds.co.uk/esxi7-missing-percs-pt2/">this post</a> for the new developments!</em></p>
<p>In this post, I’ll try to address that. First off the standard disclaimer applies:</p>
<ul>
<li>Proceed at your own risk</li>
<li>What follows is totally unsupported</li>
<li>You alone are responsible for the servers in your care</li>
<li>These modifications should NOT be made on production systems</li>
</ul>
<p style="color:red; text-align: center;">Also - whilst I’ve tested what follows in a VM,<br />
<strong>I HAVE NOT YET TESTED WITH REAL HARDWARE!</strong></p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#vmklinux-driver-stack-deprecation" id="markdown-toc-vmklinux-driver-stack-deprecation">VMKlinux Driver Stack Deprecation</a></li>
<li><a href="#dell-perc-h700-raid-controller---tell-me-more" id="markdown-toc-dell-perc-h700-raid-controller---tell-me-more">Dell PERC H700 RAID Controller - Tell Me More</a></li>
<li><a href="#clutching-at-straws" id="markdown-toc-clutching-at-straws">Clutching at Straws</a></li>
<li><a href="#adding-h700-support-back-to-lsi_mr3" id="markdown-toc-adding-h700-support-back-to-lsi_mr3">Adding H700 Support Back to lsi_mr3</a></li>
<li><a href="#testing" id="markdown-toc-testing">Testing</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="vmklinux-driver-stack-deprecation">VMKlinux Driver Stack Deprecation</h2>
<p>After some research, I found this post on the VMware blogs site: <a href="https://blogs.vmware.com/vsphere/2019/04/what-is-the-impact-of-the-vmklinux-driver-stack-deprecation.html">What is the Impact of the VMKlinux Driver Stack Deprecation?</a><br />
As you can guess from that title, from v7.0 onwards, ESXi will no longer support VMKlinux based drivers.</p>
<p>Hmm, OK. I kind of know the answer already, but lets see. My R710 is currently running ESXi 6.7U3, so lets run the suggested test:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Dell H700 + H800" src="/images/esxi7-missing-percs/esxi7-missing-percs-02.png" /></p>
<p>Yeah, no surprises there. We did the testing the hard way anyway. It’s the H700 that’s using a VMKlinux driver.</p>
<p>We can confirm that by looking in the VMware Compatibility Guide (VCG):</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="H700 HCL" src="/images/esxi7-missing-percs/esxi7-missing-percs-03.png" /></p>
<p>Time to do some reading…</p>
<h2 id="dell-perc-h700-raid-controller---tell-me-more">Dell PERC H700 RAID Controller - Tell Me More</h2>
<p>According to Dell’s own documentation the <a href="https://www.dell.com/downloads/global/products/pvaul/en/perc-technical-guidebook.pdf">PERC Technical Guidebook</a> lists the H700 and H800 adapters as based on the LSI 2108 chipset:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Dell H700 + H800" src="/images/esxi7-missing-percs/esxi7-missing-percs-01.png" /></p>
<p>We know that LSI don’t just make chipsets for Dell. What other RAID controller cards use the LSI 2108 chipset?</p>
<ul>
<li>LSI MegaRAID SAS 9260 / 9260DE - <a href="https://www.starline.de/fileadmin/images/produkte/lsi/LSI_MR_SAS9260-8i__ENG_.pdf">pdf</a></li>
<li>Lenovo / IBM ServeRAID M5015 / M5014 - <a href="https://lenovopress.com/tips0738.pdf">pdf</a></li>
<li>Intel RS2BL080 / RS2MB044 - <a href="https://www.intel.com/content/dam/support/us/en/documents/motherboards/server/rs2bl080/sb/e64388004_rs2bl080_rs2mb044_tps_21.pdf">pdf</a></li>
<li>Fujitsu S26361-D2616-Ax / S26361-D3016-Ax - <a href="http://manuals.ts.fujitsu.com/file/3490/lsi-modular-raid-ug-en.pdf">pdf</a></li>
<li>Cisco C200 / C460 / B440 Servers - <a href="https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c/sw/raid/configuration/guide/RAID_GUIDE.pdf">pdf</a></li>
</ul>
<p>…to name just a few.</p>
<p>I even found the <a href="https://www.exertishammer.com/assets/uploads/resources/Broadcom%20-%20Product%20Brochure%20-%20Avago%20Storage%20Solutions%20Product%20Guide.pdf">LSI 2015 Product Guide</a> that contains something like thirteen LSI 2108 chipset based cards if you fancy spending a couple of hours on VMware Compatibility Guide!!</p>
<h2 id="clutching-at-straws">Clutching at Straws</h2>
<p>Checking the VCG with the first five above, straight away I noticed something:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Native and vmlinx" src="/images/esxi7-missing-percs/esxi7-missing-percs-04.png" /></p>
<p>Hmmm, so back in the ESXi 5.5 days, LSI 2108 based cards used the native lsi_mr3 driver…!?! Check out the above VCG entry for the LSI MegaRAID SAS 9260-8i for yourself <a href="https://www.vmware.com/resources/compatibility/detail.php?deviceCategory=io&productid=12384">HERE</a></p>
<p>Wait, when did the VMKlinux Driver Stack Deprecation start? <a href="https://www.virtuallyghetto.com/2013/10/esxi-55-introduces-new-native-device.html">ESXi5.5!</a></p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Magic!" src="/images/esxi7-missing-percs/magic.gif" /></p>
<h2 id="adding-h700-support-back-to-lsi_mr3">Adding H700 Support Back to lsi_mr3</h2>
<p>Many modern operating systems use PCI card hardware identifiers (aka PCI IDs) to identify and to ensure that the correct driver is loaded for the hardware present. Taking the H700 for example, we can see from the VMware VCG (after pulling all the entries together):</p>
<p>Vendor ID (VID) = 1000<br />
Device ID (DID) = 0079<br />
SubVendor ID (SVID) = 1028<br />
SubDevice ID (SDID) = 1f16 (Dell PERC H700 Adapter)<br />
SubDevice ID (SDID) = 1f17 (Dell PERC H700 Integrated)<br />
SubDevice ID (SDID) = 1f18 (Dell PERC H700 Modular)<br /></p>
<p>After lots and lots of reading, a bit more reading and a bit of testing in a VM, it looks like VMware drivers potentially reference PCI hardware IDs located in two files for each driver present in the O/S. These files are <code class="language-plaintext highlighter-rouge">driver.map</code> and <code class="language-plaintext highlighter-rouge">driver.ids</code>.</p>
<p>What happens if we add the PCI ID of the Dell H700 to the list of IDs supported by the lsi_mr3 driver? After all, if the VCG is anything to go by, the lsi_mr3 driver <em>used</em> to support LSI 2108 based cards…</p>
<p>So using my ESXi 7 VM <a href="https://polarclouds.co.uk/workaround-esxi-cpu-unsupported-pt3/#create-a-vm-for-esxi-installation-on-usb">created earlier</a>, lets have a play. As ESXi runs from memory, we need to extract lsi_mr3.v00, make the required modifications and repackage the modified files back into lsi_mr3.v00. Finally reboot to load the modified driver. Follows is the process to extract, modify and repackage the lsi_mr3.v00 driver.</p>
<p>In this example we are using a datastore called “datastaore1” yours maybe named differently. I’ve possibly gone a bit overboard with the following instructions, but hey, better to much than to little.</p>
<ol>
<li>Enable SSH on your ESXi host</li>
<li>Connect with ssh client (eg putty)</li>
<li>Copy the compressed driver to somewhere where we can work on it:<br /> <code class="language-plaintext highlighter-rouge">cp /tardisks/lsi_mr3.v00 /vmfs/volumes/datastore1/s.tar</code></li>
<li>Move to to datastore:<br /> <code class="language-plaintext highlighter-rouge">cd /vmfs/volumes/datastore1/</code></li>
<li>Extract one:<br /><code class="language-plaintext highlighter-rouge">vmtar -x s.tar -o output.tar</code></li>
<li>Clean up:<br /><code class="language-plaintext highlighter-rouge">rm s.tar</code></li>
<li>Create a temp working directory:<br /><code class="language-plaintext highlighter-rouge">mkdir tmp</code></li>
<li>Move our working file to the temp directory:<br /><code class="language-plaintext highlighter-rouge">mv output.tar tmp/output.tar</code></li>
<li>Move the the temp directory:<br /><code class="language-plaintext highlighter-rouge">cd tmp</code></li>
<li>Extract two:<br /><code class="language-plaintext highlighter-rouge">tar xf output.tar</code></li>
<li>Clean up:<br /><code class="language-plaintext highlighter-rouge">rm output.tar</code></li>
<li>Edit the map file:<br /><code class="language-plaintext highlighter-rouge">vi /vmfs/volumes/datastore1/tmp/etc/vmware/default.map.d/lsi_mr3.map</code><br />See <a href="https://kb.vmware.com/s/article/1020302">KB1020302</a> for help with vi</li>
<li>Paste in the following:<br /><code class="language-plaintext highlighter-rouge">regtype=native,bus=pci,id=10000079..............,driver=lsi_mr3</code><br />Like this:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="lsi_mr3 mod 1" src="/images/esxi7-missing-percs/esxi7-missing-percs-05.png" /></li>
<li>Save and quit vi</li>
<li>Next, edit the ids file:<br /><code class="language-plaintext highlighter-rouge">vi /vmfs/volumes/datastore1/tmp/usr/share/hwdata/default.pciids.d/lsi_mr3.ids</code></li>
<li>Paste in the following in to the “Broadcom” block, conforming the tab formatting detailed at the top of the file:<br /></li>
</ol>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"> 0079
1028 1f16 Dell PERC H700 Adapter
1028 1f17 Dell PERC H700 Adapter Integrated
1028 1f18 Dell PERC H700 Adapter Modular </code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="lsi_mr3 mod 2" src="/images/esxi7-missing-percs/esxi7-missing-percs-06.png" /></p>
<ol>
<li>Save and quit vi</li>
<li>Back in the tmp directory, compress one:<br /><code class="language-plaintext highlighter-rouge">tar -cf /vmfs/volumes/datastore1/FILE.tar *</code></li>
<li>Change to root of datastore:<br /><code class="language-plaintext highlighter-rouge">cd /vmfs/volumes/datastore1/</code></li>
<li>Compress two:<br /><code class="language-plaintext highlighter-rouge">vmtar -c FILE.tar -o output.vtar</code><br />
(ignore the “not a valid exec file” error)</li>
<li>Compress three:<br /><code class="language-plaintext highlighter-rouge">gzip output.vtar</code></li>
<li>Rename file:<br /><code class="language-plaintext highlighter-rouge">mv output.vtar.gz lsi_mr3.v00</code></li>
<li>Clean up:<br /><code class="language-plaintext highlighter-rouge">rm FILE.tar</code></li>
<li>Finally copy modified lsi_mr3.v00 back to boot bank:<br /><code class="language-plaintext highlighter-rouge">cp /vmfs/volumes/datastore1/lsi_mr3.v00 /bootbank/lsi_mr3.v00</code></li>
</ol>
<p>Phew!!!</p>
<p>Steps from above without comments (easier to read):</p>
<figure class="highlight"><pre><code class="language-shell" data-lang="shell"><span class="nb">cp</span> /tardisks/lsi_mr3.v00 /vmfs/volumes/datastore1/s.tar
<span class="nb">cd</span> /vmfs/volumes/datastore1/
vmtar <span class="nt">-x</span> s.tar <span class="nt">-o</span> output.tar
<span class="nb">rm </span>s.tar
<span class="nb">mkdir </span>tmp
<span class="nb">mv </span>output.tar tmp/output.tar
<span class="nb">cd </span>tmp
<span class="nb">tar </span>xf output.tar
<span class="nb">rm </span>output.tar
vi /vmfs/volumes/datastore1/tmp/etc/vmware/default.map.d/lsi_mr3.map
Paste <span class="k">in </span>the following:
<span class="nv">regtype</span><span class="o">=</span>native,bus<span class="o">=</span>pci,id<span class="o">=</span>10000079..............,driver<span class="o">=</span>lsi_mr3
vi /vmfs/volumes/datastore1/tmp/usr/share/hwdata/default.pciids.d/lsi_mr3.ids
Paste <span class="k">in </span>the following <span class="k">in </span>to the <span class="s2">"Broadcom"</span> block:
0079
1028 1f16 Dell PERC H700 Adapter
1028 1f17 Dell PERC H700 Adapter Integrated
1028 1f18 Dell PERC H700 Adapter Modular
<span class="nb">tar</span> <span class="nt">-cf</span> /vmfs/volumes/datastore1/FILE.tar <span class="k">*</span>
<span class="nb">cd</span> /vmfs/volumes/datastore1/
vmtar <span class="nt">-c</span> FILE.tar <span class="nt">-o</span> output.vtar
<span class="o">(</span>ignore the <span class="s2">"not a valid exec file"</span> error<span class="o">)</span>
<span class="nb">gzip </span>output.vtar
<span class="nb">mv </span>output.vtar.gz lsi_mr3.v00
<span class="nb">rm </span>FILE.tar
<span class="nb">cp</span> /vmfs/volumes/datastore1/lsi_mr3.v00 /bootbank/lsi_mr3.v00</code></pre></figure>
<p>Finally…. Reboot!</p>
<h2 id="testing">Testing</h2>
<p>….aaaaand this is as far as I’ve got. As I said above, whilst I’ve confirmed my ESXi 7.0 install with the modified lsi_mr3 driver still boots in as a VM, I’ve not yet been able to test this on my R710 server.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="straws" src="/images/esxi7-missing-percs/esxi7-missing-percs-07.png" /></p>
<p>Am I confident that this will work? <br />Realistically,I’d give it about a 30% chance of working. After all, drivers change; functionality is added and removed all the time.</p>
<p>Whilst we are all in isolation thanks to COVID-19, what’s the harm in trying right? It’ll either work or it won’t!</p>
<p>Hopefully I can test soon.<br /></p>
<p>In the meantime, if you fancy having a go at the above on your LSI 2108 based adapter, please be my guest. Just remember to use the PCIDs that match your hardware! :wink:</p>
<p><em><strong>Update: Since writing this post things have moved on.</strong> Checkout <a href="https://polarclouds.co.uk/esxi7-missing-percs-pt2/">this post</a> for the new developments!</em></p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/esxi7-missing-percs/">ESXi 7.0: The Missing PERC(s)</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 19, 2020.</p>
https://polarclouds.co.uk/workaround-esxi-cpu-unsupported-pt32020-04-15T01:00:00+01:002020-04-15T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="vSphere Logo" src="/images/workaround-esxi-cpu-unsupported/workaround-esxi-cpu-unsupported-00.png" />
Last time we too a closer look at CPUIDs and EAX values to help us workaround installing ESXi 7.0 into a VMware virtual machine (VM) hosted on physical hardware that contains an unsupported CPU.</p>
<p>If you’ve not seen that post, <a href="https://polarclouds.co.uk/workaround-esxi-cpu-unsupported-pt2/">catch up now</a>. It’s a great read.</p>
<p>As mentioned, this post is part 3 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="https://polarclouds.co.uk/workaround-esxi-cpu-unsupported/">Be gone CPU_SUPPORT Error!</a></li>
<li>Part 2: <a href="https://polarclouds.co.uk/workaround-esxi-cpu-unsupported-pt2/">CPUID and EAX Between Friends</a></li>
<li>Part 3: This part (Lets Get Virtual to Physical)</li>
</ul>
<p>To recap, the ESXi installer uses the CPUID instruction to identify the CPU(s) installed in the system. From the value obtained the user is told that their processor is either:</p>
<ul>
<li><strong>Unsupported</strong>. At which point the installer quits. No ESXi 7.0 for you!</li>
<li><strong>Will be unsupported in a later ESXi version</strong>. The installer will allow install continuation.</li>
<li><strong><em>Nothing</em></strong>. The installer accepts that a valid CPU is present and silently continues the installation.</li>
</ul>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#usb-is-your-friend" id="markdown-toc-usb-is-your-friend">USB is Your Friend</a></li>
<li><a href="#create-a-vm-for-esxi-installation-on-usb" id="markdown-toc-create-a-vm-for-esxi-installation-on-usb">Create a VM for ESXi Installation on USB</a></li>
<li><a href="#sample-esxi-70-vmx-file" id="markdown-toc-sample-esxi-70-vmx-file">Sample ESXi 7.0 vmx File</a></li>
<li><a href="#esxi-70-on-unsupported-hardware" id="markdown-toc-esxi-70-on-unsupported-hardware">ESXi 7.0 on Unsupported Hardware</a></li>
<li><a href="#the-smoking-gun" id="markdown-toc-the-smoking-gun">The Smoking Gun?</a></li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
<li><a href="#will-there-be-a-part-4" id="markdown-toc-will-there-be-a-part-4">Will There be a Part 4?</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="usb-is-your-friend">USB is Your Friend</h2>
<p>We already know that we can install ESXi 7.0 into a modified VM. Next step is to pass a USB stick through to the VM and install ESXi onto that. We can then take that same USB stick and boot a physical server from it.</p>
<p>As we saw from <a href="https://polarclouds.co.uk/workaround-esxi-cpu-unsupported/">part 1</a>, once ESXi 7.0 is installed, it appears to boot perfectly fine on Westmere processors without a CPU mask being required…</p>
<p>That’s the plan anyway. Let’s get cracking.</p>
<h2 id="create-a-vm-for-esxi-installation-on-usb">Create a VM for ESXi Installation on USB</h2>
<p>Create an ESXi VM in VMware Workstation the following specifications:</p>
<ul>
<li>ESXi 6.7 Compatibility</li>
<li>Guest O/S VMware ESXi</li>
<li>2x CPUs (1 core per processor) minimum</li>
<li>4GB Memory minimum</li>
<li>Bridged Networking (although networking not strictly necessary)</li>
<li>Para-virtualised SCSI Controller</li>
<li>SCSI disk of 1GB (We will be deleting this anyway)</li>
</ul>
<p>Don’t forget to mount your ESXi 7 installer iso too!</p>
<p>Close VMware Workstation and open the vmx file in a text editor. I use <a href="https://notepad-plus-plus.org/">Notepad++</a>. Find and delete all scsi entries:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Remove SCSI" src="/images/workaround-esxi-cpu-unsupported-pt3/workaround-esxi-cpu-pt3-01.png" /></p>
<p>Paste in the following CPU mask:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>cpuid.80000001.edx = "---- ---- ---H ---- ---- ---- ---- ----"
cpuid.1.eax = "0000 0000 0000 0011 0000 0110 1100 0011"
</code></pre></div></div>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="CPU Mask" src="/images/workaround-esxi-cpu-unsupported-pt3/workaround-esxi-cpu-pt3-02.png" /></p>
<p>Save and close the vmx file and open VMware Workstation.
Next, boot the VM. Whilst the VM is booting, connect the USB stick to the VM:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Connect USB" src="/images/workaround-esxi-cpu-unsupported-pt3/workaround-esxi-cpu-pt3-03.png" /></p>
<p>Once connected proceed to install ESXi onto the USB stick:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Install on USB" src="/images/workaround-esxi-cpu-unsupported-pt3/workaround-esxi-cpu-pt3-04.png" /></p>
<p>Once done, power down the VM and remove the USB stick. Ready to test!</p>
<h2 id="sample-esxi-70-vmx-file">Sample ESXi 7.0 vmx File</h2>
<p>Should you have issues with creating the required VM, you can download a copy of my ESXi7 here: <a href="https://polarclouds.co.uk/documents/ESXi7.zip">ESXi7.zip</a> <br />Import into VMware Workstation and install ESXi onto your USB as detailed above.</p>
<h2 id="esxi-70-on-unsupported-hardware">ESXi 7.0 on Unsupported Hardware</h2>
<p><em>Follows is my testing of ESXi 7.0 on my Dell R710 fitted with westermere-ep Xeon CPUs. Excuse the picture quality! (I didn’t have enough time to get Java working for the iDRAC)</em></p>
<p>Insert the USB into the server, F11 for one-off boot menu, select the Usb stick and here we go…</p>
<p>Bingo! The money shot!! Boom! :boom:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="R710 Running ESXi 7.0" src="/images/workaround-esxi-cpu-unsupported-pt3/workaround-esxi-cpu-pt3-05.png" /></p>
<p>Right, let’s see what works… First let’s check NICs:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="R710 NICs" src="/images/workaround-esxi-cpu-unsupported-pt3/workaround-esxi-cpu-pt3-06.png" /></p>
<p>Yep we have network connectivity. All four built in Broadcom NICs detected. Not often I say this, but yay for Broadcom…</p>
<p>OK. Let’s check for data stores:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="R710 Storage" src="/images/workaround-esxi-cpu-unsupported-pt3/workaround-esxi-cpu-pt3-07.png" /></p>
<p>Hmm that’s strange. In previous ESXi versions we don’t usually see the bootbanks under <code class="language-plaintext highlighter-rouge">/vmfs/volumes</code> No matter. What are instantly distinguishable by their absence are the data stores.</p>
<p>As I have no need for super-duper speedy storage in my R710, I’m just using the built in PERC H700 array controller which presents two RAID5 backed drives to ESXi. Hmm, so the H700 array controller uses the <a href="https://www.vmware.com/resources/compatibility/detail.php?deviceCategory=io&productid=12506">megaraid_sas</a> driver. Cross checking the excellent <a href="https://esxi-patches.v-front.de/vm-7.0.0.html">VMware ESXi Patch Tracker site</a> yep, no megaraid_sas driver in ESXi 7… boo! :no_mouth:</p>
<p>But I digress. That’s a job for another time and post.</p>
<h2 id="the-smoking-gun">The Smoking Gun?</h2>
<p>After a reader posted a link to <a href="https://commander614.wixsite.com/website/single-post/2018/07/08/Allowing-Unsupported-CPU%E2%80%99s-on-ESXI-67">Allowing Unsupported CPU’s on ESXI 6.7</a> by Daniel Lumby, I started having a poke around the ESXi 7.0 install iso and looking in \UPGRADE\PRECHECK.PY file, I spotted the following:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Smoking Gun?" src="/images/workaround-esxi-cpu-unsupported-pt3/workaround-esxi-cpu-pt3-08.png" /></p>
<blockquote>
<p>Note: ESXi release notes and VCG will say WSM-EP(2C) and
WSM-EX(2F) are deprecated, but internally they are still
supported by the code base.</p>
</blockquote>
<p>VGC = VMware Compatibility Guide <br />
WSM-EP(2C) = Westmere-EP CPUs <br />
WSM-EX(2F) = Westmere-EX CPUs <br /></p>
<p>:astonished: :exclamation::exclamation::exclamation: <span style="color:red"><strong>That will be why servers with Westmere CPUs boot and run fine then!!!</strong></span></p>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>Our task here was to see if could use what we learnt in parts 1 and 2 of this post series to create a modified VM and then use that VM to install ESXi 7.0 onto a USB stick</p>
<p>We then used that USB stick to boot a physical server. The server booted and was seen on the network without issue. Given a better choice of storage controller, we could even have mounted our datastores and potentially fired up a test VM for the LOLs of it.</p>
<p>We even found courtesy of comments left by VMware themselves that Westmere CPUs are supported by the ESXi code base.</p>
<h2 id="will-there-be-a-part-4">Will There be a Part 4?</h2>
<p>Possibly. Given the current lock-down in the UK, my “production” Dell R710 Is the only server I have access to whilst working from home. Given that my R710 hosts my pfSense VM and further testing requires shutting down all internet access from home, getting downtime on it is a little tricky at the moment. That said, I’ve a couple of ideas for incorporating a megaraid_sas driver into ESXi 7.0.</p>
<p>We also need to look at how to upgrade our USB stick when the first ESXi 7.0 patch drops…</p>
<p>Stay safe all.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/workaround-esxi-cpu-unsupported-pt3/">Workaround ESXi CPU Unsupported Error - Part 3</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 15, 2020.</p>
https://polarclouds.co.uk/workaround-esxi-cpu-unsupported-pt22020-04-10T01:00:00+01:002020-04-10T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="vSphere Logo" src="/images/workaround-esxi-cpu-unsupported/workaround-esxi-cpu-unsupported-00.png" />
Last time we looked at a workaround to install ESXi 7.0 into a VMware virtual machine hosted on physical hardware that contains an unsupported CPU. If you’ve not seen that post, <a href="https://polarclouds.co.uk/workaround-esxi-cpu-unsupported/">catch up now</a>. It’s a great read.</p>
<p>As mentioned, this post is part 2 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: <a href="https://polarclouds.co.uk/workaround-esxi-cpu-unsupported/">Be gone CPU_SUPPORT Error!</a></li>
<li>Part 2: This part (CPUID and EAX Between Friends)</li>
<li>Part 3: <a href="https://polarclouds.co.uk/workaround-esxi-cpu-unsupported-pt3/">Lets Get Virtual to Physical</a></li>
</ul>
<p>To recap, the ESXi installer uses the CPUID instruction to identify the CPU(s) installed in the system. From the value obtained the user is told that their processor is either:</p>
<ul>
<li><strong>Unsupported</strong>. At which point the installer quits. No ESXi 7.0 for you!</li>
<li><strong>Will be unsupported in a later ESXi version</strong>. The installer will allow install continuation.</li>
<li><strong><em>Nothing</em></strong>. The installer accepts that a valid CPU is present and silently continues the installation.</li>
</ul>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#cpuid-and-the-eax-value" id="markdown-toc-cpuid-and-the-eax-value">CPUID and the EAX Value</a></li>
<li><a href="#determining-a-cpuid" id="markdown-toc-determining-a-cpuid">Determining a CPUID</a> <ul>
<li><a href="#1-find-the-processor-model-number" id="markdown-toc-1-find-the-processor-model-number">1. Find the Processor Model Number</a></li>
<li><a href="#2-use-cpu-world" id="markdown-toc-2-use-cpu-world">2. Use CPU-World</a></li>
<li><a href="#3-cross-check" id="markdown-toc-3-cross-check">3. Cross Check</a></li>
<li><a href="#4-the-quick-way" id="markdown-toc-4-the-quick-way">4. The Quick Way</a></li>
</ul>
</li>
<li><a href="#converting-a-cpuid-to-an-eax-value" id="markdown-toc-converting-a-cpuid-to-an-eax-value">Converting a CPUID to an EAX Value</a></li>
<li><a href="#pulling-it-all-together" id="markdown-toc-pulling-it-all-together">Pulling It All Together</a> <ul>
<li><a href="#intel-cpuids-and-binary-eax-values" id="markdown-toc-intel-cpuids-and-binary-eax-values">Intel CPUIDs and Binary EAX Values</a></li>
<li><a href="#amd-cpuids-and-binary-eax-values" id="markdown-toc-amd-cpuids-and-binary-eax-values">AMD CPUIDs and Binary EAX Values</a></li>
</ul>
</li>
<li><a href="#conclusion-and-wrap-up" id="markdown-toc-conclusion-and-wrap-up">Conclusion and Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="cpuid-and-the-eax-value">CPUID and the EAX Value</h2>
<p>The CPUID instruction returns processor identification and feature information held in the EAX registers of the CPU in the system.</p>
<p>You can read more about the construction of the EAX value at <a href="https://c9x.me/x86/html/file_module_x86_id_45.html">x86 Instruction Set Reference - CPUID</a> and <a href="https://www.felixcloutier.com/x86/cpuid">CPUID — CPU Identification</a>.</p>
<h2 id="determining-a-cpuid">Determining a CPUID</h2>
<p>As luck would have it, Intel publish CPUID’s of their processors (or Processor Signatures as some of their literature calls it) in <a href="https://software.intel.com/en-us/articles/intel-architecture-and-processor-identification-with-cpuid-model-and-family-numbers">Intel Architecture and Processor Identification With CPUID Model and Family Numbers</a> and <a href="https://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/xeon-scalable-spec-update.pdf">Intel Xeon Processor Scalable Family Update March 2020</a>.</p>
<p>Let’s put that aside for the moment and single step through determining the CPUID of processor.</p>
<h3 id="1-find-the-processor-model-number">1. Find the Processor Model Number</h3>
<p>Simple. Check in <strong>Configure - Hardware - System</strong> of the host system that is to run the ESXi 7.0 VM. For example:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Processor Model Number" src="/images/workaround-esxi-cpu-unsupported-pt2/workaround-esxi-cpu-pt2-02.png" /></p>
<p>In my case, my ESXi 6.7 host is running E5640 CPUs.</p>
<h3 id="2-use-cpu-world">2. Use CPU-World</h3>
<p>Next, use the search function of <a href="http://www.cpu-world.com/">CPU-World</a> to obtain further information on the processor model found in step 1. For example:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="CPU_World CPUID" src="/images/workaround-esxi-cpu-unsupported-pt2/workaround-esxi-cpu-pt2-03.png" /></p>
<p>Looks like the E5640 CPUs have a CPUID of 206C2h (h = hex notation), so 206C2.</p>
<h3 id="3-cross-check">3. Cross Check</h3>
<p>Lets check the <a href="https://software.intel.com/en-us/articles/intel-architecture-and-processor-identification-with-cpuid-model-and-family-numbers">Intel Architecture and Processor Identification With CPUID Model and Family Numbers</a>, paper from above and sure enough, we can see that Gulftown and Westermere-EP CPU’s have and CPUID of 0x206Cx (the “0x” prefix = hex notation, “x” suffix = variable):</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Westmere-EP CPUID" src="/images/workaround-esxi-cpu-unsupported-pt2/workaround-esxi-cpu-pt2-01.png" /></p>
<p>So yes, 206C2 is a valid CPUID.</p>
<h3 id="4-the-quick-way">4. The Quick Way</h3>
<p>Connect via SSH to your ESXi host and issue the command
<code class="language-plaintext highlighter-rouge">esxcli hardware cpu cpuid raw list -c 0</code></p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="CPUID via SSH" src="/images/workaround-esxi-cpu-unsupported-pt2/workaround-esxi-cpu-pt2-04.png" /></p>
<p>A confirmed CPUID of 206C2 padded with three zeros! Nice :smile:</p>
<h2 id="converting-a-cpuid-to-an-eax-value">Converting a CPUID to an EAX Value</h2>
<p>As we saw in <a href="https://polarclouds.co.uk/workaround-esxi-cpu-unsupported/">Workaround ESXi CPU Unsupported Error - Part 1</a>, an EAX number must be entered into the vSphere CPU Identification Mask setting in binary:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="CPU Advanced Settings" src="/images/workaround-esxi-cpu-unsupported/workaround-esxi-cpu-unsupported-04.png" /></p>
<p>Conversion is easy. Use an online <a href="https://www.binaryhexconverter.com/hex-to-binary-converter">hexadecimal to binary converter</a>.</p>
<p>Again, using the three zero padded 000206C2 example from above:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="binary from hex" src="/images/workaround-esxi-cpu-unsupported-pt2/workaround-esxi-cpu-pt2-05.png" /></p>
<p>The binary EAX value we need to enter to pass through to the VM a CPUID of a Westermere-EP CPU is <code class="language-plaintext highlighter-rouge">0000:0000:0000:0010:0000:0110:1100:0010</code> when using colons instead of spaces, as vSphere expects it.</p>
<h2 id="pulling-it-all-together">Pulling It All Together</h2>
<p>So I present to you a list of processors, their CPUIDs, their binary EAX numbers and the result of installing ESXi 7.0 into a VM configured with the corresponding EAX number.:</p>
<div>
<style scoped="">
table{
margin: 0 auto;
width: 70%;
border-collapse: collapse;
border-spacing: 0;
border:1px solid #000000; }
th{
text-align: center;
border:1px solid #000000; }
td{
text-align: center;
border:1px solid #000000;}
tr:nth-child(even) {
background-color: #efefef;}
</style>
</div>
<h3 id="intel-cpuids-and-binary-eax-values">Intel CPUIDs and Binary EAX Values</h3>
<table>
<thead>
<tr>
<th style="text-align: center">Processor Generation</th>
<th style="text-align: center">CPUID</th>
<th style="text-align: center">Binary EAX Value</th>
<th style="text-align: center">ESXi 7.0 Installer <br />Action</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: center">Westmere-EP</td>
<td style="text-align: center">206C2</td>
<td style="text-align: center"><code class="language-plaintext highlighter-rouge">0000:0000:0000:0010:0000:0110:1100:0010</code></td>
<td style="text-align: center"><span style="color:red">Fail</span></td>
</tr>
<tr>
<td style="text-align: center">SandyBridge</td>
<td style="text-align: center">206A2</td>
<td style="text-align: center"><code class="language-plaintext highlighter-rouge">0000:0000:0000:0010:0000:0110:1010:0010</code></td>
<td style="text-align: center"><span style="color:blue">Warning</span></td>
</tr>
<tr>
<td style="text-align: center">IvyBridge</td>
<td style="text-align: center">306A2</td>
<td style="text-align: center"><code class="language-plaintext highlighter-rouge">0000:0000:0000:0011:0000:0110:1010:0010</code></td>
<td style="text-align: center"><span style="color:blue">Warning</span></td>
</tr>
<tr>
<td style="text-align: center">Haswell</td>
<td style="text-align: center">306C3</td>
<td style="text-align: center"><code class="language-plaintext highlighter-rouge">0000:0000:0000:0011:0000:0110:1100:0011</code></td>
<td style="text-align: center"><span style="color:green"><strong>PASS</strong></span></td>
</tr>
<tr>
<td style="text-align: center">Broadwell</td>
<td style="text-align: center">406F1</td>
<td style="text-align: center"><code class="language-plaintext highlighter-rouge">0000:0000:0000:0100:0000:0110:1111:0001</code></td>
<td style="text-align: center"><span style="color:green"><strong>PASS</strong></span></td>
</tr>
<tr>
<td style="text-align: center">Skylake</td>
<td style="text-align: center">50654</td>
<td style="text-align: center"><code class="language-plaintext highlighter-rouge">0000:0000:0000:0101:0000:0110:0101:0100</code></td>
<td style="text-align: center"><span style="color:green"><strong>PASS</strong></span></td>
</tr>
<tr>
<td style="text-align: center">Kabby Lake</td>
<td style="text-align: center">806E9</td>
<td style="text-align: center"><code class="language-plaintext highlighter-rouge">0000:0000:0000:1000:0000:0110:1110:1001</code></td>
<td style="text-align: center"><span style="color:green"><strong>PASS</strong></span></td>
</tr>
</tbody>
</table>
<p><br />
Eagle eyed readers will recognise that in <a href="https://polarclouds.co.uk/workaround-esxi-cpu-unsupported/">Part 1</a>, we used the Haswell processor EAX value to enable ESXi 7.0 installation. :stuck_out_tongue_winking_eye:</p>
<h3 id="amd-cpuids-and-binary-eax-values">AMD CPUIDs and Binary EAX Values</h3>
<table>
<thead>
<tr>
<th style="text-align: center">Processor Generation</th>
<th style="text-align: center">CPUID</th>
<th style="text-align: center">Binary EAX Value</th>
<th style="text-align: center">ESXi 7.0 Installer <br />Action</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: center">Opteron 6124HE</td>
<td style="text-align: center">100F91</td>
<td style="text-align: center"><code class="language-plaintext highlighter-rouge">0000:0000:0001:0000:0000:1111:1001:0001</code></td>
<td style="text-align: center">Untested*</td>
</tr>
<tr>
<td style="text-align: center">Opteron 6212</td>
<td style="text-align: center">600F12</td>
<td style="text-align: center"><code class="language-plaintext highlighter-rouge">0000:0000:0110:0000:0000:1111:0001:0010</code></td>
<td style="text-align: center">Untested*</td>
</tr>
<tr>
<td style="text-align: center">Opteron 6320</td>
<td style="text-align: center">600F20</td>
<td style="text-align: center"><code class="language-plaintext highlighter-rouge">0000:0000:0110:0000:0000:1111:0010:0000</code></td>
<td style="text-align: center">Untested*</td>
</tr>
<tr>
<td style="text-align: center">Epyc 7251</td>
<td style="text-align: center">800F12</td>
<td style="text-align: center"><code class="language-plaintext highlighter-rouge">0000:0000:1000:0000:0000:1111:0001:0010</code></td>
<td style="text-align: center">Untested*</td>
</tr>
<tr>
<td style="text-align: center">Epyc 7371</td>
<td style="text-align: center">800F12</td>
<td style="text-align: center"><code class="language-plaintext highlighter-rouge">0000:0000:1000:0000:0000:1111:0001:0010</code></td>
<td style="text-align: center">Untested*</td>
</tr>
</tbody>
</table>
<p><br />
*As server used for testing is Intel CPU based, I’m unable to test EAX values for AMD CPUs.</p>
<p>The environment used for the above testing:</p>
<ul>
<li>Server: Dell R710, fitted with two Xeon Westmere-EP CPUs</li>
<li>Host ESXi: ESXi 6.7 build 15160138 installed</li>
<li>Managed by: vCenter 6.7 build 15129973</li>
<li>Test VM compatibility: ESXi 6.7 Update 2 and later (VM version 15)</li>
<li>Test VM guest OS: VMware ESXi 6.5 or later</li>
<li>ESXi 7.0 installer: VMware-VMvisor-Installer-7.0.0-15843807.x86_64.iso</li>
</ul>
<h2 id="conclusion-and-wrap-up">Conclusion and Wrap Up</h2>
<p>In this post we looked at CPUIDs, how to obtain them from online sources and how to find them by querying physical hardware. From there we looked at how to convert a CPUID into a binary EAX value.</p>
<p>Finally, we applied the generated EAX values to a VM and ran the ESXi 7.0 installer, with results as detailed above.</p>
<p>Next time, in part 3, we’ll look at using what we’ve learnt in parts 1 and 2 in the physical world. <em>Stay tuned..!</em> :smiley: :computer:</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/workaround-esxi-cpu-unsupported-pt2/">Workaround ESXi CPU Unsupported Error - Part 2</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 10, 2020.</p>
https://polarclouds.co.uk/workaround-esxi-cpu-unsupported2020-04-06T01:00:00+01:002020-04-06T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="vSphere Logo" src="/images/workaround-esxi-cpu-unsupported/workaround-esxi-cpu-unsupported-00.png" />
The new v7.0 version of vSphere was released late last week and like many others I am keen to play with all the shiny shiny new features:</p>
<ul>
<li>Kubernetes Integration</li>
<li>Assignable Hardware</li>
<li>vSphere Lifecycle Manager</li>
<li>Intrinsic Security</li>
<li>Improved DRS</li>
<li>Refactored vMotion</li>
</ul>
<p>First step is to install ESXi 7.0 into a Virtual Machine (VM) and have a little look see before we go any further.</p>
<p>This post is part 1 of a multipart series. Find the other parts here:</p>
<ul>
<li>Part 1: This part (Be gone CPU_SUPPORT Error!)</li>
<li>Part 2: <a href="https://polarclouds.co.uk/workaround-esxi-cpu-unsupported-pt2/">CPUID and EAX Between Friends</a></li>
<li>Part 3: <a href="https://polarclouds.co.uk/workaround-esxi-cpu-unsupported-pt3/">Lets Get Virtual to Physical</a></li>
</ul>
<h2 id="problem-1---boot-drive-size">Problem 1 - Boot Drive Size</h2>
<p>Being the same old, same old frugal VM admin, I assigned my usual 1GB boot drive hard disk to my ESXi 7.0 VM. Boot up answer the first couple of installer questions… Hmmm this is new:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="HDD Too Small" src="/images/workaround-esxi-cpu-unsupported/workaround-esxi-cpu-unsupported-01.png" /></p>
<p>From the <a href="https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.esxi.install.doc/GUID-DEB8086A-306B-4239-BF76-E354679202FC.html">ESXi Hardware Requirements</a> page:</p>
<blockquote>
<p>ESXi 7.0 requires a boot disk of at least 8 GB for USB or SD devices, and 32 GB for other device types such as HDD, SSD, or NVMe. A boot device must not be shared between ESXi hosts.</p>
</blockquote>
<p>Ah, OK, well this is a test VM, so it can have a 4GB boot HDD and like it. Simple fix. :wink:</p>
<h2 id="problem-2---cpu_support-error">Problem 2 - CPU_SUPPORT Error</h2>
<p>VM rebooted and on we go with the install. Oh, so that’s not nice:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="CPU Error" src="/images/workaround-esxi-cpu-unsupported/workaround-esxi-cpu-unsupported-02.png" /></p>
<p>My ESXi server has two Intel Xeon E5640 CPUs in it. Whilst I was lucky to be able to upgrade to ESXi 6.7 without issue, it looks like VMware have finally caught up with my ageing hardware.</p>
<p>Ah yes, from the <a href="https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-vcenter-server-70-release-notes.html">vSphere 7 release notes</a>:</p>
<blockquote>
<p>Comparing the processors supported by vSphere 6.7, vSphere 7.0 no longer supports the following processors:</p>
<ul>
<li>Intel Family 6, Model = 2C (Westmere-EP)</li>
<li>Intel Family 6, Model = 2F (Westmere-EX)</li>
</ul>
</blockquote>
<p>Boo! no support for my CPU. :grimacing:</p>
<h2 id="cpu_support-error---the-fix">CPU_SUPPORT Error - The Fix</h2>
<p>So the ESXi installer is looking at physical processor in the server to determine whether to continue installation. Luckily for us, as this is a VM, we can make some adjustments to the VM to allow the ESXi 7.0 installer to continue with the install.</p>
<p>To accomplish this, we can use a CPU “mask” to hide the identity of our server’s actual CPU and pass through the identity of a supported CPU instead. Standard disclaimers apply:</p>
<ul>
<li><strong>YES this is unsupported by VMware</strong></li>
<li><strong>YES what follows should not be attempted on production equipment</strong></li>
<li><strong>YES you are on you’re own</strong> (but hey, you knew that already. This is cheaper than purchasing a new motherboard, CPUs, RAM etc)</li>
</ul>
<p>Power off the ESXi 7.0 VM, edit the settings, expand the CPU settings and click <strong>Advanced</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="CPU Advanced Settings" src="/images/workaround-esxi-cpu-unsupported/workaround-esxi-cpu-unsupported-03.png" /></p>
<p>From there expand <strong>Level 1</strong> and paste the following into the <strong>EAX</strong> field:</p>
<p>Identification for Intel CPUs: <code class="language-plaintext highlighter-rouge">0000:0000:0000:0011:0000:0110:1100:0011</code> <br />
Identification for AMD CPUs: <code class="language-plaintext highlighter-rouge">0000:0000:0110:0000:0000:1111:0001:0000</code></p>
<p>My CPU is an Intel, so I’ll paste in the Intel ID:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="CPU Advanced Settings" src="/images/workaround-esxi-cpu-unsupported/workaround-esxi-cpu-unsupported-04.png" /></p>
<p>Click <strong>OK</strong> twice, boot up the VM and kick off the ESXi installer again. Third time’s a charm? :wink:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Installing!" src="/images/workaround-esxi-cpu-unsupported/workaround-esxi-cpu-unsupported-05.png" /></p>
<p><em>Oh yes!</em> :sunglasses:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Install Complete" src="/images/workaround-esxi-cpu-unsupported/workaround-esxi-cpu-unsupported-06.png" /></p>
<p>Install complete. Let’s boot the VM up just to see if it boots. Yep looks good:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="First Boot OK" src="/images/workaround-esxi-cpu-unsupported/workaround-esxi-cpu-unsupported-07.png" /></p>
<p>We can now remove the CPU ID set above. After all, the installer has done it’s work and we are all good.</p>
<p>Shut down the ESXi 7.0 VM, edit the settings, expand the CPU settings and click <strong>Advanced</strong>:
From there expand <strong>Level 1</strong>, click <strong>Reset Row</strong> and click <strong>OK</strong> twice to save.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Reset Row" src="/images/workaround-esxi-cpu-unsupported/workaround-esxi-cpu-unsupported-08.png" /></p>
<p>Job done. ESXi7 installed, CPU ID returned to normal.</p>
<p>Next time in <a href="https://polarclouds.co.uk/workaround-esxi-cpu-unsupported-pt2/">part 2</a>, we’ll take a closer look at EAX numbers and I’ll detail how I arrived at the working EAX numbers.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/workaround-esxi-cpu-unsupported/">Workaround ESXi CPU Unsupported Error - Part 1</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 06, 2020.</p>
https://polarclouds.co.uk/media-to-ios-without-itunes2020-03-15T00:00:00+00:002020-03-15T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="No iTunes" src="/images/media-to-ios-without-itunes/media-to-ios-without-itunes-00.png" />
One thing <a href="https://www.dictionary.com/browse/irks">irks</a> me about Apple iOS devices is the annoyance of having to use iTunes or some other software of questionable origin to copy music and video files to my device.</p>
<p>In the Android world, this isn’t a problem. I just plug my phone into my laptop, allow the laptop access to the phone storage and copy over files using file explorer.</p>
<p>But nooo, Apple want me to download and run their proprietary software to achieve something that is so simple in the Android world. :unamused:</p>
<h2 id="the-solution-vlc-for-mobile">The Solution: VLC for Mobile</h2>
<p>First off, install VLC for Mobile onto your iOS device from Apple App store:</p>
<p><a href="https://apps.apple.com/us/app/vlc-for-mobile/id650377962"><img style="display: block; margin-left: auto; margin-right: auto;" alt="Install VLC for Mobile" src="/images/media-to-ios-without-itunes/appstore200.png" /></a></p>
<p>Once installed, open the VLC app and click on the Network icon on the menu bar:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VLC network icon" src="/images/media-to-ios-without-itunes/media-to-ios-without-itunes-01.png" /></p>
<p>Then, enable <strong>Sharing via WiFi</strong> and make a note of the URLs listed:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Sharing via WiFi" src="/images/media-to-ios-without-itunes/media-to-ios-without-itunes-02.png" /></p>
<p>Next, on your device containing the media that you wish to copy to the iOS device, open a web browser and browse to the URL noted above:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Browse to iOS device" src="/images/media-to-ios-without-itunes/media-to-ios-without-itunes-03.png" /></p>
<p>To add media, either drag you media files to the “Drop Files” area or simply click the <strong>+</strong> button to open a file open dialogue. Could not be simpler.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Open file dialogue" src="/images/media-to-ios-without-itunes/media-to-ios-without-itunes-04.png" /></p>
<p>Once done, back on the iOS device, turn off <strong>Sharing via WiFi</strong>, select your media and enjoy!</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Yay Music!" src="/images/media-to-ios-without-itunes/media-to-ios-without-itunes-05.png" /></p>
<p>Time for <a href="https://spongebob.fandom.com/wiki/Chocolate_with_Nuts">a classic</a>!</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Chocolate with Nuts" src="/images/media-to-ios-without-itunes/media-to-ios-without-itunes-06.png" /></p>
<p>Nice!</p>
<p>A round of applause to the <a href="https://www.videolan.org/videolan/">VideoLAN dev team</a> to help us to continue to remain iTunes free! :clap: :sunglasses: :clap:</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/media-to-ios-without-itunes/">Copying Media to iOS Devices WITHOUT iTunes</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on March 15, 2020.</p>
https://polarclouds.co.uk/mbr-gpt-no-data-loss2020-02-23T00:00:00+00:002020-02-23T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="pfSense + OpenVPN" src="/images/mbr-gpt-no-data-loss/mbr-gpt-no-data-loss-00.png" />
Recently I found myself needing to extend a disk partition and finding I couldn’t do it. As usual, this was not the first time I had come up against this problem.</p>
<p>A problem of my own making too. :confused:</p>
<p>Why? read on…</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#primer" id="markdown-toc-primer">Primer</a> <ul>
<li><a href="#whats-an-mbr" id="markdown-toc-whats-an-mbr">What’s an MBR?</a></li>
<li><a href="#whats-a-gpt" id="markdown-toc-whats-a-gpt">What’s a GPT?</a></li>
</ul>
</li>
<li><a href="#the-problem" id="markdown-toc-the-problem">The Problem</a></li>
<li><a href="#the-solution-mbr-to-gpt-conversion-without-data-loss" id="markdown-toc-the-solution-mbr-to-gpt-conversion-without-data-loss">The Solution: MBR to GPT Conversion WITHOUT Data Loss</a> <ul>
<li><a href="#the-tldr" id="markdown-toc-the-tldr">The TL;DR</a></li>
<li><a href="#the-full-how-to" id="markdown-toc-the-full-how-to">The Full How To</a></li>
</ul>
</li>
<li><a href="#conclusion" id="markdown-toc-conclusion">Conclusion</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="primer">Primer</h2>
<p>First off, a very quick primer for those not familiar with the terms MBR and GPT:</p>
<h3 id="whats-an-mbr">What’s an MBR?</h3>
<p>MBR stands for Master Boot Record. An MBR is method of containing information on how a disk’s logical partitions, containing file systems, are organized on the disk. The concept of a MBR was first introduced in 1983.
If you wish, find out more at Wikipedia <a href="https://en.wikipedia.org/wiki/Master_boot_record">here</a>.</p>
<h3 id="whats-a-gpt">What’s a GPT?</h3>
<p>GPT stands for GUID Partition Table. Again a GPT is method of containing information on how a disk’s logical partitions, containing file systems, are organized on the disk, this time using universally unique identifiers, which are also known as globally unique identifiers (GUIDs). GPT’s have been with us since the late 2000’s. If you wish, find out more at Wikipedia <a href="https://en.wikipedia.org/wiki/GUID_Partition_Table">here</a>.</p>
<h2 id="the-problem">The Problem</h2>
<p>So what’s the problem? This:</p>
<ol>
<li>When originally partitioning my disk, way back when, I had chosen to use MBR</li>
<li>The maximum partition size for an MBR partitioned disk is 2 terabytes (TB)</li>
<li>I wanted to extend my partition beyond 2TB as I was running out of free disk space</li>
</ol>
<p>Which meant I could not extend the partition. :cry:</p>
<p>Traditionally, the method to deal with this situation is to backup the data on the MBR partitioned disk, delete the MBR partition, create a GPT partition on the disk and restore the data back in to the GPT partition, or purchase disk partition management tools such as Acronis Disk Director (£55+).</p>
<p>Unfortunately without making special arrangements, I did not have a spare 2TB free disk space “floating around” that I could use for my backup. Neither did I want to spend money on software I’ll only use a couple of times.</p>
<p>Surely (<a href="https://www.youtube.com/watch?v=Qo7qoonzTCE">Shirley</a>) there must be another way… Besides we aren’t living in the computing dark ages any more Elaine…</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Airplane 2" src="/images/mbr-gpt-no-data-loss/mbr-gpt-no-data-loss-09.jpg" /></p>
<h2 id="the-solution-mbr-to-gpt-conversion-without-data-loss">The Solution: MBR to GPT Conversion WITHOUT Data Loss</h2>
<p>Luckily the solution turned out to be a one line command run from a Linux based boot CD (or boot USB) that could save all that deleting and restoring of data.</p>
<p><em>At this point standard disclaimers apply. Follow at your own risk. Backup your data before following. You are responsible for your own actions etc.</em></p>
<h3 id="the-tldr">The TL;DR</h3>
<p>Too Lazy; Didn’t Read? - Boot <a href="https://gparted.org/livecd.php">GParted Live</a> and use gdisk.</p>
<h3 id="the-full-how-to">The Full How To</h3>
<p>With the TL;DR’s out of the way, here’s how we do this. First off, here is the environment:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Environment" src="/images/mbr-gpt-no-data-loss/mbr-gpt-no-data-loss-01.png" /></p>
<p>As you can see from the above, we have a machine running Windows 10 with an MBR partitioned 100GB D:\ drive containing some “super sensitive” files and a Debian install ISO.</p>
<p>I want to convert the D:\ drive from MBR to GPT.</p>
<p>Step one is to download a copy of <a href="https://gparted.org/livecd.php">GParted Live</a> from <a href="https://gparted.org/download.php">here</a>.
Next we need to boot the machine from the downloaded GParted ISO.</p>
<p>I booted GParted Live with the default Settings, selected British English and chose to boot into the graphical user environment. Next I used the drop down in the top right hand corner of GParted app to select my 100GB D:\ drive:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="GParted GUI" src="/images/mbr-gpt-no-data-loss/mbr-gpt-no-data-loss-02.png" /></p>
<p>As can be seen from the above, the GParted Live instance sees my 100GB D:\ drive as <code class="language-plaintext highlighter-rouge">/dev/sdb</code>. The drive you wish to convert may be identified differently; just make a note of it’s identification. You should be able to tell from the drive size.</p>
<p>Next, double click the Terminal icon <img src="/images/mbr-gpt-no-data-loss/mbr-gpt-no-data-loss-03.png" alt="Terminal" /> to open a terminal.</p>
<p>Once the terminal opens, enter the command <code class="language-plaintext highlighter-rouge">sudo gdisk <your identified drive></code> In my case, I entered <code class="language-plaintext highlighter-rouge">sudo gdisk /dev/sdb</code>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="gdisk" src="/images/mbr-gpt-no-data-loss/mbr-gpt-no-data-loss-04.png" /></p>
<p>Next hit <code class="language-plaintext highlighter-rouge">w</code> to replace the MBR with a GPT. Take heed of the warning (you did backup your data right?!? :thumbsup:)</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="gdisk warning" src="/images/mbr-gpt-no-data-loss/mbr-gpt-no-data-loss-05.png" /></p>
<p>Enter <code class="language-plaintext highlighter-rouge">y</code> to proceed and commit to writing the GPT:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="gdisk done" src="/images/mbr-gpt-no-data-loss/mbr-gpt-no-data-loss-06.png" /></p>
<p>gdisk done!</p>
<p>Finally, double click the Exit icon <img src="/images/mbr-gpt-no-data-loss/mbr-gpt-no-data-loss-07.png" alt="Exit" /> to exit GParted and reboot.</p>
<p>Back in windows, a double check in file explorer and in disk management, we can see that my “super sensitive” files and a Debian install ISO are intact and my partition has been converted to GPT:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="job done" src="/images/mbr-gpt-no-data-loss/mbr-gpt-no-data-loss-08.png" /></p>
<p>Job done! Boom! :boom:</p>
<h2 id="conclusion">Conclusion</h2>
<p>In this post we converted a Windows Master Boot Record (MBR) partition to a GUID Partition Table (GPT) partition. We booted a GParted Live CD (or bootable USB) and converted the partition simply, quickly and with zero data loss.</p>
<p>What’s more, we got this done quickly, easily and for free!</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/mbr-gpt-no-data-loss/">MBR to GPT Conversion WITHOUT Data Loss</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 23, 2020.</p>
https://polarclouds.co.uk/nsx-upgrade2020-02-15T00:00:00+00:002020-02-15T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="pfSense + OpenVPN" src="/images/nsx-upgrade/nsx-upgrade-00.jpg" />
Some quick notes and a nice work around for achieving a smooth NSX for vSphere upgrade as gleaned from upgrading my cross-vCenter home lab from v6.4.5 to v6.4.6.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#pre-requisites" id="markdown-toc-pre-requisites">Pre-Requisites</a></li>
<li><a href="#download" id="markdown-toc-download">Download</a></li>
<li><a href="#upgrade-steps" id="markdown-toc-upgrade-steps">Upgrade Steps</a> <ul>
<li><a href="#upgrade-primary-nsx-appliance" id="markdown-toc-upgrade-primary-nsx-appliance">Upgrade Primary NSX Appliance</a></li>
<li><a href="#upgrade-all-secondary-nsx-manager-appliances" id="markdown-toc-upgrade-all-secondary-nsx-manager-appliances">Upgrade All Secondary NSX Manager Appliances</a></li>
<li><a href="#upgrade-nsx-controller-cluster" id="markdown-toc-upgrade-nsx-controller-cluster">Upgrade NSX Controller Cluster</a></li>
<li><a href="#upgrade-host-clusters" id="markdown-toc-upgrade-host-clusters">Upgrade Host Clusters</a> <ul>
<li><a href="#work-around" id="markdown-toc-work-around">Work Around</a></li>
</ul>
</li>
<li><a href="#upgrade-nsx-edges" id="markdown-toc-upgrade-nsx-edges">Upgrade NSX Edges</a></li>
<li><a href="#upgrade-guest-introspection" id="markdown-toc-upgrade-guest-introspection">Upgrade Guest Introspection</a></li>
<li><a href="#upgrade-nsx-services-that-do-not-support-direct-upgrade" id="markdown-toc-upgrade-nsx-services-that-do-not-support-direct-upgrade">Upgrade NSX Services That Do Not Support Direct Upgrade</a></li>
<li><a href="#post-upgrade-tasks" id="markdown-toc-post-upgrade-tasks">Post-Upgrade Tasks</a></li>
</ul>
</li>
<li><a href="#conclusion" id="markdown-toc-conclusion">Conclusion</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="pre-requisites">Pre-Requisites</h2>
<p>Check the VMware Product Interoperability Matrices. Check <a href="https://www.vmware.com/resources/compatibility/sim/interop_matrix.php#interop&93=&2=&1=">this matrix</a> for NSX/vCenter/ESXi interoperability.</p>
<p>Ensure that your vCenter and ESXi servers are running compatible versions prior to starting the NSX upgrade!</p>
<p>Check the upgrade release notes. See <a href="https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/rn/releasenotes_nsx_vsphere_646.html">here</a> for all VMware NSX Data Center for vSphere release notes</p>
<h2 id="download">Download</h2>
<p>Download the upgrade bundle from <a href="https://my.vmware.com/web/vmware/details?downloadGroup=NSXV_646&productId=491">the VMware download site</a></p>
<p>Once downloaded, confirm the check sum using PowerShell:</p>
<div class="language-powershell highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">get-filehash</span><span class="w"> </span><span class="nx">VMware-NSX-Manager-upgrade-bundle-6.4.6-14819921.tar.gz</span><span class="w">
</span></code></pre></div></div>
<p>Confirm SHA256SUM value matches that given on the VMware download site</p>
<h2 id="upgrade-steps">Upgrade Steps</h2>
<p>NSX Data Center for vSphere components <strong>must</strong> be upgraded in the following order:</p>
<ol>
<li>Primary NSX Manager appliance</li>
<li>All secondary NSX Manager appliances</li>
<li>NSX Controller cluster</li>
<li>Host clusters</li>
<li>NSX Edge</li>
<li>Guest Introspection</li>
<li>Post-Upgrade Tasks</li>
</ol>
<p>The top level VMware upgrade guide is <a href="https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.upgrade.doc/GUID-D824C743-8137-47F8-AF5D-C225CC8A2542.html">available here</a></p>
<h3 id="upgrade-primary-nsx-appliance">Upgrade Primary NSX Appliance</h3>
<p><strong>When:</strong> Anytime <br />
<strong>How:</strong> Follow <a href="https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.upgrade.doc/GUID-D05908F8-AB87-474B-9522-BACDD685D827.html">this guide</a> <br />
<strong>Further Notes:</strong> None</p>
<h3 id="upgrade-all-secondary-nsx-manager-appliances">Upgrade All Secondary NSX Manager Appliances</h3>
<p><strong>When:</strong> Anytime <br />
<strong>How:</strong> Follow <a href="https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.upgrade.doc/GUID-C3DE6069-540E-4EF5-84AC-5EC12752EC6C.html">this guide</a> <br />
<strong>Further Notes:</strong> None</p>
<h3 id="upgrade-nsx-controller-cluster">Upgrade NSX Controller Cluster</h3>
<p><strong>When:</strong> During a maintenance window <br />
<strong>How:</strong> Follow <a href="https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.upgrade.doc/GUID-50663A38-C1C5-4D07-A203-9000F4D9FBFA.html">this guide</a> <br />
<strong>Further Notes:</strong> The VMware guidance of performing the upgrade “during a maintenance window” seems a little conservative. As long as there are no NSX changes being made whilst the upgrade is taking place, then I suggest that this can be done anytime</p>
<h3 id="upgrade-host-clusters">Upgrade Host Clusters</h3>
<p><strong>When:</strong> During a maintenance window <br />
<strong>How:</strong> Follow <a href="https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.upgrade.doc/GUID-8355030A-9FF0-4C44-B694-42F655B76BA0.html">this guide</a> <br />
<strong>Further Notes:</strong> This is where my one host per cluster lab had issues.<br />
The problem was that the upgrade process wanted to put the host into maintenance mode to upgrade the ESXi NSX VIBs but couldn’t - because it had no where to vMotion the VMs to! (remember - only one host per cluster!) :flushed:</p>
<h4 id="work-around">Work Around</h4>
<p><strong><em>What follows is the NSX VIB upgrade process if for single host “lab” style clusters. Certainly in production you will have more than one ESXi host per NSX cluster, so this work around would (should) not be needed.</em></strong></p>
<p>The solution was to upgrade the NSX VIBs manually, and then reboot the host and all it’s VMs to enable the updated NSX VIBs. Luckily I found <a href="https://www.definetomorrow.co.uk/blog/2018/5/10/manual-install-of-nsx-vibs-to-esxi-hosts">this post</a> that details a method to obtain the updated NSX VIBs from NSX manager.</p>
<p>For my lab upgrade to 6.4.6, I Opened https://nsx-site-a.lab/bin/bin/vdn/nwfabric.properties in a web browser to find the updated NSX VIBs:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VIB Locations" src="/images/nsx-upgrade/nsx-upgrade-01.png" /></p>
<p>Downloaded the VIB from https://nsx-site-a.lab/bin/vdn/vibs-6.4.6/6.7-14762108/vxlan.zip using IE as Chrome would just open the file</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Download VIB" src="/images/nsx-upgrade/nsx-upgrade-02.png" /></p>
<p>Extracted the VIB from the folder \vib20\esx-nsxv inside the zip:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Extract VIB" src="/images/nsx-upgrade/nsx-upgrade-03.png" /></p>
<p>WinSCP’ed the VMware_bootbank_esx-nsxv_6.7.0-0.0.14762108.vib file to the ESXi host (after enabling SSH on the ESXi host)</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="WinSCP VIB" src="/images/nsx-upgrade/nsx-upgrade-04.png" /></p>
<p>Shutdown all VMs, placed host into maintenance mode, SSH’ed to the host and upgraded the NSX VIB using the following command:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># esxcli software vib update -v /tmp/VMware_bootbank_esx-nsxv_6.7.0-0.0.14762108.vib</span>
</code></pre></div></div>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Upgrade VIB" src="/images/nsx-upgrade/nsx-upgrade-05.png" /></p>
<p>Rebooted my ESXi host, removed host from maintenance mode, booted all the VMs and boom! :boom:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VIB Done" src="/images/nsx-upgrade/nsx-upgrade-06.png" /></p>
<p>Repeat for the other ESXi host at the other site. Double boom! :boom: :boom:</p>
<h3 id="upgrade-nsx-edges">Upgrade NSX Edges</h3>
<p><strong>When:</strong> During a maintenance window <br />
<strong>How:</strong> Follow <a href="https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.upgrade.doc/GUID-17457D8A-471B-4FF9-9372-7079F6AD47C4.html">this guide</a> <br />
<strong>Further Notes:</strong> More of an edge replacement process; a new Edge virtual appliance is deployed alongside the existing one. When the new Edge is ready, the old Edge’s vNICs are disconnected and the new Edge’s vNICs are connected.</p>
<h3 id="upgrade-guest-introspection">Upgrade Guest Introspection</h3>
<p><strong>When:</strong> During a maintenance window <br />
<strong>How:</strong> Follow <a href="https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.upgrade.doc/GUID-786B7082-BCF1-4130-97C1-8128DF58F567.html">this guide</a> <br />
<strong>Further Notes:</strong> I don’t run guest introspection in my lab, so did not complete this step</p>
<h3 id="upgrade-nsx-services-that-do-not-support-direct-upgrade">Upgrade NSX Services That Do Not Support Direct Upgrade</h3>
<p><strong>When:</strong> Depends on service(s)<br />
<strong>How:</strong> Follow <a href="https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.upgrade.doc/GUID-F0D75A47-8AAD-47FC-B69D-72775212A65A_copy2.html">this guide</a> <br />
<strong>Further Notes:</strong> Nothing to do here as I don’t run any other NSX related services</p>
<h3 id="post-upgrade-tasks">Post-Upgrade Tasks</h3>
<p><strong>When:</strong> Anytime <br />
<strong>How:</strong> Follow <a href="https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.upgrade.doc/GUID-27BED4A8-9E87-4D42-AEEC-ABB09B6F1762_copy2.html">this guide</a> <br />
<strong>Further Notes:</strong> We know that our VIBs are OK as we manually installed them. I did not bother with resynchronising the host message bus as I had rebooted everything anyway!</p>
<h2 id="conclusion">Conclusion</h2>
<p>In this post we learnt how to upgrade VMware NSX and the process required to complete an upgrade. We also worked around the issue of upgrading single host clusters and completed the upgrade without issue.</p>
<p>Until next time :thumbsup:</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nsx-upgrade/">VMware NSX for vSphere Upgrade Notes</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 15, 2020.</p>
https://polarclouds.co.uk/network-throughput-testing2020-02-07T00:00:00+00:002020-02-07T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="iPerf speed" src="/images/network-throughput-testing/network-throughput-testing00.png" />
There are times in tech when you get to hear about a particular piece of software written to do a particular job and you think “yeah I’ve heard about that, I should check it out.”
<br />
<br />
Then you forget all about it (well I do) and life moves on. Months / years / decades (yeah… I know…) later, you hear about the same piece of software and once again you think “oh yeah, I really should check that out.”</p>
<p>For me such a piece of software is iPerf.</p>
<p>Embarrassingly, I first heard of iPerf back in the VMware ESX 2.5 / 3.0.x days; <a href="https://www.vmware.com/support/esx25/doc/releasenotes_esx25.html">circa 2005</a>. Some three years before I started <a href="https://polarclouds.co.uk/hello/hello/">posting to inter-webs</a>.
Well, here we are, some 15 years later and I’ve finally got around to looking at iPerf and how to apply it to some simple network testing.</p>
<p>So here we are.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#what-is-iperf" id="markdown-toc-what-is-iperf">What is iPerf?</a></li>
<li><a href="#downloading-iperf" id="markdown-toc-downloading-iperf">Downloading iPerf</a></li>
<li><a href="#iperf-basics" id="markdown-toc-iperf-basics">iPerf Basics</a></li>
<li><a href="#results" id="markdown-toc-results">Results</a> <ul>
<li><a href="#windows-to-windows" id="markdown-toc-windows-to-windows">Windows to Windows</a></li>
<li><a href="#google-pixel-to-windows" id="markdown-toc-google-pixel-to-windows">Google Pixel to Windows</a></li>
<li><a href="#apple-iphone-to-windows" id="markdown-toc-apple-iphone-to-windows">Apple iPhone to Windows</a></li>
<li><a href="#apple-iphone-to-google-pixel" id="markdown-toc-apple-iphone-to-google-pixel">Apple iPhone to Google Pixel</a></li>
</ul>
</li>
<li><a href="#conclusion" id="markdown-toc-conclusion">Conclusion</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="what-is-iperf">What is iPerf?</h2>
<p><a href="https://en.wikipedia.org/wiki/Iperf">Wikipedia describes iPerf</a> as:</p>
<blockquote>
<p>A widely used tool for network performance measurement and tuning. It is significant as a cross-platform tool that can produce standardized performance measurements for any network. iPerf has client and server functionality, and can create data streams to measure the throughput between the two ends in one or both directions. Typical iPerf output contains a time-stamped report of the amount of data transferred and the throughput measured.</p>
</blockquote>
<p>With that in mind, lets get testing.</p>
<h2 id="downloading-iperf">Downloading iPerf</h2>
<p>Unsurprisingly given it’s age, there are a few versions of iPerf to choose from. For simplicity, we will concentrate here on the latest version of iPerf; version 3.x onwards.</p>
<p>The home of iPerf is <a href="https://iperf.fr/">iperf.fr</a>. As can be seen from the <a href="https://iperf.fr/iperf-download.php">download page</a>, iPerf is available for lots of platforms including Windows, Linux, FreeBSD, Apple macOS, Android and Apple iOS.</p>
<p>In this post, I’ll be concentrating on the following distributions (click to grab your own copy):</p>
<table>
<tr>
<td style="height:33%; width:5%;">
</td>
<td style="height:33%; width:25%;">
<a href="https://play.google.com/store/apps/details?id=com.nextdoordeveloper.miperf.miperf"><img alt="Get it on Google Play" src="/images/fossil-collider-hr/play.png" /></a>
<i>Magic iPerf for Android</i></td>
<td style="height:33%; width:5%;">
</td>
<td style="height:33%; width:25%;">
<a href="https://iperf.fr/iperf-download.php#windows"><img alt="Windows Download" src="/images/network-throughput-testing/network-throughput-testing01.png" /></a>
<i>iPerf for Windows 64bit</i></td>
<td style="height:33%; width:5%;">
</td>
<td style="height:33%; width:25%;">
<a href="https://apps.apple.com/gb/app/iperf-3-wifi-speed-test/id1462260546"><img alt="Get it on Apple App Store" src="/images/fossil-collider-hr/appstore.png" /></a>
<i>iPerf 3 Wifi Speed Test</i></td>
<td style="height:33%; width:5%;">
</td>
</tr>
</table>
<h2 id="iperf-basics">iPerf Basics</h2>
<p>Network testing with iPerf requires two instances of iPerf to be running at any one time:</p>
<ul>
<li>One instance running in server mode</li>
<li>One instance running in client mode</li>
</ul>
<p>In fact, iPerf is so simple to run to achieve basic throughput testing, the basic command set can be seen in the following diagrams:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Client Server Forward" src="/images/network-throughput-testing/network-throughput-testing03.png" /></p>
<p>Reverse client to server testing is achieved using the <strong>-R</strong> switch:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Client Server Reverse" src="/images/network-throughput-testing/network-throughput-testing04.png" /></p>
<h2 id="results">Results</h2>
<h3 id="windows-to-windows">Windows to Windows</h3>
<p>Testing from VM to VM within VMware ESXi, I achieved the following:</p>
<table>
<tr>
<td style="height:50%; width:50%;">
Client:<a target="_blank" href="/images/network-throughput-testing/network-throughput-testing06.png"><img style="display:block;" src="/images/network-throughput-testing/network-throughput-testing06.png" alt="VM to VM iPerf Client" /></a><sup>(Click image to zoom in)</sup>
</td>
<td style="height:50%; width:50%;">
Server:<a target="_blank" href="/images/network-throughput-testing/network-throughput-testing05.png"><img style="display:block;" src="/images/network-throughput-testing/network-throughput-testing05.png" alt="VM to VM iPerf Server" /></a><sup>(Click image to zoom in)</sup>
</td>
</tr>
</table>
<p>3.49Gbits per second. Not bad :sunglasses:</p>
<h3 id="google-pixel-to-windows">Google Pixel to Windows</h3>
<p>Testing from my Google Pixel via WiFi to my laptop connected via a network cable to my router, I achieved the following:</p>
<table>
<tr>
<td style="height:50%; width:50%;">
Client:<a target="_blank" href="/images/network-throughput-testing/network-throughput-testing07.png"><img style="display:block;" src="/images/network-throughput-testing/network-throughput-testing07.png" alt="Pixel to VM iPerf Client" /></a><sup>(Click image to zoom in)</sup>
</td>
<td style="height:50%; width:50%;">
Server:<a target="_blank" href="/images/network-throughput-testing/network-throughput-testing08.png"><img style="display:block;" src="/images/network-throughput-testing/network-throughput-testing08.png" alt="Pixel to VM iPerf Server" /></a><sup>(Click image to zoom in)</sup>
</td>
</tr>
</table>
<p>304Mbits per second. Nice!</p>
<h3 id="apple-iphone-to-windows">Apple iPhone to Windows</h3>
<p>Testing from Apple iPhone via WiFi to my laptop connected via a network cable to my router, I achieved the following:</p>
<table>
<tr>
<td style="height:50%; width:50%;">
Client:<a target="_blank" href="/images/network-throughput-testing/network-throughput-testing09.png"><img style="display:block;" src="/images/network-throughput-testing/network-throughput-testing09.png" alt="iPhone to VM iPerf Client" /></a><sup>(Click image to zoom in)</sup>
</td>
<td style="height:50%; width:50%;">
Server:<a target="_blank" href="/images/network-throughput-testing/network-throughput-testing10.png"><img style="display:block;" src="/images/network-throughput-testing/network-throughput-testing10.png" alt="iPhone to VM iPerf Server" /></a><sup>(Click image to zoom in)</sup>
</td>
</tr>
</table>
<p>251Mbits per second. Not quite as fast as the Pixel, bit still quite respectable</p>
<h3 id="apple-iphone-to-google-pixel">Apple iPhone to Google Pixel</h3>
<p>Finally, testing from Apple iPhone to Google Pixel via WiFi, I achieved the following:</p>
<table>
<tr>
<td style="height:50%; width:50%;">
Client:<a target="_blank" href="/images/network-throughput-testing/network-throughput-testing11.png"><img style="display:block;" src="/images/network-throughput-testing/network-throughput-testing11.png" alt="iPhone to Pixel Client" /></a><sup>(Click image to zoom in)</sup>
</td>
<td style="height:50%; width:50%;">
Server:<a target="_blank" href="/images/network-throughput-testing/network-throughput-testing12.png"><img style="display:block;" src="/images/network-throughput-testing/network-throughput-testing12.png" alt="iPhone to Pixel Server" /></a><sup>(Click image to zoom in)</sup>
</td>
</tr>
</table>
<p>WiFi to WiFi? No problem!<br />
Bit slower at 112Mbits per second, still respectable</p>
<h2 id="conclusion">Conclusion</h2>
<p>So there we have it. Some simple network throughput testing using freeware apps on common platforms.</p>
<p>Good to see the Pixel beat the iPhone :smile:</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/network-throughput-testing/">Simple Network Throughput Testing</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 07, 2020.</p>
https://polarclouds.co.uk/fun-with-fossil-hr-faces2020-01-21T00:00:00+00:002020-01-21T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p>For those that haven’t seen my previous post on the excellent Fossil Collider Hybrid HR Smartwatch, <a href="https://polarclouds.co.uk/fossil-collider-hr/">Take a look</a>.</p>
<p>Follows is a hastily put together collection of watch faces I’ve “designed” for use on any of <a href="https://www.fossil.com/us/en/wearable-technology/smartwatches/hybrid-smartwatches.html">Fossil’s Hybrid smartwatches</a></p>
<table>
<tr>
<td style="height:33%; width:33%;">
<a target="_blank" href="/images/fun-with-fossil-hr-faces/fossil-polarclouds.png"><img style="display:block;" src="/images/fun-with-fossil-hr-faces/fossil-polarclouds.png" alt="Fossil PolarClouds" /></a>
</td>
<td style="height:33%; width:33%;">
<a target="_blank" href="/images/fun-with-fossil-hr-faces/fossil-polarclouds-logo.png"><img style="display:block;" src="/images/fun-with-fossil-hr-faces/fossil-polarclouds-logo.png" alt="Fossil PolarClouds Logo" /></a>
</td>
<td style="height:33%; width:33%;">
<a target="_blank" href="/images/fun-with-fossil-hr-faces/fossil-polarclouds-couk.png"><img style="display:block;" src="/images/fun-with-fossil-hr-faces/fossil-polarclouds-couk.png" alt="Fossil PolarClouds co uk" /></a>
</td>
</tr>
<tr>
<td style="height:33%; width:33%;">
<a target="_blank" href="/images/fun-with-fossil-hr-faces/fossil-fossil.png"><img style="display:block;" src="/images/fun-with-fossil-hr-faces/fossil-fossil.png" alt="Fossil Logo" /></a>
</td>
<td style="height:33%; width:33%;">
<a target="_blank" href="/images/fun-with-fossil-hr-faces/fossil-tag.png"><img style="display:block;" src="/images/fun-with-fossil-hr-faces/fossil-tag.png" alt="Fossil Tag" /></a>
</td>
<td style="height:33%; width:33%;">
<a target="_blank" href="/images/fun-with-fossil-hr-faces/fossil-rolex.png"><img style="display:block;" src="/images/fun-with-fossil-hr-faces/fossil-rolex.png" alt="Fossil Rolex" /></a>
</td>
</tr>
</table>
<p>One more for all the Gunners fans out there:</p>
<table>
<tr>
<td style="height:33%; width:33%;">
</td>
<td style="height:33%; width:33%;">
<a target="_blank" href="/images/fun-with-fossil-hr-faces/fossil-arsenal.png"><img style="display:block;" src="/images/fun-with-fossil-hr-faces/fossil-arsenal.png" alt="Fossil Arsenal" /></a>
</td>
<td style="height:33%; width:33%;">
</td>
</tr>
</table>
<p>Thanks again to <a href="https://kurotimedesign.blogspot.com/">Kuro Time Design</a> for the base image:</p>
<table>
<tr>
<td style="height:33%; width:33%;">
</td>
<td style="height:33%; width:33%;">
<a target="_blank" href="/images/fun-with-fossil-hr-faces/blank.jpg"><img style="display:block;" src="/images/fun-with-fossil-hr-faces/blank.jpg" alt="Blank with Numbers" /></a>
</td>
<td style="height:33%; width:33%;">
</td>
</tr>
</table>
<p>How do they look once applied? Pretty top banana if you ask me:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Result!" src="/images/fun-with-fossil-hr-faces/results.jpg" /></p>
<p>Simply download any or all of the above and apply via the Fossil Android / iOS app.</p>
<p>As always, checkout the <a href="https://www.reddit.com/r/FossilHybrids/">Fossil Hybrids subreddit</a> for lots more designs.</p>
<p>-Chris :sunglasses: :watch: :thumbsup:</p>
<p><a href="https://polarclouds.co.uk/fun-with-fossil-hr-faces/">Fun With Fossil Hybrid HR Watch Faces</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 21, 2020.</p>
https://polarclouds.co.uk/fossil-collider-hr2020-01-19T00:00:00+00:002020-01-19T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Fossil Collider HR" src="/images/fossil-collider-hr/collider-hr-01.jpg" /></p>
<p>I’ve been on the look out for a decent watch / smart-watch for a while now. Whilst I’m not opposed to having a watch that has notifications, heart rate tracking, step counter, sleep tracking etc, the main problem is I cant abide having what looks like a bit of black plastic strapped to my wrist.</p>
<p>I’m after something with a bit more pizazz…. something with good “old fashioned” analogue hands. That’s where Fossil’s new Hybrid Smartwatch comes in. Not only does it have an analogue display, it also has a battery that can last around two weeks between charges thanks to it’s e-ink smart display.</p>
<p>E-ink? Yep, the same stuff used in the <a href="https://www.amazon.co.uk/gp/product/B07747FR44">Amazon Kindle Paperwhite</a>. So yes, that’s how it manages to make it two weeks between battery charges; the screen only uses power when it changes.</p>
<p>“But Chris…” I hear you say, “What happens when the analogue hands get in the way of the display?”</p>
<p>Aha, that’s where the the Hybrid HR’s party trick kicks in:</p>
<div style="position:relative; padding-bottom:calc(56.25% + 44px)"><iframe src="https://gfycat.com/ifr/OrganicRichBlackrhino" frameborder="0" scrolling="no" width="100%" height="100%" style="position:absolute;top:0;left:0;" allowfullscreen=""></iframe></div>
<p><br />
Boom! :boom:</p>
<p>Over and above the defaults that come with the Fossil Android or iOS apps, the app also allows you to fully customise the e ink display.</p>
<p>Because of it’s easy customisation, a community has sprung up to come together and publish Hybrid watch face designs over on the <a href="https://www.reddit.com/r/FossilHybrids/">Fossil Hybrids subreddit</a>.</p>
<p>Quickly grabbing some custom face designs from the subreddit:</p>
<table>
<tr>
<td style="height:33%; width:33%;">
<img style="display:block;" src="/images/fossil-collider-hr/collider-hr-02.jpg" alt="Face 1" />
</td>
<td style="height:33%; width:33%;">
<img style="display:block;" src="/images/fossil-collider-hr/collider-hr-03.jpg" alt="Face 2" />
</td>
<td style="height:33%; width:33%;">
<img style="display:block;" src="/images/fossil-collider-hr/collider-hr-04.jpg" alt="Face 3" />
</td>
</tr>
<tr>
<td style="height:33%; width:33%;">
<img style="display:block;" src="/images/fossil-collider-hr/collider-hr-05.jpg" alt="Face 1" />
</td>
<td style="height:33%; width:33%;">
<img style="display:block;" src="/images/fossil-collider-hr/collider-hr-06.jpg" alt="Face 2" />
</td>
<td style="height:33%; width:33%;">
<img style="display:block;" src="/images/fossil-collider-hr/collider-hr-07.jpg" alt="Face 3" />
</td>
</tr>
</table>
<p>All of the above created by <a href="https://kurotimedesign.blogspot.com/">Kuro Time Design</a>. Nice!
<br /></p>
<p>As for the smart watch app, grab it here:</p>
<table>
<tr>
<td style="height:33%; width:10%;">
</td>
<td style="height:33%; width:30%;">
<a href="https://play.google.com/store/apps/details?id=com.fossil.wearables.fossil"><img alt="Get it on Google Play" src="/images/fossil-collider-hr/play.png" /></a>
</td>
<td style="height:33%; width:20%;">
</td>
<td style="height:33%; width:30%;">
<a href="https://apps.apple.com/gb/app/fossil-hybrid-smartwatches/id1027370544"><img alt="Get it on Apple App Store" src="/images/fossil-collider-hr/appstore.png" /></a>
</td>
<td style="height:33%; width:10%;">
</td>
</tr>
</table>
<p>Want to find out more?</p>
<ul>
<li><a href="https://www.gq-magazine.co.uk/watches/article/fossil-hybrid-hr-collider-review">GQ Magazine review</a></li>
<li><a href="https://www.fossil.com/en-gb/smartwatches/explore/hybrid-hr/">Fossil Hybrid HR website</a></li>
<li><a href="https://gadgets-reviews.com/review/1660-best-hybrid-smartwatches.html">Gadget Reviews Best Hybrid Smartwatches 2020</a></li>
</ul>
<p>Until next ‘time’ :sunglasses: :watch: :thumbsup:</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/fossil-collider-hr/">Fossil Collider Hybrid HR Smartwatch</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 19, 2020.</p>
https://polarclouds.co.uk/pfsense-vpn-client2020-01-10T00:00:00+00:002020-01-10T00:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="pfSense + OpenVPN" src="/images/pfsense-vpn-client/pfsense-vpn-client-01.png" />
Last time we looked at deploying an OpenVPN server on pfSense. This time, let’s look at setting up our clients to access the VPN server.</p>
<p>If you haven’t had time to check out how we configured our OpenVPN server, feel free to <a href="https://polarclouds.co.uk/pfsense-vpn-server/">take a look</a>.</p>
<p>Luckily enough once again, this is where the pfSense team have done the heavy lifting for us making our life so much easier! Lets get started.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#openvpn-client-export-utility" id="markdown-toc-openvpn-client-export-utility">OpenVPN Client Export Utility</a></li>
<li><a href="#installing-openvpn-client-export-utility-package" id="markdown-toc-installing-openvpn-client-export-utility-package">Installing OpenVPN Client Export Utility Package</a></li>
<li><a href="#openvpn-client-export-utility-configuration" id="markdown-toc-openvpn-client-export-utility-configuration">OpenVPN Client Export Utility Configuration</a></li>
<li><a href="#using-openvpn-client-export-utility" id="markdown-toc-using-openvpn-client-export-utility">Using OpenVPN Client Export Utility</a> <ul>
<li><a href="#android-openvpn-client-installation" id="markdown-toc-android-openvpn-client-installation">Android OpenVPN Client Installation</a></li>
<li><a href="#windows-openvpn-client-installation" id="markdown-toc-windows-openvpn-client-installation">Windows OpenVPN Client Installation</a></li>
<li><a href="#apple-ios-openvpn-client-installation" id="markdown-toc-apple-ios-openvpn-client-installation">Apple iOS OpenVPN Client Installation</a></li>
<li><a href="#mac-os-x-openvpn-client-installation" id="markdown-toc-mac-os-x-openvpn-client-installation">Mac OS X OpenVPN Client Installation</a></li>
</ul>
</li>
<li><a href="#conclusion" id="markdown-toc-conclusion">Conclusion</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="openvpn-client-export-utility">OpenVPN Client Export Utility</h2>
<p>The OpenVPN Client Export utility is an add-on package for pfSense. Once installed, it can automatically create a Windows OpenVPN client installer to download, or it can generate configuration files for Android, Apple iOS, create Viscosity bundles for MAC OSX and others. Lets look at installing and using this add-on.</p>
<h2 id="installing-openvpn-client-export-utility-package">Installing OpenVPN Client Export Utility Package</h2>
<p>Log onto your pfSense server <a href="https://polarclouds.co.uk/pfsense-vpn-server/">created last time</a> and navigate to <strong>System / Package Manager / Available Packages</strong> and search for “openvpn”:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Find Package" src="/images/pfsense-vpn-client/pfsense-vpn-client-02.png" /></p>
<p>Once found, click <strong>Install</strong> and <strong>Confirm</strong> to install the package and allow to complete:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="OpenVPN Client Package Install" src="/images/pfsense-vpn-client/pfsense-vpn-client-03.png" /></p>
<h2 id="openvpn-client-export-utility-configuration">OpenVPN Client Export Utility Configuration</h2>
<p>Navigate to <strong>VPN / OpenVPN / Client Export</strong>
Complete the following:</p>
<ul>
<li><strong>Remote Access Server</strong> - Should auto select the OpenVPN Server already installed</li>
<li><strong>Host Name Resolution</strong> - Set to “Other”</li>
<li><strong>Host Name</strong> - Enter either your <a href="https://www.google.co.uk/search?hl=en&q=whats+my+ip+address">Public IP Address</a> or <a href="https://www.hostip.info">hostname</a> here.</li>
</ul>
<p><strong>Note:</strong> If you have a non static public IP address, IE one that changes every time you reboot your router, use a you’ll need to use a <a href="https://www.noip.com/blog/2014/07/11/dynamic-dns-can-use-2/">DynamicDNS service</a> and <a href="https://www.noip.com/support/knowledgebase/how-to-configure-ddns-in-router/">configure it appropriately</a></p>
<ul>
<li><strong>Verify Server CN</strong> - Automatic - Use verify-x509-name (OpenVPN 2.3+) where possible</li>
<li><strong>Block Outside DNS</strong> - Ticked</li>
<li><strong>Legacy Client</strong> - Unticked</li>
<li><strong>Use Random Local Port</strong> - Unticked</li>
<li><strong>PKCS#11 Certificate Storage</strong> - Unticked</li>
<li><strong>Microsoft Certificate Storage</strong> - Unticked</li>
<li><strong>Password Protect Certificate</strong> - Unticked</li>
<li><strong>Use A Proxy</strong> - Unticked</li>
<li><strong>Additional configuration options</strong> - Leave blank</li>
</ul>
<p>Click <strong>Save as Default</strong> to save the above settings</p>
<h2 id="using-openvpn-client-export-utility">Using OpenVPN Client Export Utility</h2>
<p>Now the fun part!</p>
<h3 id="android-openvpn-client-installation">Android OpenVPN Client Installation</h3>
<p>The recommended client for Android is <a href="https://play.google.com/store/apps/details?id=de.blinkt.openvpn">OpenVPN for Android</a> <br />
Install the recommended client, find the OpenVPN user and download the Android inline configuration:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Android Config Download" src="/images/pfsense-vpn-client/pfsense-vpn-client-04.png" /></p>
<p>Copy the downloaded configuration to the Android phone, import using OpenVPN Client <strong>(+)</strong> option and name the connection. Tap the connection name and test:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="OpenVPN Android" src="/images/pfsense-vpn-client/pfsense-vpn-client-06.png" /></p>
<h3 id="windows-openvpn-client-installation">Windows OpenVPN Client Installation</h3>
<p>Simply find the OpenVPN user and the appropriate installer for their version of windows:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Windows installers" src="/images/pfsense-vpn-client/pfsense-vpn-client-05.png" /></p>
<p>Install and test:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="OpenVPN Windows" src="/images/pfsense-vpn-client/pfsense-vpn-client-07.png" /></p>
<h3 id="apple-ios-openvpn-client-installation">Apple iOS OpenVPN Client Installation</h3>
<p>The recommended client for iOS is <a href="https://apps.apple.com/us/app/openvpn-connect/id590379981">OpenVPN Connect</a> <br />
Install the recommended client, find the OpenVPN user and download the inline configuration:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="iOS Config Download" src="/images/pfsense-vpn-client/pfsense-vpn-client-08.png" /></p>
<p>Attach the configuration to an email and open the email on the iOS device. <br />
Tap the attachment and open it in the OpenVPN Connect app. Click <strong>Add</strong> to add the profile, rename if needed, add a username and click <strong>Add</strong>.</p>
<p>Allow the app to add VPN connections in iOS settings and finally hit the slider to test:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="OpenVPN iOS" src="/images/pfsense-vpn-client/pfsense-vpn-client-09.png" /></p>
<h3 id="mac-os-x-openvpn-client-installation">Mac OS X OpenVPN Client Installation</h3>
<p>Yep it’s available:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="OpenVPN OS X" src="/images/pfsense-vpn-client/pfsense-vpn-client-10.png" /></p>
<p>Unfortunately at this point, I don’t have any experience with installing and testing. <br />
<a href="https://hackintosh.com/">Perhaps one day</a> :smirk:</p>
<h2 id="conclusion">Conclusion</h2>
<p>And there we have it!<br /></p>
<p>An OpenVPN server set up and OpenVPN clients to match. How much did it cost? Nothing, just a bit of time and patience. <br /></p>
<p>Security doesn’t need to be expensive. :sunglasses:</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/pfsense-vpn-client/">Running an OpenVPN Server on pfSense. Part 2: VPN Client</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 10, 2020.</p>
https://polarclouds.co.uk/pfsense-vpn-server2019-09-22T01:00:00+01:002019-09-22T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="pfSense + OpenVPN" src="/images/pfsense-vpn-server/pfsense-vpn-server-01.png" />
When travelling with work, one of the preferred hotels we have the option to stay in is a nice quiet comfortable family run hotel with great service and a great restaurant menu. What’s even better is that all of their rooms have comfortable beds and decent WiFi coverage. Unfortunately it’s on the subject of WiFi that I have an issue:</p>
<p>The hotel’s WiFi is open and unencrypted.</p>
<p>Don’t get me wrong, I’m 100% positive that this isn’t the only hotel in the world with open and unencrypted WiFi. Looking at it from the perspective of the hotel management, such things as encryption, passwords, communication of passwords (today’s password is XYZ1234!!), dealing with guests unable to connect to the provided WiFi are added pain points that hotel staff can do without. Hotel management don’t need that additional burden. Just run the WiFi open and the above issues are resolved.</p>
<p>Why is open and unencrypted WiFi an issue? In fact what are the issues with public WiFi in general, both encrypted and unencrypted?
The headline issues are:</p>
<ul>
<li><strong>Snooping and sniffing</strong> - Tools exist that allow others to eavesdrop on WiFi connections. Doubly easy if the WiFi is unencrypted.</li>
<li><strong>Distribution of malware</strong> - How do you know that someone connected to the WiFi isn’t already infected, just waiting to pass the infection on?</li>
<li><strong>Man-in-the-middle attacks</strong> - Again, tools exist to allow someone else on the WiFi to proxy your traffic through their device.</li>
<li><strong>Password and username vulnerabilities</strong> - Yep, because very website in the world ever is 100% secure, <a href="https://haveibeenpwned.com/">have i been pwned?</a></li>
</ul>
<p><span style="color:red"><strong>As I’m sure you’ll have guessed by now, the answer is a VPN - a Virtual Private Network.</strong></span></p>
<p>If you’ve been living user a rock for the last X years, or just want to know more, have a read of <a href="https://en.wikipedia.org/wiki/Virtual_private_network">Wikipedia</a> to find out more about VPNs.</p>
<p>What better platform to configure a VPN server on than pfSense? :thumbsup: Lets dig in.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#objectives" id="markdown-toc-objectives">Objectives</a></li>
<li><a href="#pfsense-install" id="markdown-toc-pfsense-install">pfSense Install</a></li>
<li><a href="#certificates" id="markdown-toc-certificates">Certificates</a> <ul>
<li><a href="#ca-certificate" id="markdown-toc-ca-certificate">CA Certificate</a></li>
<li><a href="#server-certificate" id="markdown-toc-server-certificate">Server Certificate</a></li>
<li><a href="#user-certificates" id="markdown-toc-user-certificates">User Certificates</a></li>
</ul>
</li>
<li><a href="#user-accounts" id="markdown-toc-user-accounts">User Accounts</a></li>
<li><a href="#tie-user-certificate-to-user-account" id="markdown-toc-tie-user-certificate-to-user-account">Tie User Certificate to User Account</a></li>
<li><a href="#openvpn-server-configuration" id="markdown-toc-openvpn-server-configuration">OpenVPN Server Configuration</a></li>
<li><a href="#open-firewall" id="markdown-toc-open-firewall">Open Firewall</a></li>
<li><a href="#conclusion" id="markdown-toc-conclusion">Conclusion</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="objectives">Objectives</h2>
<p>For this setup I want the following:</p>
<ul>
<li><strong>Secure</strong> - Goes without saying</li>
<li><strong>Two factor authentication</strong> - To achieve this, each user must hold a specific certificate as well as supplying the correct username and password</li>
<li><strong>Route ALL client traffic via VPN</strong> - No client traffic must leak onto the public network</li>
</ul>
<h2 id="pfsense-install">pfSense Install</h2>
<p>I wont cover that here. It’s simple enough and is already documented in the <a href="https://docs.netgate.com/pfsense/en/latest/install/installing-pfsense.html">Netgate Docs</a></p>
<h2 id="certificates">Certificates</h2>
<p>As we are using certificates as one of the factors of our two factor authentication, each user must present their individual certificate at connection. The certificate must match that held by the OpenVPN server and have been generated via the same Certificate Authority (CA). From there username and password credentials are authenticated over a TLS link.</p>
<p>See the <a href="https://community.openvpn.net/openvpn/wiki/Concepts-Authentication">OpenVPN Authentication process</a> documentation for the full breakdown of the OpenVPN authentication process.</p>
<p>Luckily for us, pfSense ships with a built in CA which can be used to handle all our certificate requirements. Bonus!</p>
<h3 id="ca-certificate">CA Certificate</h3>
<p>Log into pfSense and select <strong>System / Certificate Manager / CAs</strong> and click <strong>Add</strong>.<br />
Complete the following:</p>
<ul>
<li><strong>Descriptive name</strong> - Something like “pfSense CA”</li>
<li><strong>Method</strong> - Create an internal Certificate Authority</li>
<li><strong>Key length (bits)</strong> - at least 2048</li>
<li><strong>Digest Algorithm</strong> - at least sha256</li>
<li><strong>Lifetime (days)</strong> - 3650 (10 years) is fine</li>
<li><strong>Common Name</strong> - Something generic like “internal-ca” is fine</li>
</ul>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="pfSense CA" src="/images/pfsense-vpn-server/pfsense-vpn-server-02.png" />
Click <strong>Save</strong>.</p>
<h3 id="server-certificate">Server Certificate</h3>
<p>Select <strong>System / Certificate Manager / Certificates</strong> and click <strong>Add/Sign</strong>.<br />
Complete the following:</p>
<ul>
<li><strong>Method</strong> - Create an Internal Certificate</li>
<li><strong>Descriptive name</strong> - Something like “VPN Server Certificate”</li>
<li><strong>Certificate authority</strong> - CA name set previously</li>
<li><strong>Key length (bits)</strong> - at least 2048</li>
<li><strong>Digest Algorithm</strong> - at least sha256</li>
<li><strong>Lifetime (days)</strong> - 3650 (10 years) is fine</li>
<li><strong>Common Name</strong> - Something generic like “vpn-server” is fine</li>
<li><strong>Certificate Type</strong> - Server Certificate</li>
</ul>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="pfSense Server Cert" src="/images/pfsense-vpn-server/pfsense-vpn-server-06.png" />
Click <strong>Save</strong>.</p>
<h3 id="user-certificates">User Certificates</h3>
<p>Complete this step for each user accessing the VPN server. <br />Select <strong>System / Certificate Manager / Certificates</strong> and click <strong>Add/Sign</strong>.<br />
Complete the following:</p>
<ul>
<li><strong>Method</strong> - Create an Internal Certificate</li>
<li><strong>Descriptive name</strong> - Something like “VPN Access - Chris”</li>
<li><strong>Certificate authority</strong> - CA name set previously</li>
<li><strong>Key length (bits)</strong> - at least 2048</li>
<li><strong>Digest Algorithm</strong> - at least sha256</li>
<li><strong>Lifetime (days)</strong> - 3650 (10 years) is fine</li>
<li><strong>Common Name</strong> - Must match username (created later) - eg “Chris”</li>
<li><strong>Certificate Type</strong> - User Certificate</li>
</ul>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="pfSense User Cert Creation" src="/images/pfsense-vpn-server/pfsense-vpn-server-03.png" />
Click <strong>Save</strong>.</p>
<h2 id="user-accounts">User Accounts</h2>
<p>Complete this step for each user accessing the VPN server. <br />Select <strong>System / User Manager / Users</strong> and click <strong>Add</strong>.<br />
Complete the following:</p>
<ul>
<li><strong>Username</strong> - Must match Common Name (created earlier) - eg “Chris”</li>
<li><strong>Password</strong> - Obvious. NOTE - This will become the user’s VPN password</li>
<li><strong>Full name</strong> - Whatever you want!</li>
</ul>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="pfSense User Creation" src="/images/pfsense-vpn-server/pfsense-vpn-server-04.png" />
Click <strong>Save</strong>.</p>
<h2 id="tie-user-certificate-to-user-account">Tie User Certificate to User Account</h2>
<p>Complete this step for each user accessing the VPN server. <br />Select <strong>System / User Manager / Users</strong> and click the pencil icon next to the user to modify. Under User Certificates, select <strong>Add</strong>.</p>
<ul>
<li><strong>Method</strong> - Choose an Existing Certificate</li>
<li><strong>Existing Certificates</strong> - Select user’s certificate created earlier</li>
</ul>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Tie Cert to User" src="/images/pfsense-vpn-server/pfsense-vpn-server-05.png" />
Click <strong>Save</strong>.</p>
<h2 id="openvpn-server-configuration">OpenVPN Server Configuration</h2>
<p>Finally, the VPN server configuration itself! <br />Select <strong>VPN / OpenVPN / Servers</strong> and click <strong>Add</strong>.<br />Quick point of note, these settings work for me. They will work for you too. However if you do have issues or would like to learn more, check out the <a href="https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/index.html">Netgate Docs</a>.</p>
<p>Complete the following:</p>
<ul>
<li><strong>Server mode</strong> - Remote Access (SSL/TLS + User Auth)</li>
<li><strong>Backend for</strong> - Local Database</li>
<li><strong>Protocol</strong> - UDP on IPv4 only</li>
<li><strong>Device mode</strong> - tun - Layer 3 Tunnel Mode</li>
<li><strong>Interface</strong> - WAN</li>
<li><strong>Local port</strong> - 1194 (can be whatever you like!)</li>
<li><strong>Description</strong> - Remote Access (can be whatever you like!)</li>
<li><strong>TLS Configuration</strong> - Use TLS Key ticked</li>
<li><strong>Automatically generate a TLS Key</strong> - Ticked</li>
<li><strong>Peer Certificate Authority</strong> - CA name set previously</li>
<li><strong>Server certificate</strong> - Server certificate created earlier</li>
<li><strong>DH Parameter Length</strong> - 2048 bit</li>
<li><strong>ECDH Curve</strong> - Use Default</li>
<li><strong>Encryption Algorithm</strong> - AES-256-CBC (256 bit key, 128 bit block)</li>
<li><strong>Enable NCP</strong> - Ticked</li>
<li><strong>NCP Algorithms - Allowed NCP Encryption Algorithms</strong> - AES-256-GCM, AES-192-GCM, AES-128-GCM</li>
<li><strong>Auth digest algorithm</strong> - SHA512 (512-bit)</li>
<li><strong>Hardware Crypto</strong> - Enable if available</li>
<li><strong>Certificate Depth</strong> - One (Client+Server)</li>
<li><strong>Strict User-CN Matching</strong> - Ticked (Enforce match)</li>
<li><strong>IPv4 Tunnel Network</strong> - 10.1.1.0/24 (an IP range not used elsewhere within pfSense(</li>
<li><strong>IPv6 Tunnel Network</strong> - (blank)</li>
<li><strong>Redirect IPv4 Gateway</strong> - Ticked (Force all client-generated IPv4 traffic through the tunnel.)</li>
<li><strong>Redirect IPv6 Gateway</strong> - Unticked</li>
<li><strong>IPv6 Local network(s)</strong> - (blank)</li>
<li><strong>Concurrent connections</strong> - 5</li>
<li><strong>Compression</strong> - Adaptive LZO Compression [Legacy style, comp-lzo adaptive]</li>
<li><strong>Push Compression</strong> - Unticked</li>
<li><strong>Type-of-Service</strong> - Unticked</li>
<li><strong>Inter-client communication</strong> - Ticked</li>
<li><strong>Duplicate Connection</strong> - Unticked</li>
<li><strong>Dynamic IP</strong> - Ticked</li>
<li><strong>Topology</strong> - Subnet – One IP address per client in common subnet</li>
<li><strong>DNS Default Domain</strong> - Ticked</li>
<li><strong>DNS Default Domain</strong> - Match DNS settings configured in pfSense (eg local)</li>
<li><strong>DNS Server enable</strong> - Ticked</li>
<li><strong>DNS Server 1</strong> - IP address of your internal DNS server (eg 192.168.1.1)</li>
<li><strong>DNS Server 2 to 4</strong> - Blank</li>
<li><strong>Block Outside DNS</strong> - Ticked</li>
<li><strong>Force DNS cache update</strong> - Ticked</li>
<li><strong>NTP Server enable</strong> - Unticked</li>
<li><strong>NetBIOS enable</strong> - Unticked</li>
<li><strong>Custom options</strong> - keepalive 5 300;reneg-sec 36000 (send keep-alive packet every 5 seconds for 5 minutes, Renegotiate data channel key after 36000 seconds)</li>
<li><strong>UDP Fast I/O</strong> - Unticked</li>
<li><strong>Send/Receive Buffer</strong> - Default</li>
<li><strong>Gateway creation</strong> - Both</li>
<li><strong>Verbosity level</strong> - Default</li>
</ul>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="OpenVPN Config 1" src="/images/pfsense-vpn-server/pfsense-vpn-server-07.png" />
<img style="display: block; margin-left: auto; margin-right: auto;" alt="OpenVPN Config 2" src="/images/pfsense-vpn-server/pfsense-vpn-server-08.png" />
<img style="display: block; margin-left: auto; margin-right: auto;" alt="OpenVPN Config 3" src="/images/pfsense-vpn-server/pfsense-vpn-server-09.png" />
<img style="display: block; margin-left: auto; margin-right: auto;" alt="OpenVPN Config 4" src="/images/pfsense-vpn-server/pfsense-vpn-server-10.png" />
<img style="display: block; margin-left: auto; margin-right: auto;" alt="OpenVPN Config 5" src="/images/pfsense-vpn-server/pfsense-vpn-server-11.png" />
<img style="display: block; margin-left: auto; margin-right: auto;" alt="OpenVPN Config 6" src="/images/pfsense-vpn-server/pfsense-vpn-server-12.png" />
Click <strong>Save</strong>.</p>
<h2 id="open-firewall">Open Firewall</h2>
<p>Final step is to allow connections to the VPN server via the pfSense firewall.<br />
Select <strong>Firewall / Rules / WAN</strong> and click <strong>Add</strong>. <br />Complete the following:</p>
<ul>
<li><strong>Action</strong> - Pass</li>
<li><strong>Disabled</strong> - Unticked</li>
<li><strong>Interface</strong> - WAN</li>
<li><strong>Address Family</strong> - IPv4</li>
<li><strong>Protocol</strong> - UDP</li>
<li><strong>Source</strong> - any</li>
<li><strong>Destination</strong> - WAN Address</li>
<li><strong>Destination Port Range</strong> - (other) 1194 (other) 1194</li>
<li><strong>Log</strong> - Unticked</li>
<li><strong>Description</strong> - Open VPN Access</li>
</ul>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="OpenVPN Firewall 1" src="/images/pfsense-vpn-server/pfsense-vpn-server-13.png" />
<img style="display: block; margin-left: auto; margin-right: auto;" alt="OpenVPN Firewall 2" src="/images/pfsense-vpn-server/pfsense-vpn-server-14.png" />
Click <strong>Save</strong> and <strong>Apply Changes</strong></p>
<h2 id="conclusion">Conclusion</h2>
<p>Phew! :sweat_smile: That’ll finish it for the pfSense OpenVPN server configuration.</p>
<p>In this article we looked at why a VPN is a good idea and what could happen if you don’t run a VPN. From there we looked at configuring an OpenVPN server on pfSense. Not only that, we secured our OpenVPN server with two factor authentication using both certificates and passwords.</p>
<p>Next time, we will look at <a href="https://polarclouds.co.uk/pfsense-vpn-client/">client configuration and testing</a></p>
<p>Until then, keep it secure! :sunglasses:</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/pfsense-vpn-server/">Running an OpenVPN Server on pfSense. Part 1: VPN Server</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on September 22, 2019.</p>
https://polarclouds.co.uk/for-against-for-doh2019-09-15T01:00:00+01:002019-09-15T01:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="DoH Nut" src="/images/for-against-for-doh/for-against-for-doh-01.jpg" />
Last time we looked at enabling Pi-hole to keep internet bourne garbage (adverts, ransomware, crypo-miners, internet tracking, malware, etc) off of all devices connected to our network. As a privacy bonus we also enabled DNS over HTTPS (DoH) for internet bound DNS traffic from/to our network.</p>
<p>Check out <a href="https://polarclouds.co.uk/pi-hole-https-dns/">Pi-hole plus DNS over HTTPS</a> for the full how to.</p>
<p>Since then, DoH has exploded. For example:</p>
<ul>
<li>Mozilla Firefox to begin slow rollout of DNS-over-HTTPS by default at the end of the month - <a href="https://www.theregister.co.uk/2019/09/09/mozilla_firefox_dns/">The Register</a></li>
<li>Google experiments with DNS-over-HTTPS in Chrome - <a href="https://nakedsecurity.sophos.com/2019/09/12/google-experiments-with-dns-over-http-in-chrome/">Naked Security</a></li>
<li>Experimenting with same-provider DNS-over-HTTPS upgrade - <a href="https://blog.chromium.org/2019/09/experimenting-with-same-provider-dns.html">Chromium Blog</a></li>
<li>Rolling in DoH: Chrome 78 to experiment with DNS-over-HTTPS – hot on the heels of Firefox - <a href="https://www.theregister.co.uk/2019/09/10/chrome_78_dnsoverhttps/">The Register</a></li>
<li>Firefox DNS-over-HTTPS - <a href="https://support.mozilla.org/en-US/kb/firefox-dns-over-https">Mozilla Support</a></li>
</ul>
<p>Plus <a href="https://news.google.com/search?q=dns+over+https">many others</a></p>
<h2 id="for">For</h2>
<p>My first reactions were: <br />
Excellent! <br />
More privacy for all! <br />
Brilliant! <br />
:thumbsup: :sunglasses: :thumbsup: Happy days!</p>
<h2 id="against">Against</h2>
<p>I then thought some more…<br />
My browser is now using it’s own DNS server… separate to my internet garbage blocking Pi-hole DNS server (or any DNS based blocking service)…<br />
That means all previously blocked internet garbage will return! <br /></p>
<p>:thumbsdown: :cold_sweat: :thumbsdown: Oh “balls”, that’s not good!</p>
<h2 id="for-again">For …Again!</h2>
<p>After a little bit more reading, it appears that this concern was shared by others too.</p>
<p>Luckily Mozilla are <a href="https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https">ahead of the game</a>.
Essentially, their idea is to build into Firefox a check where by the browser will query DNS for a certain “canary” domain. The result returned from DNS will govern whether the browser switches to from standard (non-DoH) DNS to DoH or not.</p>
<p>The logic is as follows. First the browser makes the query to standard (non https) DNS for <a href="https://use-application-dns.net/">use-application-dns.net</a>. Standard DNS will then return one of the following:</p>
<table rules="groups">
<thead>
<tr>
<th style="text-align: center">Standard DNS Return</th>
<th style="text-align: center">Browser Action</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: center">A or AAAA records</td>
<td style="text-align: center">Enable DNS over HTTPS Functionality</td>
</tr>
<tr>
<td style="text-align: center">(valid IP addresses)</td>
<td style="text-align: center">(bypassing standard DNS)</td>
</tr>
</tbody>
<tbody>
<tr>
<td style="text-align: center">NXDOMAIN or SERVFAIL</td>
<td style="text-align: center">Disable DNS over HTTPS Functionality</td>
</tr>
<tr>
<td style="text-align: center">(unable to find valid IP addresses)</td>
<td style="text-align: center">(continue to use standard DNS)</td>
</tr>
</tbody>
<tbody>
<tr>
<td style="text-align: center"> </td>
<td style="text-align: center"> </td>
</tr>
</tbody>
</table>
<p>Therefore to continue using Pi-hole to block internet garbage, pi-hole <em>must</em> return NXDOMAIN or SERVFAIL when queried for <a href="https://use-application-dns.net/">use-application-dns.net</a>.</p>
<p>What’s more is that those top, top Pi-hole developers have already merged a fix to <a href="https://github.com/pi-hole/pi-hole/pull/2915">make this happen</a>. Further discussion on this change is available on a pi-hole <a href="https://discourse.pi-hole.net/t/support-for-returning-nxdomain-for-use-application-dns-net-to-disable-firefox-doh/23243/7">discourse thread</a>.</p>
<p>Google’s suggested implementation is <a href="https://docs.google.com/document/d/15Ss0OaJeb-T3g2RMwgikHvsC0CPKd-MLeGeetv1wYY4/edit?usp=sharing">way more complex</a>. I confess to not reading the whole document (it’s 22 pages long!), however the issue is being thought about at least. As with all suggestions, Google’s implementation may change in the future…</p>
<p>Microsoft Edge supporting DoH? The silence is deafening :no_mouth:</p>
<p>Fun times!</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/for-against-for-doh/">Why I was For, Against, then For Browser DNS over HTTPS</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on September 15, 2019.</p>
https://polarclouds.co.uk/pi-hole-https-dns2019-09-09T19:00:00+01:002019-09-09T19:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="pi hole" src="/images/pi-hole-https-dns/pi-hole-dns-https-01.png" />
<span class="image-credit" style="float: right; margin: 0px 0px 0px 10px;">Photo: <a href="https://pi-hole.net/">pi-hole.net</a></span>
Quick primer:</p>
<ul>
<li>DNS: Domain Name System: The system by which domain names such as polarclouds.co.uk are converted to Internet Protocol (IP) addresses such as 104.31.82.123</li>
<li>HTTPS: Hypertext Transfer Protocol Secure: Used for secure communication over a computer network, such as the Internet</li>
<li>Pi: Raspberry Pi (shortened to Pi in this instance): A low cost, credit-card sized computer: <a href="https://polarclouds.co.uk/raspberry-pi-16-linux-pc/">See this PolarClouds post from 2011!</a> Now available in it’s <a href="https://www.raspberrypi.org/">fourth iteration</a></li>
<li>Hole: An empty space in an object, usually with an opening to the object’s surface, or an opening that goes completely through an object. <a href="https://dictionary.cambridge.org/dictionary/english/hole">Source</a>.</li>
</ul>
<p><strong>UPDATE:</strong> See <a href="https://polarclouds.co.uk/for-against-for-doh/">Why I was For, Against, then For Browser DNS over HTTPS</a></p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#objectives" id="markdown-toc-objectives">Objectives</a></li>
<li><a href="#pi-hole" id="markdown-toc-pi-hole">Pi-hole</a></li>
<li><a href="#raspberry-pi-setup" id="markdown-toc-raspberry-pi-setup">Raspberry Pi Setup</a></li>
<li><a href="#non-raspberry-pi-setup" id="markdown-toc-non-raspberry-pi-setup">Non-Raspberry Pi Setup</a></li>
<li><a href="#dns-over-https---cloudflared-argo-tunnel" id="markdown-toc-dns-over-https---cloudflared-argo-tunnel">DNS Over HTTPS - Cloudflared Argo Tunnel</a></li>
<li><a href="#installing-pi-hole" id="markdown-toc-installing-pi-hole">Installing Pi-hole</a></li>
<li><a href="#configuring-pi-hole-to-use-cloudflared-argo-tunnel" id="markdown-toc-configuring-pi-hole-to-use-cloudflared-argo-tunnel">Configuring Pi-hole to use Cloudflared Argo Tunnel</a></li>
<li><a href="#quick-test" id="markdown-toc-quick-test">Quick Test</a></li>
<li><a href="#run-cloudflared-argo-tunnel-as-a-service" id="markdown-toc-run-cloudflared-argo-tunnel-as-a-service">Run Cloudflared Argo Tunnel as a Service</a></li>
<li><a href="#blocklists" id="markdown-toc-blocklists">Blocklists</a></li>
<li><a href="#whitelists" id="markdown-toc-whitelists">Whitelists</a></li>
<li><a href="#configuring-other-devices-to-use-pi-hole" id="markdown-toc-configuring-other-devices-to-use-pi-hole">Configuring Other Devices to use Pi-hole</a></li>
<li><a href="#conclusion" id="markdown-toc-conclusion">Conclusion</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="objectives">Objectives</h2>
<p>It’s no secret, I’m not a fan of adverts. Over the years I’ve posted about my disdain for adverts <a href="https://polarclouds.co.uk/pages/categories#Adverts">several times</a>. I think this sums up my feelings nicely:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="The joy of not being sold anything" src="/images/pi-hole-https-dns/pi-hole-dns-https-02.png" /></p>
<p>Luckily for us there exists a free product that can extend this advert free joy to <strong>EVERY DEVICE ON YOUR NETWORK</strong> (computers, phones, tablets, you name it).</p>
<p>Also, let’s block other internet borne garbage such as ransomware, crypo-miners, internet tracking, malware and the like.</p>
<p>Finally, let’s also move to a secure DNS service whilst we are at it. Besides, <a href="https://nakedsecurity.sophos.com/2019/04/24/dns-over-https-is-coming-whether-isps-and-governments-like-it-or-not/">DNS over HTTPS is coming whether ISPs and governments like it or not</a>. Firefox is slowly <a href="https://www.zdnet.com/article/mozilla-to-gradually-enable-dns-over-https-for-firefox-us-users-later-this-month/">enabling DNS over HTTPS</a> so we can to!</p>
<h2 id="pi-hole">Pi-hole</h2>
<p>What is a (the) Pi-hole? From the <a href="https://docs.pi-hole.net/">documentation</a>:</p>
<blockquote>
<p>The Pi-hole® is a DNS sinkhole that protects your devices from unwanted content, without installing any client-side software.</p>
<ul>
<li>Easy-to-install: our versatile installer walks you through the process, and takes less than ten minutes</li>
<li>Resolute: content is blocked in non-browser locations, such as ad-laden mobile apps and smart TVs</li>
<li>Responsive: seamlessly speeds up the feel of everyday browsing by caching DNS queries</li>
<li>Lightweight: runs smoothly with minimal hardware and software requirements</li>
<li>Robust: a command line interface that is quality assured for interoperability</li>
<li>Insightful: a beautiful responsive Web Interface dashboard to view and control your Pi-hole</li>
<li>Versatile: can optionally function as a DHCP server, ensuring all your devices are protected automatically</li>
<li>Scalable: capable of handling hundreds of millions of queries when installed on server-grade hardware</li>
<li>Modern: blocks ads over both IPv4 and IPv6</li>
<li>Free: open source software which helps ensure you are the sole person in control of your privacy</li>
</ul>
</blockquote>
<h2 id="raspberry-pi-setup">Raspberry Pi Setup</h2>
<p>Most home users run Pi-hole on Raspberry Pi hardware on top of a standard Raspian operating system install. For details on setting up Raspian see <a href="https://www.raspberrypi.org/documentation/installation/installing-images/">Installing operating system images</a> documentation.</p>
<h2 id="non-raspberry-pi-setup">Non-Raspberry Pi Setup</h2>
<p>As you can gather from the Pi-hole section above, Pi-hole does not <em>have</em> to be run on Raspberry Pi hardware. I have mine running in a VMware virtual machine running <a href="https://www.debian.org/">Debian Server</a> (non-GUI) as it’s base O/S. You could, for example install Debian and Pi-hole on any old x86 hardware you have laying about. To set Debian up for yourself, follow this excellent <a href="https://www.howtoforge.com/tutorial/debian-minimal-server/">howtoforge guide</a>.</p>
<p>For the purposes of this post, I’m going to setup Pi-Hole under Debian Buster in a VMware VM. Regular readers will know that I use a <a href="https://www.imdb.com/title/tt0206512/">SpongeBob SquarePants</a> naming scheme in my lab. This VM shall follow that convention and will have the hostname <a href="https://spongebob.fandom.com/wiki/Mable">mable</a>. :smile:</p>
<h2 id="dns-over-https---cloudflared-argo-tunnel">DNS Over HTTPS - Cloudflared Argo Tunnel</h2>
<p>Let’s get DNS over HTTPS running. To do this we are going to use Cloudflare’s <a href="https://developers.cloudflare.com/argo-tunnel/reference/how-it-works/">Argo Tunnel</a>. We will use port 54 as our local endpoint of the Argo tunnel.
To install then:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>wget https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-amd64.deb
dpkg <span class="nt">-i</span> cloudflared-stable-linux-amd64.deb
cloudflared <span class="nt">--version</span>
</code></pre></div></div>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Install Cloudflared" src="/images/pi-hole-https-dns/pi-hole-dns-https-03.png" /></p>
<p>Next, let’s test. As the cloudflared daemon doesn’t return to the command prompt once running, we need to test using screen:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>apt-get <span class="nb">install </span>screen
screen
<span class="nb">sudo </span>cloudflared proxy-dns <span class="nt">--port</span> 54 <span class="nt">--upstream</span> https://1.1.1.1/.well-known/dns-query <span class="nt">--upstream</span> https://1.0.0.1/.well-known/dns-query
</code></pre></div></div>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Tunnel Up" src="/images/pi-hole-https-dns/pi-hole-dns-https-04.png" /></p>
<p>This will start a cloudflared daemon listening at port 54 for DNS requests which will then be forwarded over HTTPS to Cloudflare’s 1.1.1.1 DNS service.</p>
<p>Hit Ctrl+A+D to leave the daemon and session running. Next step is to install Pi-hole and test.</p>
<h2 id="installing-pi-hole">Installing Pi-hole</h2>
<p>Installing Pi-hole involves just the one command. (<a href="https://github.com/pi-hole/pi-hole/#one-step-automated-install">Alternative installation methods</a> are available):</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>curl <span class="nt">-sSL</span> https://install.pi-hole.net | <span class="nb">sudo </span>bash
</code></pre></div></div>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Install Pi-hole" src="/images/pi-hole-https-dns/pi-hole-dns-https-05.png" /></p>
<p>Follow the setup process and complete any prompts along the way. It doesn’t matter what default DNS we use at this point as we will be changing it to use the Argo Tunnel anyway. Make a note of the web interface URL and password. Once installed, confirm you can browse to the Pi-hole and login OK:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Pi-hole Admin" src="/images/pi-hole-https-dns/pi-hole-dns-https-06.png" /></p>
<p>To change Pi-hole’s web admin password:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>pihole <span class="nt">-a</span> <span class="nt">-p</span>
</code></pre></div></div>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Pi-hole password change" src="/images/pi-hole-https-dns/pi-hole-dns-https-07.png" /></p>
<h2 id="configuring-pi-hole-to-use-cloudflared-argo-tunnel">Configuring Pi-hole to use Cloudflared Argo Tunnel</h2>
<p>Back at the command line, let’s setup Pi-hole to use the Argo Tunnel via the cloudflared daemon started earlier. Enter the following:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">echo</span> <span class="s1">'server=127.0.0.1#54'</span> | <span class="nb">sudo tee</span> /etc/dnsmasq.d/02-pihole.conf
</code></pre></div></div>
<p>Final step is to comment out (place a ‘#’ in front of) the two entries <code class="language-plaintext highlighter-rouge">PIHOLE_DNS_1=</code> and <code class="language-plaintext highlighter-rouge">PIHOLE_DNS_2=</code> in /etc/pihole/setupVars.conf:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>nano /etc/pihole/setupVars.conf
</code></pre></div></div>
<p>The above will configure pi-hole to use the cloudflared daemon listening at port 54 as its upstream DNS server. Save and restart pi hole with the command <code class="language-plaintext highlighter-rouge">pihole restartdns</code></p>
<h2 id="quick-test">Quick Test</h2>
<p>Configure a machine to use your newly configured Pi-hole machine as it’s DNS server. Then browse to <a href="https://www.dnsleaktest.com">dnsleaktest.com</a> and run the extended test.
If all working correctly you should see Cloudflare listed as your ISP in the results:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="dnsleaktest results" src="/images/pi-hole-https-dns/pi-hole-dns-https-08.png" /></p>
<p>You may have more than one DNS server listed, that’s perfectly OK as long as they all list Cloudflare as your ISP :smile:</p>
<p>To confirm DNS over HTTPS functionality, browse to <a href="https://1.1.1.1/help">https://1.1.1.1/help</a>. The return should match below. Check that Using DNS over HTTPS (DoH) returns <strong>Yes</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="cloudflare help results" src="/images/pi-hole-https-dns/pi-hole-dns-https-11.png" /></p>
<h2 id="run-cloudflared-argo-tunnel-as-a-service">Run Cloudflared Argo Tunnel as a Service</h2>
<p>Final piece is to configure Cloudflare to always run on startup. Edit the service unit file:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>nano /etc/systemd/system/dnsproxy.service
</code></pre></div></div>
<p>Paste in the following:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="o">[</span>Unit]
<span class="nv">Description</span><span class="o">=</span>CloudFlare DNS over HTTPS Proxy
<span class="nv">Wants</span><span class="o">=</span>network-online.target
<span class="nv">After</span><span class="o">=</span>network.target network-online.target
<span class="o">[</span>Service]
<span class="nv">ExecStart</span><span class="o">=</span>/usr/local/bin/cloudflared proxy-dns <span class="nt">--port</span> 54 <span class="nt">--upstream</span> https://1.1.1.1/.well-known/dns-query <span class="nt">--upstream</span> https://1.0.0.1/.well-known/dns-query
<span class="nv">Restart</span><span class="o">=</span>always
<span class="o">[</span>Install]
<span class="nv">WantedBy</span><span class="o">=</span>multi-user.target
</code></pre></div></div>
<p>Configure the service to auto start:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>systemctl <span class="nb">enable </span>dnsproxy.service
</code></pre></div></div>
<p>Reboot your pi-hole machine and confirm the newly created dnsproxy service starts and runs OK. Pi-hole too:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>service dnsproxy status
pihole status
</code></pre></div></div>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="dnsproxy status" src="/images/pi-hole-https-dns/pi-hole-dns-https-09.png" /></p>
<h2 id="blocklists">Blocklists</h2>
<p>Now we cone to the fun part; blocking unwanted adverts and other unwanted stuff! :sunglasses:</p>
<p>There are plenty of sources of blocklists that can be used with Pi-hole. Here are some of my favourite sources:</p>
<ul>
<li><a href="https://firebog.net/">firebog.net</a> - Excellent source of blocklists curated by Wally3k</li>
<li><a href="https://blocklist.site/">Block List Project</a> - Good source of blocklists free for non-commercial use</li>
<li><a href="https://github.com/StevenBlack/hosts#unified-hosts-file-with-base-extensions">StevenBlack hosts</a> - Consolidated blocklists</li>
<li><a href="https://discourse.pi-hole.net/t/update-the-best-blocking-lists-for-the-pi-hole-alternative-dns-servers-2019/13620/57">Pi-hole discourse thread</a> - The best blocking lists for the Pi-Hole + Alternative DNS servers 2019</li>
</ul>
<h2 id="whitelists">Whitelists</h2>
<p>The more you block, the more whitelists come into play. Whitelists allow connectivity to domains even when they are listed in the blocklists. Again, sources of whitelists are available on the internet:</p>
<ul>
<li><a href="https://firebog.net/">firebog.net</a> - Whitelists are towards the bottom of Wally3k’s lists page</li>
<li><a href="https://github.com/anudeepND/whitelist#commonly-white-listed-domains-for-pi-hole-compatible-with-pi-hole-docker-image">anudeepND whitelist</a> - Source of commonly whitelisted domains plus automated whitelist update tool</li>
<li><a href="https://discourse.pi-hole.net/t/commonly-whitelisted-domains/212">Pi-hole discourse thread</a> - Whitelist discussion with plenty of suggestions</li>
</ul>
<h2 id="configuring-other-devices-to-use-pi-hole">Configuring Other Devices to use Pi-hole</h2>
<p>This will vary from network to network depending on how devices attached to those networks obtain their network settings. Typically this will require a change on your internet router. Simply edit the local network DHCP settings that are pushed to network clients and enter the IP address of your pi-hole machine so that all clients use the pi-hole as their DNS server instead.</p>
<p>Pfsense has this setting in <strong>Services - DHCP Server - LAN</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="pfsense DNS" src="/images/pi-hole-https-dns/pi-hole-dns-https-10.png" /></p>
<h2 id="conclusion">Conclusion</h2>
<p>In this post we looked at setting up domain based blocking with the objective of keeping most types of internet bourne garbage (adverts, ransomware, crypo-miners, internet tracking, malware, etc) off of all devices connected to our network. We achieved this by implementing Pi-hole and leveraging freely available blocklists.</p>
<p>As a bonus, we also enabled DNS over HTTPS to enhance privacy too.</p>
<p>Until next time, happy and safe web-surfing! :surfer:</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/pi-hole-https-dns/">Pi-hole plus DNS over HTTPS</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on September 09, 2019.</p>
https://polarclouds.co.uk/pfsense-traffic-shaping2019-09-02T19:00:00+01:002019-09-02T19:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Traffic" src="/images/pfsense-traffic-shaping/pfsense-traffic-shaping-01.png" />
<span class="image-credit" style="float: right; margin: 0px 0px 0px 10px;">Photo: <a href="https://unsplash.com/@tudor_panait?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Tudor Panait</a></span></p>
<p>Prioritising certain types of internet traffic over others.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#traffic-shaping-primer-and-my-objective" id="markdown-toc-traffic-shaping-primer-and-my-objective">Traffic Shaping Primer and My Objective</a></li>
<li><a href="#how-to-shape-with-pfsense" id="markdown-toc-how-to-shape-with-pfsense">How to Shape with pfSense</a></li>
<li><a href="#monitoring-traffic-shaping-queues" id="markdown-toc-monitoring-traffic-shaping-queues">Monitoring Traffic Shaping Queues</a></li>
<li><a href="#further-traffic-shaping-customisation" id="markdown-toc-further-traffic-shaping-customisation">Further Traffic Shaping Customisation</a></li>
<li><a href="#conclusion" id="markdown-toc-conclusion">Conclusion</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="traffic-shaping-primer-and-my-objective">Traffic Shaping Primer and My Objective</h2>
<p>Traffic shaping / quality of service (QoS) is an expansive subject with many, many, many ways to achieve the same outcome; namely to prioritise certain types of network traffic over types of network traffic as and when required.</p>
<p>Typically, configuring and managing traffic shaping was seen as a non-trivial task.</p>
<p>Frequently this meant understanding traffic flows; getting a handle on traffic sources, traffic destinations and TCP/IP ports used by most / all of the traffic on the network. From there one could prioritise traffic based on the knowledge gained. Adjust traffic control policies, test, adjust traffic control policies again, test, repeat… Lots of adjusting and testing.</p>
<p>Luckily for us, pfSense has a traffic shaping capability built in that has been written for those of us who simply do not want to investigate flows, ports, adjust, test, repeat etc. This means that anyone can implement traffic shaping on their own network in double quick time. Yes, you can still adjust traffic shaping polices as desired, but most of the time the shaping basics implemented by pfSense are more than enough for a normal home network set up.</p>
<p>So lets get going then. In this scenario, I have my pfSense router configured as my gateway for my home network. All internet traffic must pass though my pfSense router. If you need help in setting up your own pfSense router, have a read of Netgate’s excellent <a href="https://docs.netgate.com/pfsense/en/latest/install/installing-pfsense.html">pfSense installation guide</a>.</p>
<p><strong>My objective</strong>: prioritise internet streaming services such as Netflix, Amazon Prime, YouTube, etc over other types of traffic. Whilst I’m not seeing any issues at present, there is noting more annoying than video buffering!</p>
<p>Your objective may/will be different. You can certainly use pfSense to achieve your objective. Same process as below.</p>
<h2 id="how-to-shape-with-pfsense">How to Shape with pfSense</h2>
<p>Log onto your pfSense server and select <strong>Firewall - Traffic Shaper - Wizards</strong>:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="pfSense Traffic Shaper Wizard Selection" src="/images/pfsense-traffic-shaping/pfsense-traffic-shaping-02.png" /></p>
<p>If you have multiple WAN connections you should select <strong>traffic_shaper_wizard_multi_all.xml</strong>
If you have a single WAN connection you should select <strong>traffic_shaper_wizard_dedicated.xml</strong> - nine times out of ten traffic_shaper_wizard_dedicated.xml is the wizard you need to select. For the purposes of this walk-through, I’ll be selecting the dedicated option.</p>
<p>At the next screen enter the number of WAN connections you have. I have one WAN connection, so I’ll leave this as is and click <strong>Next</strong>
<img style="display: block; margin-left: auto; margin-right: auto;" alt="pfSense Traffic Shaper Wizard WAN connections" src="/images/pfsense-traffic-shaping/pfsense-traffic-shaping-03.png" /></p>
<p>At the Step 1 of 8 screen, I’ll select my local interface as <strong>LAN1</strong>, my WAN Interface as <strong>WAN</strong> and I’ll leave both set to <strong>PRIQ</strong> for simplicity (To learn more about PRIQ and the other scheduler types, see <a href="https://docs.netgate.com/pfsense/en/latest/book/trafficshaper/altq-scheduler-types.html">ALTQ Scheduler Types</a> in the pfSense documentation)</p>
<p>For upload and download figures, you can either discover these numbers from your broadband router or via a line speed test such as <a href="https://www.speedtest.net/">Speedtest.net</a>. Whatever numbers you enter here, I highly recommended that you enter around 5% less than the numbers you discover for your line. This is so that you hit your pfSense limiter before you hit the limit of your line.</p>
<p>For example, today my fibre modem is showing:</p>
<ul>
<li>Upload = 14.8 Mbit/s</li>
<li>Download = 68.1 Mbit/s</li>
</ul>
<p>Taking 5% away from both these numbers gives me:</p>
<ul>
<li>Upload = 14.06 Mbit/s - I’ll round this down to 14 Mbit/s</li>
<li>Download = 64.6 Mbit/s - I’ll round this down to 64 Mbit/s</li>
</ul>
<p>Your numbers will almost certainly be different. Completing the page then:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="pfSense Traffic Shaper connection parameters" src="/images/pfsense-traffic-shaping/pfsense-traffic-shaping-04.png" />
Click <strong>Next</strong> when done.</p>
<p>Step 2 of 8 deals with prioritising Voice Over IP traffic. If you use VOIP, configure your parameters here:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="pfSense Traffic Shaper VOIP parameters" src="/images/pfsense-traffic-shaping/pfsense-traffic-shaping-05.png" />
Nowadays, I don’t use VOIP so I’m going to simply click <strong>Next</strong> here.</p>
<p>Step 3 of 8 deals with bandwidth “hogs”. If you have that one particular user on your network that likes to hog your internet bandwidth, you can enter their details here. For the demo, I’m going to limit the machine with the IP address 192.168.99.100 to 15% bandwidth. pfSense accepts a range of 2% to 15% in this step:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="pfSense Traffic Shaper bandwidth hog parameters" src="/images/pfsense-traffic-shaping/pfsense-traffic-shaping-06.png" />
Click <strong>Next</strong> when done.</p>
<p>Step 4 of 8 deals with peer-to-peer traffic. Yes I want to limit P2P traffic, so I’m enabling the option and I’m selecting BitTorrent. As you can see, there are plenty of P2P protocols to limit supported out of the box:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="pfSense Traffic Shaper P2P parameters" src="/images/pfsense-traffic-shaping/pfsense-traffic-shaping-07.png" />
Click <strong>Next</strong> when done.</p>
<p>Step 5 of 8 deals with prioritising internet game traffic:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="pfSense Traffic Shaper Game parameters" src="/images/pfsense-traffic-shaping/pfsense-traffic-shaping-08.png" />
Again, I don’t play games online so I’m going to leave this unset and click <strong>Next</strong>.</p>
<p>Step 6 of 8 deals with raising or lowering the priority of other application traffic:
OK, so here I’m going set the following to “Higher Priority” along with the reasoning to do so:</p>
<ul>
<li>
<p>IPSEC - IP Security (VPN section) - For connecting to other networks</p>
</li>
<li>
<p>RTSP - Real Time Streaming Protocol (Multimedia/Streaming section) - As used by Netflix, Amazon prime etc. <em>What we came here for, objective met!</em></p>
</li>
<li>
<p>RTMP - Real-Time Messaging Protocol (Multimedia/Streaming section) - As used by Netflix, Amazon prime etc. <em>What we came here for, objective met!</em></p>
</li>
<li>
<p>HTTP (Web section) - Standard Web browsing</p>
</li>
</ul>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="pfSense Traffic Shaper Other parameters" src="/images/pfsense-traffic-shaping/pfsense-traffic-shaping-09.png" />
Click <strong>Next</strong> when done.</p>
<p>Step 7 of 8 Almost there:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="pfSense Traffic Shaper Reload" src="/images/pfsense-traffic-shaping/pfsense-traffic-shaping-10.png" />
Click <strong>Finish</strong> to load the new profile.</p>
<p>Step 8 of 8 Done!
<img style="display: block; margin-left: auto; margin-right: auto;" alt="pfSense Traffic Shaper Done" src="/images/pfsense-traffic-shaping/pfsense-traffic-shaping-11.png" /></p>
<p>Right. Lets take a look at the rules created. Click <strong>Firewall - Rules - Floating</strong>.</p>
<p>Here they are:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="pfSense Traffic Shaper Firewall Rules" src="/images/pfsense-traffic-shaping/pfsense-traffic-shaping-12.png" /></p>
<h2 id="monitoring-traffic-shaping-queues">Monitoring Traffic Shaping Queues</h2>
<p>To see in real-time how the traffic shaper is performing, head over to <strong>Status - Queues</strong>. From there you can see the following:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="pfSense Traffic Shaper Queues" src="/images/pfsense-traffic-shaping/pfsense-traffic-shaping-13.png" /></p>
<p>Think of the graphics on this page as “buckets”, the red line shows how full each “bucket” is. The fuller the “bucket”, the more traffic waiting for bandwidth to traverse the network. Further information on queues can be found in the <a href="https://docs.netgate.com/pfsense/en/latest/book/trafficshaper/monitoring-the-queues.html">monitoring the queues</a> section of the pfSense documentation.</p>
<h2 id="further-traffic-shaping-customisation">Further Traffic Shaping Customisation</h2>
<p>From the floating firewall rules we can create other rules based on those created by the wizard, make adjustments to the rules created by the wizard, delete rules, whatever! We can either achieve this by running the wizard again or editing the rules created by the wizard directly at the firewall in the floating rule interface.</p>
<p>For further traffic shaping customisation over and above what is covered here, have a look at the <a href="https://docs.netgate.com/pfsense/en/latest/book/trafficshaper/advanced-customization.html">traffic shaper advanced customization</a> section of the pfSense documentation.</p>
<h2 id="conclusion">Conclusion</h2>
<p>In this post we implemented traffic shaping / quality of service using the wizard that ships with pfSense.
After implementing this on my own home network, I’m more than happy with the results. No more interruptions to streaming services.</p>
<p>Happy streaming! :sunglasses:</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/pfsense-traffic-shaping/">Traffic Shaping with pfSense</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on September 02, 2019.</p>
https://polarclouds.co.uk/vsphere-patch-update2019-08-26T17:00:00+01:002019-08-26T17:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Patch and Update" src="/images/vsphere-patch-update/vsphere-67u3-01.png" />
<span class="image-credit" style="float: right; margin: 0px 0px 0px 10px;">Photo: <a href="https://unsplash.com/@randyfath?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Randy Faith</a></span></p>
<p>Another month another set of vSphere patches. This month, VMware have just released vSphere 6.7 Update 3 for ESXi and vCenter.</p>
<p>It occurred to me that I hadn’t previously detailed how I go about patching vSphere environments including my NSX-V Lab. To rectify that, what follows is the method I use to patch and update vSphere.</p>
<p>Yes, there are other ways to achieve the same outcome using update manager etc. Using this method, we simply grab the updates from the VMware update site, push them to the correct locations and install.</p>
<p>What follows is a whistle-stop guide to update a vSphere environment. Whilst it is by no means exhaustive, the method detailed here:</p>
<p>:heavy_check_mark: Can be employed in an isolated environment<br />
:heavy_check_mark: Is fully supported by VMware<br />
:heavy_check_mark: Simple!<br />
:heavy_check_mark: Serves as a reminder to me - for the next time :wink:</p>
<p>It goes without saying (although I’m saying it here!), that this guide is written with the target audience being the experienced vSphere administrator.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#confirming-compatibility" id="markdown-toc-confirming-compatibility">Confirming Compatibility</a></li>
<li><a href="#updating-vcenter" id="markdown-toc-updating-vcenter">Updating vCenter</a></li>
<li><a href="#updating-esxi" id="markdown-toc-updating-esxi">Updating ESXi</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="confirming-compatibility">Confirming Compatibility</h2>
<p>As previously mentioned, I need to patch my NSX lab. As NSX runs as a plug-in to vCenter, I need to confirm that updating vCenter won’t cause NSX any issues. Other VMware products such as Site Recovery Manager plug-in to vCenter in the same way.</p>
<p>The version of NSX I have running in my lab is 6.4.5. I need to confirm that this version is compatible with my target vSphere version; in this case vCenter 6.7 update 3 and ESXi 6.7 update 3.</p>
<p>Lets have a look at the <a href="https://www.vmware.com/resources/compatibility/sim/interop_matrix.php">VMware Product Interoperability Matrices</a></p>
<p>Plumbing in <em>NSX for vSphere 6.4.5</em> in section 1, <em>VMware vCenter Server 6.7 U3</em> and <em>VMware vSphere Hypervisor (ESXi) 6.7 U3</em> into the tool produced the following results:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="NSX compatibility check" src="/images/vsphere-patch-update/vsphere-67u3-02.png" /></p>
<p>All looks good.</p>
<h2 id="updating-vcenter">Updating vCenter</h2>
<p>Task one is to update vCenter. The golden rule when applying updates to vSphere environments: <strong>vCenter must be of equal or greater version to the ESXi hosts it manages</strong>.</p>
<p>Head over to <a href="https://my.vmware.com/group/vmware/patch">VMware patch download site</a> and grab the vCenter update bundle iso file. This is the one I need:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="vCenter update patch" src="/images/vsphere-patch-update/vsphere-67u3-03.png" /></p>
<p>Next, we need to mount the downloaded iso file onto one of the lab vCenter servers. Simplest way is to open a console to the vCenter server from the ESXi management interface and mount the iso to the CD/DVD drive using the VMRC client:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Mount vC update iso file" src="/images/vsphere-patch-update/vsphere-67u3-04.png" /></p>
<p>Then we need to login as root to our vCenter via <code class="language-plaintext highlighter-rouge">https://<vCenter FQDN or IP Address>:5480</code> Select <strong>Update - Check Updates - Check CD ROM</strong>:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Check CD ROM for update" src="/images/vsphere-patch-update/vsphere-67u3-05.png" /></p>
<p>Open the “twistie” and click <strong>Run pre-update checks</strong>. Once complete, click <strong>Stage and Install</strong>. Complete the licence, CEIP and backup confirmation wizard and hit finish. The update will now install:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="vC update installing" src="/images/vsphere-patch-update/vsphere-67u3-06.png" /></p>
<p>Keep an eye on the vCenter console via VMRC. Once the update installation has completed, the vCenter VM should reboot.</p>
<p>Once vCenter has booted, log on and confirm all working OK, including NSX and any other vCenter plugins you may have.</p>
<p>Repeat update process for any other vCenter servers in your environemnt.</p>
<h2 id="updating-esxi">Updating ESXi</h2>
<p>Head over again to <a href="https://my.vmware.com/group/vmware/patch">VMware patch download site</a> and grab the required ESXi update zip file. This is the one I need:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="ESXi update patch" src="/images/vsphere-patch-update/vsphere-67u3-07.png" /></p>
<p>Upload the update zip file to your ESXi host using the datastore browser:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Upload patch to datastore" src="/images/vsphere-patch-update/vsphere-67u3-08.png" /></p>
<p>Enable SSH, connect to the host and login as root.</p>
<p>Run the command <code class="language-plaintext highlighter-rouge">esxcli software sources profile list -d </path/to/patch zip></code> to list the image profiles contained within the update:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="List update profiles" src="/images/vsphere-patch-update/vsphere-67u3-09.png" /></p>
<p>As you can see from the above, the update includes four profiles:</p>
<ol>
<li><code class="language-plaintext highlighter-rouge">ESXi-<update version>s-no-tools</code> - Contains security patches only with no VMware Tools</li>
<li><code class="language-plaintext highlighter-rouge">ESXi-<update version>-no-tools</code> - Contains all patches with no VMware Tools</li>
<li><code class="language-plaintext highlighter-rouge">ESXi-<update version>-standard</code> - Contains all patches and VMware Tools</li>
<li><code class="language-plaintext highlighter-rouge">ESXi-<update version>s-standard</code> - Contains security patches only with VMware Tools</li>
</ol>
<p>As I’m going to install all patches and update VMware tools, I’m going to opt for profile 3 <strong>ESXi-6.7.0-20190802001-standard</strong></p>
<p>Use the command <code class="language-plaintext highlighter-rouge">esxcli software profile update -d </path/to/patch> -p <image profile></code> to install the update:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Install ESXi update" src="/images/vsphere-patch-update/vsphere-67u3-10.png" /></p>
<p>Yes, my lab is a little old:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Hardware warning" src="/images/vsphere-patch-update/vsphere-67u3-11.png" /></p>
<p>Lets try again: <code class="language-plaintext highlighter-rouge">esxcli software profile update -d </path/to/patch></code><br /><code class="language-plaintext highlighter-rouge">-p <image profile> --no-hardware-warning</code></p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="ESXi update installed" src="/images/vsphere-patch-update/vsphere-67u3-12.png" /></p>
<p>That’s better. Reboot time!</p>
<p>Boom! Done:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Done" src="/images/vsphere-patch-update/vsphere-67u3-13.png" /></p>
<p>On to patching my other lab host! :smile:</p>
<p>Happy patching.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/vsphere-patch-update/">Simple VMware vSphere Estate Patching and Updating</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on August 26, 2019.</p>
https://polarclouds.co.uk/nsx-edge-service-gateway-route-redistribution2019-08-19T14:00:00+01:002019-08-19T14:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Which Route?" src="/images/nsx-edge-service-gateway-route-redistribution/esg-route-redist-fix-01.png" />
<span class="image-credit" style="float: right; margin: 0px 0px 10px 10px;">Photo: <a href="https://unsplash.com/@soymeraki?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Javier Allegue Barros</a></span></p>
<p>Deploying VMware NSX-V 6.4.5 from scratch into production in an active/active/active mode, (yep three sites!) we ran into an interesting problem when looking at the configuration of the Edge Service Gateway (ESG) on the secondary sites.</p>
<p>Can you spot it in the screenshot from my test lab below?
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Route Redistribution greyed out" src="/images/nsx-edge-service-gateway-route-redistribution/esg-route-redist-fix-02.png" /></p>
<p>Let me give you a clue:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Zoom Route Redistribution greyed out" src="/images/nsx-edge-service-gateway-route-redistribution/esg-route-redist-fix-03.png" /></p>
<p>Yes thats correct, the option to enable OSPF / BGP route redistribution from the ESG is greyed out!</p>
<p>Let’s check the flash client:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Route Redistribution greyed out Flash too" src="/images/nsx-edge-service-gateway-route-redistribution/esg-route-redist-fix-04.png" /></p>
<p>Yep same :(</p>
<p>Okay, so that might not be a problem when running NSX-V in active/passive mode, but we are trying to run active/active/active here - I.E. run active services from all three datacentres.</p>
<p>Here is how to fix. It involves talking to NSX at an API level, but stick with me, its an easy fix.</p>
<p>First off, download a copy of Postman from <a href="https://www.getpostman.com/downloads/">getpostman.com</a> and install.</p>
<p>Once installed, we need to configure Postman to work with NSX, so close Postman’s getting started screen and select <strong>File - Settings - General - SSL Certificate Verification</strong> is set to off:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Postman SSL verification off" src="/images/nsx-edge-service-gateway-route-redistribution/esg-route-redist-fix-05.png" /></p>
<p>Next, select Proxy and ensure <strong>Global Proxy Configuration</strong> and <strong>Use System Proxy</strong> are both set to off:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Postman System and Global Proxy off" src="/images/nsx-edge-service-gateway-route-redistribution/esg-route-redist-fix-06.png" /></p>
<p>Close Postman configuration.</p>
<p>Next select <strong>Get</strong> from the drop down, <strong>Basic Auth</strong> from the <strong>Authorisation</strong> drop down and enter credentials to your secondary NSX Manager as shown below:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Postman Get Config 1" src="/images/nsx-edge-service-gateway-route-redistribution/esg-route-redist-fix-07.png" /></p>
<p>Select <strong>Headers</strong>, set Key to <strong>Content-Type</strong>, Value to <strong>application/xml</strong> and enter the following URL (modify to match your environment): <strong>https://FQDN_of_Secondary_NSX_Manager/api/4.0/edges/edge-ID/routing/config</strong></p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Postman Get Config 2" src="/images/nsx-edge-service-gateway-route-redistribution/esg-route-redist-fix-08.png" /></p>
<p>Click <strong>Send</strong></p>
<p>Your results should fill with xml similar to the below. If not, check your NSX Manager FQDN, NSX credentials and Edge ID.</p>
<p>Click to copy results to clipboard:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="NSX API results" src="/images/nsx-edge-service-gateway-route-redistribution/esg-route-redist-fix-09.png" /></p>
<p>Paste results into a text editor such as <a href="https://notepad-plus-plus.org/">Notepad++</a></p>
<p>Find the XML section between <code class="language-plaintext highlighter-rouge"><redistribution></code> and <code class="language-plaintext highlighter-rouge"></redistribution></code> headings.</p>
<p>Replace the whole <code class="language-plaintext highlighter-rouge"><redistribution></code> section with the following:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> <redistribution>
<enabled>true</enabled>
<rules>
<rule>
<id>0</id>
<from>
<ospf>false</ospf>
<bgp>true</bgp>
<static>true</static>
<connected>true</connected>
</from>
<action>permit</action>
</rule>
</rules>
</redistribution>
</code></pre></div></div>
<p>Modify ospf, bgp, static and connected sections to match your requirements, such as those set on your ESGs at your primary site.</p>
<p>Once complete, open a new tab in Postman, set type to <strong>Put</strong>, select <strong>Headers</strong>, set Params Key to <strong>Content-Type</strong>, Value to <strong>application/xml</strong> and enter URL:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="NSX API Put 1" src="/images/nsx-edge-service-gateway-route-redistribution/esg-route-redist-fix-10.png" /></p>
<p>Set authorisation to <strong>Basic Auth</strong>:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="NSX API Put 2" src="/images/nsx-edge-service-gateway-route-redistribution/esg-route-redist-fix-11.png" /></p>
<p>Select <strong>Body</strong> and <strong>Raw</strong>. Paste modified xml into window
<img style="display: block; margin-left: auto; margin-right: auto;" alt="NSX API Put 3" src="/images/nsx-edge-service-gateway-route-redistribution/esg-route-redist-fix-12.png" />
Finally, click <strong>Send</strong>.</p>
<p>Confirm NSX returns a <strong>204 No Content</strong> return to Postman:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="NSX API Put return" src="/images/nsx-edge-service-gateway-route-redistribution/esg-route-redist-fix-13.png" /></p>
<p>If not, retry GET, xml modification and PUT again. Pay close attention to <code class="language-plaintext highlighter-rouge"><version></code> tags in the received and sent xml; they must match.</p>
<p>Refresh NSX to confirm modification has applied. Sure the configuration is still greyed out, but it’s enabled now:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="NSX Secondary ESG Route Redistribution" src="/images/nsx-edge-service-gateway-route-redistribution/esg-route-redist-fix-14.png" /></p>
<p>Done! Repeat for any other ESG’s at any other secondary sites :)</p>
<p>VMware engineering have confirmed this is an issue with NSX-V 6.4.5. <em>Should</em> be fixed in NSX-V 6.4.6.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/nsx-edge-service-gateway-route-redistribution/">NSX Edge Service Gateway Route Redistribution</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on August 19, 2019.</p>
https://polarclouds.co.uk/plex-metadata-artwork-server-core2019-08-11T10:00:00+01:002019-08-11T10:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Plex Logo" src="/images/plex-metadata-artwork-server-core/Plex-Thumb.png" />
Here’s how I fixed Plex TV metadata and artwork not downloading when running Plex server on Windows Server 2016 / 2019 Core.</p>
<p>This fix has the advantages of:</p>
<ol>
<li>Installing just the two required root CA certificates</li>
<li>The DigiCert certificate has a long validity time (12 years at time of posting), so will not need replacing anytime soon</li>
</ol>
<p>The AddTrust certificate expires on 30 May 2020. If you are reading this post after that date, you may want to double check the certificate you downloading the steps below. Chances are Cloudflare will refresh the certificate in plenty of time anyway, so the links below <em>should</em> still work with the refreshed certificate.</p>
<p>Onto getting these installed then.</p>
<p>Download the “DigiCert Global Root CA” certificate from <a href="https://www.digicert.com/digicert-root-certificates.htm">DigiCert Trusted Root Authority Certificates</a> You will need the cert that is valid until 10 November 2031 and has a thumbprint ending in 5436. <br /><a href="https://dl.cacerts.digicert.com/DigiCertGlobalRootCA.crt">Direct link to DigiCertGlobalRootCA.crt</a></p>
<p>Next, download the “AddTrust External CA Root” certificate from <a href="https://support.cloudflare.com/hc/en-us/articles/203041594">Cloudflare SSL cipher, browser, and protocol support</a> You will need the cert that has a serial number of 1 and has a SHA-1 Fingerprint ending in 1868. <br /><a href="https://crt.sh/?d=1">Direct link to 1.crt</a></p>
<p>Copy both certificates to your Windows Core install, say “C:\Temp”</p>
<p>Logon to core server and launch PowerShell. Run the command <code class="language-plaintext highlighter-rouge">Set-Location Cert:\LocalMachine\CA</code></p>
<p>Import the DigiCert certificate: <code class="language-plaintext highlighter-rouge">Import-Certificate C:\Temp\DigiCertGlobalRootCA.crt</code></p>
<p>Import the AddTrust certificate: <code class="language-plaintext highlighter-rouge">Import-Certificate C:\Temp\1.crt</code></p>
<p>Finally, enter <code class="language-plaintext highlighter-rouge">dir</code> and confirm that you see the following listed:</p>
<blockquote>
<p>A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
02FAF3E291435468607857694DF5E45B68851868 CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust…</p>
</blockquote>
<p>Refresh all metadata on your Plex TV libraries, hey presto - metadata and artwork.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/plex-metadata-artwork-server-core/">Fixed: Plex Missing Metadata and Artwork on Windows Server Core</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on August 11, 2019.</p>
https://polarclouds.co.uk/reset-lost-srm-passwords2019-08-10T17:20:00+01:002019-08-10T17:20:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Lost password, send help!" src="/images/reset-lost-srm-passwords/reset-srm-passwd-00.jpg" />
<span class="image-credit" style="float: right; margin: 0px 0px 10px 10px;">Photo: <a href="https://unsplash.com/@shttefan?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">SHTTEFAN</a></span></p>
<p>Lets face it, we have all been there. We <em>thought</em> the passwords were securely saved in the correct place. However, when needed those carefully stowed passwords, for whatever reason they are not there! A couple of password safe restores later, it’s looking like we are going to have to reset…</p>
<p>This happened to me with three Linux appliance installations of VMware Site Recovery Manager (SRM).</p>
<p>What’s worse is that each SRM install has three (!!) passwords set at install time:</p>
<ul>
<li>root</li>
<li>Admin</li>
<li>Database</li>
</ul>
<p>Well friends, here is how to reset all three passwords. Whilst the following has been extensively tested on SRM v8.2 (latest version at time of post), your mileage may differ in later versions.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#root-password-reset" id="markdown-toc-root-password-reset">root Password Reset</a></li>
<li><a href="#admin-password-reset" id="markdown-toc-admin-password-reset">Admin Password Reset</a></li>
<li><a href="#database-password-reset" id="markdown-toc-database-password-reset">Database Password Reset</a></li>
<li><a href="#wrap-up" id="markdown-toc-wrap-up">Wrap Up</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="root-password-reset">root Password Reset</h2>
<p>As the appliance runs Photon OS, the process to reset the appliance root password roughly follows that of resetting Linux root passwords in general.</p>
<p>Reboot the appliance via <strong>vCenter - Actions - Power - Restart Guest OS</strong> <br />
At the Photon OS splash screen quickly hit <code class="language-plaintext highlighter-rouge">e</code> to edit the grub boot menu.</p>
<p>You will be met with a screen that resembles the following:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="SRM Appliance default grub menu" src="/images/reset-lost-srm-passwords/reset-srm-passwd-01.png" /></p>
<p>Move the cursor to the end of the line that begins with <code class="language-plaintext highlighter-rouge">linux /$photon_linux</code> <br />
Enter the following text at the end of the linux line <code class="language-plaintext highlighter-rouge">rw init=/bin/bash</code> so that it resembles the following:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="SRM Appliance modified grub menu" src="/images/reset-lost-srm-passwords/reset-srm-passwd-02.png" /></p>
<p>Hit <code class="language-plaintext highlighter-rouge">F10</code> to boot the SRM appliance using the modified grub entry.<br />
The appliance will boot to a command prompt:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="SRM Appliance booted to command prompt" src="/images/reset-lost-srm-passwords/reset-srm-passwd-03.png" /></p>
<p>Now we simply need to change the root password using the <code class="language-plaintext highlighter-rouge">passwd</code> command as shown below:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="SRM Appliance root password changed" src="/images/reset-lost-srm-passwords/reset-srm-passwd-04.png" /></p>
<p>Finally, unmount the file system using the command <code class="language-plaintext highlighter-rouge">umount /</code> and reboot using the command <code class="language-plaintext highlighter-rouge">reboot -f</code>:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="SRM Appliance unmount and reboot" src="/images/reset-lost-srm-passwords/reset-srm-passwd-05.png" /></p>
<p>Allow the appliance to boot normally. Test the newly reset password by logging in using the root account via the VM’s console.</p>
<h2 id="admin-password-reset">Admin Password Reset</h2>
<p>Compared to resetting the root password as shown above, resetting the SRM admin password is simple.<br />
Open the SRM appliance VM console and login using the root account.</p>
<p>At the prompt enter <code class="language-plaintext highlighter-rouge">passwd admin</code><br />
You will then be prompted to enter a new password for the admin account:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="SRM Appliance reset admin password" src="/images/reset-lost-srm-passwords/reset-srm-passwd-06.png" /></p>
<p>Test access via the SRM appliance administration website <code class="language-plaintext highlighter-rouge">https://<SRM Appliance IP Address>:5480</code>:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="SRM Appliance login" src="/images/reset-lost-srm-passwords/reset-srm-passwd-07.png" /></p>
<h2 id="database-password-reset">Database Password Reset</h2>
<p>Finally, lets reset the SRM database password. Of the three SRM passwords set at install time, resetting the database password is the simplest.</p>
<p>Open the SRM appliance VM console and login using the root account.</p>
<p>Next, enter the following command: <code class="language-plaintext highlighter-rouge">cat /opt/vmware/srm/conf/db:srmdb</code></p>
<p>This will display the currently set database password in clear text:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Recovered SRM database password" src="/images/reset-lost-srm-passwords/reset-srm-passwd-08.png" /></p>
<p>Login via the SRM appliance administration website <code class="language-plaintext highlighter-rouge">https://<SRM Appliance IP Address>:5480</code>, select <strong>Access - Embedded database password - Change</strong>, enter recovered and new passwords:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Change SRM database password" src="/images/reset-lost-srm-passwords/reset-srm-passwd-09.png" /></p>
<h2 id="wrap-up">Wrap Up</h2>
<p>In this article we covered how to reset the VMware Site Recovery (SRM) Linux appliance root, admin and database passwords. All simple enough using standard Linux commands and knowing where to look to find PostgreSQL database passwords when you need them.</p>
<p>Any comments, questions, concerns feel free to post them in the comments below.</p>
<p>Because I’ll know someone will ask: “POTTY - that’s a strange hostname… Why?”<br />
The simple answer is that I use the <a href="https://en.wikipedia.org/wiki/SpongeBob_SquarePants">SpongeBob SquarePants</a> naming standard in my testlab. You all know <a href="https://nickelodeon.fandom.com/wiki/Potty_the_Parrot">Potty the Parrot</a> right?</p>
<p>That’s right, this guy!
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Potty the Parrot" src="/images/reset-lost-srm-passwords/Potty_the_Parrot.png" /></p>
<p>Finally, remember to save your new passwords!!!</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/reset-lost-srm-passwords/">Resetting Lost SRM Passwords</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on August 10, 2019.</p>
https://polarclouds.co.uk/dt90e-repair2016-10-23T18:30:00+01:002016-10-23T18:30:00+01:00Chris Hallhttps://polarclouds.co.uk
<p>Winter is coming… Well to the UK anyway!</p>
<p>This morning I went to checkout why my central heating had not come on as usual, I was met with the following when checking the thermostat:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="No display!" src="/images/dt90e-repair/stat01.jpg" /></p>
<p>Hmm no temperature display…</p>
<p>Full disclosure, this is not the first time I’ve had this issue with this thermostat. A couple of days earlier I had the same issue and discovered that the Duracell batteries I had fitted over two years ago had started to leak. Grrr I thought Duracells were supposed to be “a higher standard battery…”</p>
<p>At that time, I had cleaned the battery compartment of Duracell battery “juice” and I assumed that was that. I guess not!</p>
<p>Right time to tear the unit down. Here is what I found and how I fixed the issue.</p>
<p>First off, isolate the central heating system from the mains. Turn the central heating system power off. No shocks for me today thank you.</p>
<p>Then pull the top cover away from the unit:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Remove top cover" src="/images/dt90e-repair/stat02.jpg" /></p>
<p>Remove the batteries and using a small screwdriver, lift the two small tabs located inside the battery compartment:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Lift tabs" src="/images/dt90e-repair/stat03.jpg" /></p>
<p>Then, lifting from the bottom, pivot the unit at the top to remove the thermostat from it’s mounting plate.</p>
<p>Once the thermostat is away from the wall you can take it to the bench - or in my case the kitchen work surface!</p>
<p>Next, lifting the tab highlighted below, gently remove the circuit board up and away from the unit:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Remove circuit" src="/images/dt90e-repair/stat04.jpg" /></p>
<p>Right down to business. Inspecting the board and the battery contacts to the circuit board, I discovered the following:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Circuit board corrosion" src="/images/dt90e-repair/stat05.jpg" />
Click <a href="/images/dt90e-repair/stat05-HiRes.jpg">here</a> to see a high res image</p>
<p>Yep, corrosion on the right hand battery connection pad. Lets look at it’s corresponding battery compartment connection tab:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Battery tab corrosion" src="/images/dt90e-repair/stat06.jpg" />
Click <a href="/images/dt90e-repair/stat06-HiRes.jpg">here</a> to see a high res image</p>
<p>The elderly Duracell battery leak had made it’s way from the battery compartment onto the circuit board via the battery connection tab.</p>
<p>To clean the corrosion from the circuit board, I grabbed the following:</p>
<ul>
<li>Nail varnish remover (Acetone) - rubbing alcohol would do</li>
<li>Cotton buds</li>
<li>Dull kitchen knife</li>
</ul>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Tools" src="/images/dt90e-repair/stat07.jpg" /></p>
<p>Yep, Acetone:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Acetone" src="/images/dt90e-repair/stat08.jpg" /></p>
<p>The aim is to remove the corrosion from both the circuit board and the battery connection tab.</p>
<p>A bit of cleaning and a bit careful scraping of the board later:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Clean circuit board" src="/images/dt90e-repair/stat09.jpg" />
Click <a href="/images/dt90e-repair/stat09-HiRes.jpg">here</a> to see a high res image</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Clean battery tab" src="/images/dt90e-repair/stat10.jpg" />
Click <a href="/images/dt90e-repair/stat10-HiRes.jpg">here</a> to see a high res image</p>
<p>I also very gently bent the battery connection tabs upwards slightly to ensure that the made a stronger contact with the circuit board.</p>
<p>Not pretty, but functional.</p>
<p>Replacing the board into the plastic unit bottom first, a bit fiddly but easy enough, it was time to replace the batteries and test.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="It still works" src="/images/dt90e-repair/stat11.jpg" /></p>
<p>Yay, it now works! (Excuse the Ikea batteries, they are all I had to hand!)</p>
<p>Refit back onto the backing place on the wall, replace the cover, turn the heating system power back on and it’s job done:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Done" src="/images/dt90e-repair/stat12.jpg" /></p>
<p>That’s that then.</p>
<p>For completeness I’ve also uploaded the <a href="https://polarclouds.co.uk/documents/DT90E-Installer-Guide.pdf">DT90E Installer Guide</a> and the <a href="https://polarclouds.co.uk/documents/DT90E-User-Guide.pdf">DT90E User Guide</a> to this blog.</p>
<p>Job done. Toasty.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/dt90e-repair/">(Away from the Keyboard) Honeywell DT90E Repair</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on October 23, 2016.</p>
https://polarclouds.co.uk/wd40-mastic2016-09-26T18:30:00+01:002016-09-26T18:30:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="WD40" src="/images/wd40-mastic/wd40-00.jpg" /></p>
<p><em>A bit of a departure of recent times on this blog, but stick with me (no pun intended) and I’m sure you’ll find this little pro tip as handy as I did.</em></p>
<p>I finally decided to get to a task that had been outstanding for a while, re-sealing around the tray in our shower. The main reasons why this task had been outstanding were simple:</p>
<ol>
<li>Removal of the old mastic (or silicone sealant) around the tray</li>
<li>Trying to get a semi professional application of new mastic without getting new mastic everywhere</li>
</ol>
<p>…so yeah, pretty much the whole job! Let me elaborate a little.</p>
<p>Removal of the old stuff pretty much means scratching and scraping at the old mastic with Stanley knives, chisels, screwdrivers, paint scrapers for what seems like hours whilst trying not to scratch either the shower tray or the wall tiles around the shower tray.</p>
<p>Application of the new stuff means trying to get a nice “bead” of mastic around the shower tray that not only looks semi-professional (I’ll be happy if it just goes on ok and looks ok) but does what it is supposed to do and stop water from getting into the gap between tray and tiled wall.</p>
<p>So I duly kicked off my task of scratching and scraping. After all of thirty seconds, I thought “there must be a better way… I can’t be the only one in the world wanting to remove mastic quickly and easily with minimum effort… There must be an alternative… to Google!!” (Yep, that’s how I think! Don’t you?)</p>
<p>One click later and I’m watching this video:</p>
<iframe width="640" height="360" src="https://www.youtube-nocookie.com/embed/ruxEhgI4NW4?controls=0&showinfo=0" frameborder="0" allowfullscreen=""></iframe>
<p>Sure picture quality is not the best, but after a 1 minute 50 second YouTube watch, I get the message: Spray the old mastic with WD40!!!</p>
<p>One trip to my garage later and I’m dousing the shower tray mastic with WD40…. Will it work, will it work, will it work?</p>
<h1 id="yes">Yes!</h1>
<p>The mastic is coming away from the shower tray and the wall tiles by itself! I can see it pealing away on it’s own! Well, that was easy!</p>
<p>Minimal scraping with a knife and a screwdrive and it was done.</p>
<p>To clean the WD40 off ready for the new mastic, I simply used white spirit applied using a paint brush (to get into all the nooks and crannies) and a sponge. I was soon ready to re-seal the shower tray in tripple quick time.</p>
<p>I applied my first bead of new mastic down the first side of the shower try rather badly. (I’m definitely no mastic professional!) Hmm, It needed a little smoothing. I <em>could</em> use a finger to smooth it. Hmm but I dont want to get mastic all over my finger, clothes, wall, (basically everywhere) as that’ll just make the bead look worse… Hmmm…</p>
<h1 id="i-know-wd40">I know… WD40!</h1>
<p>Quick spray of WD40 on my finger, quick smooth of the mastic and a semi-professional look was achieved! I’m no expert, but that’ll do me!</p>
<p>A job I had not at all been looking forward to make super simple by WD40.</p>
<p>I recommend you reach for the WD40 next time you need to re-mastic around your shower, bath, sink, whatever. You’ll be glad you did!</p>
<p>-Chris</p>
<p><em>(Not affiliated to WD40 in anyway, although open to offers)</em>
<img style="display: block; margin-left: auto; margin-right: auto;" alt="WD40 Bike" src="/images/wd40-mastic/wd40-01.png" /></p>
<p><a href="https://polarclouds.co.uk/wd40-mastic/">(Away from the Keyboard) WD40 Mastic Pro Tip</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on September 26, 2016.</p>
https://polarclouds.co.uk/win-2016-nano-vmware2016-05-12T19:00:00+01:002016-05-12T19:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="ESXi Memory Load" src="/images/win-2016-nano-vmware/2016vm00.png" />
So this little titbit got me interested:</p>
<blockquote>
<p>Microsoft released Windows Server 2016 Technical Preview 5 on April 27, a test build that includes Nano Server as an installation option. First announced a year ago, Nano Server is a container- and cloud-friendly version of Windows Server that dispenses with the GUI, 32-bit support and other software components that compete for CPU cycles.</p>
<p>This week, Microsoft has incorporated Nano Server as a deployment option on both the Standard and Datacenter editions of Windows Server 2016 Technical Preview 5.</p>
<p>“It is a remotely managed option similar to Windows Server in Server Core mode, but significantly smaller, has no local logon capability, and only supports 64-bit applications, tools, and agents,” according to an online support document. “It takes up far less disk space, sets up significantly faster, and requires far fewer updates and restarts than Windows Server with the full desktop experience.” According to Microsoft’s estimates, Nano Server’s image is 25 times smaller than that of a full Windows Server image with desktop functionality.</p>
</blockquote>
<p>From: <a href="http://www.eweek.com/enterprise-apps/microsoft-adds-nano-server-option-to-windows-server-2016.html">http://www.eweek.com/enterprise-apps/microsoft-adds-nano-server-option-to-windows-server-2016.html</a></p>
<p>Which prompted:</p>
<center><blockquote class="twitter-tweet" data-lang="en"><p lang="en" dir="ltr">But will 2016 nano server run in VMware VM? <a href="https://twitter.com/hashtag/ChallengeAccepted?src=hash">#ChallengeAccepted</a> <a href="https://t.co/5M8YaNVGiy">https://t.co/5M8YaNVGiy</a></p>— Chris Hall (@chall32) <a href="https://twitter.com/chall32/status/727760854352056320">May 4, 2016</a></blockquote>
<script async="" src="//platform.twitter.com/widgets.js" charset="utf-8"></script></center>
<p>To which I received the following unexpected reply:</p>
<center><blockquote class="twitter-tweet" data-conversation="none" data-lang="en"><p lang="en" dir="ltr"><a href="https://twitter.com/chall32">@chall32</a> I didn't test that but it should and if it doesn't - let us know and we'll get on that.</p>— jsnover (@jsnover) <a href="https://twitter.com/jsnover/status/727854630089031682">May 4, 2016</a></blockquote>
<script async="" src="//platform.twitter.com/widgets.js" charset="utf-8"></script></center>
<p>Wow!! Wasn’t expecting that :o)</p>
<p>For those of you unfamilliar with Jeffery Snover, take a look at: <a href="http://www.jsnover.com/about.html">www.jsnover.com</a>. Yes, Jeffery Snover INVENTED Windows Powershell!!!</p>
<p>….I guess I better get <del>playing</del> sorry testing then!!</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#the-vms" id="markdown-toc-the-vms">The VMs</a></li>
<li><a href="#2016-mgmt-vm-install" id="markdown-toc-2016-mgmt-vm-install">2016-MGMT VM Install</a></li>
<li><a href="#nano-server-image-build" id="markdown-toc-nano-server-image-build">Nano Server Image Build</a></li>
<li><a href="#2016-nano-vm-config" id="markdown-toc-2016-nano-vm-config">2016-NANO VM Config</a></li>
<li><a href="#testing" id="markdown-toc-testing">Testing</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<p>So first off, lets create a standard Server 2016 VM, inside of which we will build our nano server image for deployment to a second VMware VM. Ultimately we will also need the first VM to manage the nano server VM once it is up and running.</p>
<h2 id="the-vms">The VMs</h2>
<p>To keep things nice and simple, I’ll name our two VMware VMs as follows:</p>
<ul>
<li>2016-MGMT - Our Nano server image build server and Hyper-V management server</li>
<li>2016-NANO - Our Nano Server VM itself</li>
</ul>
<p>I’m using VMware Workstation 12 for the moment. I will keep the testing on ESXi for another day.</p>
<h2 id="2016-mgmt-vm-install">2016-MGMT VM Install</h2>
<p>All standard stuff. For the VMware VM configuration (I used Windows 10 x64 in the VM’s guest O/S config):</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="VM Config" src="/images/win-2016-nano-vmware/2016vm01.png" /></p>
<p>Hookup 2016 Server Tech Preview 5 iso image and boot the 2016-MGMT VM:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="2016 TP5 Welcome" src="/images/win-2016-nano-vmware/2016vm02.png" /></p>
<p>As this VM is going to be our nano build and management VM, lets go for the full desktop experience:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="2016 TP5 Which Install" src="/images/win-2016-nano-vmware/2016vm03.png" /></p>
<p>Let the install complete, and thats that for the time being.</p>
<h2 id="nano-server-image-build">Nano Server Image Build</h2>
<p>Logon to 2016-MGMT and complete the following:</p>
<p>Copy \NanoServerImageGenerator folder in the Windows Server Technical Preview ISO to a folder on your hard drive. I copied mine to C:\NanoServerImageGenerator</p>
<p>Start Windows PowerShell as an administrator and cd to C:\NanoServerImageGenerator</p>
<p>Tweak the execution policy: <code class="language-plaintext highlighter-rouge">Set-ExecutionPolicy RemoteSigned</code></p>
<p>Import the NanoServerImageGenerator Powershell module: <code class="language-plaintext highlighter-rouge">Import-Module .\NanoServerImageGenerator.psd1 -verbose</code></p>
<p>Issue the following command to create the Nano Hyper-V boot image:
<code class="language-plaintext highlighter-rouge">New-NanoServerImage -Edition Standard -DeploymentType Host -MediaPath d:\ `</code>
<code class="language-plaintext highlighter-rouge">-TargetPath .\2016-NANO.vhd -ComputerName 2016-NANO -OEMDrivers -Compute</code></p>
<p>Where:<br />
<strong>-Edition</strong> Standard or Datacenter - In our case Standard<br />
<strong>-DeploymentType</strong> Host or Guest - In our case Host<br />
<strong>-MediaPath</strong> specifies a path to the root of the contents of the Technical Preview ISO - In our case d:\ <br />
<strong>-TargetPath</strong> specifies a path, including the filename and extension, where the resulting VHD or VHDX will be created. In our case the current folder<br />
<strong>-ComputerName</strong> is the computer name for the Nano Server you are creating. In our case “2016-NANO”<br />
<strong>-OEMDrivers</strong> Basic drivers for a variety of network adapters and storage controllers. This is the same set of drivers included in a Server Core installation of Windows Server 2016 Technical Preview<br />
<strong>-Compute</strong> enables the Hyper-V role<br /></p>
<p>Which looks like this:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Powershell Output" src="/images/win-2016-nano-vmware/2016vm04.png" /></p>
<p>Looking in the folder, we can see we have indeed created a 2016 Nano Server image:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Folder of files" src="/images/win-2016-nano-vmware/2016vm05.png" /></p>
<p>OK, so we have a Windows .vhd virtual disk file. How can we convert this to a VMware .vmdk virtual disk file?</p>
<p>Easy! Use WinImage <a href="http://www.winimage.com">www.winimage.com</a> to convert the disk file.</p>
<p>Install WinImage on to 2016-MGMT VM, Open WinImage, click “Disk” and “Convert Virtual Hard Disk Image”, Select file type “Virtual Hard Disk (.vhd)” under file type field, open the 2016-NANO.vhd file, select “Create Fixed Size Virtual Hard Disk”, Select file type “VMware VMDK (.vmdk)” under file type field.
Choose the folder where the destination virtual disk will be created, type the virtual disk name and then click “Save”.</p>
<p>Give it time to convert:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="WinImage Convert" src="/images/win-2016-nano-vmware/2016vm06.png" /></p>
<p>Copy out the resulting .vmdk file to the host system.</p>
<h2 id="2016-nano-vm-config">2016-NANO VM Config</h2>
<p>Simply create another VM called 2016-NANO with the same hardware make up as 2016-MGMT (as detailed above), however when prompted to create a new virtual disk, select “use existing virtual disk” and point the VMware VM creation wizard to the .vmdk file created using WinImage earlier.</p>
<p>Before starting the 2016-NANO VM for the first time, there is a quick tweak needed to allow us to run Hyper-V VMs under VMware Workstation. That is we need to enable the visualisation engine in the VM’s settings within VMware:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Enable Virtualisation Engine" src="/images/win-2016-nano-vmware/2016vm07.png" /></p>
<h2 id="testing">Testing</h2>
<p>Time to power on the the 2016-NANO VM to see if it runs….</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="It runs! " src="/images/win-2016-nano-vmware/2016vm08.png" /></p>
<p>Sucess!!!!!
<br />
<br />
Next time: Configuring the 2016-NANO’s networking and managing it from our 2016-MGMT VM.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/win-2016-nano-vmware/">Windows 2016 Nano Hyper-V Server in a VMware Virtual Machine</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on May 12, 2016.</p>
https://polarclouds.co.uk/esxi-memory-house-load2016-02-12T18:00:00+00:002016-02-12T18:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="ESXi Memory Load" src="/images/esxi-memory-house-load/esxiload00.png" />
What is an “in house load”?<br />
Well first off, it’s got nothing to do with this guy:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Dr House" src="/images/esxi-memory-house-load/esxiload01.jpeg" /></p>
<p>By way of an explanation:</p>
<p><strong><em>3.0 HOUSE LOAD OPERATION</em></strong> <br />
<em>A unit will be in house load operation when it is disconnected from the grid and feeding the power for its own auxiliaries.</em> <br />
From <a href="https://books.google.co.uk/books?id=Ns06BAAAQBAJ&lpg=PA900&ots=EgyayybWbH&dq=what%20is%20%22in-house%20load%22&pg=PA900#v=onepage&q=what%20is%20%22in-house%20load%22&f=false">Power Plant Instrumentation and Control Handbook</a></p>
<p>So extrapolating this out for VMware ESXi Server and memory; how much memory does ESXi use for itself?</p>
<p>Unfortunately VMware don’t seem to publish any figures for this value for the currently supported versions of ESXi available. This is more than likely because it is very much a hardware dependant figure. That is depending on the hardware make up of a physical server and hence the hardware drivers needed to run that hardware server “X” may consume more system memory than server “Y” running with a different hardware make up. Also, memory loading may change depending on the options you choose to run at ESXi level; for example iSCSI, NFS, etc.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#why-measure-esxi-memory-in-house-load" id="markdown-toc-why-measure-esxi-memory-in-house-load">Why Measure ESXi Memory In House Load?</a></li>
<li><a href="#the-test-rig" id="markdown-toc-the-test-rig">The Test Rig</a></li>
<li><a href="#esxi-versions-tested" id="markdown-toc-esxi-versions-tested">ESXi Versions Tested</a> <ul>
<li><a href="#esxi-51-memory-load" id="markdown-toc-esxi-51-memory-load">ESXi 5.1 Memory Load</a></li>
<li><a href="#esxi-55-memory-load" id="markdown-toc-esxi-55-memory-load">ESXi 5.5 Memory Load</a></li>
<li><a href="#esxi-60-memory-load" id="markdown-toc-esxi-60-memory-load">ESXi 6.0 Memory Load</a></li>
</ul>
</li>
<li><a href="#results" id="markdown-toc-results">Results</a></li>
<li><a href="#conclusions" id="markdown-toc-conclusions">Conclusions</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="why-measure-esxi-memory-in-house-load">Why Measure ESXi Memory In House Load?</h2>
<p>So this is the predicament I find myself in.</p>
<p>I have a stand-alone ESXi instance in the CH-Datacentre<sup>TM</sup> Lab that has 6GB of memory fitted:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Spongebob" src="/images/esxi-memory-house-load/esxiload02.png" /></p>
<p>As you can see, spongebob (yes my home lab naming scheme comes from a <a href="http://www.imdb.com/title/tt0206512/">certain cartoon</a>) is quite happy running with just over 512MB memory free. However that’s running ESXi 5.1… and ESXi 5.1 goes end of general support on <a href="http://www.vmware.com/files/pdf/support/Product-Lifecycle-Matrix.pdf">24 August 2016</a>.</p>
<p>So the question is, if I upgrade ESXi to 5.5, or even 6.0, how much of that 512MB free memory will a later version of ESXi eat into?</p>
<p>Sure, I could just purchase some more memory and be done with it…. Oh if it was that easy. You see the slightly elderly system board I have running ESXi seems to be rather fussy when it comes to memory DIMMs it will support. I would rather not spend hours down the rabbit hole of looking for supported DIMMs that will/will not work for potentially no reason. Surely newer versions of ESXi wont use <em>that</em> much more memory will they?</p>
<h2 id="the-test-rig">The Test Rig</h2>
<p>To get a level playing field, I configured a VMware Workstion 11 virtual machine with the following hardware make up:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Rig VM" src="/images/esxi-memory-house-load/esxiload03.png" /></p>
<p>4GB RAM, 2 CPU’s, 15GB HDD, 2 NICs and thats about it. Remember we are not interested in running VMs inside the test ESXi installs here.
The test ESXi installs were installed via .iso image, rebooted and had their IP addresses set by DHCP. No further ESXi configuration was made to them.</p>
<p>Sure this is probably a sketchy way of testing, and not particularly indicative of a real world example. However what we are looking for here are the differences in memory load in each version of ESXi across as level playing field as possible. Therefore our hardware config doesnt matter as long as it remains exactly the same across each test instance.</p>
<h2 id="esxi-versions-tested">ESXi Versions Tested</h2>
<p>Again, to try and get a level playing field, I’ve used the very latest builds of ESXi available at the time of writing. These are:</p>
<ul>
<li>ESXi 5.1 Build 3070626 - ESXi 5.1 Patch 8, released 01 October 2015</li>
<li>ESXi 5.5 Build 3343343 - ESXi 5.5 Express Patch 9, released 04 January 2016</li>
<li>ESXi 6.0 Build 3380124 - ESXi 6.0 Update 1b, released 07 January 2016</li>
</ul>
<p>When it comes to matching VMware build numbers to patches/updates and release dates, VMware <a href="http://kb.vmware.com/kb/1014508">KB1014508</a> is invaluable!</p>
<h3 id="esxi-51-memory-load">ESXi 5.1 Memory Load</h3>
<p>Using the above test rig and after letting the v5.1 ESXi install settle for 5 minutes, the following can be seen:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="ESXi 5.1" src="/images/esxi-memory-house-load/esxiload04.png" /></p>
<p><strong>ESXi 5.1 in house memory load is circa 1052MB</strong></p>
<h3 id="esxi-55-memory-load">ESXi 5.5 Memory Load</h3>
<p>Using the above test rig and after letting the v5.5 ESXi install settle for 5 minutes, the following can be seen:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="ESXi 5.5" src="/images/esxi-memory-house-load/esxiload05.png" /></p>
<p><strong>ESXi 5.5 in house memory load is circa 1157MB</strong></p>
<h3 id="esxi-60-memory-load">ESXi 6.0 Memory Load</h3>
<p>Using the above test rig and after letting the v6.0 ESXi install settle for 5 minutes, the following can be seen:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="ESXi 6.0" src="/images/esxi-memory-house-load/esxiload06.png" /></p>
<p><strong>ESXi 5.5 in house memory load is circa 1354MB</strong></p>
<h2 id="results">Results</h2>
<p>Putting the above findings into a table, the following can be seen:</p>
<div>
<style scoped="">
table{
margin: 0 auto;
width: 70%;
border-collapse: collapse;
border-spacing: 0;
border:1px solid #000000; }
th{
text-align: center;
padding: 2px;
border:1px solid #000000; }
td{
text-align: center;
padding: 2px;
border:1px solid #000000; }
tr:nth-child(even) {
background-color: #efefef;}
</style>
</div>
<table>
<thead>
<tr>
<th>ESXi Version</th>
<th>Build Number</th>
<th>In House Load (MB)</th>
<th>Difference to v5.1 (MB)</th>
<th>Difference to v5.5 (MB)</th>
<th>Difference to v6.0 (MB)</th>
</tr>
</thead>
<tbody>
<tr>
<td>5.1</td>
<td>3070626</td>
<td>1052MB</td>
<td>0</td>
<td>-105</td>
<td>-302</td>
</tr>
<tr>
<td>5.5</td>
<td>3343343</td>
<td>1157MB</td>
<td>+105</td>
<td>0</td>
<td>-197</td>
</tr>
<tr>
<td>6.0</td>
<td>3380124</td>
<td>1354MB</td>
<td>+302</td>
<td>+197</td>
<td>0</td>
</tr>
</tbody>
</table>
<h2 id="conclusions">Conclusions</h2>
<p>So what conclusions can we draw from this testing?</p>
<p>Well,</p>
<ul>
<li>ESXi in house memory load does appear to increase in later versions</li>
<li>The mean memory load increase across the 3 ESXi versions is in the region of 151MB per version when using the same hardware</li>
<li>The in house memory load increase is pretty good going when you consider the new features that came with <a href="http://kb.vmware.com/kb/2058665">vSphere 5.5</a> and <a href="http://kb.vmware.com/kb/2109816">vSphere 6.0</a></li>
</ul>
<p>Sure this testing was probably a bit sketchy and not all that indicative of ESXi running on actual hardware, but it is what it is and it is better than nothing at all.</p>
<p>As for my dilema of trying to upgrade yet not eat into too much of my current 512MB free memory, I think I’ll upgrade my ESXi to v5.5 :o)</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/esxi-memory-house-load/">VMware ESXi In House Memory Load</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 12, 2016.</p>
https://polarclouds.co.uk/android-app-data-backup-restore2016-01-18T18:00:00+00:002016-01-18T18:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Android Backup and Restore" src="/images/android-app-data-backup-restore/andbnr00.png" />
Probably a bit late for the Xmas/new year rush of new Android kit now… hey ho, I was going to write this post over the Xmas break… but there you go, better late than never.</p>
<p>So here is a great tip for backing up and restoring Android application data (including saved games!) or even copying those saved games to a new device. This method works for pretty much any Android app that comes as an install from the Google Play store. Nothing is more annoying that getting to level 9999 on Candy Crush (yeah I know exaggeration, but you get my drift) and then have to start again when you get a new device or your device suffers some other fate and all is lost…</p>
<p>The secret here is we are going to use the <a href="http://developer.android.com/tools/help/adb.html">Android Debug Bridge</a> to do the hard work for us. Whats more, we can complete all of this without having to <a href="https://en.wikipedia.org/wiki/Rooting_(Android_OS)">root</a> our devices!!</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#setting-up-android-debug-bridge-adb" id="markdown-toc-setting-up-android-debug-bridge-adb">Setting Up Android Debug Bridge (ADB)</a></li>
<li><a href="#enable-usb-debugging-on-your-device" id="markdown-toc-enable-usb-debugging-on-your-device">Enable USB Debugging On Your Device</a></li>
<li><a href="#choosing-what-to-back-up" id="markdown-toc-choosing-what-to-back-up">Choosing What to Back Up</a></li>
<li><a href="#backing-up-app-data" id="markdown-toc-backing-up-app-data">Backing Up App Data</a></li>
<li><a href="#restoring-app-data" id="markdown-toc-restoring-app-data">Restoring App Data</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h3 id="setting-up-android-debug-bridge-adb">Setting Up Android Debug Bridge (ADB)</h3>
<p>There are loads and loads of guides on the internet to help you set up ADB. I highly recommend using the <a href="http://forum.xda-developers.com/showthread.php?t=2317790">Minimal ADB and Fastboot Tool</a> to save on downloading the whole Android emulator stack.</p>
<p><a href="http://lifehacker.com/the-easiest-way-to-install-androids-adb-and-fastboot-to-1586992378">This guide</a> to setting up ADB covers Windows, OS X and Linux.</p>
<p>Personally, I use my Linux Mint laptop to do all things Android / ADB using the <a href="http://community.linuxmint.com/software/view/android-tools-adb">android-tools-adb</a> package. Android under Windows is a pain what with device drivers and all that faff. Linux is nice, just plug in you device and away you go.</p>
<h3 id="enable-usb-debugging-on-your-device">Enable USB Debugging On Your Device</h3>
<p>Again, have a look at <a href="http://adbdriver.com/documentation/how-to-enable-usb-debugging-mode-on-android-devices.html">this guide</a> to enabling USB debuging on your device. Simple.</p>
<h3 id="choosing-what-to-back-up">Choosing What to Back Up</h3>
<p>This should be the easy part! You know what games / apps you want to back up right? OK, for the sake of an example lets use <a href="https://play.google.com/store/apps/details?id=biz.mtoy.blockpuzzle.revolution">Block Puzzle</a> as an example app for the backup and restore process.</p>
<p>I need to find the app’s package name as it would be installed on the device. The simplest way I’ve found to find an app’s package name is look at the app’s entry in google play. Specifically the URL.</p>
<p>Using our example: <a href="https://play.google.com/store/apps/details?id=biz.mtoy.blockpuzzle.revolution">https://play.google.com/store/apps/details?id=biz.mtoy.blockpuzzle.revolution</a>. From this I can tell that the app’s package name is “biz.mtoy.blockpuzzle.revolution”. Make a note of the package name.</p>
<p>The reason I chose block puzzle is that yep, I have just 1 or 360 plus completed levels on my Nexus 5 so far:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="ADB01" src="/images/android-app-data-backup-restore/andbnr01.png" /></p>
<h3 id="backing-up-app-data">Backing Up App Data</h3>
<p>Right, so you:</p>
<ul>
<li>have adb installed.</li>
<li>have enabled USB debugging on your device</li>
<li>know the package names of the apps with data that what you want to backup</li>
</ul>
<p>Lets double check that we have visibility of the device via ADB using the command:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">adb devices</code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="ADB02" src="/images/android-app-data-backup-restore/andbnr02.png" /></p>
<p>You should see a device listed as shown above. Your device ID will be different to mine.</p>
<p>On to the backup. The adb data backup command takes this form:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">adb backup -f <Backup-File> <Package-Name></code></pre></figure>
<p>So plumbing block puzzle into this command:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">adb backup -f biz.mtoy.blockpuzzle.revolution.ab biz.mtoy.blockpuzzle.revolution</code></pre></figure>
<p><em>biz.mtoy.blockpuzzle.revolution.ab</em> is the name of my data back up file
<em>biz.mtoy.blockpuzzle.revolution</em> is the name of app whos data we are backing up</p>
<p>I like to name my data backup files to match the package name as that make sense to me. You can call your data backup files whatever you like!</p>
<p>Like this:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="ADB03" src="/images/android-app-data-backup-restore/andbnr03.png" /></p>
<p>At the device end:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="ADB04" src="/images/android-app-data-backup-restore/andbnr04.png" /></p>
<p>Just hit “BACKUP MY DATA” and give it a moment. The size of backup data varies from app to app. Some mamage a few kB. The biggest backup I’ve seen is around the 50MB mark!</p>
<p>Double checking backup file size on my laptop, it looks like we have application data from the device!
<img style="display: block; margin-left: auto; margin-right: auto;" alt="ADB05" src="/images/android-app-data-backup-restore/andbnr05.png" /></p>
<p>Repeat the command for any other application data you would like to backup.</p>
<h3 id="restoring-app-data">Restoring App Data</h3>
<p>First off, install the application as normal. For the demo restore here, I’m going to restore my saved games from my Nexus 5 phone to another device, my Nexus 7 (2012) tablet.</p>
<p>So install the app:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="ADB06" src="/images/android-app-data-backup-restore/andbnr06.png" /></p>
<p>Oh no’s! No saved games (as expected):
<img style="display: block; margin-left: auto; margin-right: auto;" alt="ADB07" src="/images/android-app-data-backup-restore/andbnr07.png" /></p>
<p>No fear. The ADB data restore command takes this form:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">adb restore <Backup-File></code></pre></figure>
<p>So plumbing block puzzle into this command:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">adb restore biz.mtoy.blockpuzzle.revolution.ab</code></pre></figure>
<p>Like this:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="ADB08" src="/images/android-app-data-backup-restore/andbnr08.png" /></p>
<p>At the tablet end:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="ADB09" src="/images/android-app-data-backup-restore/andbnr09.png" /></p>
<p>Hit “RESTORE MY DATA” and give it a moment.</p>
<p>Lets launch block puzzle again and check.</p>
<p>Winner, winner:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="ADB10" src="/images/android-app-data-backup-restore/andbnr10.png" /></p>
<p>Right I’m off to play block puzzle on my tablet… :o)</p>
<p>Till the next time.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/android-app-data-backup-restore/">Root Free Android App Data Backup and Restore</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 18, 2016.</p>
https://polarclouds.co.uk/booting-acronis-via-wds2016-01-12T18:40:00+00:002016-01-12T18:40:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Windows 2012R2 Logo" src="/images/booting-acronis-via-wds/wdsacron00.png" />
Previously we configured a Windows 2012R2 Windows Deployment Services (WDS) Server to deploy Windows installations over the network. In case you missed it, have a read <a href="/windows-2012r2-wds/">here</a> to see what we did.</p>
<p>Next we upgraded our WDS server setup to also deploy VMware ESXi. Have a read <a href="/deploying-vmware-esxi-via-wds/">here</a> to see what we did.</p>
<p>Finally, we then upgraded our WDS server to allow us to quickly boot Windows Preinstallation Environment (WinPE) as discussed <a href="/booting-winpe-via-wds/">here</a> to allow some quick booting diagnostics.</p>
<p>Today lets finish off WDS and look at booting <a href="http://www.acronis.com/en-gb/business/enterprise-solutions/server-partition-management/">Acronis Disk Director</a> (ADD) via WDS server.</p>
<p>As the (current) latest version (version 12) of ADD does not support manipulation of Windows Sever partitions, I’m going to concentrate on ADD versions v11 and v10. Why two versions? Simple. ADD v11 supports pretty much any hardware server you boot it on apart from some elderly IBM servers. As I still get involved in supporting some pretty elderly IBM servers, I will include ADD v10 in this guide too.</p>
<p>The good news is that the process is <em>exactly the same</em> for both v10 and v11 !</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#extracting-acronis-bootable-images" id="markdown-toc-extracting-acronis-bootable-images">Extracting Acronis Bootable Images</a></li>
<li><a href="#adding-acronis-bootable-images-to-wds" id="markdown-toc-adding-acronis-bootable-images-to-wds">Adding Acronis Bootable Images to WDS</a></li>
<li><a href="#testing-acronis-disk-director-boot-from-windows-deployment-services-server" id="markdown-toc-testing-acronis-disk-director-boot-from-windows-deployment-services-server">Testing Acronis Disk Director Boot from Windows Deployment Services Server</a> <ul>
<li><a href="#acronis-disk-director-v11" id="markdown-toc-acronis-disk-director-v11">Acronis Disk Director v11</a></li>
<li><a href="#acronis-disk-director-v10" id="markdown-toc-acronis-disk-director-v10">Acronis Disk Director v10</a></li>
</ul>
</li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h2 id="extracting-acronis-bootable-images">Extracting Acronis Bootable Images</h2>
<p>First step is to extract the requied files from your Acronis ISO images. For this I am going to use <a href="https://www.ezbsystems.com/ultraiso/">UltraISO</a>. As you can see there is a trial version available.</p>
<p>On first opening an ADD ISO image, there isn’t a lot to be seen:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add ADD to WDS 1" src="/images/booting-acronis-via-wds/wdsacron01.png" /></p>
<p>No problem. The contents are hidden.</p>
<p>Click <strong>Bootable</strong> and <strong>Save Boot File…</strong>
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add ADD to WDS 2" src="/images/booting-acronis-via-wds/wdsacron02.png" /></p>
<p>Give the file a name and hit save:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add ADD to WDS 3" src="/images/booting-acronis-via-wds/wdsacron03.png" /></p>
<p>Open the file saved above in UltraISO:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add ADD to WDS 4" src="/images/booting-acronis-via-wds/wdsacron04.png" /></p>
<p>Hey presto, we have some files:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add ADD to WDS 5" src="/images/booting-acronis-via-wds/wdsacron05.png" /></p>
<p>Find and extract the files <strong>dat2.dat</strong> and <strong>dat3.dat</strong>
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add ADD to WDS 6" src="/images/booting-acronis-via-wds/wdsacron06.png" /></p>
<p>Rename the files as follows:</p>
<ul>
<li>dat2.dat » ramdisk.dat</li>
<li>dat3.dat » kernel.dat</li>
</ul>
<h2 id="adding-acronis-bootable-images-to-wds">Adding Acronis Bootable Images to WDS</h2>
<p>Create a folder on your WDS server under C:\RemoteInstall\Boot and copy the two dat files into it. For example, I went with <strong>C:\RemoteInstall\Boot\x64\AcronisDD11</strong> for v11:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add ADD to WDS 7" src="/images/booting-acronis-via-wds/wdsacron07.png" /></p>
<p>And <strong>C:\RemoteInstall\Boot\x64\AcronisDD10</strong> for v10:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add ADD to WDS 7a" src="/images/booting-acronis-via-wds/wdsacron07a.png" /></p>
<p>Finally, add the following to your C:\RemoteInstall\Boot\x64\pxelinux.cfg\default file:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text"># Option 4 - Boot Acronis Disk Director 11.0
LABEL Acronis DD11
MENU LABEL Acronis ^Disk Director 11.0
KERNEL /AcronisDD11/kernel.dat
APPEND initrd=/AcronisDD11/ramdisk.dat ramdisk_size=65536 vga=791 root=/dev/ram0 quiet
# Option 5 - Boot Acronis Disk Director 10.0
LABEL Acronis DD10
MENU LABEL ^Acronis Disk Director 10.0
KERNEL /AcronisDD10/kernel.dat
APPEND initrd=/AcronisDD10/ramdisk.dat ramdisk_size=65536 vga=791 root=/dev/ram0 quiet</code></pre></figure>
<p>Dont forget to also copy the files to C:\RemoteInstall\Boot\x86\ folders and to make the equivalent changes to your C:\RemoteInstall\Boot\x86\pxelinux.cfg\default file to add support for 32 bit machines.</p>
<h2 id="testing-acronis-disk-director-boot-from-windows-deployment-services-server">Testing Acronis Disk Director Boot from Windows Deployment Services Server</h2>
<h3 id="acronis-disk-director-v11">Acronis Disk Director v11</h3>
<p>Lets take this for a test spin:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add ADD to WDS 8" src="/images/booting-acronis-via-wds/wdsacron08.png" /></p>
<p>Looking good:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add ADD to WDS 9" src="/images/booting-acronis-via-wds/wdsacron09.png" /></p>
<p>Yep, all good:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add ADD to WDS 10" src="/images/booting-acronis-via-wds/wdsacron10.png" /></p>
<h3 id="acronis-disk-director-v10">Acronis Disk Director v10</h3>
<p>Looking good:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add ADD to WDS 11" src="/images/booting-acronis-via-wds/wdsacron11.png" /></p>
<p>Yep, all good:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add ADD to WDS 12" src="/images/booting-acronis-via-wds/wdsacron12.png" /></p>
<p>So there we have it. WDS done!</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/booting-acronis-via-wds/">Booting Acronis Disk Director from Windows Deployment Services Server</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 12, 2016.</p>
https://polarclouds.co.uk/booting-winpe-via-wds2015-12-22T20:15:00+00:002015-12-22T20:15:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Windows 2012R2 Logo" src="/images/booting-winpe-via-wds/wdswinpe00.png" />
Previously we configured a Windows 2012R2 Windows Deployment Services (WDS) Server to deploy Windows installations over the network. In case you missed it, have a read <a href="/windows-2012r2-wds/">here</a> to see what we did.</p>
<p>Next, we upgraded our WDS server setup to also deploy VMware ESXi. Again have a read <a href="/deploying-vmware-esxi-via-wds/">here</a> to see what we did next.</p>
<p>Now it’s time use our WDS server to allow us to quickly boot some diagnostic tools.</p>
<p>This time: Windows Preinstallation Environment (WinPE).</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#windows-preinstallation-environment-preamble" id="markdown-toc-windows-preinstallation-environment-preamble">Windows Preinstallation Environment Preamble</a></li>
<li><a href="#adding-win7pe-to-wds-server" id="markdown-toc-adding-win7pe-to-wds-server">Adding Win7PE to WDS Server</a></li>
<li><a href="#booting-winpe-from-wds-server" id="markdown-toc-booting-winpe-from-wds-server">Booting WinPE from WDS Server</a></li>
<li><a href="#fixing-the-boot-files-for-this-architecture-are-not-installed-on-the-server-error" id="markdown-toc-fixing-the-boot-files-for-this-architecture-are-not-installed-on-the-server-error">Fixing “The boot files for this architecture are not installed on the server” Error</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h3 id="windows-preinstallation-environment-preamble">Windows Preinstallation Environment Preamble</h3>
<p>For those unfamiliar with it, Windows Preinstallation Environment (WinPE) is a lightweight version of Windows used for the deployment of PCs, workstations, and servers, or troubleshooting an operating system while it is offline. More info <a href="https://en.wikipedia.org/wiki/Windows_Preinstallation_Environment">here</a>.</p>
<p>For this, I’ll use my (now ancient) Windows 7 Preinstallation Environment (Win7PE) image I built with <a href="http://winbuilder.net/">WinBuilder</a> back in 2009. I’m not going to cover the creation of a Windows PE image here as there are plenty of guides out there that can show you how to create your own Win7PE image.</p>
<p>One such guide is here:</p>
<iframe width="560" height="315" src="https://www.youtube.com/embed/2vCyIIqkeiM"> </iframe>
<p><br />
Although WinPE is described as being “lightweight” you can still end up with quite a hefty image to boot from. Certainly my old Win7PE ISO image weighs in at just over 370MB. Because of this, booting WinPE from CD/DVD is not quick.</p>
<h3 id="adding-win7pe-to-wds-server">Adding Win7PE to WDS Server</h3>
<p>Lets speed up the time it takes for us to boot a Win7PE diagnostic CD/DVD.</p>
<p>On you WDS Server, open Windows Deployment Services tool (Start > Administrative Tools > Windows Deployment Services), expand the tree, right click Boot Images and select “Add Boot Image”:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Win7PE to WDS 1" src="/images/booting-winpe-via-wds/wdswinpe01.png" /></p>
<p>Insert / mount your Win7PE CD/DVD. Browse to the sources folder on the CD and click next:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Win7PE to WDS 2" src="/images/booting-winpe-via-wds/wdswinpe02.png" /></p>
<p>Enter a name and description for your Win7PE boot image:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Win7PE to WDS 3" src="/images/booting-winpe-via-wds/wdswinpe03.png" /></p>
<p>Click Next if all looks OK:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Win7PE to WDS 4" src="/images/booting-winpe-via-wds/wdswinpe04.png" /></p>
<p>Ahh a problem…
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Win7PE to WDS 5" src="/images/booting-winpe-via-wds/wdswinpe05.png" /></p>
<p>The fix for the error “The boot files for this architecture are not installed on the server” is detailed <a href="#fixing-the-boot-files-for-this-architecture-are-not-installed-on-the-server-error">below</a>.</p>
<p>Try again…
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Win7PE to WDS 6" src="/images/booting-winpe-via-wds/wdswinpe06.png" /></p>
<p>Done. A quick double check:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Win7PE to WDS 7" src="/images/booting-winpe-via-wds/wdswinpe07.png" /></p>
<p>Looks good.</p>
<h3 id="booting-winpe-from-wds-server">Booting WinPE from WDS Server</h3>
<p>PXE boot your machine as normal. Choose “Windows Deployment Services Boot” (feel free change the menu item to something like “Windows Deployment Services / Windows Preinstallation Boot” if you like):
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Win7PE to WDS 8" src="/images/booting-winpe-via-wds/wdswinpe08.png" /></p>
<p>Select Win7PE:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Win7PE to WDS 9" src="/images/booting-winpe-via-wds/wdswinpe09.png" /></p>
<p>Give it a minute:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Win7PE to WDS 10" src="/images/booting-winpe-via-wds/wdswinpe10.png" /></p>
<p>Job’s a good-un:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Win7PE to WDS 11" src="/images/booting-winpe-via-wds/wdswinpe11.png" /></p>
<p>Well there you have it, network booting Windows Preinstallation Environment based diagnostics. Sooo much quicker to boot than a disc of spinning plastic! (CD/DVD etc)</p>
<p>Next time Acronis Disk Director and other tools.</p>
<p>-Chris</p>
<p><br /></p>
<p><br /></p>
<p><br /></p>
<h3 id="fixing-the-boot-files-for-this-architecture-are-not-installed-on-the-server-error">Fixing “The boot files for this architecture are not installed on the server” Error</h3>
<p>What looks like quite a catastrophic error is actually quite easily fixed. Remember where we added our PXElinux files to our WDS sever <a href="/deploying-vmware-esxi-via-wds/#step-1-wds-client-boot-image">here</a>?
Well, we need to temporarily back the boot file change out thus allowing us to add boot images to our WDS server.</p>
<p>Open explorer and browse to C:\RemoteInstall\Boot\x86.</p>
<p>Find the file pxeboot.0 and copy it to a new file called pxeboot.n12.</p>
<p>Next run the following from an administrative command prompt:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">wdsutil /set-server /bootprogram:boot\x86\pxeboot.n12 /architecture:x86
wdsutil /set-server /N12bootprogram:boot\x86\pxeboot.n12/architecture:x86
net stop wdsserver
net start wdsserver </code></pre></figure>
<p>Have another go at adding <a href="#adding-win7pe-to-wds-server">Win7PE to WDS</a></p>
<p>Once complete, don’t forget to swap the boot files back:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">wdsutil /set-server /bootprogram:boot\x64\pxelinux.0 /architecture:x64
wdsutil /set-server /N12bootprogram:boot\x64\pxelinux.0 /architecture:x64
net stop wdsserver
net start wdsserver</code></pre></figure>
<p><br /></p>
<p><a href="https://polarclouds.co.uk/booting-winpe-via-wds/">Booting Windows Preinstallation Environment Diagnostics from Windows Deployment Services Server</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on December 22, 2015.</p>
https://polarclouds.co.uk/deploying-vmware-esxi-via-wds2015-12-15T19:00:00+00:002015-12-15T19:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Windows 2012R2 Logo" src="/images/deploying-vmware-esxi-via-wds/wdsesxi.png" />
Last time we configured a Windows 2012R2 Windows Deployment Services (WDS) Server to deploy Windows installations over the network. All pretty standard stuff.</p>
<p>In case you missed it, have a read <a href="/windows-2012r2-wds/">here</a> to see what we did.</p>
<p>Now it’s time use our WDS server to deploy something other than (boring old) Windows. Yep, lets start pushing WDS to do something else.</p>
<p>This time: Deploy VMware ESXi.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#step-1-wds-client-boot-image" id="markdown-toc-step-1-wds-client-boot-image">Step 1: WDS Client Boot Image</a></li>
<li><a href="#step-2-testing-pxelinux-booting" id="markdown-toc-step-2-testing-pxelinux-booting">Step 2: Testing PXElinux Booting</a></li>
<li><a href="#step-3-adding-vmware-esxi-image-to-wds-server" id="markdown-toc-step-3-adding-vmware-esxi-image-to-wds-server">Step 3: Adding VMware ESXi Image to WDS Server</a></li>
<li><a href="#deploying-esxi-via-windows-deployment-services-server" id="markdown-toc-deploying-esxi-via-windows-deployment-services-server">Deploying ESXi via Windows Deployment Services Server</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h3 id="step-1-wds-client-boot-image">Step 1: WDS Client Boot Image</h3>
<p>First off we need to extend the boot mechanism used by the WDS clients as the standard Microsoft boot image is only really any good for deploying Windows. We do this by replacing the standard Windows PXE boot image with a <a href="http://www.syslinux.org/wiki/index.php/PXELINUX">PXElinux</a> boot image. PXElinux is a lightweight bootloader for network booting. It is closely related to Syslinux used for standard filesystem booting (hard drives, floppies etc) and Isolinux used for booting from CD’s, DVD’s etc.</p>
<p>First off, download a copy of Syslinux v4.07 from <a href="https://www.kernel.org/pub/linux/utils/boot/syslinux/">here</a>. Yes, later versions are available, but v4.07 is known to work with WDS, so v4.07 it is.</p>
<p>From the zip we need the following four files:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">syslinux-4.07.zip\core\pxelinux.0
syslinux-4.07.zip\com32\chain\chain.c32
syslinux-4.07.zip\com32\menu\menu.c32
syslinux-4.07.zip\com32\menu\vesamenu.c32</code></pre></figure>
<p>Extract them into a temporary folder for ease:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="pxelinux boot files 1" src="/images/deploying-vmware-esxi-via-wds/wdsesxi01.png" /></p>
<p>Then copy the four files into our remote install boot folders, here:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">C:\RemoteInstall\Boot\x86\</code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="pxelinux boot files 2" src="/images/deploying-vmware-esxi-via-wds/wdsesxi02.png" /></p>
<p>And here:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">C:\RemoteInstall\Boot\x64\</code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="pxelinux boot files 3" src="/images/deploying-vmware-esxi-via-wds/wdsesxi03.png" /></p>
<p>Rename the Microsoft pxeboot.n12 files to pxeboot.0 to allow them to be called from PXElinux:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">rename C:\RemoteInstall\Boot\x86\pxeboot.n12 pxeboot.0
rename C:\RemoteInstall\Boot\x64\pxeboot.n12 pxeboot.0</code></pre></figure>
<p>Create two additional folders called pxelinux.cfg</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">mkdir C:\RemoteInstall\Boot\x86\pxelinux.cfg
mkdir C:\RemoteInstall\Boot\x64\pxelinux.cfg </code></pre></figure>
<p>Within each pxelinux.cfg folder, create a file called default with no extension:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="pxelinux boot files 4" src="/images/deploying-vmware-esxi-via-wds/wdsesxi04.png" /></p>
<p>These default files will be the menu files seen when the WDS clients boot. We have separate menus for x64 and x86 bootable clients.</p>
<p>Paste the following text into the C:\RemoteInstall\Boot\x86\pxelinux.cfg\default menu file:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">DEFAULT menu.c32
PROMPT 0
MENU TITLE Chris' WDS PXE Boot Menu (x86)
MENU AUTOBOOT Starting Local System in 10 seconds
# Option 1 - Exit WDS PXE Linux & Boot Normally
LABEL bootlocal
MENU LABEL ^Boot Normally
MENU default
LOCALBOOT 0
TIMEOUT 100
TOTALTIMEOUT 9000
# Option 2 - Run WDS
LABEL wds
MENU LABEL ^Windows Deployment Services Boot
KERNEL pxeboot.0</code></pre></figure>
<p>Paste the following text into the C:\RemoteInstall\Boot\x64\pxelinux.cfg\default menu file:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">DEFAULT menu.c32
PROMPT 0
MENU TITLE Chris' WDS PXE Boot Menu (x64)
MENU AUTOBOOT Starting Local System in 10 seconds
# Option 1 - Exit WDS PXE Linux & Boot Normally
LABEL bootlocal
MENU LABEL ^Boot Normally
MENU default
LOCALBOOT 0
TIMEOUT 100
TOTALTIMEOUT 9000
# Option 2 - Run WDS
LABEL wds
MENU LABEL ^Windows Deployment Services Boot
KERNEL pxeboot.0</code></pre></figure>
<p>Run an administrative command prompt and paste in the following commands to tell WDS server to use the syslinux provided pxelinux.0 files for client booting:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">wdsutil /set-server /bootprogram:boot\x86\pxelinux.0 /architecture:x86
wdsutil /set-server /N12bootprogram:boot\x86\pxelinux.0 /architecture:x86
wdsutil /set-server /bootprogram:boot\x64\pxelinux.0 /architecture:x64
wdsutil /set-server /N12bootprogram:boot\x64\pxelinux.0 /architecture:x64</code></pre></figure>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="pxelinux boot files 5" src="/images/deploying-vmware-esxi-via-wds/wdsesxi05.png" /></p>
<p>Finally, restart the WDS server service:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="pxelinux boot files 6" src="/images/deploying-vmware-esxi-via-wds/wdsesxi06.png" /></p>
<p>Ready to test!</p>
<h3 id="step-2-testing-pxelinux-booting">Step 2: Testing PXElinux Booting</h3>
<p>Before we move onto ESXi, lets check that WDS is pushing PXElinux and that our clients can still run WDS installs.</p>
<p>Upon PXE booting a client you should see the following menu appear:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="pxelinux test 1" src="/images/deploying-vmware-esxi-via-wds/wdsesxi07.png" /></p>
<p>Selecting <em>Boot Normally</em> should quit the menu and allow the client to boot from internal disk(s) whilst selecting <em>Windows Deployment Services Boot</em> should tell the client to carry on with a WDS boot and Windows install, same as before.</p>
<h3 id="step-3-adding-vmware-esxi-image-to-wds-server">Step 3: Adding VMware ESXi Image to WDS Server</h3>
<p>As I’m intending to deploy ESXi v5.5 Update 3b installs via my WDS server, my folder structure will be:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">C:\RemoteInstall\Boot\x64\ESXi\5.5u3b </code></pre></figure>
<p>You can choose to use whatever folder structure you like under C:\RemoteInstall\Boot\x64\ As I say, I’m deploying ESXi 5.5 Upadte 3b so this folder structure makes sense to me.</p>
<p>Extract your ESXi iso file to your chosen folder:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add ESXi files 1" src="/images/deploying-vmware-esxi-via-wds/wdsesxi08.png" /></p>
<p>Once extraction has completed, open the BOOT.CFG file from your ESXi folder with notepad.</p>
<p>We need to append our boot path to all the files listed in this file. This path needs to match the path of our ESXi files.</p>
<p>I’m lazy, so I just CTRL-H (find and replace), complete the two boxes and hit Replace All:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add ESXi files 2" src="/images/deploying-vmware-esxi-via-wds/wdsesxi09.png" /></p>
<p>Voila:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add ESXi files 3" src="/images/deploying-vmware-esxi-via-wds/wdsesxi10.png" /></p>
<p>Save and close BOOT.CFG.</p>
<p>Finally, add an entry the C:\RemoteInstall\Boot\x64\pxelinux.cfg\default menu file:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text"># Option 3 - Install ESXi 5.5 Update 3b
LABEL ESXi5.5u3
MENU label ^ESXi5.5 Update 3b - Build 3248547 Installer
KERNEL /ESXi/5.5u3b/MBOOT.C32
APPEND -c /ESXi/5.5u3b/BOOT.CFG</code></pre></figure>
<p>My x64 menu now looks like this:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add ESXi files 4" src="/images/deploying-vmware-esxi-via-wds/wdsesxi11.png" /></p>
<p>Save and close.</p>
<h3 id="deploying-esxi-via-windows-deployment-services-server">Deploying ESXi via Windows Deployment Services Server</h3>
<p>So then… Lets do this!</p>
<p>Boot my client and select the ESXi install option:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Deploying ESXi via WDS 1" src="/images/deploying-vmware-esxi-via-wds/wdsesxi12.png" /></p>
<p>Looking pretty damn good:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Deploying ESXi via WDS 2" src="/images/deploying-vmware-esxi-via-wds/wdsesxi13.png" /></p>
<p>Welcome!
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Deploying ESXi via WDS 3" src="/images/deploying-vmware-esxi-via-wds/wdsesxi14.png" /></p>
<p>….answer some questions….let the installer complete….</p>
<p>Success, success!
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Deploying ESXi via WDS 4" src="/images/deploying-vmware-esxi-via-wds/wdsesxi15.png" /></p>
<p>So there we have it - Windows Deployment Services server deploying VMware ESXi.</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Winner Winner!" src="/images/deploying-vmware-esxi-via-wds/winner-winner.gif" /></p>
<h3 style="text-align:center"> Winner, Winner, Chicken Dinner!</h3>
<p>Next time WDS booting Windows PE and various other system diagnostic tools.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/deploying-vmware-esxi-via-wds/">Deploying VMware ESXi via Windows Deployment Services Server</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on December 15, 2015.</p>
https://polarclouds.co.uk/windows-2012r2-wds2015-12-09T22:30:00+00:002015-12-09T22:30:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Windows 2012R2 Logo" src="/images/windows-2012r2-wds/2012r2.png" />
OK, this is the kind of thing you may only do the once, whilst on a training course just to confirm that yes, you know about Windows Deployment Services (WDS). Having not really looked at this before and having heard that prior itterations of WDS such as Remote Installation Services etc were - well lets just say - painful to set up and administer, it is not hugely surprising that I had not looked at WDS before.</p>
<h3 id="what-is-wds">What is WDS?</h3>
<p>Windows Deployment Services (WDS) enables you to deploy Windows operating systems over the network, which means that you do not have to install each operating system directly from a CD or DVD.</p>
<p>Well let me set the record straight. WDS is pretty cool.</p>
<p>I can think of plenty of occasions where I need to quickly deploy a new build ASAP and not just Windows (more on that later). I could, using VMware workstation, set up a Windows 2012R2 VM with WDS on my laptop, add whatever images I require to the VM, hook my laptop up to a build network and then use my VM to deploy builds to machines on the local network that required building.</p>
<p>But first things first, lets run through the setup and configuration of a WDS server.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#what-is-wds" id="markdown-toc-what-is-wds">What is WDS?</a></li>
<li><a href="#wds-setup-pre-amble-install-windows-2012r2" id="markdown-toc-wds-setup-pre-amble-install-windows-2012r2">WDS Setup pre-Amble: Install Windows 2012R2</a></li>
<li><a href="#wds-setup-install-dhcp-and-wds-roles" id="markdown-toc-wds-setup-install-dhcp-and-wds-roles">WDS Setup: Install DHCP and WDS Roles</a></li>
<li><a href="#wds-setup-configure-dhcp-server" id="markdown-toc-wds-setup-configure-dhcp-server">WDS Setup: Configure DHCP Server</a></li>
<li><a href="#wds-setup-configure-wds-server" id="markdown-toc-wds-setup-configure-wds-server">WDS Setup: Configure WDS Server</a></li>
<li><a href="#wds-setup-load-a-windows-image-for-deployment" id="markdown-toc-wds-setup-load-a-windows-image-for-deployment">WDS Setup: Load a Windows Image for Deployment</a></li>
<li><a href="#testing-a-wds-network-deployment" id="markdown-toc-testing-a-wds-network-deployment">Testing a WDS Network Deployment</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h3 id="wds-setup-pre-amble-install-windows-2012r2">WDS Setup pre-Amble: Install Windows 2012R2</h3>
<p>OK, so I’m not going to cover a basic Windows 2012R2 setup here. There are plenty of guides else where for that.</p>
<p>If you need a copy of Windows 2012R2 to play with <a href="https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2012-r2">here you go</a>.</p>
<h3 id="wds-setup-install-dhcp-and-wds-roles">WDS Setup: Install DHCP and WDS Roles</h3>
<p>Open Server Manager and choose “Add Roles and Features”. Click Next:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Roles Features 1" src="/images/windows-2012r2-wds/1-wds.png" /></p>
<p>Ensure “Role Based…” is selected and click Next:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Roles Features 2" src="/images/windows-2012r2-wds/2-wds.png" /></p>
<p>Ensure the local server is selected and click Next:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Roles Features 3" src="/images/windows-2012r2-wds/3-wds.png" /></p>
<p>From the Server Roles selection, select DHCP Server. From the pop up click Add Features:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Roles Features 4" src="/images/windows-2012r2-wds/4-wds.png" /></p>
<p>From the Server Roles selection, select Windows Deployment Services. From the pop up click Add Features:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Roles Features 5" src="/images/windows-2012r2-wds/5-wds.png" /></p>
<p>Double check that both DHCP Server and Windows Deployment Services are ticked and click Next:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Roles Features 6" src="/images/windows-2012r2-wds/6-wds.png" /></p>
<p>Click Next at the Select Features dialogue:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Roles Features 7" src="/images/windows-2012r2-wds/7-wds.png" /></p>
<p>Click Next at the DHCP Server dialogue:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Roles Features 8" src="/images/windows-2012r2-wds/8-wds.png" /></p>
<p>Click Next at the DHCP Server dialogue:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Roles Features 8" src="/images/windows-2012r2-wds/8-wds.png" /></p>
<p>Click Next at the WDS dialogue:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Roles Features 9" src="/images/windows-2012r2-wds/9-wds.png" /></p>
<p>Ensure both WDS Role Services are ticked and click Next:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Roles Features 10" src="/images/windows-2012r2-wds/10-wds.png" /></p>
<p>Final double check and click Install:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Roles Features 11" src="/images/windows-2012r2-wds/11-wds.png" /></p>
<p>The DHCP and WDS Roles are installed:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Roles Features 12" src="/images/windows-2012r2-wds/12-wds.png" /></p>
<p>Once installation is complete, click “Complete DHCP configuration”:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Roles Features 13" src="/images/windows-2012r2-wds/13-wds.png" /></p>
<p>At the DHCP post-installation dialoguge, click Commit:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Roles Features 14" src="/images/windows-2012r2-wds/14-wds.png" /></p>
<p>Finally click Close:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Add Roles Features 15" src="/images/windows-2012r2-wds/15-wds.png" /></p>
<p>Both DHCP and WDS server roles are now installed.</p>
<h3 id="wds-setup-configure-dhcp-server">WDS Setup: Configure DHCP Server</h3>
<p>Open Server Manager and choose Tools and DHCP:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Configure DHCP 1" src="/images/windows-2012r2-wds/16-wds.png" /></p>
<p>In the left-hand pane open your computer, right click IPv4 and choose New Scope:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Configure DHCP 2" src="/images/windows-2012r2-wds/17-wds.png" /></p>
<p>Click Next:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Configure DHCP 3" src="/images/windows-2012r2-wds/18-wds.png" /></p>
<p>Supply Name and Description:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Configure DHCP 4" src="/images/windows-2012r2-wds/19-wds.png" /></p>
<p>Enter start and end IP adresses (make sure that these are in the same subnet as your WDS server):
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Configure DHCP 5" src="/images/windows-2012r2-wds/20-wds.png" /></p>
<p>Click Next at the Exclusions dialogue:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Configure DHCP 6" src="/images/windows-2012r2-wds/21-wds.png" /></p>
<p>Enter a Lease Duration. I’ve selected 2 hours:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Configure DHCP 7" src="/images/windows-2012r2-wds/22-wds.png" /></p>
<p>At Configure Options dialogue, select “No, I will configure these options later”:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Configure DHCP 8" src="/images/windows-2012r2-wds/23-wds.png" /></p>
<p>Click Finish to complete the wizard:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Configure DHCP 9" src="/images/windows-2012r2-wds/24-wds.png" /></p>
<p>Right click your newly created DHCP scope and choose Activate:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Configure DHCP 10" src="/images/windows-2012r2-wds/25-wds.png" /></p>
<p>DHCP server configuration is now complete.</p>
<h3 id="wds-setup-configure-wds-server">WDS Setup: Configure WDS Server</h3>
<p>Open Server Manager and choose Windows Deployment Services:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Configure WDS 1" src="/images/windows-2012r2-wds/26-wds.png" /></p>
<p>In the left-hand pane find your computer, right click and choose Configure Server:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Configure WDS 2" src="/images/windows-2012r2-wds/27-wds.png" /></p>
<p>Click Next:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Configure WDS 3" src="/images/windows-2012r2-wds/28-wds.png" /></p>
<p>Click Standalone Server:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Configure WDS 4" src="/images/windows-2012r2-wds/29-wds.png" /></p>
<p>Enter the path for the remote installation folder:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Configure WDS 5" src="/images/windows-2012r2-wds/30-wds.png" /></p>
<p>If you selected a folder on C:\, click Yes:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Configure WDS 6" src="/images/windows-2012r2-wds/31-wds.png" /></p>
<p>Ensure that both “Do not listen on DHCP and DHCPv6 ports” and “Configure DHCP options for Proxy DHCP” are both ticked and click Next:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Configure WDS 7" src="/images/windows-2012r2-wds/32-wds.png" /></p>
<p>Ensure that “Do not respond to any client computers” is selected and click Next:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Configure WDS 8" src="/images/windows-2012r2-wds/33-wds.png" /></p>
<p>Deployment services will then configure:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Configure WDS 9" src="/images/windows-2012r2-wds/34-wds.png" /></p>
<p>Right click your server and choose All Tasks and Start. The WDS service will start:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Configure WDS 10" src="/images/windows-2012r2-wds/35-wds.png" /></p>
<p>WDS server configuration is now complete.</p>
<h3 id="wds-setup-load-a-windows-image-for-deployment">WDS Setup: Load a Windows Image for Deployment</h3>
<p>Phew! OK, so server configured. Lets load a Windows image and see if our deployment server ..er.. deploys. First step is to load an image for the server to deploy. As we’ve got the Windows 2012R2 media to hand, lets use that.</p>
<p>Open Server Manager and choose Windows Deployment Services. In the left-hand pane find your computer, open the tree, right click Boot Images and choose Add Boot Image:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Load image 1" src="/images/windows-2012r2-wds/36-wds.png" /></p>
<p>Insert your 2012R2 DVD (or mount the iso file on your VM), choose boot.wim from the \Sources folder and click Next:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Load image 2" src="/images/windows-2012r2-wds/37-wds.png" /></p>
<p>Enter name and description for our image and click Next:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Load image 3" src="/images/windows-2012r2-wds/38-wds.png" /></p>
<p>Click Next:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Load image 4" src="/images/windows-2012r2-wds/39-wds.png" /></p>
<p>Check the boot image appears OK:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Load image 5" src="/images/windows-2012r2-wds/40-wds.png" /></p>
<p>Right click Install Images and choose Add Install Image:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Load image 6" src="/images/windows-2012r2-wds/41-wds.png" /></p>
<p>Create an install image group:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Load image 7" src="/images/windows-2012r2-wds/42-wds.png" /></p>
<p>Choose install.wim from the \Sources folder of your inserted 2012R2 DVD and click Next:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Load image 8" src="/images/windows-2012r2-wds/43-wds.png" /></p>
<p>Check that some 2012R2 install images are found and click Next:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Load image 9" src="/images/windows-2012r2-wds/44-wds.png" /></p>
<p>Confirm and click Next:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Load image 10" src="/images/windows-2012r2-wds/45-wds.png" /></p>
<p>The images are imported. Click Finish when done:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Load image 11" src="/images/windows-2012r2-wds/46-wds.png" /></p>
<p>Check the install images appear OK:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Load image 12" src="/images/windows-2012r2-wds/47-wds.png" /></p>
<h3 id="testing-a-wds-network-deployment">Testing a WDS Network Deployment</h3>
<p>Lets go test this out!</p>
<p>I’m using a VMware virtual machine to test in the first instance. If you want to configure your VMware VM to PXE boot from the network have a check of <a href="http://kb.vmware.com/kb/1322">VMware KB: Network Boot of Virtual Machines</a></p>
<p>Looking good. Press F12 for network service boot when prompted:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Testing 1" src="/images/windows-2012r2-wds/48-wds.png" /></p>
<p>Loading boot files from the WDS:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Testing 2" src="/images/windows-2012r2-wds/49-wds.png" /></p>
<p>Welcome to WDS. Click Next:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Testing 3" src="/images/windows-2012r2-wds/50-wds.png" /></p>
<p>Connect to WDS Server using an administrative account and password:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Testing 4" src="/images/windows-2012r2-wds/51-wds.png" /></p>
<p>Choose an install image to deploy and click Next:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Testing 5" src="/images/windows-2012r2-wds/52-wds.png" /></p>
<p>From now on in, the rest of the Windows 2012R2 install process follows that of the DVD install process; but faster… Much faster!!</p>
<p>So there you have it. PXE boot and a Windows 2012R2 server install. Simples! :o)</p>
<p>Next time, deploying VMware ESXi (check it out <a href="/deploying-vmware-esxi-via-wds/">here</a>) and Windows PE via WDS.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/windows-2012r2-wds/">Windows 2012R2 Deployment Services Server Setup</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on December 09, 2015.</p>
https://polarclouds.co.uk/subnet-cheat-sheet2015-12-01T17:35:12+00:002015-12-01T17:35:12+00:00Chris Hallhttps://polarclouds.co.uk
<p>OK, a tad of a “dry” subject, but hardly a week goes by without having to Google myself a subnet cheat sheet. Saves me from having to work this out manually! No need to Google anymore.</p>
<p>Here is a cheat sheet here for good keeping and future reference. The /30 table is especially handy for those using client specific overrides with OpenVPN :o)</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#cidr-breakdown" id="markdown-toc-cidr-breakdown">CIDR Breakdown</a></li>
<li><a href="#25-255255255128-2-subnets-126-usable-ips-per-subnet" id="markdown-toc-25-255255255128-2-subnets-126-usable-ips-per-subnet">/25 (255.255.255.128), 2 Subnets, 126 Usable IPs per Subnet</a></li>
<li><a href="#26-255255255192-4-subnets-62-usable-ips-per-subnet" id="markdown-toc-26-255255255192-4-subnets-62-usable-ips-per-subnet">/26 (255.255.255.192), 4 Subnets, 62 Usable IPs per Subnet</a></li>
<li><a href="#27-255255255224-8-subnets-30-usable-ips-per-subnet" id="markdown-toc-27-255255255224-8-subnets-30-usable-ips-per-subnet">/27 (255.255.255.224), 8 Subnets, 30 Usable IPs per Subnet</a></li>
<li><a href="#28-255255255240-16-subnets-14-usable-ips-per-subnet" id="markdown-toc-28-255255255240-16-subnets-14-usable-ips-per-subnet">/28 (255.255.255.240), 16 Subnets, 14 Usable IPs per Subnet</a></li>
<li><a href="#29-255255255248-32-subnets-6-usable-ips-per-subnet" id="markdown-toc-29-255255255248-32-subnets-6-usable-ips-per-subnet">/29 (255.255.255.248), 32 Subnets, 6 Usable IPs per Subnet</a></li>
<li><a href="#30-255255255252-64-subnets-2-usable-ips-per-subnet" id="markdown-toc-30-255255255252-64-subnets-2-usable-ips-per-subnet">/30 (255.255.255.252), 64 Subnets, 2 Usable IPs per Subnet</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<div>
<style scoped="">
table{
margin: 0 auto;
width: 70%;
border-collapse: collapse;
border-spacing: 0;
border:1px solid #000000; }
th{
text-align: center;
border:1px solid #000000; }
td{
text-align: center;
border:1px solid #000000;}
tr:nth-child(even) {
background-color: #efefef;}
</style>
</div>
<h3 id="cidr-breakdown">CIDR Breakdown</h3>
<table>
<thead>
<tr>
<th>CIDR</th>
<th>Total IPs</th>
<th>Usable IPs</th>
<th>Netmask</th>
<th>Amount of a Class C</th>
</tr>
</thead>
<tbody>
<tr>
<td>/32</td>
<td>1</td>
<td>1</td>
<td>255.255.255.255</td>
<td>1/256</td>
</tr>
<tr>
<td>/31</td>
<td>2</td>
<td>2*</td>
<td>255.255.255.254</td>
<td>1/128</td>
</tr>
<tr>
<td>/30</td>
<td>4</td>
<td>2</td>
<td>255.255.255.252</td>
<td>1/64</td>
</tr>
<tr>
<td>/29</td>
<td>8</td>
<td>6</td>
<td>255.255.255.248</td>
<td>1/32</td>
</tr>
<tr>
<td>/28</td>
<td>16</td>
<td>14</td>
<td>255.255.255.240</td>
<td>1/16</td>
</tr>
<tr>
<td>/27</td>
<td>32</td>
<td>30</td>
<td>255.255.255.224</td>
<td>1/8</td>
</tr>
<tr>
<td>/26</td>
<td>64</td>
<td>62</td>
<td>255.255.255.192</td>
<td>1/4</td>
</tr>
<tr>
<td>/25</td>
<td>128</td>
<td>126</td>
<td>255.255.255.128</td>
<td>1/2</td>
</tr>
<tr>
<td>/24</td>
<td>256</td>
<td>254</td>
<td>255.255.255.0</td>
<td>1</td>
</tr>
<tr>
<td>/23</td>
<td>512</td>
<td>510</td>
<td>255.255.254.0</td>
<td>2</td>
</tr>
<tr>
<td>/22</td>
<td>1024</td>
<td>1022</td>
<td>255.255.252.0</td>
<td>4</td>
</tr>
<tr>
<td>/21</td>
<td>2048</td>
<td>2046</td>
<td>255.255.248.0</td>
<td>8</td>
</tr>
<tr>
<td>/20</td>
<td>4096</td>
<td>4094</td>
<td>255.255.240.0</td>
<td>16</td>
</tr>
<tr>
<td>/19</td>
<td>8192</td>
<td>8190</td>
<td>255.255.224.0</td>
<td>32</td>
</tr>
<tr>
<td>/18</td>
<td>16384</td>
<td>16382</td>
<td>255.255.192.0</td>
<td>64</td>
</tr>
<tr>
<td>/17</td>
<td>32768</td>
<td>32766</td>
<td>255.255.128.0</td>
<td>128</td>
</tr>
<tr>
<td>/16</td>
<td>65536</td>
<td>65534</td>
<td>255.255.0.0</td>
<td>256</td>
</tr>
<tr>
<td>/15</td>
<td>131,072</td>
<td>131,070</td>
<td>255.254.0.0</td>
<td>512</td>
</tr>
<tr>
<td>/14</td>
<td>262,144</td>
<td>262,142</td>
<td>255.252.0.0</td>
<td>1024</td>
</tr>
<tr>
<td>/13</td>
<td>524,288</td>
<td>524,286</td>
<td>255.248.0.0</td>
<td>2048</td>
</tr>
<tr>
<td>/12</td>
<td>1,048,576</td>
<td>1,048,574</td>
<td>255.240.0.0</td>
<td>4096</td>
</tr>
<tr>
<td>/11</td>
<td>2,097,152</td>
<td>2,097,150</td>
<td>255.224.0.0</td>
<td>8192</td>
</tr>
<tr>
<td>/10</td>
<td>4,194,304</td>
<td>4,194,302</td>
<td>255.192.0.0</td>
<td>16,384</td>
</tr>
<tr>
<td>/9</td>
<td>8,388,608</td>
<td>8,388,606</td>
<td>255.128.0.0</td>
<td>32,768</td>
</tr>
<tr>
<td>/8</td>
<td>16,777,216</td>
<td>16,777,214</td>
<td>255.0.0.0</td>
<td>65,536</td>
</tr>
<tr>
<td>/7</td>
<td>33,554,432</td>
<td>33,554,430</td>
<td>254.0.0.0</td>
<td>131,072</td>
</tr>
<tr>
<td>/6</td>
<td>67,108,864</td>
<td>67,108,862</td>
<td>252.0.0.0</td>
<td>262,144</td>
</tr>
<tr>
<td>/5</td>
<td>134,217,728</td>
<td>134,217,726</td>
<td>248.0.0.0</td>
<td>524,288</td>
</tr>
<tr>
<td>/4</td>
<td>268,435,456</td>
<td>268,435,454</td>
<td>240.0.0.0</td>
<td>1,048,576</td>
</tr>
<tr>
<td>/3</td>
<td>536,870,912</td>
<td>536,870,910</td>
<td>224.0.0.0</td>
<td>2,097,152</td>
</tr>
<tr>
<td>/2</td>
<td>1,073,741,824</td>
<td>1,073,741,822</td>
<td>192.0.0.0</td>
<td>4,194,304</td>
</tr>
<tr>
<td>/1</td>
<td>2,147,483,648</td>
<td>2,147,483,646</td>
<td>128.0.0.0</td>
<td>8,388,608</td>
</tr>
</tbody>
</table>
<p>*See <a href="http://tools.ietf.org/rfc/rfc3021.txt">rfc3021</a></p>
<h3 id="25-255255255128-2-subnets-126-usable-ips-per-subnet">/25 (255.255.255.128), 2 Subnets, 126 Usable IPs per Subnet</h3>
<table>
<thead>
<tr>
<th>Network #</th>
<th>Usable IPs</th>
<th>Broadcast</th>
</tr>
</thead>
<tbody>
<tr>
<td>.0</td>
<td>.1-.126</td>
<td>.127</td>
</tr>
<tr>
<td>.128</td>
<td>.129-.254</td>
<td>.255</td>
</tr>
</tbody>
</table>
<h3 id="26-255255255192-4-subnets-62-usable-ips-per-subnet">/26 (255.255.255.192), 4 Subnets, 62 Usable IPs per Subnet</h3>
<table>
<thead>
<tr>
<th>Network #</th>
<th>Usable IPs</th>
<th>Broadcast</th>
</tr>
</thead>
<tbody>
<tr>
<td>.0</td>
<td>.1-.62</td>
<td>.63</td>
</tr>
<tr>
<td>.64</td>
<td>.65-.126</td>
<td>.127</td>
</tr>
<tr>
<td>.128</td>
<td>.129-.190</td>
<td>.191</td>
</tr>
<tr>
<td>.192</td>
<td>.193-.254</td>
<td>.255</td>
</tr>
</tbody>
</table>
<h3 id="27-255255255224-8-subnets-30-usable-ips-per-subnet">/27 (255.255.255.224), 8 Subnets, 30 Usable IPs per Subnet</h3>
<table>
<thead>
<tr>
<th>Network #</th>
<th>Usable IPs</th>
<th>Broadcast</th>
</tr>
</thead>
<tbody>
<tr>
<td>.0</td>
<td>.1-.30</td>
<td>.31</td>
</tr>
<tr>
<td>.32</td>
<td>.33-.62</td>
<td>.63</td>
</tr>
<tr>
<td>.64</td>
<td>.65-.94</td>
<td>.95</td>
</tr>
<tr>
<td>.96</td>
<td>.97-.126</td>
<td>.127</td>
</tr>
<tr>
<td>.128</td>
<td>.129-.158</td>
<td>.159</td>
</tr>
<tr>
<td>.160</td>
<td>.161-.190</td>
<td>.191</td>
</tr>
<tr>
<td>.192</td>
<td>.193-.222</td>
<td>.223</td>
</tr>
<tr>
<td>.224</td>
<td>.225-.254</td>
<td>.255</td>
</tr>
</tbody>
</table>
<h3 id="28-255255255240-16-subnets-14-usable-ips-per-subnet">/28 (255.255.255.240), 16 Subnets, 14 Usable IPs per Subnet</h3>
<table>
<thead>
<tr>
<th>Network #</th>
<th>Usable IPs</th>
<th>Broadcast</th>
</tr>
</thead>
<tbody>
<tr>
<td>.0</td>
<td>.1-.14</td>
<td>.15</td>
</tr>
<tr>
<td>.16</td>
<td>.17-.30</td>
<td>.31</td>
</tr>
<tr>
<td>.32</td>
<td>.33-.46</td>
<td>.47</td>
</tr>
<tr>
<td>.48</td>
<td>.49-.62</td>
<td>.63</td>
</tr>
<tr>
<td>.64</td>
<td>.65-.78</td>
<td>.79</td>
</tr>
<tr>
<td>.80</td>
<td>.81-.94</td>
<td>.95</td>
</tr>
<tr>
<td>.96</td>
<td>.97-.110</td>
<td>.111</td>
</tr>
<tr>
<td>.112</td>
<td>.113-.126</td>
<td>.127</td>
</tr>
<tr>
<td>.128</td>
<td>.129-.142</td>
<td>.143</td>
</tr>
<tr>
<td>.144</td>
<td>.145-.158</td>
<td>.159</td>
</tr>
<tr>
<td>.160</td>
<td>.161-.174</td>
<td>.175</td>
</tr>
<tr>
<td>.176</td>
<td>.177-.190</td>
<td>.191</td>
</tr>
<tr>
<td>.192</td>
<td>.193-.206</td>
<td>.207</td>
</tr>
<tr>
<td>.208</td>
<td>.209-.222</td>
<td>.223</td>
</tr>
<tr>
<td>.224</td>
<td>.225-.238</td>
<td>.239</td>
</tr>
<tr>
<td>.240</td>
<td>.241-.254</td>
<td>.255</td>
</tr>
</tbody>
</table>
<h3 id="29-255255255248-32-subnets-6-usable-ips-per-subnet">/29 (255.255.255.248), 32 Subnets, 6 Usable IPs per Subnet</h3>
<table>
<thead>
<tr>
<th>Network #</th>
<th>Usable IPs</th>
<th>Broadcast</th>
</tr>
</thead>
<tbody>
<tr>
<td>.0</td>
<td>.1-.6</td>
<td>.7</td>
</tr>
<tr>
<td>.8</td>
<td>.9-.14</td>
<td>.15</td>
</tr>
<tr>
<td>.16</td>
<td>.17-.22</td>
<td>.23</td>
</tr>
<tr>
<td>.24</td>
<td>.25-.30</td>
<td>.31</td>
</tr>
<tr>
<td>.32</td>
<td>.33-.38</td>
<td>.39</td>
</tr>
<tr>
<td>.40</td>
<td>.41-.46</td>
<td>.47</td>
</tr>
<tr>
<td>.48</td>
<td>.49-.54</td>
<td>.55</td>
</tr>
<tr>
<td>.56</td>
<td>.57-.62</td>
<td>.63</td>
</tr>
<tr>
<td>.64</td>
<td>.65-.70</td>
<td>.71</td>
</tr>
<tr>
<td>.72</td>
<td>.73-.78</td>
<td>.79</td>
</tr>
<tr>
<td>.80</td>
<td>.81-.86</td>
<td>.87</td>
</tr>
<tr>
<td>.88</td>
<td>.89-.94</td>
<td>.95</td>
</tr>
<tr>
<td>.96</td>
<td>.97-.102</td>
<td>.103</td>
</tr>
<tr>
<td>.104</td>
<td>.105-.110</td>
<td>.111</td>
</tr>
<tr>
<td>.112</td>
<td>.113-.118</td>
<td>.119</td>
</tr>
<tr>
<td>.120</td>
<td>.121-.126</td>
<td>.127</td>
</tr>
<tr>
<td>.128</td>
<td>.129-.134</td>
<td>.135</td>
</tr>
<tr>
<td>.136</td>
<td>.137-.142</td>
<td>.143</td>
</tr>
<tr>
<td>.144</td>
<td>.145-.150</td>
<td>.151</td>
</tr>
<tr>
<td>.152</td>
<td>.153-.158</td>
<td>.159</td>
</tr>
<tr>
<td>.160</td>
<td>.161-.166</td>
<td>.167</td>
</tr>
<tr>
<td>.168</td>
<td>.169-.174</td>
<td>.175</td>
</tr>
<tr>
<td>.176</td>
<td>.177-.182</td>
<td>.183</td>
</tr>
<tr>
<td>.184</td>
<td>.185-.190</td>
<td>.191</td>
</tr>
<tr>
<td>.192</td>
<td>.193-.198</td>
<td>.199</td>
</tr>
<tr>
<td>.200</td>
<td>.201-.206</td>
<td>.207</td>
</tr>
<tr>
<td>.208</td>
<td>.209-.214</td>
<td>.215</td>
</tr>
<tr>
<td>.216</td>
<td>.217-.222</td>
<td>.223</td>
</tr>
<tr>
<td>.224</td>
<td>.225-.230</td>
<td>.231</td>
</tr>
<tr>
<td>.232</td>
<td>.233-.238</td>
<td>.239</td>
</tr>
<tr>
<td>.240</td>
<td>.241-.246</td>
<td>.247</td>
</tr>
<tr>
<td>.248</td>
<td>.249-.254</td>
<td>.255</td>
</tr>
</tbody>
</table>
<h3 id="30-255255255252-64-subnets-2-usable-ips-per-subnet">/30 (255.255.255.252), 64 Subnets, 2 Usable IPs per Subnet</h3>
<table>
<thead>
<tr>
<th>Network #</th>
<th>Usable IPs</th>
<th>Broadcast</th>
</tr>
</thead>
<tbody>
<tr>
<td>.0</td>
<td>.1-.2</td>
<td>.3</td>
</tr>
<tr>
<td>.4</td>
<td>.5-.6</td>
<td>.7</td>
</tr>
<tr>
<td>.8</td>
<td>.9-.10</td>
<td>.11</td>
</tr>
<tr>
<td>.12</td>
<td>.13-.14</td>
<td>.15</td>
</tr>
<tr>
<td>.16</td>
<td>.17-.18</td>
<td>.19</td>
</tr>
<tr>
<td>.20</td>
<td>.21-.22</td>
<td>.23</td>
</tr>
<tr>
<td>.24</td>
<td>.25-.26</td>
<td>.27</td>
</tr>
<tr>
<td>.28</td>
<td>.29-.30</td>
<td>.31</td>
</tr>
<tr>
<td>.32</td>
<td>.33-.34</td>
<td>.35</td>
</tr>
<tr>
<td>.36</td>
<td>.37-.38</td>
<td>.39</td>
</tr>
<tr>
<td>.40</td>
<td>.41-.42</td>
<td>.43</td>
</tr>
<tr>
<td>.44</td>
<td>.45-.46</td>
<td>.47</td>
</tr>
<tr>
<td>.48</td>
<td>.49-.50</td>
<td>.51</td>
</tr>
<tr>
<td>.52</td>
<td>.53-.54</td>
<td>.55</td>
</tr>
<tr>
<td>.56</td>
<td>.57-.58</td>
<td>.59</td>
</tr>
<tr>
<td>.60</td>
<td>.61-.62</td>
<td>.63</td>
</tr>
<tr>
<td>.64</td>
<td>.65-.66</td>
<td>.67</td>
</tr>
<tr>
<td>.68</td>
<td>.69-.70</td>
<td>.71</td>
</tr>
<tr>
<td>.72</td>
<td>.73-.74</td>
<td>.75</td>
</tr>
<tr>
<td>.76</td>
<td>.77-.78</td>
<td>.79</td>
</tr>
<tr>
<td>.80</td>
<td>.81-.82</td>
<td>.83</td>
</tr>
<tr>
<td>.84</td>
<td>.85-.86</td>
<td>.87</td>
</tr>
<tr>
<td>.88</td>
<td>.89-.90</td>
<td>.91</td>
</tr>
<tr>
<td>.92</td>
<td>.93-.94</td>
<td>.95</td>
</tr>
<tr>
<td>.96</td>
<td>.97-.98</td>
<td>.99</td>
</tr>
<tr>
<td>.100</td>
<td>.101-.102</td>
<td>.103</td>
</tr>
<tr>
<td>.104</td>
<td>.105-.106</td>
<td>.107</td>
</tr>
<tr>
<td>.108</td>
<td>.109-.110</td>
<td>.111</td>
</tr>
<tr>
<td>.112</td>
<td>.113-.114</td>
<td>.115</td>
</tr>
<tr>
<td>.116</td>
<td>.117-.118</td>
<td>.119</td>
</tr>
<tr>
<td>.120</td>
<td>.121-.122</td>
<td>.123</td>
</tr>
<tr>
<td>.124</td>
<td>.125-.126</td>
<td>.127</td>
</tr>
<tr>
<td>.128</td>
<td>.129-.130</td>
<td>.131</td>
</tr>
<tr>
<td>.132</td>
<td>.133-.134</td>
<td>.135</td>
</tr>
<tr>
<td>.136</td>
<td>.137-.138</td>
<td>.139</td>
</tr>
<tr>
<td>.140</td>
<td>.141-.142</td>
<td>.143</td>
</tr>
<tr>
<td>.144</td>
<td>.145-.146</td>
<td>.147</td>
</tr>
<tr>
<td>.148</td>
<td>.149-.150</td>
<td>.151</td>
</tr>
<tr>
<td>.152</td>
<td>.153-.154</td>
<td>.155</td>
</tr>
<tr>
<td>.156</td>
<td>.157-.158</td>
<td>.159</td>
</tr>
<tr>
<td>.160</td>
<td>.161-.162</td>
<td>.163</td>
</tr>
<tr>
<td>.164</td>
<td>.165-.166</td>
<td>.167</td>
</tr>
<tr>
<td>.168</td>
<td>.169-.170</td>
<td>.171</td>
</tr>
<tr>
<td>.172</td>
<td>.173-.174</td>
<td>.175</td>
</tr>
<tr>
<td>.176</td>
<td>.177-.178</td>
<td>.179</td>
</tr>
<tr>
<td>.180</td>
<td>.181-.182</td>
<td>.183</td>
</tr>
<tr>
<td>.184</td>
<td>.185-.186</td>
<td>.187</td>
</tr>
<tr>
<td>.188</td>
<td>.189-.190</td>
<td>.191</td>
</tr>
<tr>
<td>.192</td>
<td>.193-.194</td>
<td>.195</td>
</tr>
<tr>
<td>.196</td>
<td>.197-.198</td>
<td>.199</td>
</tr>
<tr>
<td>.200</td>
<td>.201-.202</td>
<td>.203</td>
</tr>
<tr>
<td>.204</td>
<td>.205-.206</td>
<td>.207</td>
</tr>
<tr>
<td>.208</td>
<td>.209-.210</td>
<td>.211</td>
</tr>
<tr>
<td>.212</td>
<td>.213-.214</td>
<td>.215</td>
</tr>
<tr>
<td>.216</td>
<td>.217-.218</td>
<td>.219</td>
</tr>
<tr>
<td>.220</td>
<td>.221-.222</td>
<td>.223</td>
</tr>
<tr>
<td>.224</td>
<td>.225-.226</td>
<td>.227</td>
</tr>
<tr>
<td>.228</td>
<td>.229-.230</td>
<td>.231</td>
</tr>
<tr>
<td>.232</td>
<td>.233-.234</td>
<td>.235</td>
</tr>
<tr>
<td>.236</td>
<td>.237-.238</td>
<td>.239</td>
</tr>
<tr>
<td>.240</td>
<td>.241-.242</td>
<td>.243</td>
</tr>
<tr>
<td>.244</td>
<td>.245-.246</td>
<td>.247</td>
</tr>
<tr>
<td>.248</td>
<td>.249-.250</td>
<td>.251</td>
</tr>
<tr>
<td>.252</td>
<td>.253-.254</td>
<td>.255</td>
</tr>
</tbody>
</table>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/subnet-cheat-sheet/">Subnet Cheat Sheet</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on December 01, 2015.</p>
https://polarclouds.co.uk/automate-that2015-11-24T18:30:00+00:002015-11-24T18:30:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Zapier and IFTTT" src="/images/automate-that/iftttzap.png" />
Why not put the internet to work for you?</p>
<p>Internet automation apps are nothing new.</p>
<p>What are internet automation apps? Put simply, they connect together web apps. An integration between two apps is called a Zap (Zapier) or a recipe (If This Then That – aka IFTTT). A Zap or recipe is made up of a Trigger and an Action. Whenever the trigger happens in one app, Zapier or IFTTT will automatically perform the action in another app.</p>
<p>It is within the Zap or recipe creation that the real fun begins. If it happens, you can trigger something else happen. Attached are my uses of this technology. I’m just scratching the surface of what can be done here!</p>
<p>Regular readers of this blog will know that I like to use twitter as a method of notification. Therefore most of these are twitter related.</p>
<p>For all but the first recipe, I have another private twitter account that is tied to Zapier/IFTTT and I prefix all my notification tweets “@chall32”.</p>
<p>Having said that there is no reason why you could not use some other form of notification; email, facebook, SMS are all possible.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#tweet-new-polar-clouds-posts-ifttt-recipe" id="markdown-toc-tweet-new-polar-clouds-posts-ifttt-recipe">Tweet New Polar Clouds Posts (IFTTT Recipe)</a></li>
<li><a href="#tell-me-the-final-aresnal-score-ifttt-recipe" id="markdown-toc-tell-me-the-final-aresnal-score-ifttt-recipe">Tell me the Final Aresnal Score (IFTTT Recipe)</a></li>
<li><a href="#tell-me-tomorrows-weather-ifttt-recipe" id="markdown-toc-tell-me-tomorrows-weather-ifttt-recipe">Tell me Tomorrow’s Weather (IFTTT Recipe)</a></li>
<li><a href="#tell-me-if-nexus-is-posted-at-avforums-zapier-zap" id="markdown-toc-tell-me-if-nexus-is-posted-at-avforums-zapier-zap">Tell me if “Nexus” is Posted at avforums (Zapier Zap)</a></li>
<li><a href="#tell-me-if-there-is-a-new-cyanogenmod-blog-post-zapier-zap" id="markdown-toc-tell-me-if-there-is-a-new-cyanogenmod-blog-post-zapier-zap">Tell me if there is a New CyanogenMod Blog Post (Zapier Zap)</a></li>
<li><a href="#tell-me-if-any-vmware-related-jobs-are-posted-in-kent-zapier-zap" id="markdown-toc-tell-me-if-any-vmware-related-jobs-are-posted-in-kent-zapier-zap">Tell me if any VMware related Jobs are posted in Kent (Zapier Zap)</a></li>
<li><a href="#tell-me-about-unplanned-events-on-the-m20-motorway-zapier-zap" id="markdown-toc-tell-me-about-unplanned-events-on-the-m20-motorway-zapier-zap">Tell me About Unplanned Events on the M20 Motorway (Zapier Zap)</a></li>
<li><a href="#tell-me-if-the-op-posts-to-an-xda-thread-zapier-zap" id="markdown-toc-tell-me-if-the-op-posts-to-an-xda-thread-zapier-zap">Tell me if the OP Posts to an XDA Thread (Zapier Zap)</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h3 id="tweet-new-polar-clouds-posts-ifttt-recipe">Tweet New Polar Clouds Posts (IFTTT Recipe)</h3>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Polarclouds Tweet" src="/images/automate-that/polarclouds-tweet.png" />
Post a tweet to <a href="https://twitter.com/polarcloudsuk">@PolarCloudsUK</a> when a new blog post appears at <a href="https://polarclouds.co.uk">https://polarclouds.co.uk</a>. Include post URL.</p>
<h3 id="tell-me-the-final-aresnal-score-ifttt-recipe">Tell me the Final Aresnal Score (IFTTT Recipe)</h3>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Arsenal Score Tweet" src="/images/automate-that/tweet-gunners.png" />
Tweet <a href="https://twitter.com/chall32">me</a> the final score of the Arsenal match.</p>
<h3 id="tell-me-tomorrows-weather-ifttt-recipe">Tell me Tomorrow’s Weather (IFTTT Recipe)</h3>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Tweet Tonmorrow's Weather" src="/images/automate-that/tweet-weather.png" />
At 10pm in the evening, tweet <a href="https://twitter.com/chall32">me</a> tomorrow’s weather forecast. Include a 10 day forecast URL.</p>
<h3 id="tell-me-if-nexus-is-posted-at-avforums-zapier-zap">Tell me if “Nexus” is Posted at avforums (Zapier Zap)</h3>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Tweet if Nexus in avforums" src="/images/automate-that/zap-avforums.png" />
Follow <a href="https://www.avforums.com/forums/">avforums</a> mobile phone classifieds <a href="https://www.avforums.com/forums/mobile-phone-classifieds.330/index.rss">rss feed</a>, filter feed item title to contain the text “nexus”. If filter matches, tweet <a href="https://twitter.com/chall32">me</a></p>
<h3 id="tell-me-if-there-is-a-new-cyanogenmod-blog-post-zapier-zap">Tell me if there is a New CyanogenMod Blog Post (Zapier Zap)</h3>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Tweet if new CM Blog Post" src="/images/automate-that/zap-cmblog.png" />
Follow CyanogenMod’s blog <a href="http://www.cyanogenmod.org/feed">rss feed</a> and tell <a href="https://twitter.com/chall32">me</a> when a new blog post appears at <a href="http://www.cyanogenmod.org/blog">www.cyanogenmod.org</a></p>
<h3 id="tell-me-if-any-vmware-related-jobs-are-posted-in-kent-zapier-zap">Tell me if any VMware related Jobs are posted in Kent (Zapier Zap)</h3>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Tweet VMware Jobs" src="/images/automate-that/zap-jobserve.png" />
Nice one this. Create an account on Jobserve, create a search (I use “VMware” and “Kent” as my search terms) and use the alert function (bell icon on the Jobserve search results) to create an RSS feed and create a Zap to monitor the Jobserve custom rss feed. Tweet <a href="https://twitter.com/chall32">me</a> job title and a link to newly posted job vacancies.</p>
<h3 id="tell-me-about-unplanned-events-on-the-m20-motorway-zapier-zap">Tell me About Unplanned Events on the M20 Motorway (Zapier Zap)</h3>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Tweet M20 Incidents" src="/images/automate-that/zap-m20.png" />
Follow <a href="http://www.highways.gov.uk/traffic-information/">Highways England</a> traffic information <a href="http://hatrafficinfo.dft.gov.uk/feeds/rss/UnplannedEvents.xml">rss feed</a>, filter feed item title to contain the text “M20”. If filter matches, tweet <a href="https://twitter.com/chall32">me</a>. Can be extended to cover other motorways too (M25 I’m looking at you!)</p>
<h3 id="tell-me-if-the-op-posts-to-an-xda-thread-zapier-zap">Tell me if the OP Posts to an XDA Thread (Zapier Zap)</h3>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Tweet XDA OP" src="/images/automate-that/zap-xda.png" />
Following custom ROM threads on <a href="http://forum.xda-developers.com/">xda-developers</a> can be painful, with any Tom, Dick, Harry posting XYZ in the forum threads.<br />
Over the years, it occured to me that I’m really only intrested what the Original Poster (OP) - the custom ROM developer - has to say. For example “I’ve posted a new ROM build” or “Yes, fix for that is…”. So here is how to get notified of OP posts on XDA forums.</p>
<ol>
<li>Create an email trigger in Zapier</li>
<li>Create XDA account as normal</li>
<li>Set your XDA contact email address to that provided by Zapier for incoming notifications (as set in step 1)</li>
<li>Subscribe to the a thread you are intrested in. For example: <a href="http://forum.xda-developers.com/nexus-7/development/wip-nexus-7-marshmallow-android-6-0-t3222239">Nexus 7 Marshmallow - Android 6.0</a></li>
<li>Set XDA forums to instantly email you everytime someone posts to the thread</li>
<li>Configure Zapier to filter on “Body Plain” of the notification email for text that contains “XYZ has just replied” - so in the case of the example thread above, my text filter would be “Motorhead1991 has just replied”</li>
<li>If filter matches, tweet <a href="https://twitter.com/chall32">me</a></li>
<li>Repeat steps 4 to 6 for OP of any other threads you have subscribed to</li>
</ol>
<p>Theoretically this could work on any forum thread of any forum that sends immediate post notification emails.</p>
<p>Well there we have it friends, internet automation. Enjoy!</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/automate-that/">Automate That!</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on November 24, 2015.</p>
https://polarclouds.co.uk/windows-dr-using-netbackup-the-full-process2015-11-18T18:51:33+00:002015-11-18T18:51:33+00:00Chris Hallhttps://polarclouds.co.uk
<p>First off, is it Symantec or Veritas NetBackup? :oS</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#reference-process-veritas-tech56473--000081333" id="markdown-toc-reference-process-veritas-tech56473--000081333">Reference Process: Veritas TECH56473 / 000081333</a></li>
<li><a href="#my-notes-on-the-reference-process" id="markdown-toc-my-notes-on-the-reference-process">My Notes on the Reference Process</a> <ul>
<li><a href="#1-setup-and-install-windows" id="markdown-toc-1-setup-and-install-windows">1. Setup and Install Windows</a></li>
<li><a href="#2-configure-network" id="markdown-toc-2-configure-network">2. Configure Network</a></li>
<li><a href="#3-install-netbackup-client" id="markdown-toc-3-install-netbackup-client">3. Install NetBackup Client</a></li>
<li><a href="#4-enable-netbackup-client-logs" id="markdown-toc-4-enable-netbackup-client-logs">4. Enable NetBackup client logs</a></li>
<li><a href="#4a-additional---pagefile" id="markdown-toc-4a-additional---pagefile">4A. Additional - PageFile</a></li>
<li><a href="#5-start-the-restore-process" id="markdown-toc-5-start-the-restore-process">5. Start the Restore Process</a></li>
<li><a href="#5a-and-5b-netbackup-application" id="markdown-toc-5a-and-5b-netbackup-application">5A. and 5B. NetBackup Application</a></li>
<li><a href="#5c-file-restore-complete" id="markdown-toc-5c-file-restore-complete">5C. File Restore Complete</a></li>
<li><a href="#5d-system_state--shadow-copy-components" id="markdown-toc-5d-system_state--shadow-copy-components">5D. System_State / Shadow Copy Components.</a></li>
<li><a href="#5d-1-system-state-restore-client-config" id="markdown-toc-5d-1-system-state-restore-client-config">5D. 1. System State Restore Client Config</a></li>
<li><a href="#5d-2-system-state-restore" id="markdown-toc-5d-2-system-state-restore">5D. 2. System State Restore</a></li>
<li><a href="#5e-check-the-logs" id="markdown-toc-5e-check-the-logs">5E. Check the logs</a></li>
<li><a href="#6-double-check" id="markdown-toc-6-double-check">6. Double-check</a></li>
<li><a href="#7-restore-other-data" id="markdown-toc-7-restore-other-data">7. Restore Other Data</a></li>
<li><a href="#8-stop-the-service" id="markdown-toc-8-stop-the-service">8. Stop the service</a></li>
<li><a href="#9-transfer-logs-from-restore-before-rebooting" id="markdown-toc-9-transfer-logs-from-restore-before-rebooting">9. Transfer logs from restore before rebooting</a></li>
<li><a href="#post-first-boot" id="markdown-toc-post-first-boot">Post First Boot</a></li>
<li><a href="#10-post-reboot-action" id="markdown-toc-10-post-reboot-action">10. Post Reboot Action.</a></li>
<li><a href="#additional-post-restore-actions" id="markdown-toc-additional-post-restore-actions">Additional Post restore actions</a></li>
</ul>
</li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<div>
<style scoped="">
table{
width: 70%;
border-collapse: collapse;
border-spacing: 0;
border:1px solid #000000; }
th{
text-align: center;
border:1px solid #000000; }
td{
text-align: center;
border:1px solid #000000;}
tr:nth-child(even) {
background-color: #efefef;}
</style>
</div>
<p>As time marches on, those Windows server installs out there get older and older. So does the hardware it is running on. Sure, most servers these days are virtual or cloud based so no one worries about hardware nowadays do they? Well, unfortunately there is still plenty of “physical” servers out there; actual hardware running actual an Windows O/S “on the tin” so to speak.</p>
<p>So sure enough I was asked to run a disaster recovery of a Windows 2008R2 server that had managed to loose it’s O/S drive. Both drives of a mirrored pair had failed. Yes, I know, unlucky to loose both O/S drives, but there you go.</p>
<p>Follows is the COMPLETE process I used to successfully recover the server using Veritas NetBackup. The process may hold true for other types of tape backup/restore software, however NetBackup was the software used in this instance. Yes the notes are scrappy, but I sometimes find that having additional notes from someone that has been through the process helpful. My aim here is to be helpful.</p>
<h3 id="reference-process-veritas-tech56473--000081333">Reference Process: Veritas TECH56473 / 000081333</h3>
<p>The process I followed is based on the Vertias KB article: Use NetBackup to perform a restore for a total and complete recovery of Windows client(s) that include C: (and other system) drive(s), Shadow Copy Component, and/or System_State from a reliable full MS-Windows backup without IDR or BMR in the event of a Disaster (or need to fall back to a known working state).</p>
<p>Available here: <a href="https://www.veritas.com/support/en_US/article.TECH56473">https://www.veritas.com/support/en_US/article.TECH56473</a> or here: <a href="https://www.veritas.com/support/en_US/article.000081333">https://www.veritas.com/support/en_US/article.000081333</a>. Should those links die and you are in an emergency situation, I’ve also attached a PDF copy of the Veritas KB article here: <a href="https://polarclouds.co.uk/documents/Veritas-TECH56473.pdf">Veritas-TECH56473.pdf</a></p>
<h3 id="my-notes-on-the-reference-process">My Notes on the Reference Process</h3>
<p>Follows are my notes to supplement the process.</p>
<h4 id="1-setup-and-install-windows">1. Setup and Install Windows</h4>
<p>I used a “vanilla” version of Windows. I wanted the install as clean as possible; no other stuff, just Windows in it’s purest form given that I was going to overwrite my Windows install from the Windows install on tape.</p>
<p>Should you not have a copy of a vanilla Windows to match the version you are restoring, You can download a copy from here:</p>
<ul>
<li>Windows 2003R2 x86 - <a href="http://www.microsoft.com/en-gb/download/details.aspx?id=34041">HERE</a></li>
<li>Windows 2003R2 x64 - <a href="http://www.microsoft.com/en-us/download/details.aspx?id=33571">HERE</a></li>
<li>Windows 2008 Standard x86 & x64 - <a href="https://www.microsoft.com/en-gb/download/details.aspx?id=5023">HERE</a></li>
<li>Windows 2008 Datacenter x86 & x64 - <a href="http://www.microsoft.com/en-us/download/details.aspx?id=2759">HERE</a></li>
<li>Windows 2008R2 x64 - <a href="http://www.microsoft.com/en-gb/download/details.aspx?id=11093">HERE</a></li>
<li>Windows 2012 & 2012R2 - <a href="https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2012">HERE</a></li>
</ul>
<p>Don’t forget to service pack your install to match the version of Windows you are restoring. Strange things happen when you restore different service pack versions!</p>
<h4 id="2-configure-network">2. Configure Network</h4>
<p>I kept it simple and did not team my NICs as they were in the O/S being restored. Again, I wanted to keep it as simple as possible, so I simply configured one production and one backup NIC with the correct IP config.</p>
<h4 id="3-install-netbackup-client">3. Install NetBackup Client</h4>
<p>Again, you want to match your NetBackup client version with the version on your NetBackup master / media server.</p>
<h4 id="4-enable-netbackup-client-logs">4. Enable NetBackup client logs</h4>
<p>The process suggests setting your netbackup logging to 5. You may want to not go as high as 5. My log was 122MB after my O/S and system state restores!!!</p>
<h4 id="4a-additional---pagefile">4A. Additional - PageFile</h4>
<p>Move your pagefile to another drive and reboot prior to moving on. From bitter experience and depending on the size of your C:\ drive / partition, it’s more than possible that you’ll run out of space thanks to pagefile growth.</p>
<h4 id="5-start-the-restore-process">5. Start the Restore Process</h4>
<p>If you are having problems getting the netbackup master/media server(s) to talk to the newly installed NetBackup client, ensure that the server being restored can resolve the NetBackup master / media servers by name. Add hosts file entries if needed.</p>
<p>Also check the following registry settings on the server being restored:
<code class="language-plaintext highlighter-rouge">HKEY_LOCAL_MACHINE\SOFTWARE\Veritas\NetBackup\CurrentVersion\Config</code></p>
<ul>
<li>Browser - Needs to match hostname</li>
<li>Client_Name - Needs to match hostname</li>
<li>Server - Needs to contain hostnames of all you backup master / media servers*</li>
</ul>
<p>*Ensure that all these hostnames resolve to the correct IP addresses and they ping OK</p>
<h4 id="5a-and-5b-netbackup-application">5A. and 5B. NetBackup Application</h4>
<p>As per the process, these need to be completed from the Netbackup master server</p>
<h4 id="5c-file-restore-complete">5C. File Restore Complete</h4>
<p>If you set the NetBackup logging to “5” then good luck finding the wood for the trees!!
Yep, don’t reboot</p>
<h4 id="5d-system_state--shadow-copy-components">5D. System_State / Shadow Copy Components.</h4>
<p>The statement <em>“CAUTION: This is the most critical part of the restore that could result in a bootable system or non-bootable system.”</em> makes me LOL…. I’m sure Veritas thought <em>“Well, that’s all the bases covered… It’ll either work or it won’t….”</em></p>
<h4 id="5d-1-system-state-restore-client-config">5D. 1. System State Restore Client Config</h4>
<p>Bit of a double negative in the process here. I read this as:</p>
<table>
<thead>
<tr>
<th>Restore type</th>
<th>Use Switches</th>
</tr>
</thead>
<tbody>
<tr>
<td>Windows 2003 and below on non-original hardware</td>
<td>none</td>
</tr>
<tr>
<td>Windows 2003 and below on original hardware</td>
<td>\VERITAS\NetBackup\bin\w2koption -restore -same_hardware 1</td>
</tr>
<tr>
<td>Windows 2008 and above on original hardware</td>
<td>none</td>
</tr>
<tr>
<td>Windows 2008 and below on non-original hardware</td>
<td>none</td>
</tr>
</tbody>
</table>
<h4 id="5d-2-system-state-restore">5D. 2. System State Restore</h4>
<p>Restore the system state
Yep, don’t reboot</p>
<h4 id="5e-check-the-logs">5E. Check the logs</h4>
<p>If you set the NetBackup logging to “5” then good luck finding the wood for the trees!!
Yep, don’t reboot</p>
<h4 id="6-double-check">6. Double-check</h4>
<p>Because one check is never enough!</p>
<h4 id="7-restore-other-data">7. Restore Other Data</h4>
<p>Restore ‘em if you got ‘em.</p>
<h4 id="8-stop-the-service">8. Stop the service</h4>
<p><strong>THE MOST IMPORTANT STEP!!</strong> Make sure you manually shutdown the NetBackup client service <strong>before</strong> you reboot.
For some reason, my server wouldn’t open a cmd prompt at this point.. Therefore I used services.msc and manually stopped the NetBackup service in there.</p>
<h4 id="9-transfer-logs-from-restore-before-rebooting">9. Transfer logs from restore before rebooting</h4>
<p>As per the process, my NetBackup logs were not on the system drive, so I was confident I could still get a them even after a reboot. If I need to reboot the server from, say, an Ubuntu CD just to get the logs off, then so be it.</p>
<p>REBOOT (FINALLY!!!)</p>
<h4 id="post-first-boot">Post First Boot</h4>
<p>On my trip trough this process we are all good up until this point. We were then met by the following:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="BCD Error" src="/images/windows-dr-using-netbackup-the-full-process/dr-bcd.jpg" /></p>
<p>Yep, a non-booting system. OK the BCD has got a tad screwed. Here is how I fixed it:</p>
<ol>
<li>Boot from Windows install disc</li>
<li>Click on Repair your computer after you go through language, time etc.</li>
<li>Select your Windows installation drive, which is usually C:\, and click Next</li>
<li>Choose Command Prompt when the System Recovery Options box appears</li>
<li>Enter the following command: <code class="language-plaintext highlighter-rouge">bootrec /rebuildbcd</code></li>
<li>Answer “Y” to add C:\Windows to BCD.</li>
</ol>
<p>A quick reboot and away we went.
If you are seeing different BCD errors, have a look here: <a href="https://polarclouds.co.uk/fix-bootbcd-0xc000000f-error/">Fix Boot/BCD 0xc000000f Error</a></p>
<h4 id="10-post-reboot-action">10. Post Reboot Action.</h4>
<p>As per the notes, yes the first boot took a while.</p>
<h4 id="additional-post-restore-actions">Additional Post restore actions</h4>
<p>We had to re-add the server to the AD and reboot again, but other than that the O/S restore was complete.</p>
<hr />
<p>So there we have it… Phew!</p>
<p>A bit of a megga-post, but hopefully this will help you (and me!) next time either of us have to DR a server on a 3am call out!</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/windows-dr-using-netbackup-the-full-process/">Windows Disaster Recovery Using NetBackup - The Full Process</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on November 18, 2015.</p>
https://polarclouds.co.uk/hello-and-welcome2015-11-12T22:00:00+00:002015-11-12T22:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Modem Tweet" src="/images/icons/pc-200x200.png" />
So here we are. Finally a propper domain name for a propper blog!</p>
<p>Thank you for dropping in. I hope you like what you see. Those of you familiar with my previous blog <a href="chall32.blogspot.com">What the…..?</a> should feel right at home here, same old killer content posted by yours truly.</p>
<p>So why the move? Well, have a read <a href="https://polarclouds.co.uk/pages/about">here</a> go on, I’ll wait…</p>
<p>OK, so whats new? Quite a lot actually! <a href="https://polarclouds.co.uk">https://polarclouds.co.uk</a> is hosted on <a href="https://github.com">Github</a> and is powered by <a href="http://jekyllrb.com">Jekyll</a>.</p>
<p>What’s Jekyll I hear you cry.. Jekyll is actually pretty cool. Put quickly and simply Jekyll is a content engine that creates static html webpages from dynamic components such as templates, partials, liquid code, markdown, etc. Kinda like a polar cloud, something that appears static, yet is made of lots of tiny moving parts….</p>
<p>From my perspective Jekyll makes my blogging experience a whole heap better, thanks to is support of the <a href="https://help.github.com/articles/markdown-basics/">markdown</a> language. Take the source code of the paragraphs above. Prior to the Jekyll conversion the text I type into the post looks like this:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">So why the move?
Well, have a read [ here ]( { { site.url } } /pages/about ) go on, I'll wait…
OK, so whats new? Quite a lot actually!
[ { { site.url } } ] ( { { site.url } } ) is hosted on [ Github ]( https://github.com )
and is powered by [ Jekyll ]( http://jekyllrb.com ). </code></pre></figure>
<p>Pretty cool hey? Notice the brackets etc? Certainly a simpler blogging experience not having to faff about with html etc etc. Less faffing on my end means even more great content from you favorite tech blogger, yours truly (ah… you’re too kind!)</p>
<p>Other pros include:</p>
<ul>
<li>Jekyll is free</li>
<li>Jekyll is <a href="https://github.com/jekyll/jekyll">opensource</a></li>
<li>Github free hosting (blogger was free too)</li>
<li>Github’s built in change tracking</li>
<li>Speed – Static html pages <em>should</em> load quicker</li>
<li>Compatability across a multitude of devices</li>
</ul>
<p>Whilst the old template at What the…..? blog kinda worked on mobiles and tablets, it wasnt all that suitable. In short it was a bit of a <a href="http://www.urbandictionary.com/define.php?term=Cludge">cludge</a> Well cludge no longer!</p>
<p>I’ve still got a bit of conversion to do to fully migrate 145+ blogger posts and all their associated images into github, clear down blogger and get the Disqus comment system up and running.</p>
<p>In the meantime, feel free to drop me a line on twitter <a href="https://twitter.com/chall32">@chall32</a> and whilst you’re there, don’t forget to follow <a href="https://twitter.com/polarcloudsuk">@PolarCloudsUK</a> to be the first to recieve blog post updates and all things <a href="https://polarclouds.co.uk">https://polarclouds.co.uk</a> related.</p>
<p>Welcome!</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/hello-and-welcome/">Hello and Welcome</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on November 12, 2015.</p>
https://polarclouds.co.uk/ms15-034-patch-now2015-04-20T13:43:00+01:002015-04-20T13:43:00+01:00Chris Hallhttps://polarclouds.co.uk
<p>So I finally had a chance to test this little doozy of an issue this lunchtime. Crash a webserver by issuing a simple wget command?</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="tweethello" src="/images/ms15-034-patch-now/MS15-034.JPG" /></p>
<p>Yep, I can confirm that this is a good ‘un against a Windows 2012R2 server as you can see in my screenshot above.</p>
<p><code class="language-plaintext highlighter-rouge">wget --header="Range: bytes=18-18446744073709551615" http://[ip address]/</code></p>
<p>Find out more here from the SANS Internet Storm Center here:<br />
<a href="https://isc.sans.edu/forums/diary/MS15034+HTTPsys+IIS+DoS+And+Possible+Remote+Code+Execution+PATCH+NOW/19583/">SANS Internet Storm Center</a></p>
<p>And here:</p>
<iframe allowfullscreen="" frameborder="0" height="315" src="https://www.youtube.com/embed/EZ0wo5UDkig" width="560"> </iframe>
<p>Microsoft MS15-034 Security Bulletin:<br />
<a href="https://technet.microsoft.com/en-us/library/security/ms15-034.aspx">https://technet.microsoft.com/en-us/library/security/ms15-034.aspx</a></p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/ms15-034-patch-now/">MS15-034 Patch NOW!</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 20, 2015.</p>
https://polarclouds.co.uk/monitor-your-adsl-vdsl-connection2015-04-13T20:44:00+01:002015-04-13T20:44:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Modem Tweet" src="/images/monitor-your-adsl-vdsl-connection/HG612Tweet.png" />
Just under a year ago now I was fortunate enough to be able to upgrade from ADSL to FTTC (Fibre To The Cabinet) VDSL broadband.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#step-1-understand-your-modem--router" id="markdown-toc-step-1-understand-your-modem--router">Step 1: Understand your Modem / Router</a></li>
<li><a href="#step-2-powershell-telnet" id="markdown-toc-step-2-powershell-telnet">Step 2: Powershell Telnet</a></li>
<li><a href="#step-3-powershell-text-file-crunching" id="markdown-toc-step-3-powershell-text-file-crunching">Step 3: Powershell Text File Crunching</a></li>
<li><a href="#step-4-powershell-tweeting" id="markdown-toc-step-4-powershell-tweeting">Step 4: Powershell Tweeting</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<p>Overnight my internet connection jumped from around 4Mb/s to over 60Mb/s!</p>
<p>Understandably internet connetivity was good:</p>
<blockquote class="twitter-tweet" lang="en"><p lang="en" dir="ltr">Happy with that! <a href="http://t.co/j0yv5nXuLW">pic.twitter.com/j0yv5nXuLW</a></p>— Chris Hall (@chall32) <a href="https://twitter.com/chall32/status/464166001068617728">May 7, 2014</a></blockquote>
<script async="" src="//platform.twitter.com/widgets.js" charset="utf-8"></script>
<p>And for just under 12 months, all was good.</p>
<p>Just recently however, I had an issue with water ingress on my line and it became necessary once again to keep an eye on my broadband stats. But surely we can do something a bit more “web 2.0” than just running an app on a desktop / server somewhere. Apps are all well and good, but it does require a level of effort to login and check the output of the monitoring app.</p>
<p>Wouldn’t it be good if I just received the basics via a push notification to me on my phone wherever I am?</p>
<p>In a twitter notification type of way……. :oD</p>
<p>I personally use twitter for all sorts of notifications; blog posts, traffic incidents, etc. So that I get notifications, I use a second private twitter account and suffix all my tweets @chall32 so that my phone twitter client picks up on the notifications and make the appropriate noises, buzzes etc.</p>
<p>Hence I came up with a very simple powershell script based on Martin Pugh’s telnet Powershell script available at: <a href="http://community.spiceworks.com/scripts/show/1887-get-telnet-telnet-to-a-device-and-issue-commands">http://community.spiceworks.com</a></p>
<p>Team this with the native python twitter client <a href="https://pypi.python.org/pypi/twitter">https://pypi.python.org/pypi/twitter</a> (because it’s soo much easier to use than coding your own <a href="https://dev.twitter.com/oauth">twitter o-auth stuff</a> in Powershell) and job done. Here’s how.</p>
<h3 id="step-1-understand-your-modem--router">Step 1: Understand your Modem / Router</h3>
<p>I now (I didn’t before - but thats a different story for another day) run a Huawei HG612 Modem on my VDSL broadband connection. I’ve loaded custom firmware on it as detailed on the brilliant Kitz Wiki: <a href="http://www.kitz.co.uk/routers/hg612unlock.htm">Huawei HG612 FTTC Modem & Line Stats</a></p>
<p>My modem requires a couple of telnet commands to offer me up it’s line stats:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="stats" src="/images/monitor-your-adsl-vdsl-connection/stats.jpg" /></p>
<p>So that’s <code class="language-plaintext highlighter-rouge">sh</code> (to open busybox) and <code class="language-plaintext highlighter-rouge">xdslcmd info --stats</code> to get the goods.</p>
<h3 id="step-2-powershell-telnet">Step 2: Powershell Telnet</h3>
<p>Dead simple. I just copied one of Martin’s examples. My command ended up looking like this:</p>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="n">Get-Telnet</span><span class="w"> </span><span class="nt">-RemoteHost</span><span class="w"> </span><span class="s2">"192.168.0.1"</span><span class="w"> </span><span class="nt">-Commands</span><span class="w"> </span><span class="s2">"admin"</span><span class="p">,</span><span class="s2">"password"</span><span class="p">,</span><span class="s2">"sh"</span><span class="p">,</span><span class="w"> </span><span class="se">`
</span><span class="s2">"xdslcmd info --stats"</span><span class="w"> </span><span class="nt">-OutputPath</span><span class="w"> </span><span class="s2">"C:\out.txt"</span><span class="w"> </span><span class="nt">-WaitTime</span><span class="w"> </span><span class="nx">1500</span></code></pre></figure>
<p>Breaking this command down, the command logs onto my modem at IP address 192.168.0.1 (yours will probably be at at a different IP address) using <code class="language-plaintext highlighter-rouge">admin</code> and <code class="language-plaintext highlighter-rouge">password</code> for credentials. It then issues the commands <code class="language-plaintext highlighter-rouge">sh</code> and <code class="language-plaintext highlighter-rouge">xdslcmd info --stats</code> to the modem, saves the output of the whole telnet session to a textfile <code class="language-plaintext highlighter-rouge">C:\out.txt</code> after waiting for 1500 milliseconds, closing the telnet session and continuing with the rest of the script.</p>
<h3 id="step-3-powershell-text-file-crunching">Step 3: Powershell Text File Crunching</h3>
<p>This is the tricky part. As we are going to be notifying via twitter, we just want the salient points in our tweet - we have no need for the other gumph.</p>
<p>My modem returns the up and down link speed stats in this format:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">Bearer: 0, Upstream rate = 20000 Kbps, Downstream rate = 67273 Kbps</code></pre></figure>
<p>So I use this command to get my download speed:</p>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="nv">$dnspeed</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="n">Select-String</span><span class="w"> </span><span class="nt">-Path</span><span class="w"> </span><span class="nx">c:\out.txt</span><span class="w"> </span><span class="nt">-pattern</span><span class="w"> </span><span class="s2">"Bearer: 0, Upstream rate ="</span><span class="p">)</span><span class="o">.</span><span class="nf">Line</span><span class="o">.</span><span class="nf">Split</span><span class="p">(</span><span class="s2">"=,"</span><span class="p">)[</span><span class="mi">4</span><span class="p">]</span></code></pre></figure>
<p>Here I’m searching the text file <code class="language-plaintext highlighter-rouge">C:\out.txt</code> for <code class="language-plaintext highlighter-rouge">"Bearer: 0, Upstream rate ="</code>, once I find that line of text, I then splitting the text up into chunks using <code class="language-plaintext highlighter-rouge">=</code> and <code class="language-plaintext highlighter-rouge">,</code> as delimiters. From there I grab the fourth chunk of text (text chunks start at 0) which is <code class="language-plaintext highlighter-rouge">67273 Kbps</code> and save it to the variable <code class="language-plaintext highlighter-rouge">$dnspeed</code>.</p>
<p>I repeat that for upload speed, but select text chunk 2 instead:</p>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="nv">$upspeed</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="n">Select-String</span><span class="w"> </span><span class="nt">-Path</span><span class="w"> </span><span class="nx">c:\out.txt</span><span class="w"> </span><span class="nt">-pattern</span><span class="w"> </span><span class="s2">"Bearer: 0, Upstream rate ="</span><span class="p">)</span><span class="o">.</span><span class="nf">Line</span><span class="o">.</span><span class="nf">Split</span><span class="p">(</span><span class="s2">"=,"</span><span class="p">)[</span><span class="mi">2</span><span class="p">]</span></code></pre></figure>
<p>For link time, handily my modem gives me this via the same command:</p>
<figure class="highlight"><pre><code class="language-text" data-lang="text">Since Link time = 4 days 15 hours 19 min 11 sec</code></pre></figure>
<p>That’ll do. I’ll just grab that time out of that using:</p>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="nv">$uptime</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="n">Select-String</span><span class="w"> </span><span class="nt">-Path</span><span class="w"> </span><span class="nx">c:\out.txt</span><span class="w"> </span><span class="nt">-pattern</span><span class="w"> </span><span class="s2">"Since Link time"</span><span class="p">)</span><span class="o">.</span><span class="nf">Line</span><span class="o">.</span><span class="nf">Split</span><span class="p">(</span><span class="s2">"="</span><span class="p">)[</span><span class="mi">1</span><span class="p">]</span><span class="err"> </span></code></pre></figure>
<p>Split the line of text on <code class="language-plaintext highlighter-rouge">=</code> and grab the second chunk of text, chunk 1.<br />
Finally, pull everything into one variable, called $tweet:</p>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="nv">$tweet</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"@chall32 D/L=</span><span class="nv">$dnspeed</span><span class="s2"> U/L=</span><span class="nv">$upspeed</span><span class="s2"> Uptime=</span><span class="nv">$uptime</span><span class="s2">"</span></code></pre></figure>
<h3 id="step-4-powershell-tweeting">Step 4: Powershell Tweeting</h3>
<p>Rather than coding something in Powershell to handle twitter o-auth authentication and sending of tweets, I cheat and use the ready made twitter command line executable available here: <a href="https://pypi.python.org/pypi/twitter">https://pypi.python.org/pypi/twitter</a><br />
The Steps to enable tweeting from the command line (and hence Powershell) are as follows:</p>
<ol>
<li>Download and install python from <a href="https://www.python.org/downloads/">https://www.python.org/downloads/</a> </li>
<li>Once python is installed, open a command prompt and navigate to C:\python34\Scripts</li>
<li>Issue the command <code class="language-plaintext highlighter-rouge">pip install twitter</code> </li>
<li>
<p>You should see the following run though:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="piptwitter" src="/images/monitor-your-adsl-vdsl-connection/piptwitter.jpg" /></p>
</li>
<li>Now issue the command <code class="language-plaintext highlighter-rouge">twitter.exe</code></li>
<li>A browser window should open prompting you to enter your twitter account credentials (remember to use a twitter account other than you main twitter account so that twitter notifications trigger correctly)</li>
<li>
<p>Authorize the app and enter the pin into the command line:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="auth" src="/images/monitor-your-adsl-vdsl-connection/auth.jpg" /></p>
</li>
<li>
<p>Quick test:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="tweethello" src="/images/monitor-your-adsl-vdsl-connection/tweethello.jpg" /></p>
</li>
<li>Ah yea, all good:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="tweettest" src="/images/monitor-your-adsl-vdsl-connection/tweettest.jpg" /></li>
</ol>
<p>To tweet from powershell, we just use Invoke-Command as follows:</p>
<figure class="highlight"><pre><code class="language-powershell" data-lang="powershell"><span class="n">Invoke-Command</span><span class="w"> </span><span class="p">{</span><span class="n">C:\Python34\Scripts\twitter.exe</span><span class="w"> </span><span class="nx">set</span><span class="w"> </span><span class="nv">$tweet</span><span class="p">}</span></code></pre></figure>
<p>Finally save the script and schedule via windows task scheduler:<br />
<img style="display: block; margin-left: auto; margin-right: auto;" alt="schedule" src="/images/monitor-your-adsl-vdsl-connection/schedule.png" /></p>
<p>That’s it !!!<br />
<img style="display: block; margin-left: auto; margin-right: auto;" alt="screenshot" src="/images/monitor-your-adsl-vdsl-connection/Screenshot_2015-04-15-11-26-30.png" /></p>
<p>For a full copy of the script, head on over to <a href="https://github.com/chall32/Tweet-DSLStats">https://github.com/chall32/Tweet-DSLStats</a></p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/monitor-your-adsl-vdsl-connection/">Monitor Your ADSL / VDSL Connection Statistics via Twitter</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 13, 2015.</p>
https://polarclouds.co.uk/re-arm-remote-desktop-session-host2015-03-16T12:16:00+00:002015-03-16T12:16:00+00:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="RDP" src="/images/re-arm-remote-desktop-session-host/Remote_desktop_connection_icon.png" />
So here is a little fix for an unlicensed remote desktop session host I found…</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#scenario" id="markdown-toc-scenario">Scenario</a></li>
<li><a href="#cause" id="markdown-toc-cause">Cause</a></li>
<li><a href="#resolution-1" id="markdown-toc-resolution-1">Resolution 1</a></li>
<li><a href="#resolution-2" id="markdown-toc-resolution-2">Resolution 2</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h3 id="scenario">Scenario</h3>
<p>You have enabled remote desktop session host (also known as remote desktop terminal services mode) in trial mode on a Windows 2012 or Windows 2012R2 server some time ago and now you are receiving the error:</p>
<blockquote>
<p>“The remote session was disconnected because there are no Remote Desktop Licence Servers available to provide a licence. Please contact the server administrator”</p>
</blockquote>
<p>You may also notice Event ID: 1128 Source: TerminalServices-RemoteConnectionManager being logged in your system event log.</p>
<h3 id="cause">Cause</h3>
<p>You are outside of your 120 day remote desktop session host evaluation period and / or the service has not been configured to register with a license server to install licenses. A remote desktop licensing server is required for continuous normal operation.</p>
<h3 id="resolution-1">Resolution 1</h3>
<p>Install a remote desktop licensing server with the appropriate number of remote desktop session host licences and register your session host server with this.</p>
<h3 id="resolution-2">Resolution 2</h3>
<p>Re-arm your remote desktop session host evaluation to allow for another 120 days evaluation time. Here is how:</p>
<ol>
<li>
<p>Logon to your remote desktop session host server, open up regedit and navigate to</p>
<p><code class="language-plaintext highlighter-rouge">HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\GracePeriod</code></p>
</li>
<li>
<p>Right click GracePeriod key and select Permissions. Grant Administrators full control as shown below: </p>
</li>
</ol>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Wiring Mess 1" src="/images/re-arm-remote-desktop-session-host/gp.jpg" /></p>
<ol>
<li>Delete the <code class="language-plaintext highlighter-rouge">L$RTMTIMEBOMB</code> value leaving only the <code class="language-plaintext highlighter-rouge">(default)</code> value</li>
<li>Reboot your remote desktop session host server</li>
<li>Job done. You should have another 120 days evaluation time </li>
</ol>
<p>I understand that this resolution also works for Windows 2008, Windows 2008R2 As well as Windows 2012 and Windows 2012R2.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/re-arm-remote-desktop-session-host/">Re-Arm Remote Desktop Session Host</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on March 16, 2015.</p>
https://polarclouds.co.uk/fix-bootbcd-0xc000000f-error2014-03-24T08:00:00+00:002014-03-24T08:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<p>File this one under a post for another day / ah yes, I’ve seen that before, cant remember how I fixed it however…</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#step-0-getting-to-the-recovery-console" id="markdown-toc-step-0-getting-to-the-recovery-console">Step 0: Getting to the Recovery Console</a></li>
<li><a href="#step-1-ensure-your-system-partition-is-marked-as-active" id="markdown-toc-step-1-ensure-your-system-partition-is-marked-as-active">Step 1: Ensure your system partition is marked as active</a></li>
<li><a href="#step-2-repair-master-boot-record-and-repair-boot-sector" id="markdown-toc-step-2-repair-master-boot-record-and-repair-boot-sector">Step 2: Repair Master Boot Record and Repair Boot Sector</a></li>
<li><a href="#step-3-rebuild-boot-files" id="markdown-toc-step-3-rebuild-boot-files">Step 3: Rebuild Boot files</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="BCD Error" src="/images/fix-bootbcd-0xc000000f-error/bcderror.jpg" /></p>
<p>That’s:</p>
<blockquote>
<p>File: \Boot\BCD<br />
Status: 0xc000000f<br />
Info: an error occurred while attempting to read the boot configuration data</p>
</blockquote>
<p>Oh joy… OK, here is how to fix:</p>
<h3 id="step-0-getting-to-the-recovery-console">Step 0: Getting to the Recovery Console</h3>
<ol>
<li>Insert Windows DVD* and after selecting language and keyboard, select “Repair your computer”</li>
<li>Wait for system recovery to run and fail</li>
<li>Click “No” to apply any changes</li>
<li>Cick “Next” to look for a recovery image</li>
<li>Click “Cancel” on the cannot find system image dialogue</li>
<li>Click “Cancel” to exit system image dialogue</li>
<li>Click Command Prompt</li>
</ol>
<h3 id="step-1-ensure-your-system-partition-is-marked-as-active">Step 1: Ensure your system partition is marked as active</h3>
<p>As a reminder - <span style="font-family: Courier New, Courier, monospace;"><strong>this is a typed command</strong></span><br />
And this is a comment.</p>
<ol>
<li>Boot into the recovery console as per step 0</li>
<li><span style="font-family: Courier New, Courier, monospace;"><strong>diskpart</strong></span></li>
<li><span style="font-family: Courier New, Courier, monospace;"><strong>select disk 0</strong></span></li>
<li><span style="font-family: Courier New, Courier, monospace;"><strong>list partition</strong></span></li>
<li>Select the first primary partition. In the screenshot below, the partition to select is partition 2, so <span style="font-family: Courier New, Courier, monospace;"><strong>select partition 2</strong></span>:</li>
</ol>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="BCD Error Diskpart" src="/images/fix-bootbcd-0xc000000f-error/diskpart.jpg" /></p>
<ol>
<li><span style="font-family: Courier New, Courier, monospace;"><strong>detail partition</strong></span></li>
<li>Ensure that the partition is marked as Active: Yes</li>
</ol>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="BCD Error Active" src="/images/fix-bootbcd-0xc000000f-error/active.jpg" /></p>
<ol>
<li>If not, then <span style="font-family: Courier New, Courier, monospace;"><strong>active</strong></span> to set the partition active</li>
<li><span style="font-family: Courier New, Courier, monospace;"><strong>exit</strong></span> to exit diskpart</li>
<li><span style="font-family: Courier New, Courier, monospace;"><strong>exit</strong></span> to exit recovery console</li>
<li>Restart to reboot</li>
<li>Boot and follow step 0 to enter the recovery console again</li>
</ol>
<h3 id="step-2-repair-master-boot-record-and-repair-boot-sector">Step 2: Repair Master Boot Record and Repair Boot Sector</h3>
<ol>
<li>Boot back into the recovery console, as per step 0, run the following commands</li>
<li><span style="font-family: Courier New, Courier, monospace;"><strong>bootrec /fixmbr</strong></span></li>
<li><span style="font-family: Courier New, Courier, monospace;"><strong>bootrec /fixboot</strong></span></li>
</ol>
<h3 id="step-3-rebuild-boot-files">Step 3: Rebuild Boot files</h3>
<p>You need to know where your Windows folder is mounted within the recovery console. Sometimes it is at C:\Windows, sometimes D:\Windows, sometimes somewhere else. If you have no idea, use the following to get you a list of drive letters currently in use:</p>
<p>1. <span style="font-family: Courier New, Courier, monospace;"><strong>diskpart</strong></span><br />
2. <span style="font-family: Courier New, Courier, monospace;"><strong>select disk 0</strong></span><br />
3. <span style="font-family: Courier New, Courier, monospace;"><strong>list volume</strong></span></p>
<p>Then it’s just a matter of looking for Windows directories on each of those volumes.</p>
<p>So to rebuild the boot files:<br />
<span style="font-family: Courier New, Courier, monospace;"><strong>bcdboot C:\Windows /s C:</strong></span><br />
Reboot and you should be done.</p>
<p>*If you can’t find your Windows DVD, have a look</p>
<p><a href="http://www.w7forums.com/threads/official-windows-7-sp1-iso-image-downloads.12325/">Here</a> for Windows 7 DVDs (Release versions)<br />
<a href="http://www.microsoft.com/en-gb/download/details.aspx?id=11093">Here</a> for Windows 2008R2 DVD (Evaluation version)<br />
<a href="http://technet.microsoft.com/en-US/evalcenter/hh699156.aspx">Here</a> for Windows 8.x DVD (Evaluation version)<br />
<a href="http://msdn.microsoft.com/en-gb/evalcenter/hh708764.aspx">Here</a> for Windows 2012 DVD (Evaluation version)</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/fix-bootbcd-0xc000000f-error/">Fix Boot/BCD 0xc000000f Error</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on March 24, 2014.</p>
https://polarclouds.co.uk/ldwin-v20-released2014-03-21T18:04:00+00:002014-03-21T18:04:00+00:00Chris Hallhttps://polarclouds.co.uk
<p>Quick post to let you know that yes, I’m still alive and I’ve just released version 2.0 of my popular link discovery tool for Windows, LDWin.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#what-is-ldwin" id="markdown-toc-what-is-ldwin">What is LDWin?</a></li>
<li><a href="#what-is-network-link-discovery" id="markdown-toc-what-is-network-link-discovery">What is Network Link Discovery?</a></li>
<li><a href="#the-solution" id="markdown-toc-the-solution">THE SOLUTION!</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h3 id="what-is-ldwin">What is LDWin?</h3>
<p>LDWin is Network Link Discovery for Windows</p>
<h3 id="what-is-network-link-discovery">What is Network Link Discovery?</h3>
<p>Link discovery is the process of ascertaining information from directly connected networking devices, such as network switches. Consider this for a moment:</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Wiring Mess 1" src="/images/ldwin-v20-released/wiringmess1.jpg" /></p>
<p>or</p>
<p><img style="display: block; margin-left: auto; margin-right: auto;" alt="Wiring Mess 2" src="/images/ldwin-v20-released/wiringmess2.jpg" /></p>
<p>Do you know where those network cables go?</p>
<h3 id="the-solution">THE SOLUTION!</h3>
<p>This is where LDWin comes in!</p>
<p>Find out more on and download your copy of LDWin from LDWin’s <a href="https://github.com/chall32/LDWin#ldwin">Github Page</a></p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/ldwin-v20-released/">LDWin v2.0 Released</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on March 21, 2014.</p>
https://polarclouds.co.uk/screaming-woods-pluckley2013-09-08T14:06:00+01:002013-09-08T14:06:00+01:00Chris Hallhttps://polarclouds.co.uk
So what do you and 10 other people do in the woods at night?? No, not that... Ghost hunting of course!<br /><br />Where better to find some ghosts? Why, Pluckley; often referred to (and listed in 1998 Guinness Book of World Records) as Britain's most haunted village. Why? because Pluckley boasts the following strange goings on and haunted places in and around the village:<br /><ul><li>Phantom Coach & Horses - various locations</li><li>The Colonel - Park Wood</li><li>The Highwayman - Pinnock Crossroads</li><li>The Miller - Site of Old Mill</li><li>The Monk - Greystones</li><li>The Red Lady - St Nicholas Church</li><li>The Schoolmaster - Dicky Buss Lane</li><li>The Screaming Man - Pluckley Brickworks</li><li>The Tudor Lady - Rose Court</li><li>The Watercress Woman - Pinnock Stream</li><li>The White Lady - St Nicholas Church and Surrenden Manor</li><li>The Black Horse - The Street</li><li>The Dering Arms - Station Road</li><li>The Blacksmith's Arms - Pluckley Thorne</li><li>The Screaming Woods - Dering Woods & Frith Wood</li><li>The Devil's Bush - Frith Corner</li></ul>Don't just take my word for it, see:<br /><ul><li><a href="http://www.telegraph.co.uk/travel/destinations/europe/uk/3278642/Pluckley-the-most-haunted-village-in-England.html" target="_blank">DailyTelegraph.co.uk</a></li><li><a href="http://www.mysteriousbritain.co.uk/england/kent/hauntings/pluckley.html" target="_blank">MysteriousBritain.co.uk</a></li><li><a href="http://www.ghost-story.co.uk/index.php/ghost-stories/298-pluckly-village-kent-england" target="_blank">Ghost-Story.co.uk</a></li></ul>Tonights excursion; Screaming (Dering) Woods, an area supposedly haunted by many who have become lost in deep in the woods. You can supposedly still hear their screams from inside the woods at night. An excursion run by <a href="http://ghosthuntevents.co.uk/" target="_blank">ghosthuntevents.co.uk</a><br /><br /><iframe frameborder="0" height="350" marginheight="0" marginwidth="0" scrolling="no" src="https://maps.google.co.uk/maps?q=dering+woods+pluckley+kent&ie=UTF8&hl=en&hq=&hnear=Dering+Wood&t=h&ll=51.166428,0.726643&spn=0.037675,0.072956&z=13&output=embed" width="425"></iframe><br /><small><a href="https://maps.google.co.uk/maps?q=dering+woods+pluckley+kent&ie=UTF8&hl=en&hq=&hnear=Dering+Wood&t=h&ll=51.166428,0.726643&spn=0.037675,0.072956&z=13&source=embed" target="_blank">View Larger Map</a></small><br /><br />So fortified with a top slap up meal at the <a href="http://www.blackhorsepluckley.co.uk/" target="_blank">Black Horse</a> (highly recommended) and armed with camera off we went to see what we could see. Here is what we captured:<br /><br /><div style="margin: 0; overflow: hidden; padding: 0; width: 500px;"><a href="http://www.flickr.com/photos/51660515@N06/9700782226/in/set-72157635435186090/" style="display: block; float: left; height: 75px; padding: 0px 10px 10px 0px; text-align: center; width: 75px;" title="IMG_0639"><img alt="IMG_0639" src="https://farm4.staticflickr.com/3718/9700782226_90afe2be86_s.jpg" style="border: none; height: 75px; margin: 0; padding: 0; width: 75px;" /></a><a href="http://www.flickr.com/photos/51660515@N06/9697556115/in/set-72157635435186090/" style="display: block; float: left; height: 75px; padding: 0px 10px 10px 0px; text-align: center; width: 75px;" title="IMG_0637"><img alt="IMG_0637" src="https://farm4.staticflickr.com/3716/9697556115_59eb21b3a4_s.jpg" style="border: none; height: 75px; margin: 0; padding: 0; width: 75px;" /></a><a href="http://www.flickr.com/photos/51660515@N06/9697552917/in/set-72157635435186090/" style="display: block; float: left; height: 75px; padding: 0px 10px 10px 0px; text-align: center; width: 75px;" title="IMG_0638"><img alt="IMG_0638" src="https://farm3.staticflickr.com/2855/9697552917_0611eb2ac1_s.jpg" style="border: none; height: 75px; margin: 0; padding: 0; width: 75px;" /></a><a href="http://www.flickr.com/photos/51660515@N06/9700776830/in/set-72157635435186090/" style="display: block; float: left; height: 75px; padding: 0px 10px 10px 0px; text-align: center; width: 75px;" title="IMG_0640"><img alt="IMG_0640" src="https://farm3.staticflickr.com/2855/9700776830_6aeb26bb44_s.jpg" style="border: none; height: 75px; margin: 0; padding: 0; width: 75px;" /></a><a href="http://www.flickr.com/photos/51660515@N06/9697535633/in/set-72157635435186090/" style="display: block; float: left; height: 75px; padding: 0px 10px 10px 0px; text-align: center; width: 75px;" title="IMG_0641"><img alt="IMG_0641" src="https://farm4.staticflickr.com/3757/9697535633_235d0b46a3_s.jpg" style="border: none; height: 75px; margin: 0; padding: 0; width: 75px;" /></a><a href="http://www.flickr.com/photos/51660515@N06/9697529315/in/set-72157635435186090/" style="display: block; float: left; height: 75px; padding: 0px 0px 10px; text-align: center; width: 75px;" title="IMG_0642"><img alt="IMG_0642" src="https://farm3.staticflickr.com/2889/9697529315_9b4e6e1ab8_s.jpg" style="border: none; height: 75px; margin: 0; padding: 0; width: 75px;" /></a><br /><a href="http://www.flickr.com/photos/51660515@N06/9697525849/in/set-72157635435186090/" style="display: block; float: left; height: 75px; padding: 0px 10px 10px 0px; text-align: center; width: 75px;" title="IMG_0643"><img alt="IMG_0643" src="https://farm4.staticflickr.com/3668/9697525849_49086ef311_s.jpg" style="border: none; height: 75px; margin: 0; padding: 0; width: 75px;" /></a><a href="http://www.flickr.com/photos/51660515@N06/9697519267/in/set-72157635435186090/" style="display: block; float: left; height: 75px; padding: 0px 10px 10px 0px; text-align: center; width: 75px;" title="IMG_0648"><img alt="IMG_0648" src="https://farm6.staticflickr.com/5533/9697519267_2612a0bee3_s.jpg" style="border: none; height: 75px; margin: 0; padding: 0; width: 75px;" /></a><a href="http://www.flickr.com/photos/51660515@N06/9700745852/in/set-72157635435186090/" style="display: block; float: left; height: 75px; padding: 0px 10px 10px 0px; text-align: center; width: 75px;" title="IMG_0649"><img alt="IMG_0649" src="https://farm4.staticflickr.com/3803/9700745852_7de9368b34_s.jpg" style="border: none; height: 75px; margin: 0; padding: 0; width: 75px;" /></a><a href="http://www.flickr.com/photos/51660515@N06/9700737584/in/set-72157635435186090/" style="display: block; float: left; height: 75px; padding: 0px 10px 10px 0px; text-align: center; width: 75px;" title="IMG_0650"><img alt="IMG_0650" src="https://farm6.staticflickr.com/5506/9700737584_e01239c0a0_s.jpg" style="border: none; height: 75px; margin: 0; padding: 0; width: 75px;" /></a><a href="http://www.flickr.com/photos/51660515@N06/9700729074/in/set-72157635435186090/" style="display: block; float: left; height: 75px; padding: 0px 10px 10px 0px; text-align: center; width: 75px;" title="IMG_0651"><img alt="IMG_0651" src="https://farm4.staticflickr.com/3689/9700729074_ec02eaf7c3_s.jpg" style="border: none; height: 75px; margin: 0; padding: 0; width: 75px;" /></a><a href="http://www.flickr.com/photos/51660515@N06/9697487249/in/set-72157635435186090/" style="display: block; float: left; height: 75px; padding: 0px 0px 10px; text-align: center; width: 75px;" title="IMG_0653"><img alt="IMG_0653" src="https://farm8.staticflickr.com/7401/9697487249_110386c317_s.jpg" style="border: none; height: 75px; margin: 0; padding: 0; width: 75px;" /></a><br /><a href="http://www.flickr.com/photos/51660515@N06/9697480449/in/set-72157635435186090/" style="display: block; float: left; height: 75px; padding: 0px 10px 10px 0px; text-align: center; width: 75px;" title="IMG_0654"><img alt="IMG_0654" src="https://farm8.staticflickr.com/7312/9697480449_4f72ee229e_s.jpg" style="border: none; height: 75px; margin: 0; padding: 0; width: 75px;" /></a><a href="http://www.flickr.com/photos/51660515@N06/9700706914/in/set-72157635435186090/" style="display: block; float: left; height: 75px; padding: 0px 10px 10px 0px; text-align: center; width: 75px;" title="IMG_0655"><img alt="IMG_0655" src="https://farm4.staticflickr.com/3817/9700706914_7cd23edcef_s.jpg" style="border: none; height: 75px; margin: 0; padding: 0; width: 75px;" /></a><a href="http://www.flickr.com/photos/51660515@N06/9697464719/in/set-72157635435186090/" style="display: block; float: left; height: 75px; padding: 0px 10px 10px 0px; text-align: center; width: 75px;" title="IMG_0656"><img alt="IMG_0656" src="https://farm4.staticflickr.com/3830/9697464719_34b7468b7c_s.jpg" style="border: none; height: 75px; margin: 0; padding: 0; width: 75px;" /></a><a href="http://www.flickr.com/photos/51660515@N06/9697457953/in/set-72157635435186090/" style="display: block; float: left; height: 75px; padding: 0px 10px 10px 0px; text-align: center; width: 75px;" title="IMG_0657"><img alt="IMG_0657" src="https://farm8.staticflickr.com/7416/9697457953_f14f20c34e_s.jpg" style="border: none; height: 75px; margin: 0; padding: 0; width: 75px;" /></a><a href="http://www.flickr.com/photos/51660515@N06/9700685900/in/set-72157635435186090/" style="display: block; float: left; height: 75px; padding: 0px 10px 10px 0px; text-align: center; width: 75px;" title="IMG_0659"><img alt="IMG_0659" src="https://farm8.staticflickr.com/7441/9700685900_7798534c2c_s.jpg" style="border: none; height: 75px; margin: 0; padding: 0; width: 75px;" /></a><a href="http://www.flickr.com/photos/51660515@N06/9697443049/in/set-72157635435186090/" style="display: block; float: left; height: 75px; padding: 0px 0px 10px; text-align: center; width: 75px;" title="IMG_0660"><img alt="IMG_0660" src="https://farm4.staticflickr.com/3695/9697443049_0061dd05ff_s.jpg" style="border: none; height: 75px; margin: 0; padding: 0; width: 75px;" /></a><br /><a href="http://www.flickr.com/photos/51660515@N06/9700670346/in/set-72157635435186090/" style="display: block; float: left; height: 75px; padding: 0px 10px 10px 0px; text-align: center; width: 75px;" title="IMG_0661"><img alt="IMG_0661" src="https://farm8.staticflickr.com/7353/9700670346_558d920f9d_s.jpg" style="border: none; height: 75px; margin: 0; padding: 0; width: 75px;" /></a><a href="http://www.flickr.com/photos/51660515@N06/9700664498/in/set-72157635435186090/" style="display: block; float: left; height: 75px; padding: 0px 10px 10px 0px; text-align: center; width: 75px;" title="IMG_0662"><img alt="IMG_0662" src="https://farm6.staticflickr.com/5511/9700664498_af838bc3e9_s.jpg" style="border: none; height: 75px; margin: 0; padding: 0; width: 75px;" /></a><a href="http://www.flickr.com/photos/51660515@N06/9700659566/in/set-72157635435186090/" style="display: block; float: left; height: 75px; padding: 0px 10px 10px 0px; text-align: center; width: 75px;" title="IMG_0665"><img alt="IMG_0665" src="https://farm8.staticflickr.com/7387/9700659566_f0022f4097_s.jpg" style="border: none; height: 75px; margin: 0; padding: 0; width: 75px;" /></a><a href="http://www.flickr.com/photos/51660515@N06/9697416759/in/set-72157635435186090/" style="display: block; float: left; height: 75px; padding: 0px 10px 10px 0px; text-align: center; width: 75px;" title="IMG_0666"><img alt="IMG_0666" src="https://farm8.staticflickr.com/7329/9697416759_246ddbee61_s.jpg" style="border: none; height: 75px; margin: 0; padding: 0; width: 75px;" /></a><a href="http://www.flickr.com/photos/51660515@N06/9700646002/in/set-72157635435186090/" style="display: block; float: left; height: 75px; padding: 0px 10px 10px 0px; text-align: center; width: 75px;" title="IMG_0667"><img alt="IMG_0667" src="https://farm6.staticflickr.com/5344/9700646002_9d96e1e3f3_s.jpg" style="border: none; height: 75px; margin: 0; padding: 0; width: 75px;" /></a><a href="http://www.flickr.com/photos/51660515@N06/9697405741/in/set-72157635435186090/" style="display: block; float: left; height: 75px; padding: 0px 0px 10px; text-align: center; width: 75px;" title="IMG_0668"><img alt="IMG_0668" src="https://farm6.staticflickr.com/5521/9697405741_231962fe51_s.jpg" style="border: none; height: 75px; margin: 0; padding: 0; width: 75px;" /></a></div>As you can see, a nice selection of orbs and a nice bit of mist in IMG_0650 (second row, fourth picture from the left) the only mistly picture in the entire set!<br /><br />Steve our guide from <a href="http://ghosthuntevents.co.uk/" target="_blank">ghosthuntevents.co.uk</a> bought with him a an array of ghost meters, EMF meters and a spirit box (a backwards RF scanner) which kept us all entertained and enthralled with the evenings investigation. We also completed a vigil where we were contacted by Michael, the spirit of a motorcyclist who died in an accident close to screaming woods.<br /><br />Am I a believer? Well, no not quite yet, although I would like to hope and believe there is something to look forward to after you <a href="http://www.urbandictionary.com/define.php?term=pop%20your%20clogs" target="_blank">pop your clogs</a>...<br /><br />So all in all, a thoroughly enjoyable and highly recommended evening with <a href="http://ghosthuntevents.co.uk/" target="_blank">ghosthuntevents.co.uk</a><br />Looking forward to going on another event soon. Some of <a href="http://ghosthuntevents.co.uk/locations.php" target="_blank">these locations</a> look fantastic!<br /><br />In the meantime, keep watching <a href="http://ghosthuntevents.tv/" target="_blank">ghosthuntevents.tv</a> and <a href="https://www.youtube.com/user/GhostHuntEvents/" target="_blank">GhostHuntEvents Youtube Channel</a><br /><br />- Chris<br /><br /><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/screaming-woods-pluckley/">Screaming Woods Pluckley</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on September 08, 2013.</p>
https://polarclouds.co.uk/vm-snapshot-discovery-and-attribution2013-08-01T12:43:00+01:002013-08-01T12:43:00+01:00Chris Hallhttps://polarclouds.co.uk
<p>The Golden Snapshot Rule:</p>
<h1 style="text-align:center">VM SNAPSHOTS ARE NOT BACKUPS!</h1>
<h3 id="what-are-vmware-vm-snapshots">What are VMware VM Snapshots?</h3>
<p>Normal VM operation involves the virtual machine (VM) reading and writing to it’s virtual disk (VMDK) file:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Normal" src="/images/vm-snapshot-discovery-and-attribution/Normal.jpg" /></p>
<p>Upon the creation of a snapshot, the VM’s virtual disk (VMDK) file is marked as read only. All changes are written to a snapshot log file, also known as a ‘delta’ file:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Snapshot" src="/images/vm-snapshot-discovery-and-attribution/Snapshot.jpg" /></p>
<h3 id="so-what-is-the-problem-here">So What is the Problem Here?</h3>
<p>The problem is that these snapshot delta files left unchecked can grow and grow and grow, consuming more and more storage space.</p>
<h3 id="surely-vmware-have-some-guidelines-around-vm-snapshots">Surely VMware Have Some Guidelines Around VM Snapshots?</h3>
<p>They do, and they are here: <a href="http://kb.vmware.com/kb/1025279">http://kb.vmware.com/kb/1025279</a></p>
<p>Lets pick up on some salient points here as it’s worth repeating this as often as possible:</p>
<ul>
<li>Snapshots are not backups (Sound familiar?)</li>
<li>A snapshot file is only a change log of the original virtual disk</li>
<li>Snapshots are not complete copies of the original vmdk disk files</li>
<li>Use no single snapshot for more than 24-72 hours</li>
<li>Regularly monitor systems configured for backups to ensure that no snapshots remain active for extensive periods of time</li>
<li>An excessive number of delta files in a chain (caused by an excessive number of snapshots) or large delta files may cause decreased virtual machine and host performance</li>
<li>If hosts and/or vCenter Server are prior to vSphere 5.0 confirm that there are no snapshots present (via command line) before a Storage vMotion</li>
<li>Confirm that there are no snapshots present (via command line) before increasing the size of any virtual machine virtual disk or virtual RDM. If snapshots are present, delete them prior to increasing the size of the disk. Increasing the size of a disk with snapshots present can lead to corruption of snapshots and a potential data loss</li>
</ul>
<h3 id="got-it-so-how-do-i-quickly-and-simply-test-for-vm-snapshots">Got it. So How do I quickly and Simply Test for VM Snapshots?</h3>
<p>Simple. This is where Chris’ VM Snapshot Discovery and Attribution Tool comes in.
Here is a screenshot of the tool in action:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="SnapTool" src="/images/vm-snapshot-discovery-and-attribution/SnapTool.jpg" /></p>
<p>So what do we have here?</p>
<p>Well, you can quite easily see that both the VM’s SPONGEBOB and GARY have active snapshots. You can also see the details around these snapshots; their names, their descriptions and their sizes in GB.</p>
<p>What is super cool is we can also see who created them. In the screenshot the snapshot creator is CHLABS\Chris (me!). OK, cool, but <strong>think about it for a moment.</strong> If this was a production situation, it’s more than possible that you will have multiple vSphere administrators. Any one of these administrators can create snapshots.</p>
<p>Say for example I found that CHLABS\Fred.Bloggs was working on a some VMs, created several snapshots and had completed his changes. Perhaps Fred did not know or understand The Golden Snapshot Rule.</p>
<p>With this newly discovered information now in hand, we can contact Fred, find out if he still needs those snapshots and perhaps educate him to the Golden Snapshot Rule.</p>
<p>Perhaps Fred forgot about the snapshots…….</p>
<h4 id="ah-the-forgotten-snapshot">Ah, the Forgotten Snapshot!</h4>
<p>Don’t joke…. it happens.
Where can I get a Copy of Chris’ VM Snapshot Discovery and Attribution Tool?</p>
<p>Simple. Grab your copy here: <a href="https://github.com/chall32/GetSnapshot">https://github.com/chall32/GetSnapshot</a></p>
<h3 id="so-i-have-vms-with-snapshots-what-to-do">So I Have VMs With Snapshots. What To Do?</h3>
<p>Here are your options:</p>
<div>
<style scoped="">
table{
width: 70%;
border-collapse: collapse;
border-spacing: 0;
border:1px solid #000000; }
th{
text-align: center;
border:1px solid #000000; }
td{
text-align: left;
border:1px solid #000000;}
tr:nth-child(even) {
background-color: #efefef;}
</style>
</div>
<table>
<thead>
<tr>
<th>Snapshot Operation</th>
<th>Effect</th>
</tr>
</thead>
<tbody>
<tr>
<td>Take</td>
<td>The current state of the virtual machine and its guest operating system is captured.</td>
</tr>
<tr>
<td>Revert</td>
<td>The state of the virtual machine and its guest operating system reverts back to what it was when a snapshot was taken. If there are multiple snapshots, the snapshot taken immediately prior to the current state is used. <strong>Warning: All current data is permanently lost</strong>.</td>
</tr>
<tr>
<td>Delete</td>
<td>The state of the virtual machine is changed to the current state (that is, changes made after taking the snapshot are saved to the base disk). In earlier versions of some products the menu option is named <strong>Remove</strong>.</td>
</tr>
<tr>
<td>Delete (Snapshot Manager)</td>
<td>The state of the virtual machine is changed to the current state (that is, changes made after taking the snapshot are saved to the base disk). The snapshot chosen to be deleted is available for selection in a graphical display that shows all existing snapshots. This is available only in products that support multiple snapshots.</td>
</tr>
<tr>
<td>Go To (Snapshot Manager)</td>
<td>The state of the virtual machine and its current guest operating system switches to the state of that of an arbitrarily chosen snapshot. The snapshot chosen to switch to is available for selection in a graphical display that shows all existing snapshots. This is available only in products that support multiple snapshots.</td>
</tr>
</tbody>
</table>
<p>May I recommend the Delete option?
Sure it doesn’t feel right to click “Delete” to carry on as normal with the VM, but it is the correct option!</p>
<h3 id="what-can-i-do-longer-term-to-prevent-forgotten-snapshots">What Can I Do Longer Term to Prevent Forgotten Snapshots?</h3>
<p>Have a look at <a href="http://kb.vmware.com/kb/1018029">http://kb.vmware.com/kb/1018029</a>
This VMware KB article shows you how to configure VMware vCenter Server to send alerts when virtual machines are running from snapshots.
Conclusion & Troubleshooting</p>
<p>You now know all about VM snapshots, how to test for them, how to find out who created them, and how to delete them.</p>
<p>If you need to troubleshoot any issues with VM snapshots, have a look at the bottom of <a href="http://kb.vmware.com/kb/1025279">http://kb.vmware.com/kb/1025279</a>. There are plenty of resources to look at.</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/vm-snapshot-discovery-and-attribution/">VM Snapshot Discovery and Attribution</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on August 01, 2013.</p>
https://polarclouds.co.uk/ucs-blade-discovery-failed2013-07-03T17:43:00+01:002013-07-03T17:43:00+01:00Chris Hallhttps://polarclouds.co.uk
<p><img style="float: right; margin: 0px 0px 10px 10px;" alt="Lost n Found" src="/images/ucs-blade-discovery-failed/L-F.jpg" /><br />
A simple job then; lift and shift some Cisco UCS blades from a legacy site to into the Datacentre to help with capacity for consolidation in the Datacentre.</p>
<p>Unfortunately a simple job turned into a bit of a nightmare with the destination UCS deciding not to play nicely with the recycled blades.
Don’t get me wrong here folks, Cisco Unified Computing System is a cool piece of kit that is challenging the way we look at hardware nowadays. It is however not without it’s <a href="http://www.thefreedictionary.com/foibles">foibles</a> of which this is just one.</p>
<p>Thanks go to <a href="https://twitter.com/brettchannon">@brettchannon</a> and the guys at <a href="https://twitter.com/VCE">@VCE</a> for helping with the solution to this issue.</p>
<section id="table-of-contents" class="toc">
<header>
<h3><i class="fa fa-book"></i> Overview</h3>
</header>
<div id="drawer">
<ul id="markdown-toc">
<li><a href="#symtoms" id="markdown-toc-symtoms">Symtoms</a></li>
<li><a href="#cause" id="markdown-toc-cause">Cause</a></li>
<li><a href="#resolution" id="markdown-toc-resolution">Resolution</a></li>
<li><a href="#more-information" id="markdown-toc-more-information">More Information</a></li>
</ul>
</div>
</section>
<!-- /#table-of-contents -->
<h3 id="symtoms">Symtoms</h3>
<p>When you install a Cisco UCS blade that is has 1.x firmware installed into a chassis that is running a 2.x firmware, the following error can be seen:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="error" src="/images/ucs-blade-discovery-failed/Fault2.jpg" /></p>
<p>Code: F1000034
Cause: fsm-failed
Description: [FSM:FAILED] Blade Discovery (FSM:sam:dme:ComputeBladeDiscover)</p>
<p>A re-acknowledge, power cycle, reseat will not allow the blade to be properly discovered. Any firmware upgrades (other than a CIMC firmware upgrade) will remain in a “Scheduled” status.</p>
<h3 id="cause">Cause</h3>
<p>USB Legacy mode is set to disabled within the BIOS settings.</p>
<h3 id="resolution">Resolution</h3>
<p>Complete the following resolution on each blade affected:</p>
<ol>
<li>
<p>Open the KVM console of the affected blade (Equipment Tab > Chassis > Chassis containing affected blade > Servers > Affected Server > KVM Console):
<img style="display: block; margin-left: auto; margin-right: auto;" alt="reset" src="/images/ucs-blade-discovery-failed/Reset.JPG" /></p>
</li>
<li>
<p>Hit Reset and OK the following warning:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="reset OK 1" src="/images/ucs-blade-discovery-failed/ResetOK1.JPG" /></p>
</li>
<li>
<p>Choose Power Cycle and OK the following dialogue:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="reset OK 2" src="/images/ucs-blade-discovery-failed/resetOK2.JPG" /></p>
</li>
<li>
<p>Hit F2 when prompted to enter the blade’s BIOS setup:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="F2" src="/images/ucs-blade-discovery-failed/F2.JPG" /></p>
</li>
<li>
<p>Once in the BIOS setup hit right arrow key to get to Advanced and down arrow to USB Configuration:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="M200 bios" src="/images/ucs-blade-discovery-failed/m200bios2.JPG" /></p>
</li>
<li>
<p>Hit return to open USB configuration and hit down arrow and return to open Legacy USB Support option:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="USB Disabled" src="/images/ucs-blade-discovery-failed/USBDisabled.JPG" /></p>
</li>
<li>
<p>Set Legacy USB Support to Enabled:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="Enable USB" src="/images/ucs-blade-discovery-failed/EnableUSB.JPG" /></p>
</li>
<li>
<p>Hit Esc and right arrow to select Exit tab and hit return to Save Changes and Exit:
<img style="display: block; margin-left: auto; margin-right: auto;" alt="M200bios 4" src="/images/ucs-blade-discovery-failed/m200bios4.JPG" /></p>
</li>
<li>
<p>Close the KVM console and allow UCS to rediscover server. If you cannot wait, select Recover Server > Re-acknowledge > OK to force the UCS to rediscover the blade.</p>
</li>
</ol>
<h3 id="more-information">More Information</h3>
<p>I would love to know more about this error and how the USB mode setting within a blade can cause UCS to give up on a that blade altogether.</p>
<p>Seems like a crazy simple fix to what - on the face of it - seems a pretty catastrophic error message. All in all we had this issue on 12+ blades and the USB legacy mode fix work on all of them.</p>
<p>Godda love UCS…..!</p>
<p>-Chris</p>
<p><a href="https://polarclouds.co.uk/ucs-blade-discovery-failed/">UCS Blade Discovery Failed</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on July 03, 2013.</p>
https://polarclouds.co.uk/vmware-component-integration2013-06-17T15:06:00+01:002013-06-17T15:06:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-v7Zl9TLSYUw/Ub7gK4m0eWI/AAAAAAAABc4/kTPrHkPTq44/s1600/Cloud.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="200" src="http://1.bp.blogspot.com/-v7Zl9TLSYUw/Ub7gK4m0eWI/AAAAAAAABc4/kTPrHkPTq44/s200/Cloud.jpg" width="200" /></a></div>You may have noticed VMware have been busy growing their portfolio of products.<br /><br />Previously it was simple to understand VMware's software components; you effectively had just the two products to understand:<br /><br /><b><a href="https://www.vmware.com/products/vsphere-hypervisor/overview.html" target="_blank">ESX</a></b> (replaced by ESXi in later versions) - VMware's <a href="https://en.wikipedia.org/wiki/Hypervisor" target="_blank">Hypervisor</a> - software that hosts and runs your <a href="https://en.wikipedia.org/wiki/Virtual_machines" target="_blank">virtual machines</a><br /><br /><b><a href="https://www.vmware.com/products/vcenter-server/overview.html" target="_blank">VirtualCenter</a></b> (renamed vCenter in later versions) - a management application that allows you to manage all of your ESX/ESXi host servers as a single entity, be that as a collection of stand alone host servers or a fault tolerant cluster of ESX/ESXi hosts.<br /><br />Collectively ESXi and vCenter became known as <a href="https://www.vmware.com/products/datacenter-virtualization/vsphere/overview.html"><b>vSphere</b></a>.<br /><br />Fast forward to 2013, and here you have it, VMware software components offerings today. Also shown is how these components operate together:<br /><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody><tr><td style="text-align: center;"><a href="http://2.bp.blogspot.com/-SDv_dCzX-jI/Ub7h370D2ZI/AAAAAAAABdM/nJCzYiI4QLo/s1600/img001.jpg" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" height="464" src="http://2.bp.blogspot.com/-SDv_dCzX-jI/Ub7h370D2ZI/AAAAAAAABdM/nJCzYiI4QLo/s640/img001.jpg" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">VMware Component Integration and Interoperability Today (Click image for larger copy)</td></tr></tbody></table>So what are all these products and what do they do? Follows is simple one liner list detailing at a very high level what each VMware component brings to the table. Click the application names to find out more.<br /><br />.....oh and I promise to to use the fluffy word (cloud) as little as possible....<br /><br /><b><a href="https://www.vmware.com/products/datacenter-virtualization/vsphere/overview.html" target="_blank">vSphere</a></b> - As discussed, your ESXi and vCenter instances.<br /><br /><a href="https://www.vmware.com/products/datacenter-virtualization/vcloud-network-security/overview.html" target="_blank"><b>vCNS Manager</b></a> - Used to manage your software defined networking and security solutions (including virtual firewall, VPN, load balancing and <a href="https://www.vmware.com/uk/solutions/datacenter/vxlan.html" target="_blank">VXLAN</a> implementations).<br /><br /><b><a href="https://www.vmware.com/products/vcloud-director/overview.html" target="_blank">vCloud Director</a></b> - Used to create multiple virtual datacenters using multiple separate vSphere instances.<br /><br /><b><a href="https://www.vmware.com/products/vcenter-orchestrator/overview.html" target="_blank">vCenter Orchestrator</a></b> - Used to automate workflows (including virtual infrastructure provisioning) either within or outside of your virtual environment.<br /><br /><a href="https://www.vmware.com/uk/products/datacenter-virtualization/vcenter-operations-management/overview.html" target="_blank"><b>vCenter Operations Manager</b></a> - Used to proactively manage, monitor and drive efficiency into your vSphere and / or vCloud infrastructure.<br /><br /><a href="https://www.vmware.com/products/configuration-manager/index.html" target="_blank"><b>vCenter Configuration Manager</b></a> - Used to ensure configuration and compliance management of both your virtual and physical infrastructure.<br /><br /><a href="https://www.vmware.com/products/datacenter-virtualization/vcenter-infrastructure-navigator" style="font-weight: bold;" target="_blank">vCenter Infrastructure Navigator</a> - Used to discover application services, visualize relationships and map dependencies of applications on your virtual infrastructure<br /><br /><b><a href="https://www.vmware.com/uk/products/it-business-management/vcenter-chargeback/overview.html" target="_blank">vCenter Chargeback Manager</a></b> - Used to track and provide costings of virtual solutions hosted on shared physical infrastructure.<br /><br /><b><a href="https://www.vmware.com/products/application-platform/vfabric-rabbitmq.html" target="_blank">AMQP (Rabbit MQ)</a></b> - Used to provide message queueing and handling allowing your virtual infrastructure to interface with a wide range of other software products.<br /><br /><b><a href="https://www.vmware.com/uk/products/application-platform/vfabric-application-director/overview.html" target="_blank">vFabric Application Director</a> </b>- Used to deploy applications in a repeatable, supportable and standards compliant manner within your virtual infrastructure.<br /><br /><a href="https://www.vmware.com/products/datacenter-virtualization/vcloud-automation-center/overview.html" target="_blank"><b>vCloud Automation Center</b></a> - Used to rapidly deploy services (potentially consisting of several individual applications). Also provides client self service portal to allow clients to deploy services on their own.<br /><br /><a href="https://www.vmware.com/products/datacenter-virtualization/vcloudconnector/" target="_blank"><b>vCloud Connector</b></a> - Used to connect your vCloud Director managed virtual datacenters together for datacenter extension, content sync, unified management and / or datacenter migration.<br /><br /><b><a href="https://www.vmware.com/products/site-recovery-manager/" target="_blank">Site Recovery Manager</a></b> - Used for automated disaster recovery of your virtual infrastructure.<br /><br /><b>ISV Backup Application</b> - Independent Software Vendor backup application, typically leveraging <a href="https://www.vmware.com/uk/solutions/datacenter/business-continuity/data-protection.html" target="_blank">vSphere Data Protection (VDP)</a><br /><br />So there you have it, and now you know what each application is and what it can be used for in your virtual datacenter, private and/or public clouds. Just think about it for a moment:<br /><br /><div style="text-align: center;"><span style="color: red; font-size: large;"><b>Your VMware admin just became your most valuable asset.</b> </span></div><br />Why? Here's why. With the above, your VMware administrator can:<br /><br /><ol><li>Deploy configure and create fully resilient hardware using <a href="http://chall32.blogspot.co.uk/2013/02/cisco-ucs-what-the.html">Cisco UCS</a> </li><li>Create your new virtual infrastructure using vSphere</li><li>Connect your virtual infrastructure using <a href="http://chall32.blogspot.co.uk/2012/11/adding-vlans-to-cisco-nexus-1000v.html">Cisco Nexus 1000v</a> switching</li><li>Create your new virtual datacenter using vCloud Director</li><li>Firewall and gateway your virtual infrastructure and datacenter using VCNS Manager</li><li>Create separate client use and management access VPNs using VCNS Manager</li><li>Rapidly deploy industry supportable applications and virtual machines into your virtual infrastructure and datacenter using vFabric Application Director and verify the deployment using vCenter Configuration Manager</li><li>Rapidly deploy industry supportable services (consisting of multiple applications based on multiple virtual machines) into your virtual infrastructure and datacenter using vCloud Automation Center and verify the deployment using vCenter Configuration Manager</li><li>Orchestrate repeatable maintenance / deployment / day to day operations using vCenter Orchestrator</li><li>Monitor, proactively manage and drive efficiency in your virtual infrastructure and datacenter using vCenter Operations Manager</li><li>Map dependencies between and mitigate 'pinch points' in your virtual infrastructure and datacenter using vCenter Infrastructure Navigator</li><li>Configure vCloud Automation Center to allow your trusted clients to create their own infrastructure</li><li>Connect, deploy and migrate to other virtual infrastructure and datacenters using vCloud Connector</li><li>Provide automated billing information to your clients using vCenter Chargeback Manager</li><li>Ensure rapid Disaster Recovery planning and execution using Site Recovery Manager and vSphere Data Protection</li></ol><br />Plus if there is enough time, it's just possible your VMware administrator could sweep the datacenter floor too... if there is enough time.... ....virtually of course....<br /><br />- Chris<br /><br /><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/vmware-component-integration/">VMware Component Integration & Interoperability</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on June 17, 2013.</p>
https://polarclouds.co.uk/ldwin-link-discovery-for-windows2013-03-18T17:28:00+00:002013-03-18T17:28:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-874ILqBMGhE/UUdJMZGloKI/AAAAAAAABX8/W3oncnOI3-4/s1600/network.gif" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://lh3.ggpht.com/-874ILqBMGhE/UUdJMZGloKI/AAAAAAAABX8/W3oncnOI3-4/s1600/network.gif" /></a></div><h2><b> Brand New!!!</b></h2>So you regularly use and enjoy using my <a href="https://github.com/chall32/WinCDP#wincdp" target="_blank">WinCDP</a> program. You wish it could also discover link information for devices connected to devices that support Link Layer Discovery Protocol (LLDP) as well as Cisco Discovery Protocol (CDP)?<br /><br />Well dear reader, you are in luck! <br /><br />Hot off of the coding press is LDWin: Link Discovery for Windows:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://github.com/chall32/LDWin/blob/master/LDWin.png?raw=true" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://github.com/chall32/LDWin/blob/master/LDWin.png?raw=true" /></a></div><br />LDWin supports the following methods of link discovery:<br /><ul><li><a href="http://en.wikipedia.org/wiki/Cisco_Discovery_Protocol" target="_blank">CDP</a> - Cisco Discovery Protocol</li><li><a href="http://en.wikipedia.org/wiki/Link_Layer_Discovery_Protocol" target="_blank">LLDP</a>- Link Layer Discovery Protocol</li></ul>So what are you waiting for?<br /><br />Check out <a href="https://github.com/chall32/LDWin" target="_blank">LDWin's Github page</a> for further information and full <a href="https://github.com/chall32/LDWin#ldwin" target="_blank">ReadMe</a>.<br /><br />- Chris<br /><br /><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/ldwin-link-discovery-for-windows/">LDWin: Link Discovery for Windows</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on March 18, 2013.</p>
https://polarclouds.co.uk/cisco-ucs-what-the2013-02-22T12:50:00+00:002013-02-22T12:50:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-OYVUTcTAuWU/USdUtEvIJUI/AAAAAAAABUo/O0dYAiOoWxk/s1600/ucs.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="https://lh3.ggpht.com/-OYVUTcTAuWU/USdUtEvIJUI/AAAAAAAABUo/O0dYAiOoWxk/s1600/ucs.png" width="200" /></a></div>A quick non-too-technical post detailing the Cisco Unified Computing System (UCS) and how it works. No, I'm not affiliated with Cisco, I just work on UCS a lot! <br /><h3>What is a UCS?</h3>Ok, well that's simple. It's a blade server system comprising of the following components:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-hUcWpjUR1Sg/USdVeMRsUPI/AAAAAAAABUw/ViWXxJrntis/s1600/cisco-ucs-components-overview.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://lh3.ggpht.com/-hUcWpjUR1Sg/USdVeMRsUPI/AAAAAAAABUw/ViWXxJrntis/s1600/cisco-ucs-components-overview.gif" width="550" /></a></div><br />The power of the UCS is that it uses service profiles.<br /><h3>What is a Service Profile?</h3>OK,well that's simple enough too. A service profile tells the UCS that a particular blade has a particular configuration. Here is an example service profile:<br /><br /><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-Mzo-pgegJOs/USdXqx7b2dI/AAAAAAAABU4/h01_yIEuDKg/s1600/Service+Profile.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://lh3.ggpht.com/-Mzo-pgegJOs/USdXqx7b2dI/AAAAAAAABU4/h01_yIEuDKg/s1600/Service+Profile.JPG" /></a></div>As you can see, in my service profile above I have a server with two fibre cards (vHBAs) and two network cards (vNICs).<br /><br />The USP (Unique Selling Point) of the UCS is that these service profiles are <u><span style="color: red;"><span style="background-color: white;"><b>MOBILE</b></span></span></u><br />Yes, the service profiles can be moved from blade to blade.<br /><br />Think about it. MYSERVER1 uses UCS chassis 1, blade 1. UCS chassis 1, blade 1 suffers a hardware issue and dies a death.<br /><br />No problem. I can move and apply the service profile for MYSERVER1 to another physical blade (say UCS chassis 3, blade 2), boot it up and away we go, we are back in business - service resumed no screaming users. I can then get the faulty blade's hardware fixed in slow time.<br /><h3>How is This Possible?</h3>If you look again at my service profile screen shot above again, you will see that the NICs and HBA's are all prefixed with ' v '.<br /><br />This means that they are virtual.<br /><h3>Virtual Hardware (have you lost it Chris)?</h3>Not quite. Bear with me.<br /><br />Each UCS blade is fitted with a Virtual Interface card. One of these:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-BfXsKnVcDbA/USdcuxQObuI/AAAAAAAABVA/vT8ixPA6VjY/s1600/M81KR.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://lh3.ggpht.com/-BfXsKnVcDbA/USdcuxQObuI/AAAAAAAABVA/vT8ixPA6VjY/s1600/M81KR.jpg" width="320" /></a></div>The power of this card is that it can be configured through software to present physical hardware to the blade. In my case, two fibre cards (vHBAs) and two network cards (vNICs). Clever a?<br /><h3>Mobile Ports </h3>So looking deeper into the service profile for MYSERVER1, you will see that the Service Profile also includes the physical addressing of the vHBAs, their WWPNs (<a href="https://en.wikipedia.org/wiki/World_Wide_Port_Name" target="_blank">World Wide Port Names</a>) and vNICs, their MAC Addresses (<a href="https://en.wikipedia.org/wiki/MAC_address" target="_blank">Media Access Control Addresses</a>):<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-1ZDnYHpzozY/USdhaC--ddI/AAAAAAAABVI/tQ5wyZh7QIg/s1600/vHBAs.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://lh3.ggpht.com/-1ZDnYHpzozY/USdhaC--ddI/AAAAAAAABVI/tQ5wyZh7QIg/s1600/vHBAs.jpg" /></a></div><div class="separator" style="clear: both; text-align: center;"> <a href="http://1.bp.blogspot.com/-6ItbEdmqoi8/USdhaInYCNI/AAAAAAAABVM/bJfusFd64MM/s1600/vNICs.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://lh3.ggpht.com/-6ItbEdmqoi8/USdhaInYCNI/AAAAAAAABVM/bJfusFd64MM/s1600/vNICs.jpg" /></a></div><br />Also included in the Service Profile is MYSERVER1's UUID (<a href="https://en.wikipedia.org/wiki/UUID" target="_blank">Universally Unique Identifier</a>):<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-CKzSSEPN4eQ/USdhbau3nUI/AAAAAAAABVY/-wBNVKdq2Ks/s1600/UUID.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://lh3.ggpht.com/-CKzSSEPN4eQ/USdhbau3nUI/AAAAAAAABVY/-wBNVKdq2Ks/s1600/UUID.jpg" /></a></div><br /><h3>Tying it All Together</h3>So to recap, the WWPNs, MACs and UUID of MYSERVER1 are all held in a software (aka service) profile that is used to configure the hardware.<br /><br />So assuming all my blades have the correct amounts of CPU and memory, I can then apply that service profile to any physical blade I like.<br /><br />Nice!<br /><br />From the comfort of my armchair in Cassa-Del-Chris, I have fixed a hardware issue and I have saved the day.<br /><h3>Boot Note</h3>What about the local disks installed in MYSERVER1? Looking at this picture of a Cisco UCS blade it has local disks installed:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-Ze8Ei0-5d-M/USdlYi2CQSI/AAAAAAAABVg/R0s_4kpMz74/s1600/cisco_ucs_b200m3_blade_server_standard_large.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="160" src="https://lh3.ggpht.com/-Ze8Ei0-5d-M/USdlYi2CQSI/AAAAAAAABVg/R0s_4kpMz74/s1600/cisco_ucs_b200m3_blade_server_standard_large.jpg" width="320" /></a></div>Yes, it does.<br /><br />If you move your service profile to another blade, don't you have to also physically move the local disks too?<br /><br />Yes you do. And that means a trip to the datacentre just to move two disks, and an extended outage as far as the users are concerned. NOT GOOD!!!<br /><br />Back to MYSERVER1 and the simple answer is that I'm not using the local disks. I have no local disks installed in any of my blades.<br /><br />MYSERVER1 boots via it's vHBA cards direct from the SAN (<a href="https://en.wikipedia.org/wiki/Storage_area_network" target="_blank">Storage Area Network</a>). Therefore to recover service to the users, I don't need to visit the data centre to swap any physical hardware.<br /><br />No need to move from my armchair in Cassa-Del-Chris. Another Beer anyone?<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/cisco-ucs-what-the/">Cisco UCS: What The?</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 22, 2013.</p>
https://polarclouds.co.uk/adding-vlans-to-cisco-nexus-1000v2012-11-08T12:25:00+00:002012-11-08T12:25:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="ssmainhide"><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-KmPQr_l25Kk/UIEe1VuLYFI/AAAAAAAABRI/E-aWVnV5TdY/s1600/ciscovmware.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="https://lh3.ggpht.com/-KmPQr_l25Kk/UIEe1VuLYFI/AAAAAAAABRI/E-aWVnV5TdY/s400/ciscovmware.jpg" width="200" /></a></div></div>Having scoured the internet and drawing a blank when looking for a simple process to follow when adding a VLAN and subsequent VMware VM access port group and to a Cisco Nexus 1000v switch, I ended up stitching together the Cisco commands after reading lots and lots of Cisco Nexus configuration guides.<br /><br />The annoyance is that whilst you can monitor the configuration of your Nexus 1000v through VMware Virtual Center, you cannot configure it. All Nexus 1000v configuration must be done at the command line. <br /><br />In this post I present to you the configuration commands I use when adding an additional VLAN to a Nexus 1000v switch.<br /><h2>First off - What is a Cisco Nexus 1000v?</h2>Well if you have a spare 5 minutes and 17 seconds, have a watch of the following:<br /><br /><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="http://www.youtube.com/embed/vrZpYS6vEY4" width="420"></iframe></div><br />If not, put simply a Nexus 1000v replaces / augments a standard VMware distributed switch as shown below:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-sHy40rtY0pI/UIEySiyqdMI/AAAAAAAABRg/1jsjOoaoJ00/s1600/vem_install_n1000v-1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://lh3.ggpht.com/-sHy40rtY0pI/UIEySiyqdMI/AAAAAAAABRg/1jsjOoaoJ00/s1600/vem_install_n1000v-1.jpg" /></a></div><br />A single Nexus 1000v consists of a minimum of 2 modules:<br /><br />VEM = Virtual Ethernet Module - Installed on the ESXi host itself<br />VSM = Virtual Supervisor Module - The 1000v management VM<br /><h2>Setting up a Nexus 1000v</h2>Have a read of Kendrick Coleman's excellent guide here: <a href="http://kendrickcoleman.com/index.php/Tech-Blog/standing-up-the-cisco-nexus-1000v-in-less-than-10-minutes.html" target="_blank">Standing Up The Cisco Nexus 1000v In Less Than 10 Minutes</a><br /><br />Of course, if you were setting your Nexus 1000v from scratch, you would know which VLANs to add 'right off the bat', so would have no need to add additional VLANs.<br /><br />However as we all know change happens.<br /><h2>Adding VLANs to Cisco Nexus 1000v</h2>Yes, I'm not a network administrator, however these commands work for me. They should work for you too.<br /><h3>Create a VLAN and name it correctly:</h3>First step is to create a VLAN and give it a name. I like to name my VLANs in line with their VMware port group name. Here I'm creating VLAN 456 and calling it "VM_Prod_VL456":<br /><br /><span style="font-family: "Courier New",Courier,monospace;"> conf t</span><br /><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: "Courier New",Courier,monospace;"> </span>vlan 456</span><br /><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: "Courier New",Courier,monospace;"> </span>name VM_Prod_VL456</span><br /><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: "Courier New",Courier,monospace;"> </span>end</span><br /><h3>Create a VMware Access Port Group and give it a friendly name</h3>Next step is to create the VMware port group as it would appear in Virtual Center Networking. Here I'm calling my VMware port group "VM_Prod_VL456" and hooking it to my VLAN 456. I'm also going to give my "VM_Prod_VL456" port group 512 access ports to plug my VMs into:<br /><br /><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: "Courier New",Courier,monospace;"> </span>conf t</span><br /><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: "Courier New",Courier,monospace;"> </span>port-profile type vethernet VM_Prod_VL456</span><br /><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: "Courier New",Courier,monospace;"> </span>vmware port-group</span><br /><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: "Courier New",Courier,monospace;"> </span>switchport mode access</span><br /><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: "Courier New",Courier,monospace;"> </span>switchport access vlan 456</span><br /><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: "Courier New",Courier,monospace;"> </span>vmware max-ports 512</span><br /><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: "Courier New",Courier,monospace;"> </span>no shutdown</span><br /><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: "Courier New",Courier,monospace;"> </span>state enabled</span><br /><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: "Courier New",Courier,monospace;"> </span>end</span><br /><h3>Add VLAN to the trunk port group<b> </b></h3>Final step is to allow the newly crated VLAN 456 access to the rest of the network via the ESXi physical network cards. Sometimes referred to as the Nexus 1000v trunk ports. In my example, these ports are called "SYSTEM-UPLINK". I'm also going to save my configuration via "copy run start":<br /><br /><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: "Courier New",Courier,monospace;"> </span>conf t</span><br /><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: "Courier New",Courier,monospace;"> </span>port-profile SYSTEM-UPLINK</span><br /><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: "Courier New",Courier,monospace;"> </span>switchport trunk allowed vlan add 456</span><br /><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: "Courier New",Courier,monospace;"> </span>end</span><br /><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: "Courier New",Courier,monospace;"> </span>copy run start</span><br /><br />Job done. Time to start creating some VM's and hooking them into my newly created "VM_Prod_VL456" port group.<br /><br />- Chris <div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/adding-vlans-to-cisco-nexus-1000v/">Adding VLANs to Cisco Nexus 1000v</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on November 08, 2012.</p>
https://polarclouds.co.uk/bsod-debugging-part-2-debugging2012-10-23T17:18:00+01:002012-10-23T17:18:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="ssmainhide"><a href="http://3.bp.blogspot.com/-jnFU2TCRsJ0/UH10HffLkaI/AAAAAAAABQo/f-d9QSGyNFg/s1600/BSOD.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://lh3.ggpht.com/-jnFU2TCRsJ0/UH10HffLkaI/AAAAAAAABQo/f-d9QSGyNFg/s1600/BSOD.jpg" /></a></div>Check out <a href="http://chall32.blogspot.com/2012/10/bsod-debugging-part-1-setup.html" target="_blank">BSOD Debugging: Part 1</a> if you missed it. OK, so you have your Windows debugging environment set up and you have a dump file to analyse. Lets get on with it!<br /><span style="color: #3d85c6;"><br /></span><span style="color: #3d85c6;"><i><b>Here I will show you how I use the debugger to get to the bottom of a BSOD issue I was having. Your BSOD issue(s) will be completely different, however the basics of using the Windows debugger and investigating the Windows debugger output will be the same.</b></i></span><br /><h2>Using Windows Debugging tools to find a BSOD root cause </h2>Start up WinDbg, and choose File - Open Crash Dump...<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-hAMTUKEbq1M/UIZ48b9qR4I/AAAAAAAABSA/dCJtvYCw4_w/s1600/OpenDump.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://lh3.ggpht.com/-hAMTUKEbq1M/UIZ48b9qR4I/AAAAAAAABSA/dCJtvYCw4_w/s1600/OpenDump.jpg" width="161" /></a></div><br />Open your MEMORY.DMP file.<br />Wait whilst the the debugger to does it's thing:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-tJGKtLaOKu0/UIZ7WyMgqwI/AAAAAAAABSY/o56M5pkkOeY/s1600/Dump1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="https://lh3.ggpht.com/-tJGKtLaOKu0/UIZ7WyMgqwI/AAAAAAAABSY/o56M5pkkOeY/s1600/Dump1.JPG" width="393" /></a></div><br />If you have set up your debugging environment as described in part 1, you will be using the Microsoft symbols server. This is confirmed by the debugger when a debug is under way, as highlighted in the screenshot above.<br /><br /><span style="font-family: "Courier New",Courier,monospace;">Symbol search path is: SRV*c:\Symbols*http://msdl.microsoft.com/download/symbols</span><br /><br />OK so what can we see then?<br /><br />Firstly the details of the BSOD, or BugCheck as the debugger calls it:<br /><br /><div style="text-align: center;"><span style="font-family: "Courier New",Courier,monospace;"> BugCheck 9F, {3, 84abc530, 82b65ae0, 86116de0}</span></div><br />OK, a STOP 9F... What is that?<br /><br />Looking at <a href="http://pcsupport.about.com/od/findbyerrormessage/tp/stop_error_list.htm" target="_blank">this handy list of BSOD codes (pcsupport.about.com)</a> a STOP 9F is described as follows: <br /><br /><div class="separator" style="clear: both; text-align: center;"></div><blockquote class="tr_bq"><b>STOP Error 0x0000009F: DRIVER_POWER_STATE_FAILURE</b><br />STOP error 0x9F means that the driver is in an inconsistent or invalid power state. STOP code 0x0000009F may also display "DRIVER_POWER_STATE_FAILURE" on the same STOP message.</blockquote><br />So some sort of driver issue when the system is changing power state.<br /><br />Next the debugger is suggesting that the BSOD was probably caused by ntkrpamp:<br /><br /><div style="text-align: center;"><span style="font-family: "Courier New",Courier,monospace;">Probably caused by : ntkrpamp</span></div><br />OK, whats a ntkrpamp? Searching for ntkrpamp at <a href="http://www.processlibrary.com/" target="_blank">processlibrary.com</a> shows the following:<br /><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-wUbQWjAP7QE/UIaADJTCyPI/AAAAAAAABS4/F9V24fKpvSc/s1600/ntkrpamp.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="238" src="https://lh3.ggpht.com/-wUbQWjAP7QE/UIaADJTCyPI/AAAAAAAABS4/F9V24fKpvSc/s1600/ntkrpamp.JPG" width="400" /></a></div><br />So ntkrpamp is the NT Kernel. That's not a driver! However it is the kernel's job to run drivers. We are going to need to do some further digging with the debugger.<br /><br />Luckily, the debugger makes it easy for us. Simply click the blue text <span style="color: blue;"><u><span style="font-family: "Courier New",Courier,monospace;">!analyze -v</span></u></span> in the debugger results window to perform some further analysis.<br />Here is the output:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-UM6U2ZSB_zc/UIaBSk7fD0I/AAAAAAAABTA/ZYkNshidL7w/s1600/Dump2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="https://lh3.ggpht.com/-UM6U2ZSB_zc/UIaBSk7fD0I/AAAAAAAABTA/ZYkNshidL7w/s1600/Dump2.JPG" width="315" /></a></div><br />Right, now we are getting there.<span style="font-family: "Courier New",Courier,monospace;"> </span><br /><br /><div style="text-align: center;"><span style="font-family: "Courier New",Courier,monospace;">FAULTING_MODULE: 93d04000 dne2000</span></div> and<br /><div style="text-align: center;"><span style="font-family: "Courier New",Courier,monospace;">DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT </span></div><div style="text-align: center;"><br /></div>WIN7_DRIVER_FAULT that ties in with the BSOD being caused by a driver power state failure. However, what is this FAULTING_MODULE dne2000 ?<br /><br />Lets click on the <span style="font-family: "Courier New",Courier,monospace;"><span style="color: blue;"><u>dne2000</u></span></span> link in the debugger window to find out:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-wqtzAJooqMg/UIaDmX51B1I/AAAAAAAABTI/lyfrjQ1VSNw/s1600/Dump3.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://lh3.ggpht.com/-wqtzAJooqMg/UIaDmX51B1I/AAAAAAAABTI/lyfrjQ1VSNw/s1600/Dump3.JPG" width="308" /></a></div><br />Oh look. dne2000.sys, a driver located in C:\Windows\system32\DRIVERS folder.<br /><br /><span style="font-size: small;"><b>Wa-hey! Root cause found<span style="font-size: small;"><span style="font-size: small;">:</span> The driver dne2000.sys is having issu<span style="font-size: small;">es<span style="font-size: small;">, causing the BSOD.<span style="font-size: small;"></span></span></span></span></b></span><br /><h2>Fixing the Root Cause</h2>So we know that there is an issue with the driver dne2000.sys that is causing the Windows BSOD. Lets get Google (other search engines are available) to take the strain from here on in.<br /><br />Something like <i><a href="http://www.google.co.uk/#hl=en&site=&source=hp&q=dne2000.sys+bsod&oq=dne2000&gs_l=hp.3.1.0l6j0i30l2j0i10i30j0i30.2521.3861.0.5806.7.7.0.0.0.0.142.749.1j6.7.0.les%3B..0.0...1c.1.gIXe0XynpXE&bav=on.2,or.r_gc.r_pw.&fp=fd0593dffb307e1&bpcl=35466521&biw=1680&bih=903" target="_blank">dne2000.sys bsod</a> </i>should do us nicely.<br /><br />The very first google search result points us to <a href="https://social.technet.microsoft.com/Forums/eu/itprovistasp/thread/7bef18ea-620c-40c5-b6be-b808a723bf15" target="_blank">this discussion thread on MS Technet Forums</a> Which in turn links us to <a href="https://www.citrix.com/lang/English/lp/lp_1680845.asp" target="_blank">this page discussing an available DNE update</a><br /><br />Following the advice and completing the installation of the DNEUpdate and after a bit of extensive testing, my STOP 9F BSOD's are a thing of the past. Job done! <br /><h2>Conclusion</h2>As I said at the top of the post, your BSOD may - probably will - be completely different to mine. However the basics of using the Windows debugger and investigating the Windows debugger output will be the same. The take away from this post is as follows:<br /><ol><li>How to use the Windows debugger to open a BSOD crash dump</li><li>How to find out more about the BSOD <a href="http://pcsupport.about.com/od/findbyerrormessage/tp/stop_error_list.htm" target="_blank">here</a></li><li>How to find out about Windows processes <a href="http://www.processlibrary.com/" target="_blank">here</a></li><li>How to use the Windows debugger !analyze -v function to find out more about the BSOD crash dump</li><li>How to use other links offered by the Windows debugger to find out more, such as file names etc</li><li>Finally, once you have an idea of BSOD the root cause, use a search engine to investigate further. Chances are you are not the first person to suffer with the issue!</li></ol>Happy debugging.<br /><br />- Chris <div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/bsod-debugging-part-2-debugging/">BSOD Debugging Part 2: Debugging</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on October 23, 2012.</p>
https://polarclouds.co.uk/bsod-debugging-part-1-setup2012-10-16T17:59:00+01:002012-10-16T17:59:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="ssmainhide"><a href="http://3.bp.blogspot.com/-jnFU2TCRsJ0/UH10HffLkaI/AAAAAAAABQo/f-d9QSGyNFg/s1600/BSOD.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://lh3.ggpht.com/-jnFU2TCRsJ0/UH10HffLkaI/AAAAAAAABQo/f-d9QSGyNFg/s1600/BSOD.jpg" /></a></div>By now I'm sure we are all familiar with the humble Windows 'Blue Screen Of Death' (BSOD), displayed when windows crashes. No? Strange as they do tend to pop up in the most unlikely places. Have a look at these examples (click for larger images):<br /><br /><table><tbody><tr><td style="text-align: center;"><a href="http://www.flickr.com/photos/clefty/4699762475/" imageanchor="1" style="margin-left: 0em; margin-right: 0em;"><img border="0" src="https://lh3.ggpht.com/-Tl1kT4OumRU/T6I_zSO_fSI/AAAAAAAABJg/wmb6swcF_W0/s1600/gatwick.jpg" /></a><br /><div><span style="font-size: x-small;">Pic: <a href="http://www.flickr.com/photos/clefty/4699762475/" target="_blank">Clefty</a></span></div></td><td style="text-align: center;"><a href="http://www.flickr.com/photos/stevenh/5834934686/" imageanchor="1" style="margin-left: 0em; margin-right: 0em;"><img border="0" src="https://lh3.ggpht.com/-PXn_5j7x8yw/T6JDgcG46bI/AAAAAAAABJ4/hNs-8Iw60yU/s1600/shopping.jpg" /></a><br /><div><span style="font-size: x-small;">Pic: <a href="http://www.flickr.com/photos/stevenh/5834934686/" target="_blank">Steve Hoang</a></span></div></td><td style="text-align: center;"><a href="http://www.flickr.com/photos/renaissancechambara/3586359959/" imageanchor="1" style="margin-left: 0em; margin-right: 0em;"><img border="0" src="https://lh3.ggpht.com/-3z7WAXeL5pI/T6JB58xBuMI/AAAAAAAABJw/1RoAVw6Z0eI/s1600/samsung.jpg" /></a><br /><div><span style="font-size: x-small;">Pic: <a href="http://www.flickr.com/photos/renaissancechambara/3586359959/" target="_blank">Ged Carroll</a></span></div></td></tr></tbody></table><br />Absolutely anywhere!!!<br /><br />So what can be done to get to the bottom of these BSOD's, how can Windows be fixed so as not to suffer another BSOD in the future? Simple. Use debugging tools for Windows. Here is how.<br /><h2>Capturing a Memory Dump File </h2>First off, you are going to need to capture a memory dump file from the BSOD. A complete memory dump records all the contents of system memory when the system stops unexpectedly. A complete memory dump may contain data from processes that were running when the memory dump was collected. Here is how to configure Windows to dump it's memory to disk:<br /><ul><li><b>Windows 2000/2003/XP</b>: Right-click the My Computer icon, click Properties and then click the Advanced tab. In the Startup and Recovery section, click the Settings... button.</li></ul><ul><li><b>Windows Vista/Windows 7/Windows 8</b>: Right-click the Computer icon, click Properties and then click the Advanced system settings link on the left pane. Click the Advanced tab and in the Startup and Recovery section, click the Settings... button.</li></ul>From the drop-down menu in the Write debugging information section, you can select one of the following options:<br /><ul><li><b>Small memory dump </b>– 64 KB in size, records the most important information about the problem</li></ul><ul><li><b>Kernel memory dump</b> – A complete record of system memory; creates files at the size of the operating memory</li></ul>Here is my setting: <br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-6_2Hpze-g_A/UH1ERdbwj6I/AAAAAAAABO8/z8XjJhqoZ8Y/s1600/debug0.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://lh3.ggpht.com/-6_2Hpze-g_A/UH1ERdbwj6I/AAAAAAAABO8/z8XjJhqoZ8Y/s1600/debug0.jpg" width="272" /></a></div><br />All you need to do now is wait for your system to crash again!<br /><br />OK, so you've created your MEMORY.DMP dump file. Now we need to examine it using the Microsoft Debugging Tools for Windows.<br /><h2>Installing Debugging Tools for Windows</h2>First off, you do not need to install the debugging tools on the system that is having the BSOD problem. Use another system if possible. The system will need to have around 200Mb free disk space and be able to access the internet.<br /><br />Microsoft, in their wisdom, have decided to bundle the debugging tools in with their Windows Software Development Kits (SDK). But have no fear, we don't have to download the whole SDK!<br /><br />But before we can get to the SDK, we first have to install MS .NET Framework 4.5. Grab the Web installer or Offline installer from <a href="http://msdn.microsoft.com/en-us/library/5a4x27ek.aspx" target="_blank">here (Microsoft)</a> <br /><br />Once you have .NET 4.5 installed, you can go ahead and grab the Windows 8 SDK installer from <a href="http://msdn.microsoft.com/en-us/windows/hardware/hh852363" target="_blank">here (Microsoft)</a> <br /><br />Launch the SDK installer, and choose "Install to this computer":<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-VijYJ8LiKU8/UH1kXLVs-2I/AAAAAAAABPQ/hqilApaJdeg/s1600/debug1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="235" src="https://lh3.ggpht.com/-VijYJ8LiKU8/UH1kXLVs-2I/AAAAAAAABPQ/hqilApaJdeg/s1600/debug1.jpg" width="320" /></a></div><br />Choose whether to join CEIP: <br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-8vN0Qgqd98s/UH1kseFYrjI/AAAAAAAABPY/_SFime7iNPI/s1600/debug2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="235" src="https://lh3.ggpht.com/-8vN0Qgqd98s/UH1kseFYrjI/AAAAAAAABPY/_SFime7iNPI/s1600/debug2.jpg" width="320" /></a></div><br />Accept the license agreement. Now select ONLY "Debugging Tools for Windows" and click Install:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-D_Rz0fCnops/UH1lX-Ah55I/AAAAAAAABPg/WKFNKE6TS7s/s1600/debug5.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="235" src="https://lh3.ggpht.com/-D_Rz0fCnops/UH1lX-Ah55I/AAAAAAAABPg/WKFNKE6TS7s/s1600/debug5.jpg" width="320" /></a></div><br />Once installation is complete, click Close to finish.<br /><h3>Using the Windows Debugging Tools</h3>Windows Debugging tools will buried away in your start menu under "Windows Kits":<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-__Bwy8iJY3U/UH1mk7A3jEI/AAAAAAAABPo/S5zEcyUOas8/s1600/WinKits.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://lh3.ggpht.com/-__Bwy8iJY3U/UH1mk7A3jEI/AAAAAAAABPo/S5zEcyUOas8/s1600/WinKits.jpg" /></a></div><br />Don't worry if you only have X86 version installed. This version will debug 64bit crash dumps without issue. The program you are looking to run is <b>WinDbg(x64)</b> or <b>WinDbg(x86)</b> <br /><br />Next you need to set the debugging symbol file path:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-uPPXU9XJ6N0/UH1qbUirLBI/AAAAAAAABP8/7Iy9WI666X4/s1600/debug8.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://lh3.ggpht.com/-uPPXU9XJ6N0/UH1qbUirLBI/AAAAAAAABP8/7Iy9WI666X4/s1600/debug8.jpg" width="159" /></a></div><br />Whats a debugging symbol? <a href="https://en.wikipedia.org/wiki/Debug_symbol" target="_blank">Here you go (Wikipedia)</a>. We need to set the debugger to use Microsoft's very own symbols server and cache them locally in C:\Symbols. This is entered as follows:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-7-Ic-ZdShDE/UH1rrinxCVI/AAAAAAAABQE/w2F13rZgPt0/s1600/debug9.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="120" src="https://lh3.ggpht.com/-7-Ic-ZdShDE/UH1rrinxCVI/AAAAAAAABQE/w2F13rZgPt0/s1600/debug9.jpg" width="320" /></a></div>The text entered is:<br /><br /><div style="text-align: center;"><span style="font-family: "Courier New",Courier,monospace;">SRV*c:\Symbols*http://msdl.microsoft.com/download/symbols</span></div><div style="text-align: center;"><br /></div>Click OK, then click File - Save Workspace to save. Open Windows explorer and create a new folder in the root of C:\ called Symbols:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-C7mbXfONwg0/UH1tllL_z8I/AAAAAAAABQM/ZsTqCv3gHvc/s1600/csymbols.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="178" src="https://lh3.ggpht.com/-C7mbXfONwg0/UH1tllL_z8I/AAAAAAAABQM/ZsTqCv3gHvc/s1600/csymbols.jpg" width="320" /></a></div><br />That is it for this part folks.<br /><br />You have your MEMORY.DMP dump file and you have setup your Windows debugging environment. Carry on to part 2: Debugging available <a href="http://chall32.blogspot.co.uk/2012/10/bsod-debugging-part-2-debugging.html">here</a><br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/bsod-debugging-part-1-setup/">BSOD Debugging Part 1: Setup</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on October 16, 2012.</p>
https://polarclouds.co.uk/clone-windows-2008r2-installed-roles2012-10-10T17:39:00+01:002012-10-10T17:39:00+01:00Chris Hallhttps://polarclouds.co.uk
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: right; margin-left: 1em; text-align: right;"><tbody><tr><td style="text-align: center;"><a href="http://1.bp.blogspot.com/-KqwdAHO0k3c/UHWkAiRHHTI/AAAAAAAABOY/gVtVeDyJk14/s1600/RollsFeatures.jpg" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" src="https://lh3.ggpht.com/-KqwdAHO0k3c/UHWkAiRHHTI/AAAAAAAABOY/gVtVeDyJk14/s1600/RollsFeatures.jpg" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Mmmm a Roll with a Ham Feature...</td></tr></tbody></table><br />Quite often I'm asked to build servers that need to have identical configurations in terms of the Windows roles and features installed.<br /><br /><br />Firstly, What are server roles, role services, and features? Have a <a href="http://technet.microsoft.com/en-us/library/cc754923.aspx" target="_blank">look at this article</a> to understand roles and features and the difference between a Windows role and a Windows feature.<br /><br /><br /><h2>Export and Import of Windows Roles and Features</h2>OK, so I've manually installed a selection of required roles and features on the first of my servers and that server is working perfectly. How can I export a list of roles and features installed on the working server so that I can build the second server?<br /><br /><b>Powershell to the rescue!</b><br />This is where the powershell <a href="http://technet.microsoft.com/library/cc731774.aspx" target="_blank">Server Manager Module</a> comes into it's own. It has three handy cmdlets, they are:<br /><ul><li>Add-WindowsFeature</li><li>Get-WindowsFeature</li><li>Remove-WindowsFeature</li></ul> Lets look at the Server Manager Module in action: <br /><br /><span style="font-family: "Courier New",Courier,monospace;">PS> Import-Module Servermanager</span><br /><span style="font-family: "Courier New",Courier,monospace;">PS> Get-Command -Module Servermanager</span><br /><div class="separator" style="clear: both; text-align: center;"></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-Z_SnDxHxWMU/UHWXlRS560I/AAAAAAAABNQ/RtbEvCs2tJM/s1600/get-command-windowsfeature.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="136" src="https://lh3.ggpht.com/-Z_SnDxHxWMU/UHWXlRS560I/AAAAAAAABNQ/RtbEvCs2tJM/s1600/get-command-windowsfeature.JPG" width="400" /></a></div><br />So if we list all installable modules:<br /><br /><span style="font-family: "Courier New",Courier,monospace;">PS> Get-WindowsFeature</span><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-JdUKXELnq50/UHWX7C1zWRI/AAAAAAAABNY/Sn_Jm4-gAMg/s1600/Get-WindowsFeature.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="283" src="https://lh3.ggpht.com/-JdUKXELnq50/UHWX7C1zWRI/AAAAAAAABNY/Sn_Jm4-gAMg/s1600/Get-WindowsFeature.jpg" width="400" /></a></div><br />Lots and lots! OK lets pair this down and see if we can list only those roles and feature installed. We use this command:<br /><span style="font-family: "Courier New",Courier,monospace;">PS> Get-WindowsFeature | ? { $_.Installed }</span><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-cofkkYM8SfY/UHWYncmaZ5I/AAAAAAAABNg/cQBVA2YK-0E/s1600/Get-WindowsFeatureInstalled.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="282" src="https://lh3.ggpht.com/-cofkkYM8SfY/UHWYncmaZ5I/AAAAAAAABNg/cQBVA2YK-0E/s1600/Get-WindowsFeatureInstalled.jpg" width="400" /></a></div><br />Nice. Now we know which roles and features are installed. Handy for documentation or comparison.<br /><br /><h2>HOW TO: Export Installed Roles and Features to File</h2>Firstly you need to export that nice list obtained above into something structured that can be used by the other server to install the required roles and features. For this we use the <a href="http://technet.microsoft.com/library/hh849916" target="_blank">Export-Clixml</a> cmdlet. This will allow us to export the list of installed roles and features into an xml file. Here is the command with the xml creation:<br /><br /><span style="font-family: "Courier New",Courier,monospace;">PS> Get-WindowsFeature | ? { $_.Installed -AND $_.SubFeatures.Count -eq 0 } | Export-Clixml .\RnF.xml</span><br /><br />The resulting xml file looks like this:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-EKpEJLW59M0/UHWckQuBDOI/AAAAAAAABN4/n9e-DkJBRmk/s1600/rnfxml.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://lh3.ggpht.com/-EKpEJLW59M0/UHWckQuBDOI/AAAAAAAABN4/n9e-DkJBRmk/s1600/rnfxml.jpg" width="400" /></a></div><br />OK, lets copy this xml file over to our target server ready for the import.<br /><br /><h2> HOW TO: Install Roles and Features from File</h2>Dead simple, using the <a href="http://technet.microsoft.com/en-US/library/hh849906" target="_blank">Import-Clixml</a> cmdlet:<br /><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: inherit;"> </span> </span><br /><span style="font-family: "Courier New",Courier,monospace;">PS> Import-Module Servermanager<br />PS> Import-Clixml .\RnF.xml | Add-WindowsFeature</span><br /><br />Quick check in Server Manager GUI:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-YHBhst2o3kU/UHWh8oQ5oSI/AAAAAAAABOQ/ziDsZWhE8AQ/s1600/AllDone.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="346" src="https://lh3.ggpht.com/-YHBhst2o3kU/UHWh8oQ5oSI/AAAAAAAABOQ/ziDsZWhE8AQ/s1600/AllDone.jpg" width="400" /></a></div><br />Looks Good. Job done!<br /><br /><br />So there you have it then. Two commands, one piece of xml, two servers running the exact same set of roles and features.<br /><br />- Chris <br /><br /><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/clone-windows-2008r2-installed-roles/">Clone Windows Installed Roles and Features</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on October 10, 2012.</p>
https://polarclouds.co.uk/new-release-cisco-discovery-for-windows2012-10-02T17:41:00+01:002012-10-02T17:41:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="ssmainhide"><a href="http://3.bp.blogspot.com/-vt3u1ouHY5s/UGsV1CydhPI/AAAAAAAABM0/hECcq01SAGI/s1600/networkconnectivity.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="150" src="http://3.bp.blogspot.com/-vt3u1ouHY5s/UGsV1CydhPI/AAAAAAAABM0/hECcq01SAGI/s400/networkconnectivity.jpg" width="150" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="https://sites.google.com/site/chall32/general/WinCDP.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://sites.google.com/site/chall32/general/WinCDP.png" /></a></div><div class="separator" style="clear: both; text-align: left;"><br /></div>Yes, that is correct dear reader, your favorite cable tracing tool just got a version bump.<br /><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">Whats new in this release? Here you go:</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><u>Release 1.3 - 02 Oct 2012</u></div><ul><li>Move GUI elements around to better handle longer switch names </li><li>Saving CDP data will now also append to an existing file</li></ul><br />The full change log is available <a href="https://github.com/chall32/WinCDP/blob/master/ChangeLog.txt" target="_blank">here on github</a><br /><br />Download the new v1.3 version <a href="https://github.com/chall32/WinCDP/blob/master/WinCDP.exe?raw=true">here from github</a><br /><br />New to CDP? Find out more <a href="https://github.com/chall32/WinCDP/blob/master/README.md" target="_blank">here</a><br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/new-release-cisco-discovery-for-windows/">New Release: Cisco Discovery for Windows v1.3</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on October 02, 2012.</p>
https://polarclouds.co.uk/vsphere-51-update-to-build-number2012-09-12T11:58:00+01:002012-09-12T11:58:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-ldm2N_tlUGU/T4VLCRaUAcI/AAAAAAAABG0/TZRr1F1gvwU/s1600/ESXi.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://lh3.ggpht.com/-ldm2N_tlUGU/T4VLCRaUAcI/AAAAAAAABG0/TZRr1F1gvwU/s1600/ESXi.gif" /></a></div>Once again, continuing series of VMware vSphere update to build number tracking.<br /><br />As always, it's a simple bit of info, often hard to find.<br /><br /><span style="font-size: large;">ESXi 5.1:</span> <br /><ul><li>ESXi 5.1 = Build 799733 - Released 10 September 2012</li></ul><br /><span style="font-size: large;">vCenter 5.1:</span><br /><ul><li>vCenter 5.1 = Build 799735 - Released 10 September 2012</li><li>vCenter 5.1b = Build 947939 - Release 20 December 2012</li></ul>For previous versions, see these posts:<br /><br />ESX / ESXi 3.5 : <a href="http://chall32.blogspot.co.uk/2009/07/vmware-esx-35-update-to-build-number.html" target="_blank">Here</a><br />ESX / ESXi 4.0 : <a href="http://chall32.blogspot.co.uk/2010/01/vmware-esx-4-update-to-build-number.html" target="_blank">Here</a><br />ESXi 4.1 : <a href="http://chall32.blogspot.co.uk/2010/07/vmware-esx-41-update-to-build-number.html" target="_blank">Here</a><br />vSphere 5.0 : <a href="http://chall32.blogspot.co.uk/2012/04/vsphere-50-update-to-build-number.html" target="_blank">Here</a><br /><br />If you need the vSphere Client see <a href="http://chall32.blogspot.co.uk/2011/10/vmware-vsphere-client-download-url.html" target="_blank">Here</a><br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/vsphere-51-update-to-build-number/">vSphere 5.1 Update to Build Number</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on September 12, 2012.</p>
https://polarclouds.co.uk/what-do-you-expect2012-06-18T23:38:00+01:002012-06-18T23:38:00+01:00Chris Hallhttps://polarclouds.co.uk
<iframe allowfullscreen="" frameborder="0" height="338" src="http://www.youtube.com/embed/cOM1n22XyHA?showinfo=0" width="600"></iframe> <br />Watch it. <a href="http://www.scouts.org.uk/expectmore/donate/index.html" target="_blank">Do more</a>. <a href="http://scouts.org.uk/cms.php?pageid=1806" target="_blank">Get involved</a>. <a href="http://chall32.blogspot.co.uk/2009/07/absl.html" target="_blank">I have</a>. <br /><br />- Chris <br /><div class="ssmainhide"><a href="http://4.bp.blogspot.com/-nVH6GWHaOPc/T9-pmjTMPXI/AAAAAAAABMQ/RlZ67y3CsBI/s1600/GetInvolved.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-nVH6GWHaOPc/T9-pmjTMPXI/AAAAAAAABMQ/RlZ67y3CsBI/s400/GetInvolved.png" height="150" width="150" /></a></div><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/what-do-you-expect/">What Do You Expect?</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on June 18, 2012.</p>
https://polarclouds.co.uk/what-blog-reader-v07-beta-32012-05-18T21:57:00+01:002012-05-18T21:57:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-zGnGITIpsmw/T7a1HWxQWEI/AAAAAAAABKs/v5szSY3yhh8/s1600/post.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="http://3.bp.blogspot.com/-zGnGITIpsmw/T7a1HWxQWEI/AAAAAAAABKs/v5szSY3yhh8/s200/post.jpg" width="200" /></a></div><br />Yep all 'pimped out' and looking good in its new Android Ice Cream Sandwich compliant style, checkout beta 3 of What The.....? Blog Reader for android. Fully backwards compatible for those not yet running Google's latest version Android operating system.<br /><br />For more detail, checkout WTB4A's very own page <a href="http://chall32.blogspot.co.uk/p/what-for-android.html">here</a> <br /><br />As usual, details as follows:<br /><br />Change log: <a href="https://github.com/chall32/whatthe/blob/master/ChangeLog" target="_blank">github</a><br /><br />Latest installer (whatthe.apk 34kb): <a href="https://github.com/chall32/whatthe/raw/master/bin/whatthe.apk" target="">github</a><br /><br />- Chris<br /><br /><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/what-blog-reader-v07-beta-3/">What The Blog Reader v0.7 (Beta 3)</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on May 18, 2012.</p>
https://polarclouds.co.uk/easy-bootable-antivirus-cdusb-updated2012-05-02T20:23:00+01:002012-05-02T20:23:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-COwnAuOb3z8/T5lFwhsJ_4I/AAAAAAAABII/bHIis4sFoVA/s1600/WDLogo.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="200" src="http://3.bp.blogspot.com/-COwnAuOb3z8/T5lFwhsJ_4I/AAAAAAAABII/bHIis4sFoVA/s200/WDLogo.jpg" width="200" /></a></div>Weighing in at fourth place most popular post on this site is <a href="http://chall32.blogspot.co.uk/2010/04/easy-bootable-antivirus-cdusb.html" target="_blank">Easy Bootable Antivirus CD/USB</a> written in April 2010, just over two years ago (yes, time does fly!) <br /><br /><b>Recap:</b> <br />With the prevalence of Viruses / Rootkits / Spyware and all sorts of other malware these days, quite often I get asked to take a look at machines that are suspected of infestation with one or more of the above "nasties".<br /><br />Quite often this comes about because the nasties have "grown resistant" to the antivirus tool being used - that is they do not clean as expected. Sometimes this can be because the nasty hooks itself deep into the operating system or it locks itself as in use and hence cannot be deleted. <br /><br />One way around this is to boot the computer from an alternative operating system located on a device such as a CD or USB pen drive. This will get around both issues, thus making the removal much easier.<br /><b>/Recap</b><br /><br />Many tools have come and gone over the last two years, however luckily for us an even easier CD/USB based anti-virus tool has been released. Surprisingly it's written by Microsoft.<br /><br /><span style="font-size: large;"><b>Windows Defender Offline</b></span><br />Follows is the process to create and use a Windows Defender Offline (WDO) CD/USB.<br /><br /><b>Prerequisites:</b><br /><ol><li>Find out if the infected (or suspected infected) machine is running a 32-bit or 64-bit version of Windows. See <a href="http://go.microsoft.com/fwlink/?LinkId=184763" target="_blank">Is my PC running the 32-bit or 64-bit version of Windows?</a></li><li>The infected (or suspected infected) machine must have a minimum of 512Mb memory</li><li>A blank CD, DVD, or USB flash drive(250Mb minimum) </li><li>500Mb free hard disk space to download to and create the CD/USB</li><li>Download the appropriate version of the WDO creation tool from <a href="http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline" target="_blank">here</a> (download links are at the bottom of the page)</li></ol>Prerequisites satisfied, lets get on an use the tool.<br /><br /><b>Process:</b> <br />Launch the downloaded executable (mssstool32.exe or mssstool64.exe). You will be presented withe the following welcome page:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-IdcV6q10jAQ/T6F2gRxNrwI/AAAAAAAABIU/0djHRd98I7E/s1600/1-Welcome.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="251" src="http://3.bp.blogspot.com/-IdcV6q10jAQ/T6F2gRxNrwI/AAAAAAAABIU/0djHRd98I7E/s400/1-Welcome.jpg" width="400" /></a></div> <br />Click Next<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-w09TJZXqCRY/T6F3WJEprtI/AAAAAAAABIc/L7V81UoqWrg/s1600/2-ChooseMedia.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://3.bp.blogspot.com/-w09TJZXqCRY/T6F3WJEprtI/AAAAAAAABIc/L7V81UoqWrg/s400/2-ChooseMedia.jpg" width="400" /></a></div><br />Choose the media to create, CD or USB or create an ISO image file. I chose to create an ISO file to burn to CD later. <br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-3qYYLzROzV0/T6F3_6SiTlI/AAAAAAAABIk/y_sKTc_9Mj8/s1600/3-Location.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://2.bp.blogspot.com/-3qYYLzROzV0/T6F3_6SiTlI/AAAAAAAABIk/y_sKTc_9Mj8/s400/3-Location.jpg" width="400" /></a></div><br />Choose the location of the ISO file <br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-_L7ARSlIHKM/T6F4AzFBmBI/AAAAAAAABIs/xH4r2Akh2Lw/s1600/4-Download.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://4.bp.blogspot.com/-_L7ARSlIHKM/T6F4AzFBmBI/AAAAAAAABIs/xH4r2Akh2Lw/s400/4-Download.jpg" width="400" /></a></div><br />The tool will now download the required files from the Microsoft website. Remember that at this point the WDO creation tool is downloading the latest version of the WDO boot media and the very latest anti-virus definition files for use with WDO. <br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-5K663rNYQko/T6F4BqbMPFI/AAAAAAAABI0/Kb-hsV2bNns/s1600/5-Done.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="http://1.bp.blogspot.com/-5K663rNYQko/T6F4BqbMPFI/AAAAAAAABI0/Kb-hsV2bNns/s400/5-Done.jpg" width="400" /></a></div><br />All done. Click finish.<br /><br />I burnt my ISO image onto a CD using the excellent free ISO burning tool <a href="http://www.imgburn.com/" target="_blank">ImgBurn</a> <br /><br />Upon booting the infected (or suspected infected) machine from the WDO CD/USB, you are presented with the following: <br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-CoS1xJqHe0w/T6F4CTKB2xI/AAAAAAAABI4/_ERdDyQ0qSY/s1600/6-Booting.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-CoS1xJqHe0w/T6F4CTKB2xI/AAAAAAAABI4/_ERdDyQ0qSY/s1600/6-Booting.jpg" /></a></div> <br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-LNXE6gAOVfo/T6F4CxH-fUI/AAAAAAAABJE/Nz5QvnB6fOY/s1600/7-QuickScan.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="281" src="http://3.bp.blogspot.com/-LNXE6gAOVfo/T6F4CxH-fUI/AAAAAAAABJE/Nz5QvnB6fOY/s400/7-QuickScan.jpg" width="400" /></a></div><br />The tool will boot into a quick scan. This will scan only areas of the computers hard disk that are known to potentially harbor nasties. <br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-u595cLRTfNI/T6F4Dj4I3GI/AAAAAAAABJI/xd3YECAjEnY/s1600/8-FullScan.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="207" src="http://1.bp.blogspot.com/-u595cLRTfNI/T6F4Dj4I3GI/AAAAAAAABJI/xd3YECAjEnY/s400/8-FullScan.jpg" width="400" /></a></div><br />I chose to cancel the quick scan and run a full scan instead.<br /><br />All being well you will / will not (depending whether you were expecting to) be notified with details of an infection and that WDO has cleaned the infection.... or infections plural!<br /><br />Shut down, eject the CD / remove the USB, and boot back up as normal. <br /><br /><b>Final word</b>:<br />As most nasties spread due to lack of security patching, upon first boot I would highly recommend a visit to <a href="http://update.microsoft.com/windowsupdate/v6/default.aspx" target="_blank">Windows Update</a> to install all missing security patches as soon as possible.<br /><br />Perhaps even look at running <a href="http://windows.microsoft.com/en-US/windows/products/security-essentials" target="_blank">Microsoft Security Essentials</a> anti-virus instead of whatever windows anti-virus application you were running. <br /><br /><b>Update:</b><br />If you find that your WDO CD/USB is not working as expected, have a look at this post over at Alex Verboon's blog: <a href="http://www.verboon.info/index.php/2012/03/how-to-add-drivers-to-the-windows-defender-offline-tool/" target="_blank">How to add drivers to the Windows Defender Offline Tool</a><br /><br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/easy-bootable-antivirus-cdusb-updated/">Easy Bootable Antivirus CD/USB: UPDATED</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on May 02, 2012.</p>
https://polarclouds.co.uk/fixing-remote-desktop-annoyances2012-04-25T11:31:00+01:002012-04-25T11:31:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-UXCUl0uQkA0/T5e29HrpTTI/AAAAAAAABHQ/qDBl12fNzkc/s1600/Header.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="200" src="http://4.bp.blogspot.com/-UXCUl0uQkA0/T5e29HrpTTI/AAAAAAAABHQ/qDBl12fNzkc/s200/Header.jpg" width="200" /></a></div>Please don't get me wrong, Microsoft Remote Desktop is a great tool for remote control / administration of Windows Servers and desktops.<br /><br />However in later versions of the remote desktop client, a couple of 'features' have crept into the tool making it increasingly both annoying to use and slow to connect to remote desktops.<br /><br />So, object of this post then is to look at the features that I find most annoying and perhaps more importantly, how to FIX THEM!<br /><br />Firstly, is the ultra annoying prompt for credentials before attempting to connect, each and every time I connect to a remote desktop:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-pJkn8CSaqK8/T5e530AVENI/AAAAAAAABHc/0AnJRH6vLC4/s1600/Credentials.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="202" src="http://4.bp.blogspot.com/-pJkn8CSaqK8/T5e530AVENI/AAAAAAAABHc/0AnJRH6vLC4/s320/Credentials.jpg" width="320" /></a></div><br />Having to enter the user name and password for the remote computer BEFORE the client will even try to connect is ultra annoying. Having to enter the same credentials each and every time I connect is a killer. 99.999% of the time I'm connecting to a computer on the local area network (or via VPN), so I'm not using a remote desktop gateway. Because I'm not using a gateway, we can switch this feature off.<br /><br />Here is how:<br /><ol><li>Close all remote desktop connections and exit the remote desktop client.</li><li>Click <b>Start</b>, click <b>Run</b>, type <b>notepad</b>, and then click <b>OK</b>.</li><li>On the File menu, click <b>Open</b>.</li><li>In the Files of type list, click <b>All Files</b>.</li><li>In the File name box enter <b>Default.rdp</b> (The full path to this file would be similar to the following: C:\Users\<your username>\Documents\Default.rdp) </li><li>A file similar to the following should open:</li><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-L9OxcB4fgJU/T5fA2yl5nYI/AAAAAAAABHo/meUwPBTrxHU/s1600/defaultrdp.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="242" src="http://4.bp.blogspot.com/-L9OxcB4fgJU/T5fA2yl5nYI/AAAAAAAABHo/meUwPBTrxHU/s320/defaultrdp.jpg" width="320" /></a></div><br /><li>At the bottom of the Default.rdp file, add the following text: <blockquote class="tr_bq">enablecredsspsupport:i:0</blockquote></li><li>Save the file, exit notepad and test remote desktop. You should no longer be prompted to enter credentials before connecting to remote desktops.</li></ol>Next up is the also annoying remote identity pop up:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-jtdxN2LD5oI/T5fDMPJ98vI/AAAAAAAABHw/91qhIM9l9Os/s1600/Identity.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="http://4.bp.blogspot.com/-jtdxN2LD5oI/T5fDMPJ98vI/AAAAAAAABHw/91qhIM9l9Os/s320/Identity.jpg" width="317" /></a></div><br />Not quite as annoying, but getting there... Here we go then:<br /><ol><li>Open your <b>Default.rdp</b> file again (as per steps 1-6 above)</li><li>Add the following to the bottom of Default.rdp: <blockquote class="tr_bq">authentication level:i:0</blockquote></li><li>Save the file, exit notepad and test remote desktop. You should no longer be prompted confirm that you do indeed intend to connect.</li></ol>As a freebie bonus, completing the above tweaks speed up the initial connection. That is you spend less time looking and waiting at:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-x-NmJnwRlJU/T5fG8kdtxuI/AAAAAAAABH8/kIx0r6cX5Zg/s1600/Securing.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="115" src="http://3.bp.blogspot.com/-x-NmJnwRlJU/T5fG8kdtxuI/AAAAAAAABH8/kIx0r6cX5Zg/s320/Securing.jpg" width="320" /></a></div><br />and more time getting on with your remote desktop session. Bonus!<br /><br />For further reading, have a look at Microsoft KB article: <i><a href="http://support.microsoft.com/kb/941641" target="_blank">http://support.microsoft.com/kb/941641</a>: Remote Desktop Connection 6.0 prompts you for credentials before you establish a remote desktop connection</i><br /><br />Job done. Remote desktop annoyances dealt with.<br /><br />- Chris<br /><br /><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/fixing-remote-desktop-annoyances/">Fixing Remote Desktop Annoyances</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 25, 2012.</p>
https://polarclouds.co.uk/vsphere-50-update-to-build-number2012-04-11T10:24:00+01:002012-04-11T10:24:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-ldm2N_tlUGU/T4VLCRaUAcI/AAAAAAAABG0/TZRr1F1gvwU/s1600/ESXi.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://lh3.ggpht.com/-ldm2N_tlUGU/T4VLCRaUAcI/AAAAAAAABG0/TZRr1F1gvwU/s1600/ESXi.gif" /></a></div>Once again, continuing series of VMware vSphere update to build number tracking.<br /><br />As always, it's a simple bit of info, often hard to find.<br /><br /><span style="font-size: large;">ESXi 5.0:</span> <br /><ul><li>ESXi 5.0 = Build 469512 - Released 24 August 2011</li><li>ESXi 5.0 Update 1 = Build 623860 - Released 15 March 2012</li><li>ESXi 5.0 Update 2 = Build 914586 - Released 20 December 2012 </li></ul><br /><span style="font-size: large;">vCenter 5.0:</span><br /><ul><li>vCenter 5.0 = Build 456005 - Released 24 August 2011</li><li>vCenter 5.0 Update 1 = Build 639890 - Released 15 March 2012</li><li>vCenter 5.0 Update 1b = Build 804276 - Released 16 August 2012</li><li>vCenter 5.0 Update 2 = Build 923238 - Released 20 December 2012</li></ul>For previous versions, see these posts:<br /><br />ESX / ESXi 3.5 : <a href="http://chall32.blogspot.co.uk/2009/07/vmware-esx-35-update-to-build-number.html" target="_blank">Here</a><br />ESX / ESXi 4.0 : <a href="http://chall32.blogspot.co.uk/2010/01/vmware-esx-4-update-to-build-number.html" target="_blank">Here</a><br />ESXi 4.1 : <a href="http://chall32.blogspot.co.uk/2010/07/vmware-esx-41-update-to-build-number.html" target="_blank">Here</a><br /><br />If you need the vSphere Client see <a href="http://chall32.blogspot.co.uk/2011/10/vmware-vsphere-client-download-url.html" target="_blank">Here</a><br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/vsphere-50-update-to-build-number/">vSphere 5.0 Update to Build Number</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 11, 2012.</p>
https://polarclouds.co.uk/cloud-what-is-it-free-cloud2012-03-12T20:33:00+00:002012-03-12T20:33:00+00:00Chris Hallhttps://polarclouds.co.uk
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody><tr><td style="text-align: center;"><a href="http://1.bp.blogspot.com/-XqsQ9Jzip5I/T0ABhbaAdOI/AAAAAAAABE8/bvrKazRPQmY/s1600/cloud.jpg" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" height="200" src="http://1.bp.blogspot.com/-XqsQ9Jzip5I/T0ABhbaAdOI/AAAAAAAABE8/bvrKazRPQmY/s200/cloud.jpg" width="200" /></a></td></tr></tbody></table>OK lets cut the jargon, the buzz words, the misconceptions, the downright rubbish. What is this 'cloud' all about? What exactly is cloud computing (to give it it's correct name) is and is available to me today - for free?<br /><br />First, what is cloud computing? Finding the answer to this question is easier than you would have at first thought. The US National Institute of Standards and Technology (NIST) defines cloud computing in their publication <i>SP 800-145 - A NIST Definition of Cloud Computing (Sept 2011)</i>, available <a href="http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf">here (PDF)</a><br /><br />So using the NIST cloud definition document as a basis - specifically the three cloud service models - lets look at cloud and where we can use it for free.<br /><br /><span style="font-size: large;"><b>Software as a Service (SaaS)</b></span><br /><blockquote class="tr_bq">The capability provided to the consumer is to use the provider’s<br />applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.</blockquote>This is perhaps the easiest area to find free services. Free examples include:<br /><ul><li>Email = Gmail / Hotmail / Yahoo mail</li><li>Blogging = Blogger / Wordpress.com / Twitter</li><li>Image Hosting = flikr / Picasa / Imgur</li><li>Social Networking = facebook / Myspace</li></ul><br /><span style="font-size: large;"><b>Platform as a Service (PaaS)</b></span><br /><blockquote class="tr_bq">The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.</blockquote>A little harder to find. Free examples include:<br /><ul><li>Application hosting = Google apps </li><li>Build your own application = Yahoo pipes </li><li>ISPs (Some ISPs allow you run your own apps on their platforms as part of your internet subscription)</li><li>Predetermined application hosting = host1free.com </li></ul><br /><span style="font-size: large;"><b>Infrastructure as a Service (IaaS)</b></span><br /><blockquote class="tr_bq">The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).</blockquote>Not easy to find - well for free at least! I couldn't find any free providers of IaaS, which kind of makes sense as I don't believe there are the alternative revenue streams available yet allow the provision of IaaS for free.<br /><br />So all in all a very quick look into the cloud. Minus the garbage and the jargon. Not all that hard to comprehend now is it?<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/cloud-what-is-it-free-cloud/">Cloud: What is it? Free Cloud?</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on March 12, 2012.</p>
https://polarclouds.co.uk/esxi-command-line-networking2012-02-17T17:26:00+00:002012-02-17T17:26:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-V5sSzthnnJo/Tz5sTBi8cLI/AAAAAAAABE0/lhons68mjFA/s1600/splash.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="148" src="http://4.bp.blogspot.com/-V5sSzthnnJo/Tz5sTBi8cLI/AAAAAAAABE0/lhons68mjFA/s200/splash.jpg" width="200" /></a></div>Ages and ages ago, I posted an article detailing <a href="http://chall32.blogspot.com/2011/05/esx-command-line-networking.html" target="_blank">ESX Command Line Networking Configuration</a>, and at the bottom of the post I added the sign off "Next time.... ESXi." Well, finally here is said ESXi post: How to configure ESXi networking from the command line.<br /><br />Why? Because there doesn’t appear to be any single place (that I can find at least) where all of the this is detailed. So hold onto you hats, again, here we go... Again!<br /><br /><b><span style="font-size: large;">Changing IP Address, Subnet Mask, Default Gateway, Hostname and DNS Settings (All Versions)</span></b><br />Very simple. Use the console configuration tool:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-r-31mqkkRhY/Tz5nus12QhI/AAAAAAAABEc/pXO9Qic7nKc/s1600/ip.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="177" src="http://4.bp.blogspot.com/-r-31mqkkRhY/Tz5nus12QhI/AAAAAAAABEc/pXO9Qic7nKc/s400/ip.jpg" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-BNWNQ8tEEro/Tz5oAX_hswI/AAAAAAAABEk/aoC8ceGBViY/s1600/dns.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="177" src="http://2.bp.blogspot.com/-BNWNQ8tEEro/Tz5oAX_hswI/AAAAAAAABEk/aoC8ceGBViY/s400/dns.jpg" width="400" /></a></div><br />OK, whilst strictly not "command line", why not use the built in configuration tool? It is far simpler!<br /><br /><i><b>Word of warning - </b>Whilst not prompted for a reboot when changing the ESXi's Hostname, I would complete a reboot anyway. I and others have seen spurious issues later on through ESXi configuration when a post rename reboot has not been completed.</i><br /><br /><b><span style="font-size: large;">Linking and Unlinking Physical Network Cards to Virtual Switches and Network Card Teaming (All Versions)</span></b><br />Again sure you can do this through the console configuration tool for the service console / management vSwitch. However, what happens if you want to make changes on other vSwitches? <br /><br />First lets look at how the vSwitch is configured post install. Screenshot from a VI Client:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-0C9RTeIjrZg/TcQKagXZagI/AAAAAAAAAw4/nDm4i2Qwyds/s1600/ESX.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="125" src="http://3.bp.blogspot.com/-0C9RTeIjrZg/TcQKagXZagI/AAAAAAAAAw4/nDm4i2Qwyds/s400/ESX.JPG" width="400" /></a></div>If you were to view the same information at the service console command line we would use the following command to list the virtual switches configured:<br /><blockquote><span style="font-family: "Courier New",Courier,monospace;">esxcfg-vswitch -l</span></blockquote><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-KjMHmONMdhE/TcQLc80u1OI/AAAAAAAAAxA/asno2bhR9Es/s1600/ESX1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="91" src="http://4.bp.blogspot.com/-KjMHmONMdhE/TcQLc80u1OI/AAAAAAAAAxA/asno2bhR9Es/s400/ESX1.JPG" width="400" /></a></div><br />To connect a physical adaptor to a virtual switch, you need to Link it, using the following command:<br /><blockquote><span style="font-family: "Courier New",Courier,monospace;">esxcfg-vswitch -L vmnic1 vSwitch0</span></blockquote>Where vmnic1 is the physical network card being connected to the virtual switch vSwitch0.<br /><br />To disconnect a physical adaptor to a virtual switch, you need to Unlink it, using the following command:<br /><blockquote><span style="font-family: "Courier New",Courier,monospace;">esxcfg-vswitch -U vmnic1 vSwitch0</span></blockquote>Where vmnic1 is the physical network card being disconnected from the virtual switch vSwitch0.<br /><br />Basic network card teaming is achieved by having two or more physical adaptors connected to the same virtual switch. From the VI Client:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-R5XLDzKGH54/TcQSfBohmGI/AAAAAAAAAxE/obl5x8Lj_wA/s1600/ESX3.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="117" src="http://3.bp.blogspot.com/-R5XLDzKGH54/TcQSfBohmGI/AAAAAAAAAxE/obl5x8Lj_wA/s400/ESX3.JPG" width="400" /></a></div> Which in turn looks like this from the console:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-k4GaTyqb5OE/TcQSzM6crRI/AAAAAAAAAxI/aMv7ZLF4Z34/s1600/ESX4.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="83" src="http://1.bp.blogspot.com/-k4GaTyqb5OE/TcQSzM6crRI/AAAAAAAAAxI/aMv7ZLF4Z34/s400/ESX4.JPG" width="400" /></a></div><br /><i>Further reading on Linking and Unlinking Physical Network Cards to Virtual Switches: <a href="http://kb.vmware.com/kb/1000258" target="_blank">http://kb.vmware.com/kb/1000258</a></i><br /><br /><span style="font-size: large;"><b>NIC Teaming Policy and Load Balancing (ESXi 4.1 and Earlier)</b></span><br />First lets look at how the vSwitch load balancing configured post install. Screenshot from a VI Client:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-5fQxmy_n6ZA/TcQcqsJBVpI/AAAAAAAAAxY/sHX6pr8Y8kE/s1600/ESX7.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="172" src="http://1.bp.blogspot.com/-5fQxmy_n6ZA/TcQcqsJBVpI/AAAAAAAAAxY/sHX6pr8Y8kE/s400/ESX7.JPG" width="400" /></a></div><br />Which in turn looks like this from the console:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-gri4cGUSbas/Tz5d7kiaq9I/AAAAAAAABEE/Mh6s9YzeWzs/s1600/switchpolicy.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="40" src="http://2.bp.blogspot.com/-gri4cGUSbas/Tz5d7kiaq9I/AAAAAAAABEE/Mh6s9YzeWzs/s400/switchpolicy.jpg" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/--7RU6QttP8k/TcQWtRWLSKI/AAAAAAAAAxQ/CzVrJChDtew/s1600/ESX6.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"></a></div>To specify the NIC teaming load balancing policy on a vSwitch, run the command:<br /><div style="text-align: left;"><blockquote><span style="font-family: "Courier New",Courier,monospace;">vim-cmd /hostsvc/net/vswitch_setpolicy --nicteaming-policy='</span><span style="font-family: "Courier New",Courier,monospace;">[policy]</span><span style="font-family: "Courier New",Courier,monospace;">' vSwitch0</span></blockquote></div>Where [policy] is one of these NIC teaming policies:<br /><ul><li>loadbalance_srcid (Route based on the originating virtual switch port ID)</li><li>loadbalance_srcmac (Route based on source MAC hash)</li><li>loadbalance_ip (Route based on IP hash)</li><li>failover_explicit (Use explicit failover order)</li></ul>For example, to set the NIC teaming policy to route based on IP hash, run the command:<br /><blockquote><span style="font-family: "Courier New",Courier,monospace;">vim-cmd /hostsvc/net/vswitch_setpolicy --nicteaming-policy='loadbalance_ip' vSwitch0</span></blockquote>To confirm the setting, run the command:<br /><blockquote style="font-family: "Courier New",Courier,monospace;"><span style="font-family: "Courier New",Courier,monospace;">vim-cmd /hostsvc/net/vswitch_info vSwitch0 | grep policy</span></blockquote>When run on console:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-KX3IH9jHv7Q/Tz5gNA5fNHI/AAAAAAAABEM/dNacJWeJpp4/s1600/loadbalnce.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="57" src="http://2.bp.blogspot.com/-KX3IH9jHv7Q/Tz5gNA5fNHI/AAAAAAAABEM/dNacJWeJpp4/s400/loadbalnce.jpg" width="400" /></a></div><br /><span style="font-size: large;"><b>NIC Teaming Policy and Load Balancing (ESXi 5.0 and Later)</b></span><br />To specify the NIC teaming load balancing policy on a vSwitch, run the command:<br /><div style="text-align: left;"><blockquote><span style="font-family: "Courier New",Courier,monospace;">esxcli network vswitch standard policy failover set -l [policy] -v vSwitch0</span><span style="font-family: "Courier New",Courier,monospace;"></span></blockquote></div>Where [policy] is one of these NIC teaming policies:<br /><ul><li>portid (Route based on the originating virtual switch port ID)</li><li>mac (Route based on source MAC hash)</li><li>iphash (Route based on IP hash)</li><li>explicit (Use explicit failover order)</li></ul>For example, to set the NIC teaming policy to route based on originating switch port ID, run the command:<br /><blockquote><span style="font-family: "Courier New",Courier,monospace;">esxcli network vswitch standard policy failover set -l portid -v vSwitch0</span></blockquote>To confirm the setting, run the command:<br /><blockquote style="font-family: "Courier New",Courier,monospace;"><span style="font-family: "Courier New",Courier,monospace;">esxcli network vswitch standard policy failover get -v vSwitch0</span><span style="font-family: "Courier New",Courier,monospace;"></span></blockquote>When run on console:<br /><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-EQQoMTlM8l8/Tz5p6a8RBkI/AAAAAAAABEs/MshjSFciuxk/s1600/switchpolicy5.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="101" src="http://1.bp.blogspot.com/-EQQoMTlM8l8/Tz5p6a8RBkI/AAAAAAAABEs/MshjSFciuxk/s400/switchpolicy5.jpg" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-KX3IH9jHv7Q/Tz5gNA5fNHI/AAAAAAAABEM/dNacJWeJpp4/s1600/loadbalnce.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"></a></div><i>Further reading on NIC Teaming Policy and Load Balancing: <a href="http://kb.vmware.com/kb/1011520" target="_blank">http://kb.vmware.com/kb/1011520</a></i><br /><br /><span style="font-size: large;"><b>VLAN Tagging </b></span><b><span style="font-size: large;"> (All Versions)</span></b><br />Use the following command to assign a VLAN to a console port / port group<br /><blockquote><span style="font-family: "Courier New",Courier,monospace;">esxcfg-vswitch -v [VLANID] -p "Management Network" vSwitch0</span></blockquote>Where [VLANID] is the VLAN number, "Management Network" is the console port / port group name and vSwitch0 is the virtual switch the console port / port group is connected to. A zero [VLANID] here specifies no VLAN.<br /><br /><i>Further reading on VLAN Tagging: <a href="http://kb.vmware.com/kb/1000258" target="_blank">http://kb.vmware.com/kb/1000258</a> </i><br /><br /><span style="font-size: large;"><b>Overview </b></span><br />In this post we looked at how to configure the following, all from the ESXi console, no VI client required!<br /><ul><li>Changing IP Address, Subnet Mask, Default Gateway, Hostname and DNS Server Settings </li><li>Linking and Unlinking Physical Network Cards to Virtual Switches and Network Card Teaming </li><li>NIC Teaming Policy and Load Balancing</li><li>VLAN Tagging </li></ul><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/esxi-command-line-networking/">ESXi Command Line Networking Configuration</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 17, 2012.</p>
https://polarclouds.co.uk/chris-better-jam-cams2012-01-30T18:52:00+00:002012-01-30T18:52:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-wN3VnSBXqNc/Tx3t2xgO46I/AAAAAAAABC4/MSgGeaejDEc/s1600/the_italian_job_1969.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="200" src="http://2.bp.blogspot.com/-wN3VnSBXqNc/Tx3t2xgO46I/AAAAAAAABC4/MSgGeaejDEc/s200/the_italian_job_1969.jpg" width="200" /></a></div>No one likes to get stuck in a traffic jam. Much less one that could be avoided. Even more annoying is the 'jam out of the blue' on what is usually a clear piece of road...<br /><br />Short of pulling an 'Italian Job 1969' (<i>original and best!!</i>) and driving through shopping arcades, up on roofs, across weirs etc what can you do to avoid such jams?<br /><br />Luckily we can spot traffic issues for ourselves from the comfort of our own homes using the excellent UK Highways Agency / <a href="http://www.bbc.co.uk/travelnews/" target="_blank">BBC Jam Cameras</a> site.<br /><br />That said however, there is just one slight annoyance with this site; namely you can only view one camera at a time.<br /><br />This is where Chris' Jam Cams page comes in! OH YES!<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-Zfs46rom7mY/TyBsMZYMW4I/AAAAAAAABDE/brEvvDo-EGs/s1600/JamCams.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="298" src="http://4.bp.blogspot.com/-Zfs46rom7mY/TyBsMZYMW4I/AAAAAAAABDE/brEvvDo-EGs/s400/JamCams.jpg" width="400" /></a></div><br />An all in one dashboard showing all the Jam Cams you are interested in, plus a frame detailing traffic conditions in your area. Whats more, you too can follow what I've done here and create your very own Jam Cams page. Dead easy.<br /><br />So how is it done? It is really quite easy. What follows looks a minefield but it isn't all that complex. I promise.<br /><br />The golden rule here is <span style="font-size: large;"><b><u>SIMPLICITY</u></b>: </span>I want to be able to do all of this using just one html file. Whilst I am positive that there are cleverer ways of achieving the same results, I'm purely after something dead simple to write, understand and maintain as and when required (in other words, please don't laugh at my html code!!)<br /><br /><b><span style="font-size: large;">Grab Your Copy</span></b> <br />First step, grab a copy of Chris' Jam Cams from Github:<br /><br /><a href="https://github.com/chall32/JamCams/blob/master/Chris%20Jam%20Cams.htm" target="_blank">Chris' Jam Cams</a> - Original. Should work in any browser on any platform <br /><a href="https://github.com/chall32/JamCams/blob/master/Chris%20Jam%20Cams%20Mobile.htm" target="_blank">Chris' Jam Cams Mobile</a> - Includes a couple of layout tweaks to make it easier for mobile viewing<br /><br />Cut and paste a copy into a text editor of your choice. (Notepad on Windows is just fine).<br /><br /><b><span style="font-size: large;">Traffic Images</span></b><br />First step is to define your images. Dead simple, just make sure each image has a unique id. For example, I've used the motorway and junction number. You need one img statement per traffic image.<br /><pre class="prettyprint">img border="0" height="261" width="320" src="#" <b>id="M20J7"</b> alt="M20 J7"</pre>Now for the picture handling. Load up the <a href="http://www.bbc.co.uk/travelnews/" target="_blank">BBC Travel News</a> page and select the area you are interested in.<br /><br />Next, click on the "Traffic Jam Cameras" button, just above the map. <br /><br />Lastly find a motorway junction camera that you are interested in right-click the link and choose "Copy Link Location" (firefox) or "Copy Shortcut" (IE). Open a text editor (eg notepad) and paste the text in.<br /><br />You should have a piece of text that looks something like this:<br /><pre class="prettyprint">http://www.bbc.co.uk/travelnews/<b>kent</b>/trafficcameras/highwaysagency<br />/<b>16588</b>?epoch=1234567890&enabled=1&asset=<b>16588</b>.jpg</pre>From this you are only interested in two pieces of information:<br /><ol><li>The region (<b>kent</b> in the example above)</li><li>The camera asset number (<b>16588 </b>in the example above)</li></ol>Enter the region and camera asset number into the 'document.getElementById' statement towards the bottom of the Jam Cams html page (I suggest copying, pasting and editing the example given in the github file):<br /><pre class="prettyprint">script type="text/javascript"<br />var d1 = new Date(); <br />var eptime = parseInt(d1.getTime()/1000);<br /><br />document.getElementById('<b>M20J7</b>').src="http://www.bbc.co.uk/travelnews<br />/<b>kent</b>/trafficcameras/highwaysagency/<b>16588</b>/image?epoch="+eptime+<br />"&enabled=1&cachebuster="+eptime;<br /><br />document.write("Page Last Refreshed: "+d1);<br />/script</pre>Lastly update the img id to match the id you chose earlier ('<b>M20J7</b>' in the example above).<br />Save your Jam Cams page and test.<br /><br /><b><span style="font-size: large;">Traffic News</span></b><br />The travel news is pulled from BBC mobile site using a simple iframe:<br /><pre class="prettyprint">iframe height=750 width=600 align=right src="http://www.bbc.co.uk<br />/mobile/travelnews/search/process/page/1/filter/road/q/<b>kent</b>"</pre>Replace 'Kent' in the src tag as required. (Suggest using the Traffic Images region found above)<br /><br /><b><span style="font-size: large;">Jam Cams Mobile</span></b><br />As mentioned above, this file is a slightly tweaked version of Chris Jam Cams.htm that hopefully renders slightly better on smaller screens. Update with your own Jam Cams in the same as the non-mobile version:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-FpnG6vH6u2c/Tx3f8_NzUHI/AAAAAAAABCw/y_G0y250awQ/s1600/jamcammobile.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://4.bp.blogspot.com/-FpnG6vH6u2c/Tx3f8_NzUHI/AAAAAAAABCw/y_G0y250awQ/s400/jamcammobile.jpg" width="240" /></a></div><div style="text-align: center;"><br /></div><div style="text-align: center;"><span style="font-size: large;"><b>DO NOT USE THIS WHILST DRIVING!</b></span><br /><span style="font-size: large;"><span style="font-size: small;">(Goes without saying really)</span><b> </b></span></div><br />Job done. I usually save the htm file on my desktop.<br /><br />Jam Cam images copyright? OK:<br /><blockquote class="tr_bq">Highways Agency <a href="http://www.highways.gov.uk/traffic/26965.aspx" target="_blank">Traffic Cameras Standard Terms and Conditions</a><br /><i><b>Reproduction for Private Use</b><br />The traffic images are Crown Copyright protected and may be reproduced free of charge in any format or medium as long as it is for non-commercial research, private study - subject to the material being reproduced accurately and not used in a misleading context.</i></blockquote>No problems there then.<br /><br />As I say, The golden rule here is <span style="font-size: large;"><b><u>SIMPLICITY</u></b>: </span>all done using just one html file.<br /><br />Enjoy.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/chris-better-jam-cams/">Chris' Better Jam Cams</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 30, 2012.</p>
https://polarclouds.co.uk/access-vm-consoles-from-linux2012-01-23T12:52:00+00:002012-01-23T12:52:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-k9W6IQJ5V-Q/Tx1Q4YycQUI/AAAAAAAABCo/-j6tQVxFiUw/s1600/vmware-vmrc.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="100" src="http://1.bp.blogspot.com/-k9W6IQJ5V-Q/Tx1Q4YycQUI/AAAAAAAABCo/-j6tQVxFiUw/s200/vmware-vmrc.png" width="100" /></a></div>So you want to access the consoles of your VMware virtual machines, yet your chosen administration client is running Linux? <br /><br />No problem.<br /><br />Sure VMware provide the <a href="http://pubs.vmware.com/vsphere-50/topic/com.vmware.vsphere.vm_admin.doc_50/GUID-588861BB-3A62-4A01-82FD-F9FB42763242.html" target="_blank">vSphere 5 Web Client</a>, that can be used from a Linux client (or Mac or whatever) however to use this you have to install the <a href="http://blogs.vmware.com/kbtv/2011/08/getting-started-with-vsphere-5-installing-the-vsphere-5-web-client-server.html" target="_blank">vSphere 5 Web Client Server</a> on your Virtual Center server in order to be able to use the client.<br /><br />Not all vSphere implementations need or run a Virtual Center server - let alone a dedicated web client server.<br /><br />Here is how is how to access your VMware VM consoles from a Linux client using the VMware Remote Console Plug-in application, and how to create a launcher so the application runs happily, even under <a href="http://en.wikipedia.org/wiki/GNOME" target="_blank">Gnome 3</a>.<br /><br /><ul><li>In your home folder create a new folder called vmware and navigate to it:</li></ul><blockquote>mkdir ~/vmware <br />cd ~/vmware</blockquote><ul><li>Grab the VMware remote client from here: <a href="http://dl.dropbox.com/u/17212049/vmware-vmrc-linux-x86.zip">vmware-vmrc-linux-x86</a> (21.3Mb, from my dropbox account) [<i>see below for alternatives</i>] and download it into the vmware created above. </li> <li>Extract the downloaded zip. Use the following command:</li></ul><blockquote>unzip vmware-vmrc-linux-x86.zip </blockquote><ul><li>Navigate to the plugins folder created by unziping the downloaded file:</li></ul><blockquote>cd plugins </blockquote><ul><li>Create and edit a new file called vmware-vmrc2. Use the following command:</li></ul><blockquote>gedit vmware-vmrc2</blockquote><ul><li>Paste the following into vmware-vmrc2 and change the $PATH_TO_VMRC variable (currently "/home/chris/vmware/plugins") so it points to the folder plugins you've extracted earlier:</li></ul><blockquote>#!/bin/bash<br /><br /># Please define this variable with the path to the plugins folder<br />PATH_TO_VMRC=<b style="color: blue;">"/home/chris/vmware/plugins"</b><br /><br />export VMWARE_USE_SHIPPED_GTK=yes<br />cd $PATH_TO_VMRC<br />./vmware-vmrc > /dev/null 2>&1 &<br />cd - > /dev/null 2>&1</blockquote><ul><li>Change the text highlighted in blue to match the location of your vmware folder created in step 1. </li></ul><ul><li>Save and close the file and then change it to be executable:</li></ul><blockquote>sudo chmod +x vmware-vmrc2</blockquote><ul><li>Launch the VMware remote client using the following command:</li></ul><blockquote>./vmware-vmrc2</blockquote>You should be presented with the following (after accepting any security prompts):<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-k6qej3YEV64/Tw2xEmfRSTI/AAAAAAAABBk/kUZX_cASwrY/s1600/vrcrun.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="317" src="http://3.bp.blogspot.com/-k6qej3YEV64/Tw2xEmfRSTI/AAAAAAAABBk/kUZX_cASwrY/s400/vrcrun.jpg" width="400" /></a></div><br />Enter the details of your VMware ESX / ESXi server and hit connect.<br /><br />Job done!<br /><br />I especially like the VM menu the client provides upon successful connection. Something like this:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-qgPz4Oa-Yy8/Tw2yUi8ttyI/AAAAAAAABBs/4m6MhgqKKv0/s1600/OpenVM.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://4.bp.blogspot.com/-qgPz4Oa-Yy8/Tw2yUi8ttyI/AAAAAAAABBs/4m6MhgqKKv0/s400/OpenVM.jpg" width="331" /></a></div><br />Pick a VM and go for it:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-3Vmdk32c7z0/Tw214GeMviI/AAAAAAAABB8/RCsCVRAsg6k/s1600/Connected.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="270" src="http://3.bp.blogspot.com/-3Vmdk32c7z0/Tw214GeMviI/AAAAAAAABB8/RCsCVRAsg6k/s400/Connected.jpg" width="400" /></a></div><br /><span style="font-size: large;">Grab your own install</span><br />Alternatively if you do have access to a Virtual Center server, you can grab the file from "C:\Program Files\VMware\Infrastructure\tomcat\webapps\ui\plugin" Also available in this folder are 64bit Linux and Windows versions of the remote client.<br /><br />The file linked to in the process above is a v3.0.0 build-418557 client with the extension renamed from .xpi to .zip to stop Firefox trying to install rather than download. As .xpi files are .zip files in disguise, the process above will remain the same.<br /><br />If you don't have access to a Virtual Center server and you don't want to use the client linked to above, a third place to grab the client is here: <a href="https://github.com/vmware/rvc/downloads" target="_blank">https://github.com/vmware/rvc/downloads</a><br /><br />Thanks should goto Joel Bastos for this workaround, originally posted <a href="http://kintoandar.blogspot.com/2011_06_01_archive.html" target="_blank">here</a> <br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/access-vm-consoles-from-linux/">Access VM Consoles From Linux</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 23, 2012.</p>
https://polarclouds.co.uk/disable-ie-enhanced-security2012-01-19T12:38:00+00:002012-01-19T12:38:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-P7bDT307fg4/TxgGtL30FlI/AAAAAAAABCg/IoX_PC8-46M/s1600/ieesclogo.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-P7bDT307fg4/TxgGtL30FlI/AAAAAAAABCg/IoX_PC8-46M/s1600/ieesclogo.jpg" /></a></div>Another one to file in the "Yes, done that before, but I can't remember how" pile. Probably because it is so easy to do has some bearing on not being able to remember how... Anyway, here is how to disable Internet Explorer Enhanced Security Configuration (aka IE ESC) on Windows 2003 and 2008 Servers. <br /><br />Yes I know, IE ESC is a security feature there to protect the user and it should never be disabled etc etc etc. However most of the time it is <i>'a right royal <a href="http://www.urbandictionary.com/define.php?term=PITA" target="_blank">PITA</a></i>'. So here goes then.<br /><br /><br /><b><span style="font-size: large;">Windows 2003</span></b><br />Control Panel, Add or Remove Programs, Add/Remove Windows Components:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-_25qa98Vikk/TxgEHww1PuI/AAAAAAAABCY/1Bx9cYJgWQY/s1600/IEESC2003.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="291" src="http://4.bp.blogspot.com/-_25qa98Vikk/TxgEHww1PuI/AAAAAAAABCY/1Bx9cYJgWQY/s400/IEESC2003.JPG" width="400" /></a></div><br />Disable or enable as you please.<br /><br /><b><span style="font-size: large;">Windows 2008 / Windows 2008R2</span></b><br />Run the following:<br /><blockquote class="tr_bq">servermanager.msc</blockquote>Check current status and / or make the required changes here:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-gN-vucoXEsg/Txf9M7Y3OFI/AAAAAAAABCI/t9eVdzrz-YY/s1600/SrvMgr.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="372" src="http://1.bp.blogspot.com/-gN-vucoXEsg/Txf9M7Y3OFI/AAAAAAAABCI/t9eVdzrz-YY/s400/SrvMgr.jpg" width="400" /></a></div><br />On clicking <b>Configure IE ESC</b>:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-gD6UViS0mQw/Txf9sniZ-1I/AAAAAAAABCQ/tABP3YiU9es/s1600/2008R2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="http://2.bp.blogspot.com/-gD6UViS0mQw/Txf9sniZ-1I/AAAAAAAABCQ/tABP3YiU9es/s320/2008R2.jpg" width="304" /></a></div><br />Disable or enable as you please.<br /><br />So there you have it. One less pain to deal with.<br /><br />- <a href="https://plus.google.com/103894884565976994275/about" rel="author" target="_blank">Chris</a><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/disable-ie-enhanced-security/">Disable IE Enhanced Security</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 19, 2012.</p>
https://polarclouds.co.uk/build-it-again2012-01-16T09:41:00+00:002012-01-16T09:41:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-vQUY1oYKhiA/TwykIiUD08I/AAAAAAAABA8/MN4zMII2t7c/s1600/lego.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-vQUY1oYKhiA/TwykIiUD08I/AAAAAAAABA8/MN4zMII2t7c/s1600/lego.jpg" /></a></div>Lego.<br /><br />Hate it when stepping barefoot on a stray piece left hanging around or love it for keeping the kids quiet for hours... and hours.<br /><br />What other toy gives you the freedom to design and build absolutely anything your heart desires?<br /><br />Car? No problem. Aeroplane? No problem. Rocket to the moon? No problem. Luna delta spaceship? Again, no problem.<br /><br />Until a couple of years ago, a box of my childhood Lego resided in the attic, unplayed with but by no means forgotten. I prefer to think of it "on hiatus", to be played with again at some point in the future. That is until one day I retrieved it from the attic and introduced my youngest son to the world of Lego. Could he be trusted? Would it all disappear up the vacuum cleaner?<br /><br />At the time I remember him almost saying, "hmm what is this pile of blocks for? Where do the batteries go? What you mean you have to <i>build</i> something?"<br /><br />Of course after buying him some new sets and helping him build those he got the idea. The big box of Lego from the attic were suddenly additional cars / houses / spaceships / whatever just waiting to be built.<br /><br />So here we are a couple of years later and he is well onto Lego Techninc, and we are both still having a great time our Lego building. For example, last weekend we spent just over 6 (yes SIX) hours* building this:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-OqIYpq4-b7U/Twyu3mggqgI/AAAAAAAABBE/r1DajqgyUvE/s1600/8109.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="313" src="http://3.bp.blogspot.com/-OqIYpq4-b7U/Twyu3mggqgI/AAAAAAAABBE/r1DajqgyUvE/s400/8109.jpg" width="400" /></a></div><br />Here is it in full animated glory. Winch, motorised tilting / lowering flatbed and wheel lift: <br /><br /><div style="text-align: center;"><iframe allowfullscreen="" frameborder="0" height="315" src="http://www.youtube-nocookie.com/embed/wWbs0ss9axQ?rel=0" width="560"></iframe></div><br />During the build the question "Daddy do you still have the instructions for any of your Lego?" was asked. Unfortunately no I didn't... not any more. I used to have build instuctions for houses, cars, trucks and space Lego - lots of space Lego (very popular in the 1980's!)<br /><br />I still have the parts, but the knowledge to rebuild has long since passed. <br /><br />Of course, me being me; some days later being presented with a empty Google search box (other search engines are available) and having forgotten what I was originally going to look for, I punched in "Lego instructions". I was amazed when the results came back. <br /><br />It turns out there are several simply excellent Lego instruction library sites out there, providing scanned instruction manuals for download. That was it. An hour spent in the quest to find all those long lost build instructions for as much of my Lego from the attic as I could.<br /><br />By way of saying thank you to some of those library sites, here is a (by no means an exhaustive or ordered) list of the sites that have provided the Lego instructions from my childhood so that my sons may also enjoy building my Lego again:<br /><ul><li><a href="http://www.worldbricks.com/" target="_blank">Worldbricks.com</a> - PDF downloadable instructions. Sometimes a bit slow, but well worth the wait. </li> <li><a href="http://letsbuilditagain.com/" target="_blank">Letsbuilditagain.com</a> - Online instructions. Find your set and hit the blue arrow to view the instructions.</li> <li><a href="http://www.brickfactory.info/" target="_blank">Brickfactory.info</a> - Online instructions. More of a basic site, however still plenty there!</li> <li><a href="http://www.brickset.com/" target="_blank">Brickset.com</a> - No instructions, however good listing of newer sets, links to purchase sets on ebay and set barcodes (scan with Android barcode scanner to get best prices? ;))</li> <li><a href="http://us.service.lego.com/en-US/BuildingInstructions/default.aspx" target="_blank">Official Lego Site</a> (direct link to instructions portal) - PDF downloadable instructions. Of course, no list would be complete without mentioning this site!</li> <li><a href="http://technic.lego.com/en-us/BuildingInstructions/default.aspx" target="_blank">Official Lego Technic Site</a> (direct link to instructions portal) - PDF downloadable instructions. As above, except for Lego Technic</li></ul><br />If you don't own any Lego sets with perhaps some of the more specific pieces, then no need to worry. These sites are still a great source of inspiration. Look for the 1960 / 1970 / early 1980's instructions. Some, if not most, of the realy early sets are made up of the more standard square brick variety meaning that anyone should be able to build them using whatever parts they have.<br /><br />That should keep your little ones quiet for a while. Perhaps you too. Welcome to the world of Lego.... again!<br /><br />- Chris<br /><br /> *6 hours to build a flatbed truck? Have a look at the <a href="http://technic.lego.com/en-us/BuildingInstructions/default.aspx#8109_Group" target="_blank">three instruction booklets</a> for yourself!<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/build-it-again/">Build it Again</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 16, 2012.</p>
https://polarclouds.co.uk/sky-hd-highlight-hd-programmes2012-01-11T00:05:00+00:002012-01-11T00:05:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-E6-9v-uzmV4/TwzOJ4qOYnI/AAAAAAAABBU/iLepVw8EGCE/s1600/logo.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="200" src="http://1.bp.blogspot.com/-E6-9v-uzmV4/TwzOJ4qOYnI/AAAAAAAABBU/iLepVw8EGCE/s200/logo.png" width="200" /></a></div>So you have got a High Definition Television. You have also taken the plunge and gone for a Sky HD box (other HD solutions are available). You have even connected the two together using a propper HDMI cable and you have configured the two to use HD across the board.<br /><br />So you sit down to watch some nice HD TV.<br /><br />You spot your chosen TV channel's little 'HD' logo in the top corner, so you know that you are watching a HD channel. <br /><br />Final question; how do you know that the TV programme you are watching on your nice HD setup was actually filmed in HD? Sure you could confirm by simply looking at the picture* but can you be 100% sure every time that the TV station isn't simply upscaling a standard definition programme?<br /><br />If you are a Sky HD customer, then the fix is simple. Configure your HD box to highlight programmes originating in HD in the TV Guide, like this:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-impJ0nXyVMU/TwrbhXyqsfI/AAAAAAAABAU/fqvZLEzP2Lw/s1600/Finished.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-impJ0nXyVMU/TwrbhXyqsfI/AAAAAAAABAU/fqvZLEzP2Lw/s1600/Finished.jpg" /></a></div><br />Here is how to configure your Sky HD box to do the same. All actions are done via the remote control.<br /><br />1. Whilst watching Sky HD, press <b>Services</b> button:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-ZNUwL1h4i_c/TwrdSBW_1dI/AAAAAAAABAc/0xWwflhHZys/s1600/Step1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-ZNUwL1h4i_c/TwrdSBW_1dI/AAAAAAAABAc/0xWwflhHZys/s1600/Step1.jpg" /></a></div><br />2. Press <b>Blue down navigation</b> button, to highlight centre bar.<br /><br />3. Press <b>Blue right navigation</b> button to scroll to the <b>CUSTOMISE</b> option:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-mge0bMqIWZQ/TwreH3U4tyI/AAAAAAAABAk/g7nS20jhbfU/s1600/Step2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-mge0bMqIWZQ/TwreH3U4tyI/AAAAAAAABAk/g7nS20jhbfU/s1600/Step2.jpg" /></a></div><br />4. Press <b>Blue down navigation</b> button, to select <b>Highlight Programmes Originated in HD</b> option.<br /><br />5. Press <b>Blue right navigation</b> button to enable the option (set it to <b>ON</b>):<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-ak7o16AyyEU/TwrepRtjLmI/AAAAAAAABAs/ctXnm2UT1tc/s1600/Step3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-ak7o16AyyEU/TwrepRtjLmI/AAAAAAAABAs/ctXnm2UT1tc/s1600/Step3.jpg" /></a></div><br />6. Press <b>Green</b> button to save changes.<br /><br />7. Press <b>Backup </b>button to exit.<br /><br />Job done. Now you know that you are watching HD!<br /><br />*Re spotting a HD picture: Hmm OK, how do I put this politely?<br />Here goes: In my very limited experience, through a very small straw pole of asking friends etc, I have noticed that female of the human species rarely notices (or even cares?) that they are watching a TV show in HD.<br /><br />Just stating what I have noticed, nothing more! Please don't shoot the messenger! <br /><br />Perhaps this article from 2006 helps to redress the balance: <a href="http://www.ecoustics.com/electronics/products/articles/288276.html" target="_blank">Why Women Don't Care About HDTV?</a><br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/sky-hd-highlight-hd-programmes/">Sky HD: Highlight HD Programmes</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 11, 2012.</p>
https://polarclouds.co.uk/new-and-improved-what-mark-iv2012-01-09T09:21:00+00:002012-01-09T09:21:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-9qFG2rBmAIc/TwqvxyqDi4I/AAAAAAAABAE/_vWSTtu828M/s1600/Roadworks.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="http://1.bp.blogspot.com/-9qFG2rBmAIc/TwqvxyqDi4I/AAAAAAAABAE/_vWSTtu828M/s200/Roadworks.jpg" width="200" /></a></div><br /><br />Happy new year. No your eyes do no deceive you, it is all change on the only blog that counts (TM). Now it counts even more!!!<br /><br />Hopefully you'll find the new site easier to navigate and find your favorite content.<br /><br />As with all changes of this type, I'm sure are still some bugs to work out, so stay tuned and we will get this '<a href="http://www.flickr.com/photos/unkiepaul/4492994001/" target="_blank">Cosworth powered Mini of a blog</a>' up and running smoothly in no time.<br /><br />Stay tuned and as always, have fun. <br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/new-and-improved-what-mark-iv/">New and Improved What The Mark IV!</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 09, 2012.</p>
https://polarclouds.co.uk/raspberry-pi-16-linux-pc2011-12-24T00:45:00+00:002011-12-24T00:45:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-QX4J5sljWM4/TvUGklS9ccI/AAAAAAAAA-Q/b-4_FwfnoJ0/s1600/Raspi-Logo.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="178" src="http://3.bp.blogspot.com/-QX4J5sljWM4/TvUGklS9ccI/AAAAAAAAA-Q/b-4_FwfnoJ0/s200/Raspi-Logo.png" width="200" /></a></div><br /><br />A credit card sized computer being developed by a UK based charitable foundation that is hoped will promote the education of computer science at school level and beyond. <br /><br />The idea is simple - develop, manufacture and distribute an ultra-low-cost computer, for use in teaching computer programming to children.<br /><br />That said, the computer can be used for many of the things that a desktop PC is, like spreadsheets, word-processing, games and high-definition video playback.<br /><br /><br />The name of this computer is the <a href="http://www.raspberrypi.org/" target="_blank">Raspberry PI</a>:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/--ITARvOL9T0/TvULSWIjrqI/AAAAAAAAA-o/r5Gv9NUdBQQ/s1600/L1030064.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="360" src="http://2.bp.blogspot.com/--ITARvOL9T0/TvULSWIjrqI/AAAAAAAAA-o/r5Gv9NUdBQQ/s640/L1030064.jpg" width="640" /></a></div><div class="separator" style="clear: both; text-align: center;"></div><br />OK, so what is the idea here? What are they trying to achieve? Games developer <a href="http://en.wikipedia.org/wiki/David_Braben" target="_blank">David Braben </a> explains to BBC's Rory Cellan-Jones, holding an early alpha model, back in May 2011:<br /> <br /><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="" frameborder="0" height="360" src="http://www.youtube.com/embed/pQ7N4rycsy4" width="640"></iframe></div><br />Here is a basic layout, detailing the features on board:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-s4T8MvqNH4w/TwuSaWDjK_I/AAAAAAAABA0/J7a9UR1oMWA/s1600/Raspi-Model-AB-Mono-1-699x1024.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="http://1.bp.blogspot.com/-s4T8MvqNH4w/TwuSaWDjK_I/AAAAAAAABA0/J7a9UR1oMWA/s640/Raspi-Model-AB-Mono-1-699x1024.png" width="436" /></a></div><div class="separator" style="clear: both; text-align: center;"></div><br />As can be seen from the above, the RasPi will be shipped in two variants:<br /><br /><ul><li>Model A = 128MB RAM on board, no Ethernet = $25 / £16</li><li>Model B = 256MB RAM on board, 10/100 UTP Ethernet port = $35 / £22</li></ul><br />So what do you get for your money? Well, quite a lot actually:<br /><br /><ul><li>700MHz ARM11 Processor - The same processor as found in many mobile phones (including my <a href="http://www.gsmarena.com/zte_blade-3391.php" target="_blank">ZTE Blade</a>!)</li><li>1080p full HD video output - via HDMI connector</li><li>Composite connector - for direct connection to a TV</li><li>Dual USB2 ports - for keyboard, mouse, etc</li><li>SD/MMC/SDIO memory card slot - for operating system etc etc</li></ul><br />Talking of operating systems, it is envisaged that Debian Linux, Fedora Linux and ArchLinux will be supported from the start. Other Linux distributions maybe supported later.<br /><br />So what does it run like? Have a watch for yourself:<br /><br /><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="" frameborder="0" height="360" src="http://www.youtube.com/embed/e_mDuJuvZjI" width="640"></iframe></div><br /><br />Not to shabby at all!<br /><br />As a father of an 11 year old son who is nuts on anything computer related (wonder where he gets that from? hehehe) I can certainly expect to see at least one of these winging their way to Kent!<br /><br />What's even better is that there are already RasPi based coding tutorials on youtube, such as <a href="http://www.youtube.com/user/RaspberryPiTutorials" target="_blank">Liam Frasier's Raspberry Pi Tutorials channel</a>.<br /><br />So when is it going to be available? By the looks of it very soon. At the time of writing this (24 Dec 2011), the beta boards are currently undergoing testing and with all going well, the first first production run will be early in 2012.<br /><br />Keep an eye on the <a href="http://www.raspberrypi.org/" target="_blank">Raspberry Pi Blog</a> and on the official <a href="https://twitter.com/Raspberry_Pi" target="_blank">Raspberry PI Twitter feed</a> for updates.<br /><br />Excellent stuff!<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/raspberry-pi-16-linux-pc/">Raspberry Pi - A £16 Linux PC!</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on December 24, 2011.</p>
https://polarclouds.co.uk/vsphere-vm-clone-problems-fixes2011-12-19T13:31:00+00:002011-12-19T13:31:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-0Kz3SV-KZjk/Tu8tjKp46WI/AAAAAAAAA9c/TRrIRcGjsdk/s1600/CloneAttack.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="193" src="http://1.bp.blogspot.com/-0Kz3SV-KZjk/Tu8tjKp46WI/AAAAAAAAA9c/TRrIRcGjsdk/s200/CloneAttack.jpg" width="200" /></a></div><br />Just recently a colleague of mine had some fun and games completing what should have been a simple clone of Windows 2008 R2 64bit VMware virtual machine.<br /><br />We managed to get to the bottom of the issues and get the clones completed, so for future info and help of others here are the issues and resolutions to those issues encountered.<br /><br /><br /><br /><br /><br /><br /><div style="text-align: left;"><b><span style="font-size: large;">autochk program not found - skipping AUTOCHECK and STOP: c000021a BSOD</span></b></div><br />Clone VM created successfully, however upon first boot of the VM, the following were seen:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-0TOOIvSZVBE/Tu8wM5FV8hI/AAAAAAAAA9k/MdBpqNBCyts/s1600/autochk.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="http://1.bp.blogspot.com/-0TOOIvSZVBE/Tu8wM5FV8hI/AAAAAAAAA9k/MdBpqNBCyts/s320/autochk.jpg" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-ypKAoKAzrBg/Tu8wQvKFaOI/AAAAAAAAA9s/YzIERUy9T3g/s1600/stop.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="http://2.bp.blogspot.com/-ypKAoKAzrBg/Tu8wQvKFaOI/AAAAAAAAA9s/YzIERUy9T3g/s320/stop.png" width="320" /></a></div><br />According to <a href="http://kb.vmware.com/kb/2004505" target="_blank">VMware KB Article 2004505</a> this is caused by the entry:<br /><br /><blockquote class="tr_bq">disk.EnableUUID = "TRUE" </blockquote>in the source VM's virtual machine configuration (vmx) file. Download, edit and upload the vmx with the following setting:<br /><br /><blockquote class="tr_bq">disk.EnableUUID = "FALSE" </blockquote>See the VMware KB article for further details around editing virtual machine vmx files.<br /><br /><b><br /></b><br /><div style="text-align: left;"><b><span style="font-size: large;">Windows could not finish configuring the system...</span></b></div><br />Again, clone VM created successfully, however upon first boot of the VM, the following was seen:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-a1V-08jTkAY/Tu8y52XwK0I/AAAAAAAAA90/Bfi8JKHIgZk/s1600/sysprepError.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="http://2.bp.blogspot.com/-a1V-08jTkAY/Tu8y52XwK0I/AAAAAAAAA90/Bfi8JKHIgZk/s320/sysprepError.png" width="320" /></a></div><br />According to the <a href="http://support.microsoft.com/kb/981542" target="_blank">Microsoft KB Article KB981542</a> this issue occurs if the original operating system contains a registry key that is larger than 8 kilobytes (KB).<br /><br />The resolution being to install a patch on the source VM. <br /><br />Unfortunately the patch is not available on the MS website, however it is available here:<br /><br /><ul><li>32bit Windows 2008R2 / Windows 7 = <a href="http://thehotfixshare.net/board/index.php?autocom=downloads&showfile=11963" target="_blank">Windows6.1-KB981542-x86.msu</a></li><li>64bit Windows 2008R2 / Windows 7 = <a href="http://thehotfixshare.net/board/index.php?autocom=downloads&showfile=11962" target="_blank">Windows6.1-KB981542-x64.msu</a></li></ul>After overcoming both those issues, the VM clones completed and booted successfully and what should have been a quick and easy job was done. <br /><br />Thanks should go to Alan for highlighting the issues and persevering with the fixes.... both of them!<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/vsphere-vm-clone-problems-fixes/">vSphere VM Clone Problems + Fixes</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on December 19, 2011.</p>
https://polarclouds.co.uk/find-hba-wwns-from-esxi-console2011-12-15T10:35:00+00:002011-12-15T10:35:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-oC7b7SHdJnY/Tum9MMIwMcI/AAAAAAAAA7s/T_gh2o6afJw/s1600/HBA.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="200" src="http://4.bp.blogspot.com/-oC7b7SHdJnY/Tum9MMIwMcI/AAAAAAAAA7s/T_gh2o6afJw/s200/HBA.jpg" width="200" /></a></div><br /> A question this comes up quite a bit: How can I find the World Wide Names (WWNs) of the fibre channel Host Bus Adapters (HBAs) my ESXi server from the console?<br /><br />Sure you can use the VMware VI client to gather the required info, but what happens if you do not or have network connectivity to your ESXi yet? <br /><br />The WWN information is very often needed to for the zoning configuration on the fibre channel switches to ensure that the ESXi server can only access the Storage Array Network (SAN) disks it is supposed to access.<br /><br /><br /><br /><br /><b>Here is how to find the HBA WWNs:</b><br /><br />First log on to your ESXi console:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-Ov5RNy8t02g/TunACvmosgI/AAAAAAAAA70/EcsvXIvR6Bs/s1600/hbawwn1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="241" src="http://3.bp.blogspot.com/-Ov5RNy8t02g/TunACvmosgI/AAAAAAAAA70/EcsvXIvR6Bs/s320/hbawwn1.JPG" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-f3biNKkcNRM/TunAUWX418I/AAAAAAAAA78/GJ9HFwsCwFQ/s1600/hbawwn2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"></a></div>Now select<b> Troubleshooting Options</b>:<br /><div style="text-align: center;"><a href="http://1.bp.blogspot.com/-f3biNKkcNRM/TunAUWX418I/AAAAAAAAA78/GJ9HFwsCwFQ/s1600/hbawwn2.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="232" src="http://1.bp.blogspot.com/-f3biNKkcNRM/TunAUWX418I/AAAAAAAAA78/GJ9HFwsCwFQ/s320/hbawwn2.JPG" width="320" /></a></div><br />Then select<b> Enable Local Tech Support</b>:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-37rKIVUcKPc/TunA6T3hcjI/AAAAAAAAA8I/XdIRMwvneJM/s1600/hbawwn3.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="233" src="http://2.bp.blogspot.com/-37rKIVUcKPc/TunA6T3hcjI/AAAAAAAAA8I/XdIRMwvneJM/s320/hbawwn3.JPG" width="320" /></a></div><br />Now press<b> ALT F1</b> to enter local ESXi console:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-HLyG1si5GwY/TunBg_XDlQI/AAAAAAAAA8Q/3Ehw7xc59yk/s1600/hbawwn4.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="77" src="http://2.bp.blogspot.com/-HLyG1si5GwY/TunBg_XDlQI/AAAAAAAAA8Q/3Ehw7xc59yk/s320/hbawwn4.JPG" width="320" /></a></div><br />Login using root credentials:<br /><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-TnmxSJCg7Xc/TunBq2ZKX4I/AAAAAAAAA8Y/3tdilP7yMlY/s1600/hbawwn5.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="196" src="http://3.bp.blogspot.com/-TnmxSJCg7Xc/TunBq2ZKX4I/AAAAAAAAA8Y/3tdilP7yMlY/s320/hbawwn5.JPG" width="320" /></a></div><br />At the # prompt enter: <b><span style="font-family: "Courier New",Courier,monospace;">cd /proc/scsi</span></b> and <b><span style="font-family: "Courier New",Courier,monospace;">ls</span></b> to list the SCSI adaptors fitted in your ESXi:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-pGeRim5vpPY/TunB_HR7NCI/AAAAAAAAA8g/lTSZwsH5Iw4/s1600/hbawwn6.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="217" src="http://1.bp.blogspot.com/-pGeRim5vpPY/TunB_HR7NCI/AAAAAAAAA8g/lTSZwsH5Iw4/s320/hbawwn6.JPG" width="320" /></a></div><br />You are looking for <b>qlaxxxx</b> for QLogic HBAs or <b>lpfc </b>for Emulex HBAs. As you can see from the screenshots, my ESXi has QLogic adapters fitted (qla2xxx).<br /><br />Next, <b><span style="font-family: "Courier New",Courier,monospace;">cd qla2xxx</span></b> (or <b style="font-family: "Courier New",Courier,monospace;">cd lpfc</b> for emulex) and then list (ls) adaptors:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-gyJZpyy29qk/TunDvFHaluI/AAAAAAAAA8w/8Ry-tqMHo6E/s1600/hbawwn7.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-gyJZpyy29qk/TunDvFHaluI/AAAAAAAAA8w/8Ry-tqMHo6E/s1600/hbawwn7.JPG" /></a></div><br />As you can see I have adaptors fitted at 5 and 6. Your numbers may (and quite likely will) be different. The last step is to list each of the adaptors found, using the <b>cat x |more </b>("x" being one of the numbers listed) command: <br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-qsJPE0kyGLo/TunGzbOWriI/AAAAAAAAA9I/ZF6Sm-NEXzU/s1600/hbawwn7a.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-qsJPE0kyGLo/TunGzbOWriI/AAAAAAAAA9I/ZF6Sm-NEXzU/s1600/hbawwn7a.JPG" /></a></div> You are looking for the <b>Host Device Name</b> and the <b>SCSI Device Information</b>:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-PC06u24AG50/TunL0-jVZKI/AAAAAAAAA9Q/fejB4zxVi5w/s1600/hbawwn8.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="251" src="http://3.bp.blogspot.com/-PC06u24AG50/TunL0-jVZKI/AAAAAAAAA9Q/fejB4zxVi5w/s320/hbawwn8.JPG" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;"> <a href="http://3.bp.blogspot.com/-zEd25DGQgao/TunGMeJE30I/AAAAAAAAA9A/pDkUtG4B4qI/s1600/hbawwn9.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="257" src="http://3.bp.blogspot.com/-zEd25DGQgao/TunGMeJE30I/AAAAAAAAA9A/pDkUtG4B4qI/s320/hbawwn9.JPG" width="320" /></a></div><br />OK. To get the full WWN address, simply note down the node and port hex ID's from the SCSI Device Information, and separate each pair with colons ":" to make your full HBA WWN. In my case, from the screenshots above, my HBA WWN would be:<br /><div style="text-align: center;"><b><br /></b></div><div style="text-align: center;"><b> WWN of vmhba2 = 20:00:00:1b:32:8a:f3:42 21:00:00:1b:32:8a:f3:42</b></div><br />Repeat for the last command (cat x |more) for all the other HBA's in your ESXi (so in my case I would run the command <b style="font-family: "Courier New",Courier,monospace;">cat 6 |more</b> to find the SCSI device information for my other HBA.<br /><br />When finished type <b style="font-family: "Courier New",Courier,monospace;">exit</b> to return to the ESXi tech support console login and <b>ALT F2</b> to switch back to the standard ESXi console.<br /><br />Don't forget to login, select<b> Troubleshooting Options</b> and <b>Disable Local Tech Support</b> when completely finished!<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/find-hba-wwns-from-esxi-console/">Find HBA WWNs from ESXi Console</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on December 15, 2011.</p>
https://polarclouds.co.uk/beta-1-what-android-released2011-11-08T22:53:00+00:002011-11-08T22:53:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-Cpk_Y3K8R_g/TrmqwLqveAI/AAAAAAAAA6I/1GArlFDyLvM/s1600/WT01a.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="http://2.bp.blogspot.com/-Cpk_Y3K8R_g/TrmqwLqveAI/AAAAAAAAA6I/1GArlFDyLvM/s200/WT01a.png" width="200" /></a></div><br />Yes that's right the What The.....? Android application has just gone Beta!<br /><br />To mark this momentous occasion (remember developing in Java is completely new to me!), I have given the app it's very own page on this here blog. The page has the reasons for development, links to the change log, source code and (more importantly) the apk file itself.<br /><br />Use the What The Android link in the links bar above or <a href="http://chall32.blogspot.com/p/what-for-android.html">click here</a> to have a look at the What The Android page.<br /><br />If you fancy being an early adopter / beta tester, then feel free. Please post any feedback in comments below.<br /><br />- Chris<br /> <div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/beta-1-what-android-released/">Beta 1 What The Android Released</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on November 08, 2011.</p>
https://polarclouds.co.uk/vmware-vsphere-client-download-url2011-10-21T17:27:00+01:002011-10-21T17:27:00+01:00Chris Hallhttps://polarclouds.co.uk
<a href="http://2.bp.blogspot.com/-pN3fFIzlpi0/TqGQFF-pH4I/AAAAAAAAA1s/fihMZdvPJF4/s1600/viclient.JPG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://lh3.ggpht.com/-pN3fFIzlpi0/TqGQFF-pH4I/AAAAAAAAA1s/fihMZdvPJF4/s1600/viclient.JPG" /></a>Ever since VMware stopped bundling the vSphere client in with ESX / ESXi, try as hard as I can, I can never seem to quickly and easily find the URL to download the flipping thing.<br /><br /><i>VMware: If you are not going to bundle the client, then at least make it easy to find and download from your website! Alternatively, use a bit of <a href="http://en.wikipedia.org/wiki/Search_engine_optimization" target="_blank">SEO</a> and get the direct download URL as result #1 when searching for "vsphere client download" in Google. Surely it's not that hard is it?!?!</i><br /><br />Anyway, sure I can extract it from the the Virtual Centre ISO image (see below for location), but it is not always practicable get a 150MB+ file to someone over email etc.<br /><br />Being the suspicious type, I'm not interested in sending links to 3rd party file sharing sites either. Who knows what could be included in the client installer? No, if I'm sending anyone a link for them to install vSphere client for themselves, (or installing it for myself) I want to refer DIRECTLY to VMware's website.<br /><br />So here we go then, a rolling post containing vSphere client download links direct from VMware's website (hover your mouse over the URLs if you don't believe me!)<br /><br /><span style="font-size: large;"><b>vSphere v4.1</b></span><br /> - VMware vSphere Client v4.1 : <a href="http://vsphereclient.vmware.com/vsphereclient/2/5/8/9/0/2/VMware-viclient-all-4.1.0-258902.exe">VMware-viclient-all-4.1.0-258902.exe</a><br /> - VMware vSphere Client v4.1 Update 1 : <a href="http://vsphereclient.vmware.com/vsphereclient/3/4/5/0/4/3/VMware-viclient-all-4.1.0-345043.exe">VMware-viclient-all-4.1.0-345043.exe</a><br /> - VMware vSphere Client v4.1 Update 2 : <a href="http://vsphereclient.vmware.com/vsphereclient/4/9/1/5/5/7/VMware-viclient-all-4.1.0-491557.exe">VMware-viclient-all-4.1.0-491557.exe</a><br /> - VMware vSphere Client v4.1 Update 3 : <a href="http://vsphereclient.vmware.com/vsphereclient/7/9/9/3/4/5/VMware-viclient-all-4.1.0-799345.exe">VMware-viclient-all-4.1.0-799345.exe</a> <br /> - VMware vSphere Client v4.1 Update 3a : <a href="http://vsphereclient.vmware.com/vsphereclient/9/2/5/6/7/6/VMware-viclient-all-4.1.0-925676.exe">VMware-viclient-all-4.1.0-925676.exe</a><br /><br /><span style="font-size: large;"> <b>vSphere v5.0</b></span><br /> - VMware vSphere Client v5.0 : <a href="http://vsphereclient.vmware.com/vsphereclient/4/5/5/9/6/4/VMware-viclient-all-5.0.0-455964.exe">VMware-viclient-all-5.0.0-455964.exe</a><br /> - VMware vSphere Client v5.0 Update 1 : <a href="http://vsphereclient.vmware.com/vsphereclient/6/2/3/3/7/3/VMware-viclient-all-5.0.0-623373.exe">VMware-viclient-all-5.0.0-623373.exe</a><br /> - VMware vSphere Client v5.0 Update 1b : <a href="http://vsphereclient.vmware.com/vsphereclient/8/0/4/2/7/7/VMware-viclient-all-5.0.0-804277.exe">VMware-viclient-all-5.0.0-804277.exe </a><br /> - VMware vSphere Client v5.0 Update 2 : <a href="http://vsphereclient.vmware.com/vsphereclient/9/1/3/5/7/7/VMware-viclient-all-5.0.0-913577.exe">VMware-viclient-all-5.0.0-913577.exe</a><br /><br /><span style="font-size: large;"> <b>vSphere v5.1</b></span><br /> - VMware vSphere Client v5.1 : <a href="http://vsphereclient.vmware.com/vsphereclient/7/8/6/1/1/1/VMware-viclient-all-5.1.0-786111.exe">VMware-viclient-all-5.1.0-786111.exe</a><br /> - VMware vSphere Client 5.1.0a : <a href="http://vsphereclient.vmware.com/vsphereclient/8/6/0/2/3/0/VMware-viclient-all-5.1.0-860230.exe">VMware-viclient-all-5.1.0-860230.exe </a><br /> - VMware vSphere Client 5.1.0b : <a href="http://vsphereclient.vmware.com/vsphereclient/9/4/1/8/9/3/VMware-viclient-all-5.1.0-941893.exe">VMware-viclient-all-5.1.0-941893.exe</a><br /> - VMware vSphere Client 5.1 Update 1 : <a href="http://vsphereclient.vmware.com/vsphereclient/1/0/6/4/1/1/3/VMware-viclient-all-5.1.0-1064113.exe">VMware-viclient-all-5.1.0-1064113.exe</a><br /> - VMware vSphere Client 5.1 Update 1b: <a href="http://vsphereclient.vmware.com/vsphereclient/1/2/3/5/2/3/3/VMware-viclient-all-5.1.0-1235233.exe">VMware-viclient-all-5.1.0-1235233.exe</a><br /><br /><br />Location of vSphere client in vCenter 4.1 ISO:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-nv3SBvJ6uLk/TqGccuVp84I/AAAAAAAAA10/WTaVrnqyw9s/s1600/viclient-vciso.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="368" src="https://lh3.ggpht.com/-nv3SBvJ6uLk/TqGccuVp84I/AAAAAAAAA10/WTaVrnqyw9s/s400/viclient-vciso.JPG" width="400" /></a></div><br />Nice.<br /><br />Be sure to checkout <a href="http://chall32.blogspot.co.uk/2012/09/vsphere-51-update-to-build-number.html" target="_blank">vSphere Update to Build Number</a> before you go. <br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/vmware-vsphere-client-download-url/">VMware vSphere Client Download URL</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on October 21, 2011.</p>
https://polarclouds.co.uk/extended-disks-remain-wrong-size2011-07-27T18:00:00+01:002011-07-27T18:00:00+01:00Chris Hallhttps://polarclouds.co.uk
Whats wrong with this picture?<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-j6AmfIunzMw/Ti_qKbMolqI/AAAAAAAAAxg/qksuF4VsE_I/s1600/incorrect.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="576" src="http://4.bp.blogspot.com/-j6AmfIunzMw/Ti_qKbMolqI/AAAAAAAAAxg/qksuF4VsE_I/s640/incorrect.jpg" width="640" /></a></div><br />Spotted it yet?<br /><br />Yes, that's right. The Data (D:) Properties dialogue does not tie up with the details shown in Disk Management. Disk Management shows the partition as 80GB where as the properties show it as only 10GB in capacity.<br /><br />Ohh that's clever, how did you do that!? ...well actually it isn't, but luckily enough for us dear reader, it's easy to fix.<br /><br />How did I got into this predicament? Simple:<br /><br /><ul><li>Standard Windows 2008 VM, VMware ESXi, 4.1 Update 1</li></ul><ul><li>Didn't have enough datastore space during VM build, so built the VM with 10GB D:\ drive. No problems there. </li></ul><ul><li> Had some storage added, created new datastore and Storage vMotioned the VM to new datastore, again all pretty standard stuff </li></ul><ul><li>Inside the VM, at the Windows 2008 level, I expanded the D:\ drive partition into extended 80Gb disk using Windows Disk Management. Here is where we started having problems. </li></ul><ul><li>I received this oh so helpful error message during the partition expansion: </li></ul><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-SMB2S5qN4ts/Ti_vK0OohmI/AAAAAAAAAxk/bAMWM0My16U/s1600/LDM+Incorrect.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-SMB2S5qN4ts/Ti_vK0OohmI/AAAAAAAAAxk/bAMWM0My16U/s1600/LDM+Incorrect.jpg" /></a></div><br />Thats how!<br /><br />So, why? and - perhaps more importantly - what's this simple fix?<br /><br />Why? After some extensive Microsoft knowledge base bashing, I found this article:<br /><br /><div style="text-align: center;"><a href="http://support.microsoft.com/kb/832316" target="_blank">KB832316</a> - <i>The partition size is extended, but the file system remains the original size </i><br /><i>when you extend an NTFS volume</i></div><div style="text-align: left;"><br />The stated cause being "This problem occurs because the NTFS driver exhausts its resources when it tries to extend the volume."<br /><br />The KB also details how to fix. But I'll include the four step fix that worked for me here too:<br /><br /><ul><li>Open an administrative Command Prompt (Right click "Command Prompt" and select "Run as Administrator") and Run Diskpart</li></ul><ul><li>At the <span style="font-family: "Courier New",Courier,monospace;">DISKPART></span> prompt, enter <span style="font-family: "Courier New",Courier,monospace;">list volume</span> </li></ul><ul><li><span style="font-family: "Courier New",Courier,monospace;">select volume #</span> (where # is the number of the incorrect volume) </li></ul><ul><li><span style="font-family: "Courier New",Courier,monospace;">extend filesystem </span> </li></ul>Now the file system size should match the extended partition size: <br /><ul></ul><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-FUm3QaU5liY/Ti_3f1msVzI/AAAAAAAAAxs/R1sOyfOyQe8/s1600/correct.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="606" src="http://3.bp.blogspot.com/-FUm3QaU5liY/Ti_3f1msVzI/AAAAAAAAAxs/R1sOyfOyQe8/s640/correct.jpg" width="640" /></a></div><br />Job done.<br /><br />- Chris</div><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/extended-disks-remain-wrong-size/">Extended Disks Remain Wrong Size</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on July 27, 2011.</p>
https://polarclouds.co.uk/esx-command-line-networking2011-05-06T18:00:00+01:002011-05-06T18:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-kb_F98Id4JE/TcQZJcyDWWI/AAAAAAAAAxU/g-vIWe8wYqk/s1600/console.JPG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="150" src="http://1.bp.blogspot.com/-kb_F98Id4JE/TcQZJcyDWWI/AAAAAAAAAxU/g-vIWe8wYqk/s200/console.JPG" width="200" /></a></div><br />So you’ve built your VMware ESX server and your dead impressed with yourself that you got this far. You leave the datacentre head back to the office safe in the knowledge that the install went well. However once safely back at your desk, oh no! You find that you shiny new ESX install is uncontactable from the network.<br /><br /><br />We’ve all been there. So here is my guide to configuring ESX networking from the server console post install. No VI client or GUI tools required. Just good solid command-line stuff. Specifically we will be looking at:<br /><br /><ul><li>Changing IP Address, Subnet Mask, Default Gateway, Hostname and DNS Server Settings </li><li>Linking and Unlinking Physical Network Cards to Virtual Switches and Network Card Teaming </li><li>VLAN Tagging </li><li>NIC Teaming Policy and Load Balancing</li></ul><br />Why? Because there doesn’t appear to be any single place (that I can find at least) where all of the this is detailed. So hold onto you hats, here we go. <br /><br /><b>UPDATE: </b>For ESXi Command Line Networking Configuration see <a href="http://chall32.blogspot.com/2012/02/esxi-command-line-networking.html" target="_blank">THIS POST</a><br /><br /><span style="font-size: large;"><b>Changing IP Address, Subnet Mask, Default Gateway, DNS Server Settings and Hostname</b></span><br />Happens to us all. Perhaps you just ‘fat fingered’ the IP? Use <br /><br /><blockquote><div style="font-family: "Courier New",Courier,monospace;">[root@server root]# ifconfig |more </div><div style="font-family: "Courier New",Courier,monospace;">[root@server root]# cat /etc/sysconfig/network</div></blockquote>to confirm that IP config is indeed wrong<br /><br /><b>IP Address / Subnet Mask</b><br />Run this command to set the IP address:<br /><blockquote><span style="font-family: "Courier New",Courier,monospace;">[root@server root]# e</span><span style="font-family: "Courier New",Courier,monospace;">sxcfg-vswif -i [a.b.c.d] -n [w.x.y.z] vswif0 </span></blockquote>Where [a.b.c.d] is the IP address and [w.x.y.z] is the subnet mask and vswif0 is the Service Console adapter that is the interface to which you are applying the IP address change.<br /><br />Open the /etc/hosts file with nano and modify it so that it reflects the correct IP address and hostname. <br /><br /><b>Default Gateway</b><br />To change the default gateway address and the hostname, edit the /etc/sysconfig/network file and change the GATEWAY and HOSTNAME parameters to the proper values. For the changes to take place, reboot the host or restart the network service with the command:<br /><blockquote><span style="font-family: "Courier New",Courier,monospace;">[root@server root]# service network restart </span></blockquote><br /><b>DNS Server Settings<br /></b> To change the DNS server settings, update the nameserver IPs and search domain in the /etc/resolv.conf file.<br /><br /><i>Further reading on Changing IP Address, Subnet Mask, Default Gateway, DNS Server Settings: <a href="http://kb.vmware.com/kb/4309499" target="_blank">http://kb.vmware.com/kb/4309499</a></i><br /><br /><b>Hostname</b> <br />Change the hostname and domain name (if applicable) of the host in the following files:<br /><ul><li>/etc/hosts</li><li>/etc/sysconfig/network</li></ul>Execute this command where [hostname] is the new hostname for the ESX host:<br /><blockquote><span style="font-family: "Courier New",Courier,monospace;">[root@server root]# esxcfg-advcfg -s [hostname] /Misc/HostName</span></blockquote>Reboot the ESX host<br /><i>Further reading on Changing ESX Hostname: <a href="http://kb.vmware.com/kb/1010821" target="_blank">http://kb.vmware.com/kb/1010821</a></i><br /><br /><br /><span style="font-size: large;"><b>Linking and Unlinking Physical Network Cards to Virtual Switches and Network Card Teaming</b></span><br />This is possibly my most used ESX console command. Often used when there has been a cabling mix up or the software installation has detected the physical network adaptors in a different order than anticipated prior to the install. Sure I could just swap cables around, but if physical changes are not possible (i.e.cabling is as documented or moving cables is not allowed) then these commands will help.<br /><br />First lets look at how the vSwitch is configured post install. Screenshot from a VI Client:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-0C9RTeIjrZg/TcQKagXZagI/AAAAAAAAAw4/nDm4i2Qwyds/s1600/ESX.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="125" src="http://3.bp.blogspot.com/-0C9RTeIjrZg/TcQKagXZagI/AAAAAAAAAw4/nDm4i2Qwyds/s400/ESX.JPG" width="400" /></a></div>If you were to view the same information at the service console command line we would use the following command to list the virtual switches configured:<br /><blockquote><span style="font-family: "Courier New",Courier,monospace;">[root@server root]# esxcfg-vswitch -l</span></blockquote><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-KjMHmONMdhE/TcQLc80u1OI/AAAAAAAAAxA/asno2bhR9Es/s1600/ESX1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="146" src="http://4.bp.blogspot.com/-KjMHmONMdhE/TcQLc80u1OI/AAAAAAAAAxA/asno2bhR9Es/s640/ESX1.JPG" width="640" /></a></div><br />To connect a physical adaptor to a virtual switch, you need to Link it, using the following command:<br /><blockquote><span style="font-family: "Courier New",Courier,monospace;">[root@server root]# esxcfg-vswitch -L vmnic1 vSwitch0</span></blockquote>Where vmnic1 is the physical network card being connected to the virtual switch vSwitch0.<br /><br />To disconnect a physical adaptor to a virtual switch, you need to Unlink it, using the following command:<br /><blockquote><span style="font-family: "Courier New",Courier,monospace;">[root@server root]# esxcfg-vswitch -U vmnic1 vSwitch0</span></blockquote>Where vmnic1 is the physical network card being disconnected from the virtual switch vSwitch0.<br /><br />Basic network card teaming is achieved by having two or more physical adaptors connected to the same virtual switch. From the VI Client:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-R5XLDzKGH54/TcQSfBohmGI/AAAAAAAAAxE/obl5x8Lj_wA/s1600/ESX3.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="117" src="http://3.bp.blogspot.com/-R5XLDzKGH54/TcQSfBohmGI/AAAAAAAAAxE/obl5x8Lj_wA/s400/ESX3.JPG" width="400" /></a></div> Which in turn looks like this from the console:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-k4GaTyqb5OE/TcQSzM6crRI/AAAAAAAAAxI/aMv7ZLF4Z34/s1600/ESX4.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="132" src="http://1.bp.blogspot.com/-k4GaTyqb5OE/TcQSzM6crRI/AAAAAAAAAxI/aMv7ZLF4Z34/s640/ESX4.JPG" width="640" /></a></div><br /><i>Further reading on Linking and Unlinking Physical Network Cards to Virtual Switches: <a href="http://kb.vmware.com/kb/1000258" target="_blank">http://kb.vmware.com/kb/1000258</a></i><br /><br /><br /><span style="font-size: large;"><b>VLAN Tagging</b></span><br /> Use the following command to assign a VLAN to a console port / port group<br /><blockquote><span style="font-family: "Courier New",Courier,monospace;"> [root@server root]# esxcfg-vswitch -v [VLAN] -p “Service Console” vSwitch0</span></blockquote>Where [VLANID] is the VLAN number, "Service Console" is the console port / port group name and vSwitch0 is the virtual switch the console port / port group is connected to. A zero [VLANID] here specifies no VLAN.<br /><br /><i>Further reading on VLAN Tagging: <a href="http://kb.vmware.com/kb/1000258" target="_blank">http://kb.vmware.com/kb/1000258</a> </i><br /><br /><br /><span style="font-size: large;"><b>NIC Teaming Policy and Load Balancing</b></span><br />First lets look at how the vSwitch load balancing configured post install. Screenshot from a VI Client:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-5fQxmy_n6ZA/TcQcqsJBVpI/AAAAAAAAAxY/sHX6pr8Y8kE/s1600/ESX7.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="272" src="http://1.bp.blogspot.com/-5fQxmy_n6ZA/TcQcqsJBVpI/AAAAAAAAAxY/sHX6pr8Y8kE/s640/ESX7.JPG" width="640" /></a></div><br />Which in turn looks like this from the console:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/--7RU6QttP8k/TcQWtRWLSKI/AAAAAAAAAxQ/CzVrJChDtew/s1600/ESX6.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="98" src="http://1.bp.blogspot.com/--7RU6QttP8k/TcQWtRWLSKI/AAAAAAAAAxQ/CzVrJChDtew/s640/ESX6.JPG" width="640" /></a></div><br /> To specify the NIC teaming load balancing policy on a vSwitch, run the command:<br /><div style="text-align: left;"><blockquote><span style="font-family: "Courier New",Courier,monospace;">[root@server root]# vimsh -n -e "hostsvc/net/vswitch_setpolicy --nicteaming-policy [policy] vSwitch0"</span></blockquote></div>Where [policy] is one of these NIC teaming policies:<br /><br /><ul><li>loadbalance_srcid (Route based on the originating virtual switch port ID)</li><li>loadbalance_srcmac (Route based on source MAC hash)</li><li>loadbalance_ip (Route based on IP hash)</li><li>failover_explicit (Use explicit failover order)</li></ul><br />For example, to set the NIC teaming policy to route based on IP hash, run the command:<br /><blockquote><span style="font-family: "Courier New",Courier,monospace;">[root@server root]# vimsh -n -e "hostsvc/net/vswitch_setpolicy --nicteaming-policy loadbalance_ip vSwitch0"</span></blockquote>To confirm the setting, run the command:<br /><blockquote style="font-family: "Courier New",Courier,monospace;">[root@server root]# vimsh -n -e "hostsvc/net/vswitch_info vSwitch0" | grep policy</blockquote><i>Further reading on NIC Teaming Policy and Load Balancing: <a href="http://kb.vmware.com/kb/1019864" target="_blank">http://kb.vmware.com/kb/1019864</a></i><br /><br /><br /><span style="font-size: large;"><b>Overview </b></span><br />In this post we looked at how to configure the following, all from the ESX console, no VI client required!<br /><br /><ul><li>Changing IP Address, Subnet Mask, Default Gateway, Hostname and DNS Server Settings </li><li>Linking and Unlinking Physical Network Cards to Virtual Switches and Network Card Teaming </li><li>VLAN Tagging </li><li>NIC Teaming Policy and Load Balancing</li></ul><br />Next time.... ESXi.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/esx-command-line-networking/">ESX Command Line Networking Configuration</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on May 06, 2011.</p>
https://polarclouds.co.uk/location-via-wi-fi-mac-address2011-04-28T00:21:00+01:002011-04-28T00:21:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-0LODEFiy9S0/TbiPAdsu7DI/AAAAAAAAAw0/qy3OL7M6gC8/s1600/Location.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img alt="Google know where you live" border="0" height="155px" src="http://1.bp.blogspot.com/-0LODEFiy9S0/TbiPAdsu7DI/AAAAAAAAAw0/qy3OL7M6gC8/s200/Location.jpg" title="Google know where you live" width="200px" /></a></div><br />With all the iPhone tracking claims and counter claims, (see <a href="http://www.bbc.co.uk/news/technology-13208867" target="_blank">here</a> for details) it appears that Google have been silently collecting and building a publicly accessible Wireless router location database via their Streetview camera cars and virtually all Android devices.<br /><br />And now you too can interrogate that database to find any wireless router in the world! All you need is the MAC address of the wireless router in question.<br /><br />Have a look at <a href="http://samy.pl/androidmap/" target="_blank">http://samy.pl/androidmap/</a><br /><br /><i>When the phone detects any wireless network, encrypted or otherwise, it sends the BSSID (MAC address) of the router along with signal strength, and most importantly, GPS coordinates up to <a href="http://www.google.com/" target="_blank">the mothership</a>. This page allows you to ping that database and find exactly where any wi-fi router in the world is located.</i><br /><br />For furter reading on what a MAC address is have a look <a href="http://en.wikipedia.org/wiki/MAC_address" target="_blank">here</a><br /><br /><br /><span style="font-size: large;"><b>Finding your Wireless Router's MAC Address</b></span><br />Following assumes that you are wirelessly connected to the router you wish to find the MAC address of.<br /><br /><b>Windows (any current version)</b><br />Open a command prompt and enter the following command:<br /><blockquote><span style="font-family: "Courier New",Courier,monospace;">ipconfig</span></blockquote>The return should look something like this:<br /><blockquote style="font-family: 'Courier New',Courier,monospace;">IP Address. . . . . . . . . . . . : xxx.xxx.xxx.xxx<br />Subnet Mask . . . . . . . . . . . : 255.255.255.0<br />Default Gateway . . . . . . . . . : yyy.yyy.yyy.yyy</blockquote>Taking the default gateway IP address, plumb it into the following command (obviously you will have numbers rather than y's):<br /><blockquote> <span style="font-family: "Courier New",Courier,monospace;">arp -g yyy.yyy.yyy.yyy</span></blockquote>The return should look something like this:<br /><blockquote><span style="font-family: "Courier New",Courier,monospace;"> Internet Address Physical Address</span><br /><span style="font-family: "Courier New",Courier,monospace;"> yyy.yyy.yyy.yyy zz-zz-zz-zz-zz-zz</span></blockquote>Copy and paste the physical address (again you should have alphanumerics rather than just z's) into <a href="http://samy.pl/androidmap/" target="_blank">http://samy.pl/androidmap/</a> and hit probe.<br /><br /><b>Linux </b><br />Open a terminal session and enter the following command:<br /><blockquote><span style="font-family: "Courier New",Courier,monospace;">route -n</span></blockquote>The return should look something like this: <br /><blockquote><span style="font-family: "Courier New",Courier,monospace;">Kernel IP routing table</span><br /><span style="font-family: "Courier New",Courier,monospace;">Destination Gateway Genmask Flags Metric Ref Use Iface</span><br /><span style="font-family: "Courier New",Courier,monospace;">0.0.0.0 yyy.yyy.yyy.yyy 0.0.0.0 UG 0 0 0 wlan0</span><b><br style="font-family: 'Courier New',Courier,monospace;" /></b></blockquote>Taking the default gateway IP address, plumb it into the following command (again, you will have numbers rather than y's):<br /><blockquote> <span style="font-family: "Courier New",Courier,monospace;">arp -vn yyy.yyy.yyy.yyy</span></blockquote>The return should look something like this:<br /><blockquote><span style="font-family: "Courier New",Courier,monospace;">Address HWtype HWaddress<br />yyy.yyy.yyy.yyy ether zz:zz:zz:zz:zz:zz</span></blockquote>Copy and paste the HWaddress (again you should have alphanumerics rather than just z's) into <a href="http://samy.pl/androidmap/" target="_blank">http://samy.pl/androidmap/</a> and hit probe.<br /><br />====<br /><br />Oh look Google know where you are... again.<br /><br />Thanks goto <a href="https://twitter.com/#%21/samykamkar" target="_blank"><span class="screen-name screen-name-samykamkar pill">@samykamkar</span></a> for making android map available.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/location-via-wi-fi-mac-address/">Location via Wi-Fi MAC Address</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 28, 2011.</p>
https://polarclouds.co.uk/reminder-win2008r2-sql-clustering2011-02-23T09:00:00+00:002011-02-23T09:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-ecDFdik2ym8/TVQLPSg8j3I/AAAAAAAAAwk/hlcapwBC38o/s1600/clusternuts.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="200" src="http://2.bp.blogspot.com/-ecDFdik2ym8/TVQLPSg8j3I/AAAAAAAAAwk/hlcapwBC38o/s200/clusternuts.png" width="185" /></a></div><br /><br />Yet another reminder / quick fire how to post. This time Windows 2008 R2 Clustering ready for a clustered SQL install.<br /><br />In it's latest guise, Windows 2008 and 2008 R2 clustering is completely different beast from a Windows 2000 or 2003 cluster. <br /><br />For full details of what's new in 2008 Clustering, have a look at <a href="http://technet.microsoft.com/en-us/library/cc770625%28WS.10%29.aspx" target="_blank">this</a> technet library article.<br /><br /><br /><br /><br /><br /><b><span style="font-size: large;">Pre-Requisites</span></b><br />So you need to build a cluster? OK. Here is what you need:<br /><br /><ul><li>Some shared storage (SAN / NAS / ISCSI etc) to hold data that is to be hosted by cluster</li><li>Small shared storage for Quorum Disk (MS <a href="http://support.microsoft.com/kb/280345" target="_blank">KB208345</a> states minimum 500Mb for Quorum)</li><li>A hostname and IP address for the Cluster</li><li>A hostname and IP address for each MSDTC instance</li><li>A hostname and IP address for each SQL instance</li></ul><br />SQL Cluster will require individual per instance shared storage areas for:<br /><br /><ul><li>SQL Data</li><li>SQL Transaction Logs</li><li>SQL Database Backups</li><li>MSDTC (Again a minimum of 500Mb should be fine)</li></ul><br /><br /><b><span style="font-size: large;">How to Configure</span></b> <br />A movie tells more than a thousand words. Here is how to create a Windows 2008 / 2008 R2 cluster and how to get around some of the more common problems:<br /><br /><div style="text-align: center;"><iframe allowfullscreen="" frameborder="0" height="510" src="http://www.youtube.com/embed/TmyFEMXm52g?rel=0" title="YouTube video player" width="640"></iframe></div><div style="text-align: right;"><span style="font-size: x-small;">Thanks to <a href="http://eniackb.blogspot.com/" target="_blank">eniackb.blogspot.com</a> for putting this together</span></div><br /><span style="font-size: large;"><b>Getting SQL and 2008 Failover Clustering to Play Together Nicely</b></span><br />The following is taken from <a href="http://blogs.msdn.com/b/sqlserverfaq/archive/2009/10/08/receive-a-warning-about-the-network-binding-order-on-the-setup-support-rules-page-when-install-sql-server-2008-in-a-failover-cluster.aspx" target="_blank">this MSDN blog post</a>:<br /><br />While installing SQL Server 2008 the DBA will face following warning in the installation window:<br /><div style="color: red;"><br /></div><div style="color: red;">Receive a warning about the network binding order on the Setup Support Rules page when install SQL Server 2008 in a failover cluster</div><br />This is because the domain / production network card is not the first bound network card. This will cause domain operations to run slowly and can cause timeouts that result in failures. <br /><br />Use the command to enumerate network card GUID's:<br /><br /><blockquote style="font-family: "Courier New",Courier,monospace;">wmic nicconfig get description, SettingID > C:\nicconfig.txt</blockquote>Open C:\nicconfig.txt and regedit to the following key:<br /><br /><b>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Linkage\Bind</b><br /><br />Cut and paste GUID's so that production network card (or NIC team) is at the to of the list. Save key and confirm binding is correct via ipconfig/all.<br /><br />Ready for SQL install!<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/reminder-win2008r2-sql-clustering/">Reminder: Win2008R2 SQL Clustering</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 23, 2011.</p>
https://polarclouds.co.uk/dot-slash-login-shortcut2011-02-21T09:00:00+00:002011-02-21T09:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-DueoX6nZHkY/TV70goF_bAI/AAAAAAAAAwo/qZOi8Op3-48/s1600/Login.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="http://1.bp.blogspot.com/-DueoX6nZHkY/TV70goF_bAI/AAAAAAAAAwo/qZOi8Op3-48/s320/Login.png" width="320" /></a></div><br />Consider the above login screen, as seen when you login to either a Vista, Windows 7 or Windows 2008 machine that is joined to an Active Directory. <br /><br />The question is a simple one: <b>How do I login locally?</b><br /><br />That is login using local machine credentials rather than those belonging to an active directory account.<br /><br />Normally you would enter <i><local machine="" name=""></local><b>< Local Computer Name</b></i><b> >\</b><i><b>< Local Account Name ></b><local account="" name=""> </local></i>in the username field.<br /><br />But isn't that is too much like hard work? What happens if I don't know the local machine name? For example, logging in via a RDP session connected to the computer's IP address, rather than the system's machine name.<br /><br />Also what happens if you mistype or enter an incorrect computer name? As the "incorrect login" response is exactly the same as that for an incorrect password, you tend to believe that you've simply 'fat-fingered' the password...<br /><br />OK, enough already, here is the fix. Simply login using the following:<br /><br /><div style="text-align: center;"><b><span style="font-size: large;">.</span>\</b><i><b>< Local Account Name ></b></i></div><div style="text-align: left;"><br />Hey presto, you've just saved your fingers from typing the computer name and you have removed all local computer name doubt in the process.<br /><br />Loverly jubberly - oh yes!<br /><br />- Chris<br /> </div><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/dot-slash-login-shortcut/">The Dot Slash Login Shortcut</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 21, 2011.</p>
https://polarclouds.co.uk/making-good-use-of-technology2011-02-12T12:00:00+00:002011-02-12T12:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/TUm-iErOqwI/AAAAAAAAAvs/0Kxs2DRF6Sk/s1600/FartDroidLogo.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="97" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/TUm-iErOqwI/AAAAAAAAAvs/0Kxs2DRF6Sk/s200/FartDroidLogo.png" width="100" /></a></div><br />Think of some of the great technological advances of the 20 century, the industrial revolution, the advent of the internet, the desktop computer, the mobile phone and so on.<br /><br />And here is one great modern use for almost all of that... <br /><br /><br /><br /><div style="text-align: center;"><i><span style="font-size: x-large;"><b>FartDroid - the mobile fart machine</b></span></i></div><br /><br />Well you didn't think that those advances were going to be put to good use did you???<br /><br />Screenshots:<br /><table border="0" style="margin-left: auto; margin-right: auto; text-align: left;"><tbody><tr align="center"> <td style="text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/TUnAojleWmI/AAAAAAAAAv0/9wg7Qee821g/s1600/FartDroid1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/TUnAojleWmI/AAAAAAAAAv0/9wg7Qee821g/s320/FartDroid1.png" width="192" /></a></td> <td style="text-align: center;"></td> <td style="text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/TUnA8S_WPDI/AAAAAAAAAv8/jZSH5AbR_oI/s1600/FartDroid2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/TUnA8S_WPDI/AAAAAAAAAv8/jZSH5AbR_oI/s320/FartDroid2.png" width="192" /></a></td> </tr></tbody></table><br />Amazing Facts according to <a href="http://neatofun.blogspot.com/" target="_blank">Neat-O-Fun</a>, FartDriod's Developer:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://neatofun.blogspot.com/" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="106" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/TUm_CLEcQ5I/AAAAAAAAAvw/st7DskjBb98/s200/neatoblogheadernotent.png" width="200" /></a></div><br /><ul><li>FartDroid is the Number 1 Fart App on the Android Market!</li><li>FartDroid comes on STRONG with over 30 different Farts to keep your Android phone tootin!</li><li>FartDroid has TWO different Interfaces to make sure that you can effectively make your phone fart in a way that makes you comfortable.</li><li>Classic Mode is for the power user that NEEDS to have access to ANY and Every Fart at any given moment.</li><li>New Mode is for those of you that NEED to fart in style. Classic mode consists of a Big Green Fart Button to make sure you can hit the button with ease.</li></ul>Oh yes!<br /><br />I bet you wish you had an Android phone now don't you..... here are the links: <a href="http://www.appbrain.com/app/fartdroid-fart-machine/com.joshuadobbs.rudedroid" target="_blank">FartDroid on AppBrain</a> and <a href="market://details?id=com.joshuadobbs.rudedroid">FartDroid on Android Market</a><br /><br />If you are not yet the cheerful owner of such a device, never fear! You too can enjoy in some flatulent fun, using the:<br /><br /><div style="text-align: center;"><span style="font-size: large;"><b><a href="http://neatofun.com/mobile/webapps/fartdroid/" target="_blank">FartDroid Webapp</a></b></span></div><br />Have fun.... oh and grow up!<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/making-good-use-of-technology/">Making Good Use of Technology</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 12, 2011.</p>
https://polarclouds.co.uk/what-anywhere2011-02-09T17:37:00+00:002011-02-09T17:37:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/TVLPjGr4gpI/AAAAAAAAAwc/MPogf9Tb2Xs/s1600/whatthemobilehd.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="200" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/TVLPjGr4gpI/AAAAAAAAAwc/MPogf9Tb2Xs/s200/whatthemobilehd.png" width="200" /></a></div><br /><br /><br /><br />Thats right, What the.....? is now mobile! There's no excuse now for a bit of What the.....? even on the move! Everyone needs a bit of What the.....? in their lives now and again. Now you can What the.....? mobile.<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><table border="0" style="margin-left: auto; margin-right: auto; text-align: left;"><tbody><tr align="center"> <td style="text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/TVLKYhRcbfI/AAAAAAAAAwE/ONR0HhuJICo/s1600/whatthemobile.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/TVLKYhRcbfI/AAAAAAAAAwE/ONR0HhuJICo/s320/whatthemobile.png" width="192" /></a></td> <td style="text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/TVLKyHPwfOI/AAAAAAAAAwM/VgmxFcKYP9k/s1600/whatthemobile2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/TVLKyHPwfOI/AAAAAAAAAwM/VgmxFcKYP9k/s320/whatthemobile2.png" width="192" /></a></td> <td style="text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/TVLLKO-zmDI/AAAAAAAAAwU/lwA_Anq3Od4/s1600/whatthemobile3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/TVLLKO-zmDI/AAAAAAAAAwU/lwA_Anq3Od4/s320/whatthemobile3.png" width="192" /></a></td> </tr></tbody> </table><br />oh yes.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/what-anywhere/">What the....? Anywhere</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 09, 2011.</p>
https://polarclouds.co.uk/vertigo-dont-look-down2011-02-08T19:00:00+00:002011-02-08T19:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/TUcn00QpmtI/AAAAAAAAAus/wlk6kIdq4u0/s1600/foot.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img alt="My foot on County Hall, London" border="0" height="198" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/TUcn00QpmtI/AAAAAAAAAus/wlk6kIdq4u0/s200/foot.png" title="My foot on County Hall, London" width="200" /></a></div><br /><br />"Vertigo is the conflict between the fear of falling and the desire to fall." <br /><br />I couldn't have put it better myself.<br /><br />Have you ever suffered from vertigo without leaving your seat? No? Try this. <br /><br />Oh and if you are convinced you won't be affected, try watching the following in full screen...<br /><br /><br /><div style="text-align: center;"><iframe allowfullscreen="" class="youtube-player" frameborder="0" height="510" src="http://www.youtube.com/embed/e335kbl9YWc?rel=0" title="YouTube video player" type="text/html" width="640"></iframe></div><br />Love the fact you can see the curvature of the earth without leaving the ground...<br /><br />Watching the above put me in mind of a certain Mr Dibnah:<br /><br /><br /><div style="text-align: center;"><iframe allowfullscreen="" class="youtube-player" frameborder="0" height="510" src="http://www.youtube.com/embed/3R3-YwDZrzg?rel=0" title="YouTube video player" type="text/html" width="640"></iframe></div><div style="text-align: right;"><span style="font-size: x-small;">(No, you hearing isn't going, the sound is a bit duff on this clip)</span></div><br />Fred on reaching the top: "You could ride a bike around here!" Er no thanks Fred, I'll take your word for it!<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/vertigo-dont-look-down/">Vertigo? Don't Look Down!</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 08, 2011.</p>
https://polarclouds.co.uk/esx-reminder-2-patching-usb-errors2011-02-02T17:16:00+00:002011-02-02T17:16:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/TUmPfxJa71I/AAAAAAAAAvk/o3XcC2HnA8Q/s1600/plaster250.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="160" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/TUmPfxJa71I/AAAAAAAAAvk/o3XcC2HnA8Q/s200/plaster250.jpg" width="200" /></a></div><br /><br /><br /><i>Continuing my series of quick fire reminders for when (a) I *think* I've seen that issue before and (b) I dont remember what the fix is / was. <br /><br />Previous post <a href="http://chall32.blogspot.com/2009/09/vmware-esx-reminders.html" target="_blank">here</a> and possibly <a href="http://chall32.blogspot.com/2010/01/vmware-esx-35-esx-4-reset-lost-or.html" target="_blank">here</a></i>.<br /><br /><br /><br /><br /><br /><b><span style="font-size: large;">Simple Manual ESX or ESXi Patching / Driver updates:</span></b><br /><br /><ol><li>Put host into Maintenance Mode</li><li>Install vSphere CLI from <a href="http://downloads.vmware.com/d/details/vcli41/ZHcqYmRoaCpiZHRAag==" target="_blank">here</a> (if not already done) </li><li>Open vSphere CLI</li><blockquote style="font-family: "Courier New",Courier,monospace;">vihostupdate.pl --server X.X.X.X --install --bundle update-bundle.zip </blockquote><li>Reboot Host (if required) </li></ol><br /><br /><br /><b><span style="font-size: large;">"URB timed out - USB device may not respond"</span></b><br /><br />Seen on just one out of four identical HP DL580 G7 ESX4.1 builds:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/TUmJ-BwuZcI/AAAAAAAAAvg/mB_0SKDegFw/s1600/USB-Error.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="198" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/TUmJ-BwuZcI/AAAAAAAAAvg/mB_0SKDegFw/s640/USB-Error.PNG" width="640" /></a></div><br /><br />Tried all sorts to fix, unplug KVM, update BIOS, reset default BIOS settings etc etc etc<br /><br />Resolved via ILO3 update to firmware v1.16 (11 Jan 2011) Download <a href="http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=uk&prodTypeId=15351&prodSeriesId=4142916&swItem=MTX-76ec563f5ab2426e9b711210c8&prodNameId=4142792&swEnvOID=4024&swLang=8&taskId=135&mode=5">here</a><br /><br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/esx-reminder-2-patching-usb-errors/">ESX Reminder 2: Patching & USB Errors</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 02, 2011.</p>
https://polarclouds.co.uk/remote-control-via-web-browser2011-02-01T22:31:00+00:002011-02-01T22:31:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/TUhrP5VTPeI/AAAAAAAAAu0/sWPR1to3bTQ/s1600/HTML5_Logo_256.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img alt="HTML5" border="0" height="200" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/TUhrP5VTPeI/AAAAAAAAAu0/sWPR1to3bTQ/s200/HTML5_Logo_256.png" title="HTML5" width="200" /></a></div><br />Over the years, I've tried many, many remote administration tools.<br /><br />For Windows, built in remote desktop is the best choice but you need an RDP (Remote Desktop Protocol) client to connect. For Linux, VNC (RealVNC, UltraVNC, etc) you also need a client – either standalone or a java-based one built into a webpage.<br /><br />Indeed even the excellent (if I do say so myself!) ChrisControl is makes use of a client; be that an RDP or a VNC client. <br /><br />In fact, every remote desktop application I’ve tried requires some sort of client or browser plugin – until now.<br /><br />Enter ThinVNC by SupportSmith / Cybele Software. ThinVNC takes remote administration to a another level. <br /><br />The “VNC” part of its name a bit of a misnomer – the product does not use the VNC protocol at all. Instead, it operates using modern web standards, <a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/TUhwRASzwxI/AAAAAAAAAu8/smAnvTo334c/s1600/logo.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img alt="ThinVNC: VNC Free" border="0" height="72" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/TUhwRASzwxI/AAAAAAAAAu8/smAnvTo334c/s200/logo.png" title="ThinVNC: VNC Free" width="200" /></a>namely <a href="http://en.wikipedia.org/wiki/Ajax_%28programming%29" target="_blank">AJAX</a>, <a href="http://en.wikipedia.org/wiki/JSON" target="_blank">JSON</a> and <a href="http://en.wikipedia.org/wiki/HTML5" target="_blank">HTML5</a>.<br /><br />ThinVNC is composed of a pure HTML5 based client connecting via HTTP or HTTPs to a server component. The web client connects to the listening port and displays the desktop using JSON and JPEG image encoding. The communication is authenticated and the connection can be made through HTTP or HTTPS.<br /><br />The upshot being that the remote computer can be accessed from any OS platform through any HTML5 compliant browser like Mozilla Firefox, Google Chrome, Safari, Opera, etc.<br /><br />ThinVNC is free for non-commercial use, and supports installation on Windows 2000/XP/2003/Vista/Win 7/Windows Server 2008.<br /><br />Installation on the system to be remotely controlled is a breeze:<br /><br /><ol><li>Download the <a href="http://www.supportsmith.com/Download/Download.aspx" target="_blank">latest ThinVNC</a> setup (not the remote access server - thats a slightly different product!) and run the installation on your PC to be remotely controlled.<br /></li><li>Launch ThinVNC, change the password (default username and password are admin) set the authentication type and the listening ports for HTTP and HTTPs. Make a note of this computer's hostname or IP Address.</li><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/TUh23mTc_VI/AAAAAAAAAvA/_fSHhb6GJrg/s1600/gui.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="298" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/TUh23mTc_VI/AAAAAAAAAvA/_fSHhb6GJrg/s320/gui.png" width="320" /></a></div><li>Launch a browser on another PC and connect to http://hostname-or-ip-address:port/ or https://hostname-or-ip-address:port/</li></ol>Hey Preso! Controlling a Windows XP system via Ubuntu Firefox - <b>no client or browser plugin required!</b>: <br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/TUh5KCCDKTI/AAAAAAAAAvE/j6AtxYq4LQA/s1600/Screenshot-ThinVNC-Mozilla+Firefox.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="545" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/TUh5KCCDKTI/AAAAAAAAAvE/j6AtxYq4LQA/s640/Screenshot-ThinVNC-Mozilla+Firefox.png" width="640" /></a></div>Further details on the options within ThinVNC interface can be found in the excellent <a href="http://www.supportsmith.com/ThinVNC/Getting-Started.aspx#HelpServInter" target="_blank">UserGuide</a> Oh, and if no plugin or client is required, you can start going mobile: <br /><div style="text-align: center;"></div><table border="0" style="margin-left: auto; margin-right: auto; text-align: left;"><tbody><tr align="center"><td style="text-align: center;"><br /></td> <td style="text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/TUh6a1SkfVI/AAAAAAAAAvI/FOfUDK6GVlw/s1600/device1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/TUh6a1SkfVI/AAAAAAAAAvI/FOfUDK6GVlw/s320/device1.png" width="192" /></a></td> <td style="text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/TUh6e2d5iCI/AAAAAAAAAvM/miy9B3zS7mQ/s1600/device2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/TUh6e2d5iCI/AAAAAAAAAvM/miy9B3zS7mQ/s320/device2.png" width="192" /></a></td></tr></tbody></table><div style="text-align: center;"><i>Yes that's right! Remote Control via built in Android Browser. No app required!</i></div><br />Finally, in order to access your PC on anything other than the local network, you will need to “Port Forward” from your Internet router to your the PC to be remotely accessed. Make sure to log in and forward to port 8081 on your local machine (the default HTTPS port ThinVNC uses) or you won’t be able to access it from the outside. Do this only once you changed the default password.<br /><br />All routers are different, but here is how you configure port forwarding on a Netgear router:<br /><br /><ol><li>Login to your Router, and select Services in the left-hand menu and click Add Custom Service. Enter details as below and click Apply:</li><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/TUh-tUVBEVI/AAAAAAAAAvQ/JyvV8YbXgys/s1600/Services.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="251" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/TUh-tUVBEVI/AAAAAAAAAvQ/JyvV8YbXgys/s640/Services.png" width="640" /></a></div><li>Select Firewall Rules in the left-hand menu and click Add under the inbound services dialogue:</li><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/TUiB3Ay6HgI/AAAAAAAAAvU/DNx37-ROJRk/s1600/inbound.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="259" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/TUiB3Ay6HgI/AAAAAAAAAvU/DNx37-ROJRk/s640/inbound.png" width="640" /></a></div><li>Find the ThinVNC service in the drop down and enter the IP address of the PC to be remotely controlled. Optionally (although highly recommended) tie down access times and IP address or ranges of those on the Internet that can access the PC running ThinVNC.</li></ol>Job done.<br /><br />ThinVNC is an excellent program if you need simple desktop access remotely without a client or plugin. It is noticeable that the screen refresh rate isn’t as fast as other remote control products but, hey, it isn’t slow either. In my opinion, the benefit of a clientless cross-platform remote control solution more than outweighs this. <br /><br />Let me know what you think.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/remote-control-via-web-browser/">Remote Control via Web Browser</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 01, 2011.</p>
https://polarclouds.co.uk/disaster-and-emergency-alertmap2011-01-31T20:03:00+00:002011-01-31T20:03:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://www.flickr.com/photos/benklemm/30332674/" target="_blank" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img title="Planet Plum by b.e.n." alt="Planet Plum by b.e.n." border="0" height="200" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/TUHgOC_iCkI/AAAAAAAAAuc/TEZJOPXSMOo/s200/30332674_59202cbae0.jpg" width="181" /></a></div><br /><br />What's happening around the world now? No, right now: this minute?<br /><br />Agreed dear readers, we have indeed looked at real-time trending before right <a href="http://chall32.blogspot.com/2010/01/sel-updating-realtime-search-chris.html" target="_blank">here</a> in this very blog, and perhaps you could say I'm a bit obsessed with real-time news and you are probably right.<br /><br />Going one up on twitter trending and graphing, take a look at this:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/TUHj1rM10sI/AAAAAAAAAug/YdUqtQ98x5I/s1600/disasters.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="339" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/TUHj1rM10sI/AAAAAAAAAug/YdUqtQ98x5I/s640/disasters.png" width="640" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/TUHlt4iJAMI/AAAAAAAAAuk/up-UCOuXMnE/s320/Earthquake.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="253" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/TUHlt4iJAMI/AAAAAAAAAuk/up-UCOuXMnE/s320/Earthquake.png" width="320" /></a></div><br />It's the <a href="http://hisz.rsoe.hu/alertmap/index2.php" target="_blank">ROIS EDIS</a> real-time Disaster and Emergency AlertMap. It's completely terrifying, yet fascinating at the same time.<br /><br />The various icons (<a href="http://hisz.rsoe.hu/alertmap/icons.php" target="_blank">key</a>) on the map illustrate natural disasters and accidents – everything including floods, earthquakes, forest fires, volcanoes, airplane accidents, terror attacks, etc. – that are happening in various parts of the world right now. <br /><br />Hats off to The Hungarian National Association of Radio Distress-Signaling and Infocommunications (<a href="http://hisz.rsoe.hu/alertmap/read/index.php?pageid=about_index" target="_blank">RSOE</a>) for producing such a compelling realtime map.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/disaster-and-emergency-alertmap/">Disaster and Emergency AlertMap</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 31, 2011.</p>
https://polarclouds.co.uk/video-for-android-or-iphone2011-01-25T23:48:00+00:002011-01-25T23:48:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/TT8syLwWvYI/AAAAAAAAAuM/-m1RAyaolbI/s1600/Android-iPhone-Video.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="200" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/TT8syLwWvYI/AAAAAAAAAuM/-m1RAyaolbI/s200/Android-iPhone-Video.png" width="191" /></a></div><br />Long gone are the days when mobile phones were simply used for making telephone calls.<br /><br />Nowadays these mini devices that we still call "mobile phones" more closely resemble mini-computers with many many applications from Internet browsing, email, social networking, navigation (GPS and compass based) to entertainment; both audio and visual.<br /><br />Follows is my guide to converting video for natively supported playback on both Android and iPhones. That is after following this guide, you should be able to watch the converted videos using any type video player on either your Android or iPhone.<br /><br /><br /><span style="font-size: large;"><b>The Target Video Format: H.264</b></span><br />According to the specifications:<br /><ul><li>Android specifications <a href="http://developer.android.com/guide/appendix/media-formats.html" target="_blank">here</a></li><li>iPhone specifications <a href="http://www.apple.com/iphone/iphone-3gs/specs.html" target="_blank">here</a></li></ul>So both handsets support the H.264 video format out of the box. <br /><br />OK, but what is this format? Well, if you really really want to know and have a spare 10 mins, have a look at <a href="http://en.wikipedia.org/wiki/H.264/MPEG-4_AVC" target="_blank">H.264 on Wikipedia</a> oh and yea I know, it does go on a bit! <br /><br />Put simply and quickly, it's <i>the</i> format to use for mobile video applications ;o)<br /><span style="font-size: large;"><b><br /></b></span><br /><span style="font-size: large;"><b>Tool to Convert Video to H.264 Format</b></span><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/TT84PrWm4HI/AAAAAAAAAuQ/qM7DZxZ2lQM/s1600/ffmpeg-logo.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="50" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/TT84PrWm4HI/AAAAAAAAAuQ/qM7DZxZ2lQM/s200/ffmpeg-logo.png" width="200" /></a></div>So we know where we want to get (H.264) how do we get there?<br /><br />Simple.<br />And here is where we get to use my favorite video conversion tool: <a href="http://ffmpeg.org/" target="_blank">FFMpeg</a><br /><br />FFMpeg is free command-line software licensed under the LGPL or GPL that can be used to convert audio and video with minimal fuss. It has the advantage of being able to convert both video and audio at the same time (rather than splitting video and audio and converting them separately) which means that conversions are quick and perhaps more importantly easy. Sure it's command-line stuff but believe me; command-line is good!<br /><br />It also has the advantage that under Windows it doesn't require installation. The whole tool runs from a single .exe file.<br /><br />The final plus point is that FFMpeg can used to convert a plethora of different input audio and video formats. Here is a taster (as run on my Ubuntu laptop):<br /><br /><blockquote><b><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">chris@lappy:~$ ffmpeg -formats</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">FFmpeg version SVN-r26068, Copyright (c) 2000-2010 the FFmpeg developers</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> built on Dec 21 2010 14:01:48 with gcc 4.4.5</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> configuration: --enable-gpl --enable-version3 --enable-nonfree --enable-postproc --enable-libfaac --enable-libmp3lame --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libtheora --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libxvid --enable-x11grab</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> libavutil 50.35. 0 / 50.35. 0</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> libavcore 0.16. 0 / 0.16. 0</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> libavcodec 52.100. 0 / 52.100. 0</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> libavformat 52.88. 0 / 52.88. 0</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> libavdevice 52. 2. 2 / 52. 2. 2</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> libavfilter 1.69. 0 / 1.69. 0</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> libswscale 0.12. 0 / 0.12. 0</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> libpostproc 51. 2. 0 / 51. 2. 0</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">File formats:</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D. = Demuxing supported</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> .E = Muxing supported</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> --</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E 3g2 3GP2 format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E 3gp 3GP format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D 4xm 4X Technologies format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D IFF IFF format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D ISS Funcom ISS format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D MTV MTV format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE RoQ raw id RoQ format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E a64 a64 - video for Commodore 64</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D aac raw ADTS AAC</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE ac3 raw AC-3</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E adts ADTS AAC</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D aea MD STUDIO audio</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE aiff Audio IFF</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE alaw PCM A-law format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE alsa ALSA audio output</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE amr 3GPP AMR file format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D anm Deluxe Paint Animation</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D apc CRYO APC format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D ape Monkey's Audio</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D applehttp Apple HTTP Live Streaming format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE asf ASF format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E asf_stream ASF format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE ass Advanced SubStation Alpha subtitle format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE au SUN AU format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE avi AVI format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E avm2 Flash 9 (AVM2) format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D avs AVS format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D bethsoftvid Bethesda Softworks VID format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D bfi Brute Force & Ignorance</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D bink Bink</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D c93 Interplay C93</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D caf Apple Core Audio Format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE cavsvideo raw Chinese AVS video</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D cdg CD Graphics Format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E crc CRC testing format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE daud D-Cinema audio format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE dirac raw Dirac</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE dnxhd raw DNxHD (SMPTE VC-3)</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D dsicin Delphine Software International CIN format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE dts raw DTS</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE dv DV video format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D dv1394 DV1394 A/V grab</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E dvd MPEG-2 PS format (DVD VOB)</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D dxa DXA</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D ea Electronic Arts Multimedia Format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D ea_cdata Electronic Arts cdata</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE eac3 raw E-AC-3</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE f32be PCM 32 bit floating-point big-endian format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE f32le PCM 32 bit floating-point little-endian format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE f64be PCM 64 bit floating-point big-endian format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE f64le PCM 64 bit floating-point little-endian format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE ffm FFM (FFserver live feed) format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D film_cpk Sega FILM/CPK format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE filmstrip Adobe Filmstrip</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE flac raw FLAC</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D flic FLI/FLC/FLX animation format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE flv FLV format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E framecrc framecrc testing format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E framemd5 Per-frame MD5 testing format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE g722 raw G.722</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E gif GIF Animation</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D gsm raw GSM</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE gxf GXF format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE h261 raw H.261</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE h263 raw H.263</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE h264 raw H.264 video format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D idcin id Cinematic format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE image2 image2 sequence</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE image2pipe piped image2 sequence</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D ingenient raw Ingenient MJPEG</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D ipmovie Interplay MVE format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E ipod iPod H.264 MP4 format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D iv8 A format generated by IndigoVision 8000 video server</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D ivf On2 IVF</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D jack JACK Audio Connection Kit</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D lmlm4 lmlm4 raw format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D lxf VR native stream format (LXF)</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE m4v raw MPEG-4 video format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E matroska Matroska file format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D matroska,webm Matroska/WebM file format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E md5 MD5 testing format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE mjpeg raw MJPEG video</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE mlp raw MLP</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D mm American Laser Games MM format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE mmf Yamaha SMAF</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E mov MOV format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D mov,mp4,m4a,3gp,3g2,mj2 QuickTime/MPEG-4/Motion JPEG 2000 format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E mp2 MPEG audio layer 2</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE mp3 MPEG audio layer 3</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E mp4 MP4 format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D mpc Musepack</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D mpc8 Musepack SV8</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE mpeg MPEG-1 System format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E mpeg1video raw MPEG-1 video</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E mpeg2video raw MPEG-2 video</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE mpegts MPEG-2 transport stream format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D mpegtsraw MPEG-2 raw transport stream format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D mpegvideo raw MPEG video</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E mpjpeg MIME multipart JPEG format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D msnwctcp MSN TCP Webcam stream</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE mulaw PCM mu-law format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D mvi Motion Pixels MVI format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE mxf Material eXchange Format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E mxf_d10 Material eXchange Format, D-10 Mapping</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D mxg MxPEG clip file format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D nc NC camera feed format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D nsv Nullsoft Streaming Video</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E null raw null video format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE nut NUT format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D nuv NuppelVideo format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE ogg Ogg</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D oma Sony OpenMG audio</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE oss Open Sound System playback</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E psp PSP MP4 format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D psxstr Sony Playstation STR format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D pva TechnoTrend PVA file and stream format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D qcp QCP format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D r3d REDCODE R3D format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE rawvideo raw video format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E rcv VC-1 test bitstream</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D rl2 RL2 format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE rm RealMedia format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D rpl RPL/ARMovie format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE rso Lego Mindstorms RSO format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE rtp RTP output format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE rtsp RTSP output format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE s16be PCM signed 16 bit big-endian format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE s16le PCM signed 16 bit little-endian format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE s24be PCM signed 24 bit big-endian format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE s24le PCM signed 24 bit little-endian format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE s32be PCM signed 32 bit big-endian format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE s32le PCM signed 32 bit little-endian format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE s8 PCM signed 8 bit format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE sap SAP output format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D sdp SDP</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D shn raw Shorten</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D siff Beam Software SIFF</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D smk Smacker video</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D sol Sierra SOL format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE sox SoX native format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE spdif IEC958 - S/PDIF (IEC-61937)</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE srt SubRip subtitle format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E svcd MPEG-2 PS format (VOB)</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE swf Flash format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D thp THP</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D tiertexseq Tiertex Limited SEQ format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D tmv 8088flex TMV</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE truehd raw TrueHD</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D tta True Audio</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D tty Tele-typewriter</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D txd Renderware TeXture Dictionary</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE u16be PCM unsigned 16 bit big-endian format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE u16le PCM unsigned 16 bit little-endian format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE u24be PCM unsigned 24 bit big-endian format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE u24le PCM unsigned 24 bit little-endian format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE u32be PCM unsigned 32 bit big-endian format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE u32le PCM unsigned 32 bit little-endian format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE u8 PCM unsigned 8 bit format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D vc1 raw VC-1</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D vc1test VC-1 test bitstream format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E vcd MPEG-1 System format (VCD)</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D video4linux Video4Linux device grab</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D video4linux2 Video4Linux2 device grab</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D vmd Sierra VMD format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E vob MPEG-2 PS format (VOB)</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE voc Creative Voice file format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D vqf Nippon Telegraph and Telephone Corporation (NTT) TwinVQ</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D w64 Sony Wave64 format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE wav WAV format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D wc3movie Wing Commander III movie format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> E webm WebM file format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D wsaud Westwood Studios audio format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D wsvqa Westwood Studios VQA format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D wv WavPack</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D x11grab X11grab</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D xa Maxis XA File Format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> D yop Psygnosis YOP Format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> DE yuv4mpegpipe YUV4MPEG pipe format</span></span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">chris@lappy:~$</span> </span></b></blockquote>Phew!<br /><br /><b>Downloading and Installing FFMpeg</b><br />I've uploaded the versions of FFMpeg I use to my dropbox:<br /><br /><ul><li>Windows version is <a href="http://dl.dropbox.com/u/17212049/ffmpeg.zip">here</a> (3.5Mb zip)</li><li>Compiled Ubuntu Linux version is <a href="http://dl.dropbox.com/u/17212049/ffmpeg_linux.zip">here</a> (30.6Mb zip)</li></ul>Feel free to download and use them. They may not be the latest or greatest, but both versions work perfectly in this application for me.<br /><br />Installation is simple:<br /><ul><li>Windows: Extract the zip to a folder on C:\ drive. For example C:\Conversion</li><li>Ubuntu Linux: Extract the zip and install the 2 deb files using <span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;">sudo dpkg -i filename.deb</span></span></li></ul><br /><span style="font-size: large;"><b>Converting Video to H.264 Format</b></span><br />So we know where we are going and what to use to get there. Lets begin!<br /><br />Open a command prompt or a terminal session and navigate to the folder containing the file to be converted. For ease on windows, I copy the file to be converted to the folder that also contains ffmpeg.exe. As mentioned, I use C:\Conversion.<br /><br />The following commands are the same for both Windows and Linux and for example I'm going to be converting an avi video called "movie.avi".<br /><br /><b>The Basic Command</b>:<br />Here's what you need. This is the killer command!<br />As is, this command should produce nice quality output video with stereo sound.<br /><br /><blockquote><b><span style="font-family: "Courier New",Courier,monospace;">ffmpeg -i Movie.avi -acodec libfaac -ac 2 -ab 128k -vcodec mpeg4 -b 900k -r 25 Movie.mp4</span></b></blockquote>Agreed this looks like a scary hairy command-line, but it isn't really. OK, so what did all that mean? Here is the breakdown:<br /><br />-i = input file [in our case Movie.avi]<br />-acodec = output audio codec to use for conversion [in our case <a href="http://en.wikipedia.org/wiki/FAAC" target="_blank">libfaac</a>]<br />-ac = output audio channels [in our case 2 - stereo!] [*]<br />-ab = output audio bitrate [in our case 128k] [*]<br />-vcodec = output video codec to use for conversion [in our case <a href="http://en.wikipedia.org/wiki/MPEG-4" target="_blank">mpeg4</a>]<br />-b = output video bitrate [in our case 900k] [*]<br />-r = output frames per second [in our case 25] [*]<br />Movie.mp4 = name of the output file<br /><br />[*] - Tweak-able values. See 'Tweaking' section below.<br /><br />Conversion off and running:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/TT9Nwc-2akI/AAAAAAAAAuU/lqTQrrCzVvk/s1600/Screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="456" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/TT9Nwc-2akI/AAAAAAAAAuU/lqTQrrCzVvk/s640/Screenshot.png" width="640" /></a></div><br /><span style="font-size: large;"><b>Testing </b></span><br />As a starter for ten, and as video conversion can take a while, I normally let the conversion run for 30 seconds or so, and then press "q" to quit encoding.<br /><br />I then copy the resulting file to the phone just to double check that the phone will indeed play the converted file, an all looks good. The last thing you want to do is wait around for the encoding to finish and then find out that the video wont play on the target phone. <br /><br />If all is good, just up arrow and hit return to kick off the conversion again, overwriting the previous output file.<br /><br /><br /><span style="font-size: large;"><b> Troubleshooting</b></span><br />On occasion I have found an issue where the output video won't play. As far as I can tell it is due to the video size being too big for the phone. In this case you need to look reduce the output frame size. Here is how:<br /><br />Look at the output from original test conversion, specifically where FFMpeg tells you about the input video:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/TT9RyMjtbZI/AAAAAAAAAuY/5TMas9J8XVw/s1600/vidsize.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="41" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/TT9RyMjtbZI/AAAAAAAAAuY/5TMas9J8XVw/s640/vidsize.png" width="640" /></a></div><br />You are looking for the input video frame size. In the screenshot above it is 608 wide x 464 high.<br /><br />If encoding for an iPhone, you are looking to drop these numbers to less than 640 wide x 480 high (Android varies depending on individual devices).<br /><br />From there I usually breakout the calculator and equally divide numbers down. Remember whatever you divide one number by (one third, two thirds, half, etc) divide the other number by the same amount. Don't just take an arbitrary number off of the original width and height. Thats when you start getting strange stretched or compressed output videos!<br /><br />The additional switch to specify output file width and height is -s. Rolling this into the original command:<br /><br /><blockquote><b><span style="font-family: "Courier New",Courier,monospace;">ffmpeg -i Movie.avi -acodec libfaac -ac 2 -ab 128k -vcodec mpeg4 -b 900k -r 25 <span style="color: red;">-s 200x400</span> Movie.mp4</span></b></blockquote><br /><span style="font-size: large;"><b>Tweaking</b></span><br />Remember these:<br />-ac = output audio channels [*]<br />-ab = output audio bitrate [*]<br />-b = output video bitrate [*]<br />-r = output frames per second [*]<br /><br />[*] - Tweak-able values.<br /><br />Yes you guessed it, these values can be tweaked to your hearts desire! Be that to gain a better quality output file, or to reduce the H.264 output filesize down (at the expense of quality).<br /><br />To save time, here are some examples.<br /><br /><b>Medium Quality Video, Stereo Sound:</b><br /><blockquote><b><span style="font-family: "Courier New",Courier,monospace;">ffmpeg -i Movie.avi -acodec libfaac -ac 2 -ab 128k -vcodec mpeg4 <span style="color: red;">-b 500k</span> -r 25 Movie.mp4</span></b></blockquote><br /><b>Low Quality Video, Mono Sound:</b><br /><blockquote><b><span style="font-family: "Courier New",Courier,monospace;">ffmpeg -i Movie.avi -acodec libfaac <span style="color: red;">-ac 1</span> <span style="color: red;">-ab 16k</span> -vcodec mpeg4 <span style="color: red;">-b 200k</span> <span style="color: red;">-r 13</span> Movie.mp4</span></b></blockquote><br /><b>Top Quality Video, Quality Stereo Sound*:</b><br /><blockquote><b><span style="font-family: "Courier New",Courier,monospace;">ffmpeg -i Movie.avi -acodec libfaac <span style="color: red;">-ac 2</span> <span style="color: red;">-ab 160k</span> -vcodec mpeg4 <span style="color: red;">-b 1500k</span> <span style="color: red;">-r 30</span> Movie.mp4</span></b></blockquote>These are the maximums for the iPhone 3GS (iPhone 4 is different). *Be careful with the -b value as FFMpeg treats this as minimum, so will typically look to encode video above this number. If output video doesn't play, tweak -b value down so that encoded output video bitrate doesn't go above 1500. <br /><br /><b>Acceptable Video, Stereo Sound </b><b>(The standard command from above)</b><b>:</b><br /><blockquote><b><span style="font-family: "Courier New",Courier,monospace;">ffmpeg -i Movie.avi -acodec libfaac -ac 2 -ab 128k -vcodec mpeg4 -b 900k -r 25 Movie.mp4</span></b></blockquote><br /><b><span style="font-size: large;">Conclusion</span></b><br />So there you have it. You can now convert your videos for native playback on Android or iPhones.<br /><br />Feel free to drop me a comment below if you have any questions and I'll do my best to help.<br /><br />Happy portable viewing.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/video-for-android-or-iphone/">Video for Android or iPhone</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 25, 2011.</p>
https://polarclouds.co.uk/enjoy-vinyl-now2010-12-17T00:48:00+00:002010-12-17T00:48:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://www.flickr.com/photos/peyri/53244598/" target="_blank" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img title="Record show by peyri" alt="Record show by peyri" border="0" height="200" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/TQqbJqzNdPI/AAAAAAAAAt4/kYeoGGTanPE/s200/RecordShow.png" width="200" /></a></div>OK, time to go out on a limb here. It is a well known fact that reproduction from vinyl records and analogue audio equipment is superior to digital reproduction. Yeah, I know what you are going to say, "urban legend" or "stop talking rubbish!"<br /><br />But wait a second. Lets think slightly outside the box here. Take a look at this YouTube video: <br /><br /><div style="text-align: center;"><object height="385" width="640"><param name="movie" value="http://www.youtube.com/v/nvS5tJZRllg?fs=1&hl=en_GB&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/nvS5tJZRllg?fs=1&hl=en_GB&rel=0" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="640" height="385"></embed></object></div><br />Sure there are pops, bangs and background fizz. But that <i>adds</i> to the sound. This is how the the music is <i>supposed </i>to sound.<br /><br />What knocks me for six is the record sleeve and sleeve art. Yes, I remember this track the first time. I was eight at the time of it's original release. Yes, the song lives on and will continue to do so, but what about all the effort that went into producing what effectively is the vinyl disk packaging? Having only ever purchased the album in mp3 format, I didn't appreciate the album as a whole. I was missing out on the album art. <br /><br />It was only through watching the above video that I realised this. <br /><br />Who doesn't remember thumbing through their parents record collection and being taken in by all the imagery, colours and printing even if they also contain what can only be described as heinous crimes against fashion in the form of some of the band photos?<br /><br />Case in point. Imagine being seven or eight and finding this in a pile of dusty records:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/TQqqF8s3ZHI/AAAAAAAAAt8/MbFfSJ0FW54/s1600/outoftheblue.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Electric Light Orchestra - Out of the Blue. Released 1977" border="0" height="320" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/TQqqF8s3ZHI/AAAAAAAAAt8/MbFfSJ0FW54/s320/outoftheblue.jpg" title="Electric Light Orchestra - Out of the Blue. Released 1977" width="320" /></a></div>Finding this magical item at age eight, who isn't going to employ parental pester power to get that record played? Shame about the band though:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/TQqqev9WQCI/AAAAAAAAAuA/uwVzzWcKn08/s1600/electric_light_orchestra_78_01.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Electric Light Orchestra" border="0" height="231" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/TQqqev9WQCI/AAAAAAAAAuA/uwVzzWcKn08/s320/electric_light_orchestra_78_01.jpeg" title="Electric Light Orchestra" width="320" /></a></div>Another striking thing about the video is the spinning of the record itself. What's more magical and mesmerizing than a spinning record? Sure we all know how it works, but to think that all that sound is held in that little grove... Suddenly I'm eight again. I can't take my eyes off of the record spinning on the record player...<br /><br />If you, like I, like listening to music the way it was intended, enjoy original album art and are mesmerised by spinning pieces of vinyl, but no longer have the necessary audio equipment, then I highly recommend you have a look at <a href="http://www.youtube.com/user/gilmour509" target="_blank">gilmour509's YouTube Channel</a> to appreciate some fifty more vinyl classics. Keep up the good work gilmour509!<br /><br />Oh and one last thing, don't get me started on <a href="http://www.youtube.com/watch?v=_wGbjyrclbs" target="_blank">drumming gorillas</a> :o(<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/enjoy-vinyl-now/">Enjoy Vinyl - NOW!</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on December 17, 2010.</p>
https://polarclouds.co.uk/gawker-hacked-am-i-affected2010-12-14T22:06:00+00:002010-12-14T22:06:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/TQfUDeH6G5I/AAAAAAAAAt0/1TrPkBl2Y4I/s1600/Gawker.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/TQfUDeH6G5I/AAAAAAAAAt0/1TrPkBl2Y4I/s1600/Gawker.png" /></a></div>On the weekend of 11 and 12 of December 2010 it was discovered that the servers of Gawker Media (that includes the websites Gawker, Deadspin, Kotaku, Jezebel, io9, Jalopnik, Gizmodo, Lifehacker or Fleshbot*) had been hacked.<br /><br />Nearly 1.25 million commenter user accounts, including more than 500,000 user e-mails and more than 185,000 decrypted passwords were posted to the Pirate Bay, available for anyone with the time or inclination to download.<br /><br />Of corse, this security breach is potentially extremely serious for those who use common credentials across multiple on-line accounts.<br /><br />Although the data retrieved from Gawker was encrypted, it is reported that the encryption is easily reversible.<br /><br />As an example, twitter is reportedly already seeing a mass <a href="http://mashable.com/2010/12/13/acai-berry-twitter-worm-warning/" target="_blank">Acai Berry</a> spaming campaign emanating from compromised accounts. <br /><br />So the obvious question on everyone's mind who has ever commented on any of these sites: has my email address / password / username been leaked through the Gawker database hack?<br /><br /><span style="font-size: large;"><b>Am I affected?</b></span><br /><b>Option 1:</b><br /><br />1. Visit <a href="http://www.miraclesalad.com/webtools/md5.php" target="_blank">this website</a> type your email address in the Input box and click MD5. This will generate an MD5 hash of your email address. Copy the string to your clipboard.<br /><br />Alternatively, if you don't fancy posting your email address into yet another website and are running Linux, then use this sequence of commands to obtain the MD5 hash of your email address:<br /><br /><blockquote><span style="font-family: "Courier New",Courier,monospace;">md5sum <<EOF </span><br /><span style="font-family: "Courier New",Courier,monospace;">emailname@emaildomain.com</span><br /><span style="font-family: "Courier New",Courier,monospace;">EOF</span></blockquote><br />2. Open <a href="http://www.google.com/fusiontables/DataSource?dsrcid=350662" target="_blank">This Google Fusion Table</a>, click on “Show Options” and choose “MD5” from the drop-down. Paste the MD5 string generated above into the input box and click apply.<br /><br />If you see a matching row, it’s time to change your Gawker password ASAP and change any other online accounts where you may be using that same ID / email address.<br /><br /><br /><b>Option 2:</b><br />As linked to by Gawker themselves, use <a href="http://www.slate.com/id/2277768/" target="_blank">this online tool</a> <br /><br />For further information and an apology from Gawker, see <a href="http://lifehacker.com/5712785/" target="_blank">this lifehacker post</a> <br /><br />Finally, here is a nice little way to construct secure individual website passwords from the security team at Mozilla:<br /><br /><div style="text-align: center;"><object height="385" width="640"><param name="movie" value="http://www.youtube.com/e/COU5T-Wafa4?rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/e/COU5T-Wafa4?rel=0" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="640" height="385"></embed></object></div><br />Have fun and STAY SECURE!<br /><br />- Chris<br /><br />------ <br /><i>*Fleshbot: Having never heard of Fleshbot, I googled it. Hmmm Mistake. Here is how Gawker themselves carefully and succinctly describe their fleshbot service: <a href="http://advertising.gawker.com/titles/fleshbot/" target="_blank">http://advertising.gawker.com/titles/fleshbot/</a></i><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/gawker-hacked-am-i-affected/">Gawker Hacked. Am I affected?</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on December 14, 2010.</p>
https://polarclouds.co.uk/memtest-and-build-esx-from-usb2010-10-28T21:26:00+01:002010-10-28T21:26:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: left;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/TI_Xt8_cMZI/AAAAAAAAAsc/JOT9EE3XDys/s1600/esxusb2.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img alt="VMware ESX 4 Installation USB Stick - Now with Memtest86+!" border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/TI_Xt8_cMZI/AAAAAAAAAsc/JOT9EE3XDys/s1600/esxusb2.png" title="VMware ESX 4 Installation USB Stick - Now with Memtest86+!" /></a></div><b>REDUX</b> <i>Adj:</i> Brought back; returned. Used postpositively.<br /><br />Back in November last year, I showed you how to easily create a VMware ESX4.x Installation USB using an empty USB stick, UNetbootin and a copy of the ESX installation ISO. (<a href="http://chall32.blogspot.com/2009/11/vmware-esx-4-install-from-usb.html" target="_blank">here</a>)<br /><br />Since then the post has gone from strength to strength and has proved to be among the top five all time most popular posts on this blog. Cheers all - glad you liked it! <br /><br />So, a quick update post on how to increase the use of your ESX4.x installation USB by also incorporating Memtest86+ onto your USB stick.<br /><br /><br /><br /><span style="font-size: large;"><b>Memtest86+</b></span><br /><i>What is Memtest86+? </i><br />Memtest86+ is a thorough, standalone memory test tool for x86 architecture computers. The sole purpose of the tool is to test and provide detailed information memory on memory failures detected. It is written and maintained by Samuel Demeulemeesteris and is in turn based on the original memtest86, written by Chris Brady. Further details can be found at <a href="http://www.memtest.org/" target="_blank">http://www.memtest.org/</a><br /><br /><i>Why do I need it? Why test memory?</i><br />By it's very nature VMware ESX is tough on memory. Lets think for a second; at any one time your typical ESX server is going to be hosting multiple virtual machines with each VM running its own operating system and application stack. In turn, each VM is going to demand and utilise memory as and when it needs it. ESX's job is to juggle this demand to allow for smooth running of the VMs. A job it does very well.<br /><br />Add to that the fact that when building high end ESX servers, memory configurations start to get slightly 'obscene'. Some of the recent ESX builds I've been involved with are pushing 500Gb of memory per server (yes, that's right half a terabyte! of memory!!) With this amount of memory per server the odds of having a faulty memory module increase several fold. <br /><br />Lastly, ESX 4.1 incorporates a new feature: <a href="http://ntpro.nl/blog/archives/1509-vSphere-4.1-Memory-Enhancements-Compression.html" target="_blank">Memory Compression</a>. So, all in all, having known good memory fitted to your ESX is a very good idea indeed. How do we confirm we have good memory fitted to our ESX before we commission it? We test the memory with Memtest86+!<br /><br />OK, lets do this thing.<br /><br /><br /><span style="font-size: large;"><b>Adding Memtest86+</b></span><br />Firstly, you need to create your ESX4.x USB installation media. Follow the process in my original post <a href="http://chall32.blogspot.com/2009/11/vmware-esx-4-install-from-usb.html" target="_blank">here</a>.<br /><br />Next, you need to download a bootable version of the Memtest binary from the memtest website. Specifically, the version you need is the <i>Pre-Compiled Bootable Binary (.zip)</i> from <a href="http://www.memtest.org/#downiso" target="_blank">here</a>.<br /><br />Once downloaded, open the zip and extract the .bin file to the root folder of your ESX4.x installation USB. I rename the file to memtest86 for simplicity.<br /><br />Lastly, you need to add Memtest86+ to the USB boot menu. This is done by again editing the syslinux.cfg found in the root folder of the USB. Here is an example of the specific menu entry that calls and boots Memtest86+:<br /><br /><blockquote><span style="font-family: "Courier New",Courier,monospace;">label ubnentry0</span><br /><span style="font-family: "Courier New",Courier,monospace;">menu label Test Memory with Memtest86+ v4.10</span><br /><span style="font-family: "Courier New",Courier,monospace;">kernel /memtest86</span></blockquote><br />Which makes my complete syslinux.cfg boot menu look like this:<br /><br /><blockquote><span style="font-family: "Courier New",Courier,monospace;">default menu.c32</span><br /><span style="font-family: "Courier New",Courier,monospace;">prompt 0</span><br /><span style="font-family: "Courier New",Courier,monospace;">menu title Chris' VMware ESX4.0 Update 2 USB</span><br /><span style="font-family: "Courier New",Courier,monospace;">timeout 100</span><br /><br /><span style="font-family: "Courier New",Courier,monospace;">label unetbootindefault</span><br /><span style="font-family: "Courier New",Courier,monospace;">menu label Test Memory with Memtest86+ v4.10</span><br /><span style="font-family: "Courier New",Courier,monospace;">kernel /memtest86</span><br /><br /><span style="font-family: "Courier New",Courier,monospace;">label ubnentry0</span><br /><span style="font-family: "Courier New",Courier,monospace;">menu label Install ESX in graphical mode</span><br /><span style="font-family: "Courier New",Courier,monospace;">kernel /isolinux/vmlinuz</span><br /><span style="font-family: "Courier New",Courier,monospace;">append initrd=/isolinux/initrd.img vmkopts=debugLogToSerial:1 mem=512M quiet askmedia</span><br /><br /><span style="font-family: "Courier New",Courier,monospace;">label ubnentry1</span><br /><span style="font-family: "Courier New",Courier,monospace;">menu label Install ESX in text mode</span><br /><span style="font-family: "Courier New",Courier,monospace;">kernel /isolinux/vmlinuz</span><br /><span style="font-family: "Courier New",Courier,monospace;">append initrd=/isolinux/initrd.img vmkopts=debugLogToSerial:1 mem=512M text quiet askmedia</span><br /><br /><span style="font-family: "Courier New",Courier,monospace;">label ubnentry2</span><br /><span style="font-family: "Courier New",Courier,monospace;">menu label ESX Scripted Install using USB ks.cfg</span><br /><span style="font-family: "Courier New",Courier,monospace;">kernel /isolinux/vmlinuz</span><br /><span style="font-family: "Courier New",Courier,monospace;">append initrd=/isolinux/initrd.img vmkopts=debugLogToSerial:1 mem=512M ks=usb quiet askmedia</span><br /><br /><span style="font-family: "Courier New",Courier,monospace;">label ubnentry3</span><br /><span style="font-family: "Courier New",Courier,monospace;">menu label ESX Scripted Install to first disk</span><br /><span style="font-family: "Courier New",Courier,monospace;">kernel /isolinux/vmlinuz</span><br /><span style="font-family: "Courier New",Courier,monospace;">append initrd=/isolinux/initrd.img vmkopts=debugLogToSerial:1 mem=512M ks=file:///usr/lib/vmware/weasel/examples/ks-first-safe.cfg quiet askmedia</span><br /><br /><span style="font-family: "Courier New",Courier,monospace;">label ubnentry4</span><br /><span style="font-family: "Courier New",Courier,monospace;">menu label ESX Scripted Install to first disk (overwrite VMFS)</span><br /><span style="font-family: "Courier New",Courier,monospace;">kernel /isolinux/vmlinuz</span><br /><span style="font-family: "Courier New",Courier,monospace;">append initrd=/isolinux/initrd.img vmkopts=debugLogToSerial:1 mem=512M ks=file:///usr/lib/vmware/weasel/examples/ks-first.cfg quiet askmedia</span><br /><br /><span style="font-family: "Courier New",Courier,monospace;">label ubnentry5</span><br /><span style="font-family: "Courier New",Courier,monospace;">menu label Boot from first hard disk</span><br /><span style="font-family: "Courier New",Courier,monospace;">kernel /ubnkern</span><br /><span style="font-family: "Courier New",Courier,monospace;">append initrd=/ubninit </span></blockquote><br />Which in turn looks like this once booted:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/TMnZuMfyI-I/AAAAAAAAAss/fTA22WhSDbk/s1600/bootmenu.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Chris' VMware ESX4.0 Update 2 USB - what else? ;o)" border="0" height="352" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/TMnZuMfyI-I/AAAAAAAAAss/fTA22WhSDbk/s640/bootmenu.png" title="Chris' VMware ESX4.0 Update 2 USB - what else? ;o)" width="640" /></a></div><br />Sure I could have more of a fancy menu with funky text and wizzy background images etc, but that's for someone else to play with. I prefer functionality over guff ;o)<br /><br />Simply swap the menu entries around if you would rather have the ESX installer as your default boot option.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/memtest-and-build-esx-from-usb/">Memtest and Build ESX from USB</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on October 28, 2010.</p>
https://polarclouds.co.uk/signing-android-apk-or-zip-files2010-09-22T21:51:00+01:002010-09-22T21:51:00+01:00Chris Hallhttps://polarclouds.co.uk
<div style="text-align: left;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/TJpQ5K-Lj5I/AAAAAAAAAsk/ukhNnC6cam8/s1600/android-sign.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img title="Signing Android apps: Easy!" alt="Signing Android apps: Easy!"border="0" height="157" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/TJpQ5K-Lj5I/AAAAAAAAAsk/ukhNnC6cam8/s200/android-sign.png" width="200" /></a></div>Bit of a memory jogger for me this post, but possibly handy for others too. <br /><br />Yes I realise that this information is almost everywhere on the net, but I can never seem to find it when I need it or when I do, I seem to find a Windows method when running Linux or find a Linux method when running Windows...<br /><br />Firstly: why sign Android files? Simple. All Android apps must be signed. Android will not install apk apps (or zip files in recovery mode) without them being signed. <br /><br />OK, so if you want to install it, you have to sign it. But digitally signing files is a bit of a faff isn't it? No not really.<br /><br />With a little help for the Android SDK (Software Development Kit) and the Android coder <a href="http://twitter.com/Amon_RA" target="_blank">Amon_RA</a>, you can be signing Android files quickly and easily.<br /><br />Word of warning: This method is not appropriate for signing apps for release on the Android Market as it uses test signatures. See <a href="http://developer.android.com/guide/publishing/app-signing.html" target="_blank">this Android Developers document</a> for details on how to sign apps destined for the Android Market. For all other uses outside of the Android Market, this method works just fine.<br /><br />On with the method. The beauty of this is that:<br /><br /><ol><li>It can be used on both Linux and Windows</li><li>It's so easy, even I can follow it!</li></ol>OK, here's what you need:<br /><br /><ul><li>Java Runtime Environment - Either <a href="http://openjdk.java.net/" target="_blank">OpenJDK</a> or <strike>Sun</strike> (Will always be Sun Java in my mind!) Oracle <a href="http://www.java.com/" target="_blank">Java</a></li><li>Google <a href="http://developer.android.com/sdk/index.html" target="_blank">Android SDK</a> </li><li>Amon_RA's <a href="https://sites.google.com/site/chall32/general/testsign.jar">testsign.jar</a></li></ul>Install Java Runtime Environment and extract the Android SDK to, say, C:\AndroidSDK. Remember to extract the zip maintaining folder structure.<br /><br />Create a folder under C:\AndroidSDK called sign, and download testsign.jar to C:\AndroidSDK\sign<br /><br />Copy the file to be signed to C:\AndroidSDK\sign folder. Drop to a command prompt and run the following command. (In the example, I'm using Windows and my file is called "app.apk"):<br /><br /><div style="text-align: left;"><blockquote style="font-family: "Courier New",Courier,monospace;">java -classpath C:\AndroidSDK\sign\testsign.jar testsign C:\AndroidSDK\sign\app.apk C:\AndroidSDK\sign\app-signed.apk</blockquote></div>Job done. <br /><br />The C:\AndroidSDK\sign folder should now contain an additional file called 'app-signed.apk'. This is the signed file that can now be installed and tested on your Android device or in the <a href="http://developer.android.com/guide/developing/tools/emulator.html" target="_blank">Android Emulator</a>.<br /><br />I said it was easy ;o)<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/signing-android-apk-or-zip-files/">Signing Android apk or zip Files</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on September 22, 2010.</p>
https://polarclouds.co.uk/windows-lost-user-password2010-09-10T12:20:00+01:002010-09-10T12:20:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/TIoVHWsf0hI/AAAAAAAAAsU/EmrBKV_yYDM/s1600/Wrong.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/TIoVHWsf0hI/AAAAAAAAAsU/EmrBKV_yYDM/s320/Wrong.PNG" /></a></div><br />Windows users: Lost both Administrator user account name and password? Perhaps you need access without changing any existing administrative accounts? KON-Boot not doing it for you?<br /><b><br /><i> *** NOTE*** This post relates to bypassing Windows Operating System security. <br />The method discussed here is for HOME USE ONLY! It is NOT be used on systems that do not belong to you. Any problems arising from following this method are YOUR responsibility.</i></b><br /><br />The beauty of this method is that it uses built in commands run from within the O/S you are gaining access to. This means that the likelihood of corrupt security databases / registries / etc are diminished to practically zero (there is always a chance of corruption: nothing is without risk!).<br /><br />A similar exercise to this used to exist back in the NT4 days, but instead of targeting sticky keys executable, you targeted the NT4 default screeensaver.<br /><br /><b>This method works any version of Windows that ships with the Sticky Keys application. So that's Windows 95 and up.</b><br /><span style="font-size: large;"><b><br />How To (Short Version)</b></span><br />If you know what your doing and don't need a step by step, here's what to do in a nutshell:<br /><br /><ol><li>Boot from an alternative O/S and replace sethc.exe with cmd.exe</li><li>Reboot target O/S and lauch stickykeys (press shift five times) to launch sethc.exe/cmd.exe</li><li>Either:</li></ol><ul><li>Use <span style="background-color: #eeeeee; font-family: "Courier New",Courier,monospace;">net localgroup Administrators</span> to list existing local administrators and then <span style="background-color: #eeeeee; font-family: "Courier New",Courier,monospace;">net user USERNAME NEWPASSWORD</span> to change the password of an existing administrative account</li></ul>Or <br /><ul><li>Create new administrative account using: <span style="background-color: #eeeeee; font-family: "Courier New",Courier,monospace;">net user /add NEWUSER NEWPASSWORD</span> and <span style="background-color: #eeeeee; font-family: "Courier New",Courier,monospace;">net localgroup Administrators /add NEWUSER</span> to add new-user to the local administrators group</li></ul>4. Close cmd prompt and login.<br /><br /><br /><span style="font-size: large;"><b>How To (Long Version with Screen Shots) </b></span><br />For the example process shown here, I'm going to access a Windows 7 installation. For my alternative operating system, I'm going to use <a href="http://www.ubuntu.com/desktop" target="_blank">Ubuntu Desktop 10.04</a>.<br /><br />OK Here's how.<br /><ol><li>Grab yourself a copy of Ubuntu, Windows PE or Knoppix Doesn't matter which. The object here is to have an alternative method of booting the target system and gaining access to the drive containing the target Windows operating system.</li><li>Create the alternative O/S boot CD/DVD or USB (for creation of an bootable Ubuntu USB, see my Unetbootin post <a desktop="" href="http://chall32.blogspot.com/2010/04/unetbootin-strikes-again-ubuntu-1004.html" http:="" target="_blank" www.ubuntu.com="">here</a>)</li><li>Boot the alternative O/S. </li><li>Open Places Menu. Select Local Disk: </li><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/TIn_FDE7u8I/AAAAAAAAAqE/ofgQz4xyRAA/s1600/ubudrive.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/TIn_FDE7u8I/AAAAAAAAAqE/ofgQz4xyRAA/s200/ubudrive.PNG" width="131" /></a></div><li>Navigate to Windows\System32:</li><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/TIn_566Ci7I/AAAAAAAAAqM/6jNwsbZ5D0Q/s1600/sys32.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="165" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/TIn_566Ci7I/AAAAAAAAAqM/6jNwsbZ5D0Q/s200/sys32.PNG" width="200" /></a></div><li>Find the file sethc.exe, right click and rename to sethc.old:</li><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/TIoAnUhryWI/AAAAAAAAAqU/hvHkzFuWc30/s1600/rename.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/TIoAnUhryWI/AAAAAAAAAqU/hvHkzFuWc30/s200/rename.png" width="173" /></a></div><li>Find the file cmd.exe, right click and select Copy:</li><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/TIoBYyhGAbI/AAAAAAAAAqc/nV56KIp0gMM/s1600/copycmd.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/TIoBYyhGAbI/AAAAAAAAAqc/nV56KIp0gMM/s200/copycmd.PNG" width="151" /></a></div><li>Right Click again and select Paste:</li><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/TIoDhG_TS3I/AAAAAAAAAq0/PlL_Ye2R-Ao/s1600/paste.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/TIoDhG_TS3I/AAAAAAAAAq0/PlL_Ye2R-Ao/s200/paste.PNG" width="163" /></a></div><li>Find the file called <b>cmd (copy).exe</b> and rename this file to sethc.exe:</li><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/TIoCiBklCVI/AAAAAAAAAqk/VAQ3K3alS80/s1600/reneamesethc.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="61" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/TIoCiBklCVI/AAAAAAAAAqk/VAQ3K3alS80/s200/reneamesethc.PNG" width="200" /></a></div><li>Shutdown, remove Ubuntu CD/USB and reboot back into Windows</li><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/TIoC99HjeuI/AAAAAAAAAqs/DAuCP5beJs0/s1600/restart.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/TIoC99HjeuI/AAAAAAAAAqs/DAuCP5beJs0/s320/restart.PNG" /></a></div><li>At Windows logon prompt press shift key five times to launch stickykeys application sethc.exe (which we have replaced with cmd.exe):</li><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/TIoFPIXlAfI/AAAAAAAAAq8/tot_KqsftX0/s1600/stickycmd.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="105" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/TIoFPIXlAfI/AAAAAAAAAq8/tot_KqsftX0/s200/stickycmd.PNG" width="200" /></a></div><li>Once command prompt opens (dont worry about any message text error messages), create new administrative account using: <span style="background-color: #eeeeee; font-family: "Courier New",Courier,monospace;">net user /add NEWUSER NEWPASSWORD</span></li><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/TIoGfdW8acI/AAAAAAAAArE/A8XquBqX8Ec/s1600/newuser.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="104" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/TIoGfdW8acI/AAAAAAAAArE/A8XquBqX8Ec/s200/newuser.PNG" width="200" /></a></div><li>Enter <span style="background-color: #eeeeee; font-family: "Courier New",Courier,monospace;">net localgroup Administrators /add NEWUSER</span> to add new-user to the local administrators group:</li><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/TIoHe04zg0I/AAAAAAAAArM/n2_I1laDRrs/s1600/addfred.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="105" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/TIoHe04zg0I/AAAAAAAAArM/n2_I1laDRrs/s200/addfred.PNG" width="200" /></a></div><li>If needs be, (to get the new user to appear on the login screen) restart windows:</li><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/TIoIuFjpd3I/AAAAAAAAArU/T3EwhkS61Rc/s1600/restartnow.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/TIoIuFjpd3I/AAAAAAAAArU/T3EwhkS61Rc/s320/restartnow.PNG" /></a></div><li>Login as the new user:</li><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/TIoJTP7N0TI/AAAAAAAAArc/o6yI0IS1LiI/s1600/fredlogin.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="176" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/TIoJTP7N0TI/AAAAAAAAArc/o6yI0IS1LiI/s200/fredlogin.PNG" width="200" /></a></div><li>CLEAN UP. Open C:\Windows\System32 and find sethc.exe:</li><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/TIoLLv53RfI/AAAAAAAAArk/55wMLxR1RCA/s1600/cleansethc.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="49" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/TIoLLv53RfI/AAAAAAAAArk/55wMLxR1RCA/s200/cleansethc.PNG" width="200" /></a></div><li>Delete sethc.exe:</li><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/TIoLtgVgtoI/AAAAAAAAArs/pKWzhJziz-g/s1600/cleansethc2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="101" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/TIoLtgVgtoI/AAAAAAAAArs/pKWzhJziz-g/s200/cleansethc2.PNG" width="200" /></a></div><li> Find sethc.old, right click and select Copy. Right click again and Select Paste:</li><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/TIoNFYiQrvI/AAAAAAAAAr0/XzaBZ0KQ-Jw/s1600/oldcopy.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="159" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/TIoNFYiQrvI/AAAAAAAAAr0/XzaBZ0KQ-Jw/s200/oldcopy.PNG" width="200" /></a><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/TIoNOSM5ruI/AAAAAAAAAr8/xpLwgSx-Nig/s1600/pasteold.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/TIoNOSM5ruI/AAAAAAAAAr8/xpLwgSx-Nig/s200/pasteold.PNG" width="159" /></a></div><li> Rename the file sethc - Copy.old to sethc.exe:</li><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/TIoN5I8QUiI/AAAAAAAAAsE/FX98g0gKgP8/s1600/finalrename.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/TIoN5I8QUiI/AAAAAAAAAsE/FX98g0gKgP8/s320/finalrename.PNG" /></a></div><li>Press shift five times to ensure that sticky keys launches OK:</li><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/TIoOcsH8nmI/AAAAAAAAAsM/DOAyP-Zq_Nw/s1600/stickyok.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/TIoOcsH8nmI/AAAAAAAAAsM/DOAyP-Zq_Nw/s320/stickyok.PNG" /></a></div></ol>All done. Are we amazed that this kind of simple file rename hack still exists? Quite frankly yes... a bit. Ah well.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/windows-lost-user-password/">Windows: Lost User & Password?</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on September 10, 2010.</p>
https://polarclouds.co.uk/lotus-sametime-for-android2010-09-08T23:55:00+01:002010-09-08T23:55:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/TIf1o0Ai8wI/AAAAAAAAApc/JQKYbmLsWro/s1600/Sametime_Android.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img alt="Lotus Sametime for Android" border="0" for="" height="200" sametime="" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/TIf1o0Ai8wI/AAAAAAAAApc/JQKYbmLsWro/s200/Sametime_Android.png" title="Lotus Sametime for Android" width="200" /></a></div>The holy grail of Android and Lotus users is one step closer! A Lotus Sametime client that runs on Android! <br /><br />Almost. Let me clarify this a little. This is not a native Android Lotus Sametime client, rather it is a Lotus Sametime MIDlet running on a Java 2 Micro Environment (J2ME) running on Android.<br /><br /><i>A MIDlet is an application that uses the Mobile Information Device Profile (MIDP) of the Connected Limited Device Configuration (CLDC) for the Java ME environment. Typical applications include games running on mobile devices and cell phones which have small graphical displays, simple numeric keypad interfaces and limited network access over HTTP. </i>[<a href="http://en.wikipedia.org/wiki/MIDlet">Wikipedia</a>]<br /><br />Right oh... Sounds complicated. Trust me. It really isn't complicated at all. <br /><br />Unknown to many, IBM/Lotus already produce a Sametime MIDlet, and they ship it with their Lotus Sametime Server software. These MIDlets are primarilly aimed at Nokia 'E' series (Symbian based) handsets.<br /><br />All we need to do is package that Lotus created MIDlet into a format that Android understands (i.e. an Android .apk package file), and install it along with a free J2ME environment to launch the MIDlet in.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/TIf7A2Jw1yI/AAAAAAAAApk/ANTsWLcASyE/s1600/SameTime.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img title="Lotus Sametime Running on Android!" alt="Lotus Sametime Running on Android!" border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/TIf7A2Jw1yI/AAAAAAAAApk/ANTsWLcASyE/s320/SameTime.png" /></a></div><br /><span style="font-size: large;"><b>Roll Your Own Client</b></span><br />Here is how you can quickly and very easily make your own Android Lotus Sametime client.<br /><br />Files Required:<br /><ul><li>sametime.jad [Java Description file]</li><li>sametime.jar [The J2ME Java applet itself]</li></ul>The first step is to talk nicely to your Sametime server administrator and try to obtain these using this route. These two files are shipped with the Lotus Sametime server software.<br /><br />Alternatively, you <i>could</i> download the Sametime v8.5.1 files from <a href="http://im.bleedyellow.com/sametime/mobile/clients/Nokia/en/Sametime.jad">jad here</a> and <a href="http://im.bleedyellow.com/sametime/mobile/clients/Nokia/en/Sametime.jar">jar here</a><br />or<br />From the Sametime v8.0.1 zip posted <a href="http://www.noeman.org/gsm/symbian-os-9-1-applications/61972-lotus-sametime-mobile-connect-8-a.html" target="_blank">here</a><br />but that wouldn't sit well with your Lotus Licence agreement now would it...<br /><br />The next step is to convert these files into an Android application .apk file. <br /><br />Luckily for us, there is an online converter on the Netmite website <a href="http://www.netmite.com/android/srv/2.0/getapk.php" target="_blank">here</a>. Just upload the jad and jar files and click Get Apk. What could be simpler?<br /><br /><span style="font-size: large;"><b>Install and Run</b></span> <br />Once downloaded, install the apk onto your Android. I suggest you use the <a href="http://webtrickz.com/how-to-install-apk-files-on-android-phones-easy-way/" target="_blank">application installs using Astro</a> method if you don't know how to manually install an apk file.<br /><br />Upon launching the Sametime app for the first time you may be challenged with this dialogue:<br /><br /><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/TIgMF9musEI/AAAAAAAAAps/VUt7HnnpyWQ/s1600/InstallJ2ME.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img title="Download J2ME" alt="Download J2mE" border="0" height="157" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/TIgMF9musEI/AAAAAAAAAps/VUt7HnnpyWQ/s200/InstallJ2ME.png" width="200" /></a></div><br />Remember at the top of this post I mentioned that the Sametime app ran in a Java 2 Micro Environment? This is the prompt to download and install that environment. Select Get from Android Market and install. <br /><br />Once the the J2ME environment is installed and the Sametime app launches OK, configure the client as you would any other Sametime client. Perhaps a good time to pop back to see the Samtime administrator again?<br /><br />Then start enjoying some mobile Sametime chat. <br /><br /><span style="font-size: large;"><b>J2ME Screen Size Tweak</b></span><br />One thing to bear in mind when tweaking:<br /><ul><li>Menus options <b>with</b> equals signs at each end make changes to the J2ME environment</li><li>Menus options <b>without</b> equals signs at each end make changes to the Sametime app itself</li></ul>These are suggested settings based on running Sametime in a J2ME on the Android emulator and on my <a href="http://pdadb.net/index.php?m=specs&id=2025&c=t-mobile_pulse_huawei_u8220" target="_blank">T-Mobile Pulse / U8220</a>. Your mileage may vary depending onthe screen size and resolution of your Android device.<br /><br />Launch Sametime app / MIDlet<br />Menu ---> =System Menu= ---> =Settings= ---><br /><ul><li>Untick "Auto detect Game Canvas"</li><li>My Display Width = 320</li><li>My Display Height = 450</li><li>Orientation = Portrait</li></ul><br /><b><span style="font-size: large;">Bugs</span></b><br />This is by no means an exhaustive list, but these are the most major bugs picked up so far: <br /><ul><li>Some buttons (most noticeably the send button) need tapping twice to do anything. This is also true for menu drop downs etc</li><li>Annoyingly changes to the sametime display settings (built into the ST app rather than the J2ME) won't / don't apply</li><li>Run as a service - it doesn't. Looks to run OK in background, but some android task killers may kill it, or it may silently die for whatever reason [remember that this isn't a native android app, so I don't think we can do anything about this]</li><li>Chat Screen - the chat screen is too small. I think this might be fixed if we can get the ST settings to apply (bullet 2 above) </li></ul><br /><span style="font-size: large;"><b>Conclusion</b></span><br />Yes I know that this is a "kludge" and I whole heartedly agree that there are issues with running Sametime this way (see the BUGS section for details), but the fact of the matter is that a client created using this method connects, runs and is quite usable. In fact, given the alternatives (oh yea IBM where the hell is the native Andriod client you <a href="http://www.theregister.co.uk/2010/01/19/lotus_notes_app_android/" target="_blank">promised over eight moths ago?</a>) this works, and works quite well all things considered.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/lotus-sametime-for-android/">Lotus Sametime for Android</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on September 08, 2010.</p>
https://polarclouds.co.uk/keep-calm2010-08-31T18:00:00+01:002010-08-31T18:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://www.flickr.com/photos/adambowie/3387667672/" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Keep Calm. Pic: Adam Bowie" border="0" height="640" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/THz5ZrqpkVI/AAAAAAAAAo8/SzHvg0wg2UU/s640/KeepCalm.jpg" title="Keep Calm. Pic: Adam Bowie" width="451" /></a></div><br /><br />From the 1939 propaganda poster, with a dash of IT Crowd.<br /><br />If ever you have a tech problem and don't know what to do, just complete the above. You'll be surprised.<br /><br /><br />The other two posters in the series are:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/THz8ujU-H3I/AAAAAAAAApE/WC-kqDJ3e8A/s1600/peril.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img alt="Freedom is in Peril" border="0" height="320" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/THz8ujU-H3I/AAAAAAAAApE/WC-kqDJ3e8A/s320/peril.jpg" title="Freedom is in Peril" width="233" /></a><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/THz9ACUj8cI/AAAAAAAAApM/6nHXXuu82Gw/s1600/courage.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Your Courage" border="0" height="320" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/THz9ACUj8cI/AAAAAAAAApM/6nHXXuu82Gw/s320/courage.jpg" title="Your Courage" width="236" /></a></div><br /><br />Some might say that the freedom poster chimes very true these days....<br /><br />Further reading of all three original propaganda posters on the Guardian Website <a href="http://www.guardian.co.uk/lifeandstyle/2009/mar/18/keep-calm-carry-on-poster" target="_blank">here</a><br /><br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/keep-calm/">Keep Calm...</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on August 31, 2010.</p>
https://polarclouds.co.uk/facebook-movie2010-08-25T20:00:00+01:002010-08-25T20:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/TG8HkX4ypTI/AAAAAAAAAo0/ob1EzNcivDk/s1600/fbm.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="157" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/TG8HkX4ypTI/AAAAAAAAAo0/ob1EzNcivDk/s200/fbm.png" width="200" /></a></div><br />Well here it is - the trailer! Now, now, now, contain yourself dear reader!<br /><br />One thing to keep in mind whilst watching; it just goes to show that Radiohead's "Creep" can make just about any movie look good.<br /><br /><br />And on to the proof:<br /><br /><br /><br /><br /><div><object height="324" width="576"><param name="movie" value="http://d.yimg.com/m/up/ypp/movies/player.swf"></param><param name="flashVars" value="vid=20889623&repeat=1&"></param><param name="allowfullscreen" value="true"></param><param name="wmode" value="transparent"></param><embed width="576" height="324" allowFullScreen="true" src="http://d.yimg.com/m/up/ypp/movies/player.swf" type="application/x-shockwave-flash" flashvars="vid=20889623&repeat=1&"></embed></object></div><br /><br />Yea, I'm not convinced either.. One to miss.<br /><br /><a href="http://www.imdb.com/title/tt1285016/" target="_blank">The Social Network</a> (via IMDB) for further info.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/facebook-movie/">Facebook: The Movie??!!!?</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on August 25, 2010.</p>
https://polarclouds.co.uk/dungeness-way-of-life_202010-08-20T22:53:00+01:002010-08-20T22:53:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/TG74hPNkiBI/AAAAAAAAAoo/3hlMcq4a2hE/s1600/dwol.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="121" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/TG74hPNkiBI/AAAAAAAAAoo/3hlMcq4a2hE/s200/dwol.png" width="200" /></a></div><br /><br />Not sure how I found this on youtube... <br /><br />Dungeness is about twenty minutes car drive from me. <br /><br />Very well made and interesting short film. Well worth a watch.<br /><br /><br /><br /><object height="385" width="640"><param name="movie" value="http://www.youtube.com/v/eW2PKO9_Oqs?fs=1&hl=en_US&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/eW2PKO9_Oqs?fs=1&hl=en_US&rel=0" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="640" height="385"></embed></object><br /><br />See <a href="http://www.chrissearson.co.uk/" target="_blank">http://www.chrissearson.co.uk/</a> or <a href="http://www.youtube.com/FullCircleMedia08" target="_blank">http://www.youtube.com/FullCircleMedia08</a> for more.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/dungeness-way-of-life_20/">Dungeness: A Way of Life</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on August 20, 2010.</p>
https://polarclouds.co.uk/sky-plus-noisy-fan-fix2010-08-09T18:00:00+01:002010-08-09T18:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/TGAHqZT4XiI/AAAAAAAAAn4/83Q7P6c7-B0/s1600/sky%2B.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img alt="Sky+ : Jet engine optional" border="0" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/TGAHqZT4XiI/AAAAAAAAAn4/83Q7P6c7-B0/s320/sky%2B.jpg" title="Sky+ : Jet engine optional" /></a></div>Sky+ receiver sounding like it's about to take off? Don't remember parking that F1-11 in the lounge?<br /><br />OK this has happened to me a couple of times now, usually just after a power cycle of the box. Symptoms are that the fan in the rear of the unit comes on at full speed an remains at full speed even when the Sky+ box is put into standby.<br /><br />Here's the fix that has worked for me on all occasions on my stock (stock as in non-modified) non-HD Sky+ box. Your mileage may vary, but it's worth a try.<br /><br />In all cases for me, a "Sky+ Planner Rebuild" from the installer menu has fixed the noisy fan. Here's the method. <br /><br /><b><i>***Standard "do this at your own risk" disclaimers apply***</i> </b><br /><br />Stop any recording / time shifting / playback (i.e. switch to live broadcast)<br /><br />Go to the Services menu by pressing the <b>Services </b>button on the remote, the following screen appears:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/TGAMMXurKJI/AAAAAAAAAoA/cL_Sr9Df0Q0/s1600/service1plus-300x225.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img title="Services Menu" alt="Services Menu" border="0" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/TGAMMXurKJI/AAAAAAAAAoA/cL_Sr9Df0Q0/s320/service1plus-300x225.jpg" /></a></div><br />Enter System Set Up, by pressing <b>4</b> on the remote. The following screen appears:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/TGAO98Hs_OI/AAAAAAAAAoI/Vyup14Abblo/s1600/system1-300x225.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img title="System Set Up Menu" alt="System Set Up Menu" border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/TGAO98Hs_OI/AAAAAAAAAoI/Vyup14Abblo/s320/system1-300x225.jpg" /></a></div><br />Enter the Installer Setup menu by pressing <b>0 1 Select</b>. The following installer screen appears:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/TGAPYZvpcUI/AAAAAAAAAoQ/n0D9lF0-SuM/s1600/installermenu.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img title="Installer Menu" alt="installer Menu" border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/TGAPYZvpcUI/AAAAAAAAAoQ/n0D9lF0-SuM/s320/installermenu.jpg" /></a></div><br />Press <b>7 </b>to start a Sky+ Planner Rebuild. The following dialogue will appear:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/TGAROoKxGpI/AAAAAAAAAoY/S_G0ux32cgc/s1600/skyplusrebuild.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/TGAROoKxGpI/AAAAAAAAAoY/S_G0ux32cgc/s320/skyplusrebuild.jpg" /></a></div><br />Press <b>Select</b> to start the rebuild.<br /><br />This may take a while (10+ minutes), or almost instantly reboot your Sky+ box. During the rebuild, the system is performing a tidy exercise on the Sky+ hard disk, which is a little bit like a PC de-fragment. It's impossible to guestimate how long this will take as fragmentation on every system will be different. Some have also found that this exercise has recovered some disk space.<br /><br />Once the box reboots, you should be greeted by the sound of silence once again. Ahhhh....! <br /><br />But why does this work?<br /><br />I'm not entirely sure, but I have read that those that have fitted non-standard disks have also had fan problems. It seems to me that the box is detecting the power being drawn by the hard disk at power on and is starting the fan. Having a fragmented hard disk is causing more power to be drawn by the hard disk at power on, so consequently the system is starting the fan.<br /><br />If the above doesn't work for you then maybe you have some bigger issue or perhaps you need to invest in a <a href="http://skyplusfancontroller.com/" target="_blank">Sky+ Fan Controller</a><br /><br />As I say, this fix that has worked for me on all occasions I've had fan noise issues, I'm running a standard 160Gb Hard Disk my so I've not needed a fan controller. Again, your mileage may vary, but it's worth a try.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/sky-plus-noisy-fan-fix/">Sky Plus Noisy Fan Fix</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on August 09, 2010.</p>
https://polarclouds.co.uk/remote-support-get-basics2010-07-30T19:00:00+01:002010-07-30T19:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/TFCdmejmBYI/AAAAAAAAAno/_Lo5f5PHRO8/s1600/details.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img title="Support Details" alt="Support Details" border="0" height="176" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/TFCdmejmBYI/AAAAAAAAAno/_Lo5f5PHRO8/s200/details.png" width="200" /></a></div><br /><br />When it comes to supporting friends, family, whomever remotely - perhaps over the telephone - it is not unusual to spend extended amounts of time just answering the most basic of system detail questions.<br /><br /><br /><br />A solution comes in the form of the <a href="http://www.supportdetails.com/" target="_blank">Support Details</a> website.<br /><br /><br /><br /><br />Granted, the detail returned isn't the most in-depth information and most computer literate users can gleam this kind of information without resorting to such measures, but can you guarantee that great aunt Nellie isn't going to quickly find out and tell you what her current internet facing IP address is...<br /><br />Auntie Nellie can even email her details to you:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/TFCZ2ki484I/AAAAAAAAAng/rT6KNiZF0uA/s1600/auntnellie.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Auntie's email" border="0" height="230" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/TFCZ2ki484I/AAAAAAAAAng/rT6KNiZF0uA/s320/auntnellie.PNG" title="Auntie's email" width="320" /></a></div><br />That's the basics quickly dealt with. Now Nellie, what was that problem again?<br /><br />Hmm sounds like a toughie.<br /><br />May need to use some remote access software to take a look. Sounds like a job for my <a href="http://chall32.blogspot.com/2010/01/logmein-free-client-with-embeded.html" target="_blank">LogMeIn Free Client with Embedded Credentials</a>!<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/remote-support-get-basics/">Remote Support: Get the Basics</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on July 30, 2010.</p>
https://polarclouds.co.uk/sherlock-its-good2010-07-28T23:17:00+01:002010-07-28T23:17:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/TFChZQKDoTI/AAAAAAAAAnw/iHLnuF_dz3g/s1600/sherlock.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img title="BBC Sherlock. Benedict Cumberbatch & Martin Freeman" alt="BBC Sherlock. Benedict Cumberbatch & Martin Freeman" border="0" height="179" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/TFChZQKDoTI/AAAAAAAAAnw/iHLnuF_dz3g/s200/sherlock.png" width="200" /></a></div><br />Having finally got around to watching the first episode tonight, and unaccustomed as I am for posting about TV shows on this here Blog, I feel compelled to stick a quick post up about the new three part BBC mini series <a href="http://www.bbc.co.uk/programmes/b00t4pgh" target="_blank">Sherlock</a><br /><br />I like it! I like it a lot!<br /><br />Refreshing to see a bit of good old fashioned deduction rather than over reliance on forensics or cold case based crime drama.<br /><br />As is often these days, with 1001 TV channels all pushing increasing amounts of drivel (Wife Swap / Eastenders / Hollyoaks, I'm talking to YOU), it's increasingly difficault to find any diamonds in this seemingly ever increasing river of *ahem* brown stuff.<br /><br />When a diamond does pop up, it should be widely applauded.<br /><br />Sure if I really really had to find issue, the plot could have been stronger, but don't forget there's a lot of ground to cover in the first episode even before Holmes and Watson get out to start solving crimes.<br /><br />I stronly urge you to catch part one on <a href="http://www.bbc.co.uk/iplayer/" target="_blank">BBC iPlayer</a>. You won't be disappointed.<br /><br />- Chris<br /><br />PS - We need to see more of Mycroft's aide... Hubba Hubba...<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/sherlock-its-good/">Sherlock - It's Good!</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on July 28, 2010.</p>
https://polarclouds.co.uk/welcome-what-markiii2010-07-27T21:20:00+01:002010-07-27T21:20:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/TE8yIOyfXqI/AAAAAAAAAmw/A2YxHGGMWxU/s1600/wtbmark2.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img alt="What the.....? Blog Mark II. RIP." border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/TE8yIOyfXqI/AAAAAAAAAmw/A2YxHGGMWxU/s320/wtbmark2.PNG" title="What the.....? Blog Mark II. RIP." /></a></div>Bye Bye What the.....? Blog Mark II, hello Mark III.<br /><br />I'm sure you'll agree, Mark III is a significant improvement over its predecessor in ease of use, navigation and hopefully page loading time.<br /><br />I've tried to make the transition as painless as possible, and I like to think that all is well, but as with any such change its likely that some niggles still remain. With a bit of luck we'll be fully shipshape in no time.<br /><br />In the meantime, have fun and enjoy!<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/welcome-what-markiii/">Welcome What the.....? MarkIII</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on July 27, 2010.</p>
https://polarclouds.co.uk/vmware-esx-41-update-to-build-number2010-07-25T20:39:00+01:002010-07-25T20:39:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/TEyOhc_-1sI/AAAAAAAAAmI/Ju6vfBDB4sg/s1600/box_store-generic-200x200.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img height="100" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/TEyOhc_-1sI/AAAAAAAAAmI/Ju6vfBDB4sg/s200/box_store-generic-200x200.jpg" style="border-style: none;" width="100" /></a></div><br />Continuing series of VMware ESX update to build number tracking.<br /><br /><br />As always, it's a simple bit of info, often hard to find.<br /><br /><br /><br /><br />ESXi 4.1 = Build 260247 - Released 13 July 2010<br />ESXi 4.1 Update 1 = Build 348481 - Released 10 February 2011<br />ESXi 4.1 Update 2 = Build 502767 - Released 27 October 2011<br />ESXi 4.1 Update 3 = Build 800380 - Released 30 August 2012 <br /><br /><br /><i>Yes that's right ESX 4.1 has a LOWER build number than ESX 4.0 update 2!</i><br /><br />An easy way to find build number from ESX console (i.e. without having to log into the VI Client) is to run:<br /><br /><blockquote>vmware -v</blockquote><br />For ESX 4.0, see <a href="http://chall32.blogspot.com/2010/01/vmware-esx-4-update-to-build-number.html" target="_blank">VMware ESX 4.0 Update to Build Number</a><br />For ESX 3.5, see <a href="http://chall32.blogspot.com/2009/07/vmware-esx-35-update-to-build-number.html" target="_blank">VMware ESX 3.5 Update to Build Number</a><br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/vmware-esx-41-update-to-build-number/">VMware ESX 4.1 Update to Build Number</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on July 25, 2010.</p>
https://polarclouds.co.uk/browser-extensions-link-around2010-07-20T21:22:00+01:002010-07-20T21:22:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="http://www.flickr.com/photos/good-karma/652486713/" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img alt="End of the cord. Pic: j / f / photos" border="0" height="136" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/TEXeQQ2_5QI/AAAAAAAAAmA/wIn3ZLItnWc/s200/cord.jpg" title="End of the cord. Pic: j / f / photos" width="200" /></a></div>A quick link-around post detailing the browser extensions I usually install plus a bit of info on each. The idea is to try and keep a frequently used extension list altogether and up to date. <br /><br />Some of these extensions add functionality (British English Dictionary for example), some restrict functionality (Addblock Plus for example). All in all, the goal for installing and using these extensions is make the web a bit more of a bearable, less annoying place.<br /><br />The extensions listed should work on both Windows and Linux versions on the respective browsers. <br /><br /><b><span style="font-size: large;">Firefox</span></b><br />The grand-daddy browser for extensions. If it's available as an extension, chances are it's available for Firefox.<br /><br /><ul><li><a href="https://addons.mozilla.org/en-US/firefox/addon/1865" target="_blank">Addblock Plus</a> and <a href="http://easylist.adblockplus.org/" target="_blank">Filters</a> : Covered extensively in my blog post <a href="http://chall32.blogspot.com/2009/09/add-block-plus.html" target="_blank">here</a>. A must</li><li><a href="https://addons.mozilla.org/en-US/firefox/addon/3366" target="_blank">British English Dictionary</a> : Well worth having if your spelling is as bad as mine!</li><li><a href="https://addons.mozilla.org/en-US/firefox/addon/6945" target="_blank">Custom Download Manager</a> : Manage your downloads in a firefox tab</li><li><a href="https://addons.mozilla.org/en-US/firefox/addon/13878" target="_blank">Vacuum Places Improved</a> : Speeds up firefox. See <a href="http://lifehacker.com/5347125/vacuum-places-improved-speeds-up-firefox-with-a-click-of-your-mouse" target="_blank">this</a> Lifehacker article</li><li><a href="https://addons.mozilla.org/en-US/firefox/addon/4554/" target="_blank">Extended Copy Menu</a> : Add option to remove text formatting when copying</li><li><a href="https://addons.mozilla.org/en-US/firefox/addon/1803" target="_blank">ProCon Latte Parental Control</a> : Not tested myself but heard good things about </li></ul><b><span style="font-size: large;">Chrome</span></b><br />Some up and coming extensions, worthy of a mention. Spell checking is built into Chrome, so that's one off the list to start with.<br /><br /><ul><li><a href="http://chromeadblock.com/" target="_blank">Adblock</a> and <a href="http://easylist.adblockplus.org/" target="_blank">Filters</a> : Chrome version of Adblock</li><li><a href="https://chrome.google.com/extensions/detail/picdndbpdnapajibahnnogkjofaeooof" target="_blank">Addblock Button</a> : Adds button to easily control Adblock</li><li><a href="https://chrome.google.com/extensions/detail/jfchnphgogjhineanplmfkofljiagjfb" target="_blank">Downloads Button</a> : Allows quick access button to downloads dialogue</li><li><a href="https://chrome.google.com/extensions/detail/gdgammgllngldejegaieginlhcaknlag" target="_blank">History Button</a> : Allows quick access to browsing history</li><li><a href="https://chrome.google.com/extensions/detail/cekbgkmeapobkbadclnkjfjdbpbcaobd" target="_blank">Copy Without Formatting</a> : Not as user friendly as Firefox version, does the job </li></ul>There you have it.<br /><br />What's that? Internet Explorer? No sorry, don't use it.<br /><br />OK, OK, just for you IE fans, have a look at <a href="http://www.ie7pro.com/" target="_blank">IE7Pro</a>. With spell check, ad blocking and crash recovery to name just a some of the additional functionality this adds to IE, it should keep you IE fans happy for a while.<br /><br />I've not used IE7Pro myself, but looks good. Would be interested if there is anyway to incorporate the Easylist filters (as used with Firefox and Chrome) into the IE7Pro ad blocker...<br /><br /> - Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/browser-extensions-link-around/">Browser Extensions Link-around</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on July 20, 2010.</p>
https://polarclouds.co.uk/argh-thrips2010-07-17T17:50:00+01:002010-07-17T17:50:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/TDcd0nAUicI/AAAAAAAAAlg/AwBnA_HeTW0/s1600/thrip.JPG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img alt="Thrip!" border="0" height="189" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/TDcd0nAUicI/AAAAAAAAAlg/AwBnA_HeTW0/s320/thrip.JPG" title="Thrip!" width="320" /></a></div>It's that time of year again. <br /><br />Only this time, I have a name for the enemy that plagues us.<br /><br />Why it's <a href="http://en.wikipedia.org/wiki/Thrips">thips</a> (there is no singular term apparently).<br /><br />Thrips (Order Thysanoptera) are tiny, slender insects with fringed wings (thus the scientific name, from the Greek thysanos (fringe) + pteron (wing)).<br /><br />Other common names for thrips include thunderflies, thunderbugs, storm flies, thunderblights, and corn lice.<br /><br />Here is a closer look:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://en.wikipedia.org/wiki/File:Thysanoptera.jpg%22" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Thrips, a closer look. Pic Wikipedia" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/TDcnV4PKQFI/AAAAAAAAAlw/cwCNKH7feWQ/s320/Thysanoptera.jpg" style="border-style: none;" title="Thrips, a closer look. Pic Wikipedia" /></a></div><br />Whilst thrips are harmless and totally uninterested in us humans, for the couple of weeks that they are about, these little buggers get everywhere!<br /><br />In LCD screens:<br /><br /><object height="306" width="500"><param name="movie" value="http://www.youtube.com/v/BgoWSrJIY4I&hl=en_GB&fs=1?rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/BgoWSrJIY4I&hl=en_GB&fs=1?rel=0" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="500" height="306"></embed></object><br /><br />Behind pictures:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://www.flickr.com/photos/ndrwfgg/92858371/" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Thrips in picture frame. Pic: ndrwfgg" border="0" height="266" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/TDcrT63jOCI/AAAAAAAAAl4/8Jn8hEM4NMc/s1600/thripspic.jpg" title="Thrips in picture frame. Pic: ndrwfgg" width="400" /></a></div><br />Click <a href="http://www.flickr.com/photos/ndrwfgg/92858371/sizes/o/">here</a> for supersize picture. Can you see them?<br /><br />When they land on you, they move around just enough to make you itch.<br /><br />Millions of them. Everywhere. There is no escape!<br /><br />I suppose, it's a small price to pay for living so close the beautiful garden of England countryside. Ah well.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/argh-thrips/">ARGH! Thrips!</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on July 17, 2010.</p>
https://polarclouds.co.uk/killing-blogger-comment-spam2010-07-09T12:33:00+01:002010-07-09T12:33:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://www.flickr.com/photos/missmiah/4191979465/" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img alt="Comments Pic: Miss Miah" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/TDb7BERdmpI/AAAAAAAAAlY/SAYg7vPPSmw/s320/4191979465_8bf39cbcb4.jpg" style="border-style: none;" title="Comments Pic: Miss Miah" /></a></div>I like comments. They make blogging worthwhile. Its good to feel engaged. <br /><br />However, Blogger's comment system is primitive to say the least. It's not really cutting it for me.<br /><br /><b>Why?</b><br />Well there is no way to blacklist serial comment spammers. There is no way (that I have found) to even report comment spammers to a higher authority, whomever that maybe (Google?).<br />It's not that I've been receiving that much comment spam, but I have received some. And for me, some is too much already.<br /><br /><a href="http://www.projecthoneypot.org/list_of_ips.php?t=p&by=3d" target="_blank">This page</a> over at Project Honey Pot highlights the problem. Looks like comments spamming is big!<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/TDb5L03DQLI/AAAAAAAAAlQ/w0H-DW4459c/s1600/Disqus.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/TDb5L03DQLI/AAAAAAAAAlQ/w0H-DW4459c/s320/Disqus.png" /></a></div><b>So, what's the fix?</b><br />Dump the blogger comment system and move to something else. That something is <a href="http://disqus.com/comments/" target="_blank">Disqus</a>. Why Disqus?<br /><ol><li>Built in spam filtering. Oh yes!</li><li> The ability to ban users by either email address and / or IP address. You can do it with email, why not with blog comments?</li><li>Threaded comments. Nice when trying to track and reply to other comments</li><li>Live comments. If your site is busy people will not have to hit refresh to see new comments</li><li>Whenever you leave a comment on another Disqus enabled site you will be able to see and track all your comments from the Disqus profile screen. This is great if you are trying to remember where you left that comment on a blog a while ago</li><li>Comment using Twitter or Facebook IDs. Users can use either to login and leave comments</li><li>It's FREE! </li></ol>Amongst others.<br /><br /><b>How?</b><br />Rather than detail the whole process here, I'll link you to the TV Tech Girl's Blog <a href="http://tvtechgirl.blogspot.com/2010/01/supercharge-your-blog-comments-with.html" target="_blank">here</a><br /><br />Job done. Go on I dare you to comment.............<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/killing-blogger-comment-spam/">Killing Blogger Comment Spam</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on July 09, 2010.</p>
https://polarclouds.co.uk/android-market-fingerprints-demystified2010-06-29T15:29:00+01:002010-06-29T15:29:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/TBFOB-j-3vI/AAAAAAAAAkU/-z6a8Jh3Ogc/s1600/Android+Market.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img height="200" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/TBFOB-j-3vI/AAAAAAAAAkU/-z6a8Jh3Ogc/s200/Android+Market.jpg" style="border-style: none;" width="200" /></a></div>Like it or not smartphone applications ("apps") are here to stay.<br /><br />Lets face it, we all like to have that "wizzy" app that allows us to do this or that, or displays certain data in a certain way.<br /><br /> - iPhone has App Store<br /> - Android has Android Market<br /><ul></ul>Both have tens of thousands apps available to download. But how do you ensure that your patrons are installing apps that are not going to adversely affect their end user experience?<br /><br />Say hello to the Android build fingerprint.<br /><br />It is this build fingerprint that ultimately governs the exact number of apps available to the end user via the Android market.<br /><br />However, the Android fingerprint system is not without it's faults. The most common fault being that apps appear to be "missing" from the market, meaning that they are not available to install. These issues are typically seen when either (a) a new handset is released or (b) when an existing handset receives an android version upgrade. <br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/TCE7r9p3FXI/AAAAAAAAAkc/gWdn1jyRxgQ/s1600/t-mobile-pulse-1.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img height="178" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/TCE7r9p3FXI/AAAAAAAAAkc/gWdn1jyRxgQ/s200/t-mobile-pulse-1.jpg" style="border-style: none;" width="200" /></a></div>It just so happens that my T-Mobile Pulse - aka Huawei U8220 - recently received an Android 2.1 upgrade released by T-Mobile in Hungary (yeah I know. Hungary?!? what the.....?) <a href="http://translate.google.com/translate?js=y&prev=_t&hl=en&ie=UTF-8&layout=1&eotf=1&u=http://www.t-mobile.hu/lakossagi/keszulekek/szoftverfrissites/telefon/pulse_21&sl=hu&tl=en" target="_blank">here</a>.<br /><br />It was after installing this update that my personal dealings with "missing" market applications started.<br /><br />It turns out that the Android Fingerprint included in the Hungarian update was not as it should have been.<br /><br />So, lets look at the Android fingerprint closer. Namely:<br /><ol><li>How Android fingerprints are derived</li><li>What makes a good fingerprint with lots of market apps available to the user </li></ol><br /><span style="font-size: large;"><b>Fingerprint Location, Editing and An Example Fingerprint</b></span><br />Fingerprints live in the /system/build.prop file on any Android phone.<br /><br />There are several to look at and modify your build.prop file. Perhaps the easiest is to use an app like Estrongs <a href="http://www.estrongs.com/en/products/file-explorer.html">File Explorer</a> to open and edit build.prop. An alternative way is to use <a href="http://developer.android.com/guide/developing/tools/adb.html">Android Debug Bridge</a> or adb as it is known.<br /><br />Here is an example fingerprint:<br /><blockquote><i>ro.build.fingerprint=htc_wwe/htc_legend/legend/legend:2.1/ERD79/139791:user/release-keys</i></blockquote><br /><span style="font-size: large;"><b>How are fingerprints derived?</b></span><br /><div class="separator" style="clear: both; text-align: left;">Being that Android is open, the information on deriving fingerprints is out there, the killer is finding it!</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">After some searching I eventually stumbled on this <a href="http://static.googleusercontent.com/external_content/untrusted_dlcp/source.android.com/en//compatibility/android-2.1-cdd.pdf">PDF</a> which states:</div><br /><blockquote><b>android.os.Build.FINGERPRINT:</b><br />A string that uniquely identifies this build. It SHOULD be reasonably human-readable. It MUST follow this template:<br /><br /><b>$(BRAND)/$(PRODUCT)/$(DEVICE)/$(BOARD):$(VERSION.RELEASE)/$(ID)/$(VERSION.INCREMENTAL):$(TYPE)/$(TAGS)</b><br /><br />For example:<br />acme/mydevice/generic/generic:2.1-update1/ERC77/3359:userdebug/test-keys<br /><br />The fingerprint MUST NOT include spaces. If other fields included in the template above have spaces, they SHOULD be replaced with the ASCII underscore ("_") character in the fingerprint.</blockquote><br />Breaking this down then:<br /><blockquote><b>(BRAND)</b><br />A value chosen by the device implementer identifying the name of the company, organization, individual, etc. who produced the device, in human-readable format. A possible use of this field is to indicate the OEM and/or carrier who sold the device. There are no requirements on the specific format of this field, except that it MUST NOT be null or the empty string ("").</blockquote><br /><blockquote><b>(PRODUCT)</b><br />A value chosen by the device implementer containing the development name or code name of the device. MUST be human-readable, but is not necessarily intended for view by end users. There are no requirements on the specific format of this field, except that it MUST NOT be null or the empty string ("").</blockquote><br /><blockquote><b>(DEVICE)</b><br />A value chosen by the device implementer identifying the specific configuration or revision of the body (sometimes called "industrial design")of the device. There are no requirements on the specific format of this field, except that it MUST NOT be null or the empty string ("").</blockquote><br /><blockquote><b>(BOARD)</b><br />A value chosen by the device implementer identifying the specific internal hardware used by the device, in human-readable format. A possible use of this field is to indicate the specific revision of the board powering the device. There are no requirements on the specific format of this field, except<br />that it MUST NOT be null or the empty string ("").</blockquote><br /><blockquote><b>(VERSION.RELEASE)</b><br />The version of the currently-executing Android system, in human-readable format. This field MUST have one of the string values defined in Android 2.1 allowed version strings: <a href="http://source.android.com/compatibility/2.1/versions.html" target="_blank">http://source.android.com/compatibility/2.1/versions.html</a></blockquote><br /><blockquote><b>(ID)</b><br />An identifier chosen by the device implementer to refer to a specific release, in human readable format. This field can be the same as android.os.Build.VERSION.INCREMENTAL, but SHOULD be a value sufficiently meaningful for end users to distinguish between software builds. There are no requirements on the specific format of this field, except that it MUST NOT be<br />null or the empty string ("").</blockquote><br /><blockquote><b>(VERSION.INCREMENTAL)</b><br />A value chosen by the device implementer designating the specific build of the currently-executing Android system, in human-readable format. This value MUST NOT be re-used for different builds shipped to end users. A typical use of this field is to indicate which build number or source-control change identifier was used to generate the build. There are no requirements on the specific format of this field, except that it MUST NOT be null or the empty string ("").</blockquote><br /><blockquote><b>(TAGS)</b><br />A comma-separated list of tags chosen by the device implementer that further distinguish the build. For example, "unsigned,debug". This field MUST NOT be null or the empty string (""), but a single tag (such as "release") is fine.</blockquote><br />Phew!<br /><br />To understand this better, lets say:<br /><ul><li>I go into business called CHPhones and produce a nice shiny handset called a CH1, running Android 2.1 update 1.</li><li>My CH1 is based on the ZZZ chipset</li><li>I've singed an exclusivity contract with BTCellnet for the CH1</li><li>I'm creating the android 2.1 build version 0001 today - 29/June/2010</li></ul>Using the template from the PDF, <br /><blockquote>$(BRAND)/$(PRODUCT)/$(DEVICE)/$(BOARD):$(VERSION.RELEASE)/$(ID)/$(VERSION.INCREMENTAL):$(TYPE)/$(TAGS)</blockquote><br />my build fingerprint would be:<br /><blockquote>BTCellnet/CHPhones/CH1/ZZZ:2.1-update1/0001/09062010:user/release-keys</blockquote><br />And there you go, a nice specific fingerprint for use on the market.<br /><br />My next step would be to register this brand new fingerprint 'behind the scenes' with Google - possibly through <a href="http://www.openhandsetalliance.com/" target="_blank">Open Hand Set Alliance</a>, maybe a bit of testing and there we go, one live fingerprint.<br /><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/TBFMx7stLlI/AAAAAAAAAkM/Xvbx0F_pMM4/s1600/snap20100610_212205.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="200" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/TBFMx7stLlI/AAAAAAAAAkM/Xvbx0F_pMM4/s200/snap20100610_212205.png" width="133" /></a><br />There is no smoke & mirror "magic code" embedded in the fingerprint. The fingerprint really is he sum of the total of it's parts; it only works as a whole. <span style="color: red;">Make any changes to any part of the registered fingerprint and it stops working.</span> End of.<br /><br />As the fingerprint can quite literally be anything you want, the killer is that the whole fingerprint needs to be registered with Google / Open Handset Alliance to ensure that the end user indeed has a compatible handset with those additional applications that potentially need it. <br /><br />And there in lies the rub.<br /><br />Yes we can use a different fingerprint to "trick the market" into allowing us to install additional applications that have not been specifically tested against our fingerprint (and hence our hardware and specific Android build) but we are potentially opening ourselves up to issues because of this.<br /><br />Food for thought, next time you get an Android force close / crash / reboot.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/android-market-fingerprints-demystified/">Android Market Fingerprints Demystified</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on June 29, 2010.</p>
https://polarclouds.co.uk/summer-views-from-mount-ashford2010-06-23T23:29:00+01:002010-06-23T23:29:00+01:00Chris Hallhttps://polarclouds.co.uk
Mount Ashford? What's all this?<br /><br />Didn't you know Ashford had a 'mountain'? <br /><br />OK, OK, Ashford doesn't. However, it does have a <a href="http://en.wikipedia.org/wiki/Triangulation_station" target="_blank">triangulation point</a> (aka a Trig point). Just. Where? Here:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/TCJspYXSMMI/AAAAAAAAAkk/PqDWhz2u_XU/s1600/trig.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Ashford Trig point!" border="0" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/TCJspYXSMMI/AAAAAAAAAkk/PqDWhz2u_XU/s320/trig.png" title="Ashford Trig point!" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/TCJs0YfX2fI/AAAAAAAAAks/s97HSlApA7A/s1600/trig2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Ashford Trig point!" border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/TCJs0YfX2fI/AAAAAAAAAks/s97HSlApA7A/s320/trig2.png" title="Ashford Trig point!" /></a></div><br />Yeah OK, it's actually on top of Collier's Hill located about halfway between Kingsnorth and Aldington, but hey, it's a 100% 'Kosher' trig point!<br /><br />Having lived in Ashford for almost 10 years, and being that the trig point is only about a 15 minute cycle ride from home, it had to be worth a visit. It didn't disappoint.<br /><br />Here are the pics:<br /><br /><object height="375" width="500"> <param name="flashvars" value="offsite=true&lang=en-us&page_show_url=%2Fphotos%2F51660515%40N06%2Fsets%2F72157624394542976%2Fshow%2F&page_show_back_url=%2Fphotos%2F51660515%40N06%2Fsets%2F72157624394542976%2F&set_id=72157624394542976&jump_to="></param><param name="movie" value="http://www.flickr.com/apps/slideshow/show.swf?v=71649"></param><param name="allowFullScreen" value="true"></param><embed type="application/x-shockwave-flash" src="http://www.flickr.com/apps/slideshow/show.swf?v=71649" allowFullScreen="true" flashvars="offsite=true&lang=en-us&page_show_url=%2Fphotos%2F51660515%40N06%2Fsets%2F72157624394542976%2Fshow%2F&page_show_back_url=%2Fphotos%2F51660515%40N06%2Fsets%2F72157624394542976%2F&set_id=72157624394542976&jump_to=" width="500" height="375"> </embed> </object><br /><br /><i>Click on any pic in the slide show to see it "in full glory" over on Flickr.</i><br /><i> </i> <br />Eagle eyed amongst you should be able to spot in the pics:<br /><ul><li>Ashford Outlet Center</li><li>Charter House </li><li>Aldingtion Church</li><li>William Harvey Hospital </li><li>Dungeness Power Station</li><li>Romney Marsh Wind Farm</li><li>Dover TV transmitter </li></ul>Amongst others.<br /><br />All in all a lunchtime in the countryside well spent!<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/summer-views-from-mount-ashford/">Summer Views from 'Mount' Ashford</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on June 23, 2010.</p>
https://polarclouds.co.uk/dyson-airblade-wet-sleeves-since-20062010-05-20T18:00:00+01:002010-05-20T18:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a alt="Dyson AirBlade" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/S_HKQzoShcI/AAAAAAAAAjo/R83-kM2yIgs/s1600/dyson-airblade-hand-dryer.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="Dyson AirBlade"><img src="http://1.bp.blogspot.com/_2xKZgKYJlJs/S_HKQzoShcI/AAAAAAAAAjo/R83-kM2yIgs/s320/dyson-airblade-hand-dryer.jpg" style="border-style: none;" /></a></div>Had occasion to visit a customer's site last week. Business as usual, nothing much to write home about.<br /><br />All except their hand dryers in the Gents lavatories..... A couple of Dyson AirBlades.<br /><br />Yea I know strange subject to post about but I feel I need to get this off my chest:<br /><br />These Frikkin things are DANGEROUS!<br /><br />Before you think I've totally lost it and this is just some random rant (well, OK you may have me there) let me justify this claim; how the sam hill can a hand dryer be dangerous?<br /><br />Now, it may just be be me, but every time I use one of these dryers, I end up with wet shirt cuffs. That is the airblade blows the water off my hands up my sleeves. The dryer simply blows the water off of my hands and up my arms, resulting in me leaving the gents with wet sleeves. <br /><br />OK, I admit I may just be using the thing wrong, but surely I'm not the only one?<br /><br />Sure they dry your hands quick, but at what cost? I like dry sleeves!<br /><br />Oh, and have you heard these frikkin things run? Geez they are DEAFENING!<br /><br />I thought Concord didn't fly any more... but it sure sounds like it does, and it's leaving for New York from the Gents, just outside trap 2!!<br /><br />Obviously, when we all pay a visit to the we are all subconsciously expecting that at least once our senses, our sense of smell, may be bombarded with unpleasantness. But to leave the Gents with temporary hearing loss also?<br /><br />OK, its not so much the unit that makes the lion's share of the noise, it's the noise of the air as it passes over your hands at what feels like Mach 3.<br /><br />Could it be me? Do I not have very aerodynamic hands? I don't think so. I believe my hands are the same as anyone else's...<br /><br />Don't believe me? Have a look at this:<br /><br /><object height="385" width="480"><param name="movie" value="http://www.youtube.com/v/fkQrCF-D-9k&hl=en_GB&fs=1&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/fkQrCF-D-9k&hl=en_GB&fs=1&rel=0" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="480" height="385"></embed></object><br /><br />Notice how the guy doesn't even try to talk over the racket the thing makes?<br /><br />Notice his aerodynamic hands?<br /><br />Notice he's not wearing long sleeves?<br /><br />I wonder why... ;-)<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/dyson-airblade-wet-sleeves-since-2006/">Dyson AirBlade: Wet Sleeves Since 2006</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on May 20, 2010.</p>
https://polarclouds.co.uk/easy-facebook-privacy2010-05-17T23:41:00+01:002010-05-17T23:41:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a alt="Lock down your Facebook Privacy" href="http://3.bp.blogspot.com/_2xKZgKYJlJs/S_G0o2ew5dI/AAAAAAAAAjQ/OrNTNLfz9h8/s1600/fblock.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="Lock down your Facebook Privacy"><img height="200" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/S_G0o2ew5dI/AAAAAAAAAjQ/OrNTNLfz9h8/s200/fblock.png" style="border-style: none;" width="200" /></a></div>Make no mistake, Facebook privacy is at best, so overly complicated, it's pants.<br /><br /><br />With around 50 settings and over 170 options, Facebook's privacy settings are a behemoth to understand. Their privacy policy on it's own weighs in at 5830 words - some 1287 more words than the United States Constitution!<br /><br /><br />We all want to be safe on line - that goes without saying, but how can we ensure that we are not unsuspectingly disclosing our precious personal and private data to the whole of the internet?<br /><br />What we need is some kind of simple tool to scan our Facebook accounts (without the tool leaking personal data) and reporting back on areas where our FB privacy can be strengthened. <br /><br />Luckily such a tool exists and it is dead simple to use. It's called: <a href="http://www.reclaimprivacy.org/" target="_blank">http://www.reclaimprivacy.org/</a><br /><br />Here is a screenshot of the tool in action:<br /><div class="separator" style="clear: both; text-align: center;"><a alt="Private.. But not Private Enough!" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/S_G561XmDUI/AAAAAAAAAjY/XCiskIWSsLw/s1600/FB-Privacy.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Private.. But not Private Enough!"><img border="0" height="158" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/S_G561XmDUI/AAAAAAAAAjY/XCiskIWSsLw/s400/FB-Privacy.png" width="400" /></a></div><br />As you can see, I thought I was secure, but I still had some work to do!<br /><br />Here is how you use the tool to check your privacy settings:<br /><br /><ol><li>Surf over to <a href="http://www.reclaimprivacy.org/" target="_blank">http://www.reclaimprivacy.org/</a></li><li>Drag their link to your web browser bookmarks bar</li><li>Log in to facebook.com and then click that bookmark</li><li>You will see a series of privacy scans that inspect your privacy settings and warn you about settings that might be unexpectedly public</li><li>Follow reclaimprivacy on Facebook to hear about their latest updates</li></ol><br />Simple! All secure now:<br /><div class="separator" style="clear: both; text-align: center;"><a alt="All secure..." href="http://2.bp.blogspot.com/_2xKZgKYJlJs/S_rRX4T6kOI/AAAAAAAAAj4/QnPnk3FyRfo/s1600/all+done.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="All secure..."><img border="0" height="252" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/S_rRX4T6kOI/AAAAAAAAAj4/QnPnk3FyRfo/s400/all+done.png" width="400" /></a></div><br />Give the tool a spin, you may just be surprised.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/easy-facebook-privacy/">Easy Facebook Privacy</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on May 17, 2010.</p>
https://polarclouds.co.uk/when-all-else-fails-kon-boot2010-04-29T00:46:00+01:002010-04-29T00:46:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a alt="Broken Padlock. Pic: marc kjerland" href="http://www.flickr.com/photos/marckjerland/4254099567/" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank" title="Broken Padlock. Pic: marc kjerland"><img border="0" height="133" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/S9i5WOm9n3I/AAAAAAAAAjA/33T35ADIfZA/s200/4254099567_2ac8108be3.jpg" width="200" /></a></div><i>*** NOTE*** This post relates to bypassing Windows and Linux Operating System security. </i><br /><br /><i>The tool discussed here is for <b>HOME USE ONLY!</b> It is <b>NOT </b>be used on systems that do not belong to you. Any problems arising from using Kon-Boot are YOUR responsibility. After all, no-one is forcing you to Kon-Boot!</i><br /><br />We have all been there. Passwords, or lack of.<br /><br />Luckily, there is a tool now available that will allow you to bypass Windows or Linux operating system security and allow you to log on without knowledge of any of the operating system passwords.<br /><br />What's more is this tool will allow you to do this without making any changes to the operating system installation itself. Instead, it makes changes to the operating system as held in memory on the target machine. Once the machine is rebooted, those memory changes are lost.<br /><br />The tool is called Kon-Boot, developed by Piotr Bania. <a href="http://www.piotrbania.com/all/kon-boot/" target="_blank">Piotr's Website</a><br /><br />I'm not going to tell you how to use it. Instead, I'll point you towards some videos of Kon-Boot in action.<br /><br /><b><span style="font-size: large;">Windows</span></b><br /><object height="340" width="560"><param name="movie" value="http://www.youtube.com/v/2lr7SYER8x4&hl=en_GB&fs=1&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/2lr7SYER8x4&hl=en_GB&fs=1&rel=0" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="550" height="340"></embed></object><br /><br /><b><span style="font-size: large;">Linux</span></b><br /><object height="385" width="480"><param name="movie" value="http://www.youtube.com/v/jTZX_ldU1MQ&hl=en_GB&fs=1&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/jTZX_ldU1MQ&hl=en_GB&fs=1&rel=0" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="480" height="385"></embed></object><br /><br />If you are interested in learning more about Kon-Boot, then have a look at Claus Valca's blog post <a href="http://grandstreamdreams.blogspot.com/2009/05/kon-boot-bypass-windows-login-security.html" target="_blank">here</a>. Well worth the read as Claus has spent quite a bit of time on this.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/when-all-else-fails-kon-boot/">When All Else Fails, Kon-Boot</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 29, 2010.</p>
https://polarclouds.co.uk/usb-boot-without-bios-support2010-04-20T16:36:00+01:002010-04-20T16:36:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a alt="USB Pic:Teo" href="http://www.flickr.com/photos/teo/66712078/" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank" title="USB... Boot from Me! Pic:Teo"><img border="0" height="150" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/S82hxA44_5I/AAAAAAAAAio/SlwKdZ0P5j4/s200/66712078_959a288661.jpg" width="200" /></a></div><i>Here is a great little workaround; how to boot any PC (or virtual machine) from a USB device.</i><br /><br />As shown in previous posts <a href="http://chall32.blogspot.com/2010/04/easy-bootable-antivirus-cdusb.html" target="_blank">USB Antivirus</a>, <a href="http://chall32.blogspot.com/2010/04/unetbootin-strikes-again-ubuntu-1004.html" target="_blank">Ubuntu USB</a> and <a href="http://chall32.blogspot.com/2009/11/vmware-esx-4-install-from-usb.html" target="_blank">ESX4 USB</a>, it is easy to create a bootable USB device and save on CD/DVD media costs.<br /><br />However, what happens if your hardware doesn't support booting from USB? Or the USB devices you've carefully created don't work with your particular hardware?<br /><br />Here is the simple workaround, using a tiny piece of software that you can install onto a floppy disk or write onto a CD. Yes I know, I said boot from USB and now we need to create a floppy disk or CD... Stick with me, it's worth it.<br /><br /><span style="font-size: large;"><b>Software</b></span><br /><ul><li><a href="http://www.plop.at/en/bootmanager.html" target="_blank">PLoP Boot Manager</a> - Boot Manager download page: <a href="http://www.plop.at/en/bootmanagerdl.html" target="_blank">here</a> (filename plpbt-x.x.x.zip) circa 1.5Mb</li><li><a href="http://www.chrysocome.net/rawwrite" target="_blank">RawWrite</a> - [Only required if creating a floppy disk] - 210Kb</li></ul><span style="font-size: large;"><b>Floppy / CD Creation</b></span><br />Download the latest version PLoP Boot Manager zip from the link above and decide whether you are going to use CD or floppy to boot your machine. I tend to use a floppy as it's smaller and on balance (at the moment) more machines have floppy drives than have CD drives. Also makes keeping the Boot Manager up to date easier!<br /><br /><b>Floppy</b> <br /><ol><li>Extract the file <b>plpbt.img</b> from the PLoP Boot zip (plpbt-x.x.x.zip) to a temporary location</li><li>Download RawWrite (link above) and extract rawwritewin.exe from the zip</li><li>Insert floppy disk</li><li>Launch rawwritewin.exe and open plpbt.img from the temporary location:</li> <div class="separator" style="clear: both; text-align: center;"><a alt="RawWrite. Used to create floppy disk" href="http://3.bp.blogspot.com/_2xKZgKYJlJs/S83CLim1fHI/AAAAAAAAAiw/FG6JoroBWW8/s1600/rawwritewin.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="RawWrite. Used to create floppy disk"><img src="http://3.bp.blogspot.com/_2xKZgKYJlJs/S83CLim1fHI/AAAAAAAAAiw/FG6JoroBWW8/s320/rawwritewin.png" style="border-style: none;" /></a></div><li>Click Write. The plpbt.img will be written onto the floppy</li><li>Once the write is complete, eject the floppy. You are ready to boot!</li></ol><b>CD</b><br /><ol><li>Extract the file <b>plpbt.iso</b> from the PLoP Boot zip (plpbt-x.x.x.zip) to a temporary location</li><li>Burn the ISO file onto CD. If you are unsure if your software is capable of doing this then I suggest you use <a href="http://www.imgburn.com/" target="_blank">ImgBurn</a>. A tutorial for burning ISO files with ImgBurn is available <a href="http://forum.imgburn.com/index.php?showtopic=61" target="_blank">here</a>.</li><li>You are ready to boot!</li></ol><span style="font-size: large;"><b>Use</b></span><br /><ol><li>Insert you floppy or CD and reboot your machine. Also insert the USB device to boot from.</li><li>All being well, you will be presented with the following menu:</li> <div class="separator" style="clear: both; text-align: center;"><a alt="PLoP Boot Menu" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/S83Fk1-uvGI/AAAAAAAAAi4/AXUIDopfMbA/s1600/plopmenu.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="PLoP Boot Menu"><img border="0" height="208" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/S83Fk1-uvGI/AAAAAAAAAi4/AXUIDopfMbA/s400/plopmenu.png" width="400" /></a></div><li>Using the arrow keys scroll down to <b>USB</b> and hit return</li><li>Wall-la! The machine will now boot from the USB device</li></ol>I've also used this method to boot VMware virtual machines from within VMware Player, VMware Workstation, and VMware Server. Unfortunately ESX and ESXi lack the USB support.<br /><br />Hope you agree, PLoP Boot Manager makes a handy little tool to keep around.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/usb-boot-without-bios-support/">USB Boot Without BIOS Support</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 20, 2010.</p>
https://polarclouds.co.uk/easy-bootable-antivirus-cdusb2010-04-19T16:34:00+01:002010-04-19T16:34:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a alt="Antivirus. Pic: tom-b" href="http://www.flickr.com/photos/tom-b/1633826625/" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank" title="Antivirus. Pic: tom-b"><img border="0" height="128" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/S8wzmM_rQxI/AAAAAAAAAhQ/9oilFbj6ggo/s200/1633826625_f4ba59b746.jpg" width="200" /></a></div>*** Checkout <a href="http://chall32.blogspot.co.uk/2012/05/easy-bootable-antivirus-cdusb-updated.html" target="_blank">Easy Bootable Antivirus CD/USB: UPDATED</a> for an even easier process!*** <br /><br />With the prevalence of Viruses / Rootkits / Spyware and all sorts of other malware these days, quite often I get asked to take a look at machines that are suspected of infestation with one or more of the above "nasties".<br /><br />Quite often this comes about because the nasties have "grown resistant" to the antivirus tool being used - that is they do not clean as expected. Sometimes this can be because the nasty hooks itself deep into the operating system or it locks itself as in use and hence cannot be deleted. <br /><br />One way around this is to boot the computer from an alternative operating system located on a device such as a CD or USB pen drive. This will get around both issues, thus making the removal much easier.<br /><br />Here is a guide showing how easy it can be to create such a CD or USB and how to use it.<br /><br /><b>It's entirely your choice whether to create a CD or a USB. <u>You only need one or the other.</u></b><br /><br />If you choose the USB option, you need to be sure that your hardware supports booting from USB (older hardware doesn't always support this) and know how to make it do so. If you are unsure, use the CD option.<br /><br /><span style="font-size: large;"><b>Software</b></span> <br /><div class="separator" style="clear: both; text-align: center;"><a alt="Avira" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/S8xDvya0oQI/AAAAAAAAAhY/kTYvUvPfKJ0/s1600/avira_logo_red_rgb.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;" title="Avira"><img height="100" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/S8xDvya0oQI/AAAAAAAAAhY/kTYvUvPfKJ0/s200/avira_logo_red_rgb.jpg" style="border-style: none;" width="80" /></a></div>As I'm sure you can appreciate, there is a plethora of antivirus software available. Some come with bootable media, some not.<br /><br />For ease of use, I'm going to use Avira's AntiVir Rescue System Bootable CD. The main reasons for this are:<br /><ol><li>Definition updates - The Avira AntiVir Rescue System ISO download file is updated several times a day with the very latest definition files. This means that the file is always up to date. No need for additional updates once booted.</li><li>Size - The ISO file is only around 65Mb. I've seen other AV media weigh in at 350Mb plus...</li><li>It's free!</li></ol>The Avira AntiVir Rescue System Bootable CD website is <a href="http://www.avira.com/en/support/support_downloads.html" target="_blank">here</a><br />Direct download to the ISO file is <a href="http://dlpro.antivir.com/package/rescue_system/common/en/rescue_system-common-en.iso" target="_blank">here</a> <br /><br /><span style="font-size: large;"><b>Option 1 - Create CD</b></span><br />Next step is to burn the ISO file onto CD.<br /><br />As an ISO file contains is a single file containing other files (boot code etc) it must be burnt on to CD in a special way, with software that understands how to do this.<br /><br />If you are unsure if your software is capable of doing this then I suggest you use <a href="http://www.imgburn.com/" target="_blank">ImgBurn</a>.<br />A tutorial for burning ISO files with ImgBurn is available <a href="http://forum.imgburn.com/index.php?showtopic=61" target="_blank">here</a>.<br /><br /><span style="font-size: large;"><b>Option 2 - Create USB</b></span><br />Here we are going to use our good friend <a href="http://unetbootin.sourceforge.net/" target="_blank">UNetbootin</a>.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a alt="UNetbootin. Great tool!" href="http://3.bp.blogspot.com/_2xKZgKYJlJs/S8xOAHd8yxI/AAAAAAAAAhg/gpH3MwEaCco/s1600/unetbootin.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="UNetbootin. Great tool!"><img border="0" height="235" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/S8xOAHd8yxI/AAAAAAAAAhg/gpH3MwEaCco/s320/unetbootin.png" width="320" /></a></div>From within UNetbootin:<br /><ol><li>Select <b>Diskimage</b> and locate your ISO file (in this case rescue_system-common-en.iso)</li><li> Select your USB drive</li><li>Click OK and let UNetbootin extract and copy the installation and boot sector files on to the USB</li><li>Once complete, Reboot or close UNetbootin as required</li></ol><span style="font-size: large;"><b>Cleaning Nasties</b></span><br />So we have our boot media (be that a CD or a USB) and we are ready to start cleaning off that nasty malware that has been plaguing our lives.<br /><ol><li>Insert the CD / USB and power on the device to be cleaned. Ensure that you select the correct device to boot from; CD or USB. <i>[This is a achieved differently depending on hardware]</i>.</li><li>Assuming you have selected correctly, the first screen you are met with is as follows:</li><div class="separator" style="clear: both; text-align: center;"><a alt="Avira Boot Screen" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/S8xR4HY2XRI/AAAAAAAAAho/Anr1UpMf55g/s1600/avira1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Avira Boot Screen"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/S8xR4HY2XRI/AAAAAAAAAho/Anr1UpMf55g/s320/avira1.png" /></a></div><li>Enter <b>4</b> (Advanced 1024x768) and hit return. The tool will continue to boot</li><li>Once booted an initialised, click the Union Jack flag in the bottom left hand corner to change the display language to English</li><li>Click <b>Configuration</b></li><li>Select <b>Try to repair infected files</b>:</li><div class="separator" style="clear: both; text-align: center;"><a alt="Avira Configuration" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/S8xdtTJkGoI/AAAAAAAAAiA/acmU_qDu6mQ/s1600/avira1a.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Avira Configuration"><img border="0" height="240" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/S8xdtTJkGoI/AAAAAAAAAiA/acmU_qDu6mQ/s320/avira1a.png" width="320" /></a></div><li>Click <b>Virus scanner </b>and <b>Start scanner</b> to start the scan:</li><div class="separator" style="clear: both; text-align: center;"><a alt="Avira Scanning" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/S8xTLN12n7I/AAAAAAAAAhw/Kt0yShr11go/s1600/avira2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Avira Scanning"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/S8xTLN12n7I/AAAAAAAAAhw/Kt0yShr11go/s320/avira2.png" /></a></div><li>Sit back and relax, get some coffee. This may take a while</li><li>Depending on the type of infection you may be asked additional questions... you may not...</li><li>When all done, click <b>Miscellaneous</b> and <b>Shutdown</b> to safely dismount the file system:</li></ol><div class="separator" style="clear: both; text-align: center;"><a alt="Avira Shutdown" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/S8xiapWxJII/AAAAAAAAAiI/IeqRQn6OREI/s1600/avira3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Avira Shutdown"><img border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/S8xiapWxJII/AAAAAAAAAiI/IeqRQn6OREI/s320/avira3.png" /></a></div>That's it. Job done.<br /><br />As most nasties spread due to lack of security patching, upon first boot I would highly recommend a visit to <a href="http://update.microsoft.com/windowsupdate/v6/default.aspx" target="_blank">Windows Update</a><br /><br />Follows is and additional step only required if problems are encountered during the above process.<br /><br /><span style="font-size: large;"><b>Cleaning Nasties - Advanced: Command Line </b></span><br />One thing noticed during testing is that occasionally the Avira GUI would freeze necessitating a reboot to get going again. The resolution is to scan from the command line. Here's how:<br /><ol><li>Boot to Step 4 above</li><li> Click <b>Miscellaneous</b> and <b>Commandline</b> to exit the GUI to the command line console:</li><div class="separator" style="clear: both; text-align: center;"><a alt="Avira Command Line" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/S8xl1aWwweI/AAAAAAAAAiQ/LhQSSYg3SpQ/s1600/aviracmd.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Avira Command Line"><img border="0" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/S8xl1aWwweI/AAAAAAAAAiQ/LhQSSYg3SpQ/s320/aviracmd.png" /></a></div><li>Now comes the fun part; as you can see the console is in German....!</li><li>For reference, here is a German keyboard layout. This can be used to workout which keys are which:</li><div class="separator" style="clear: both; text-align: center;"><a alt="German Keyboard Layout" href="http://3.bp.blogspot.com/_2xKZgKYJlJs/S8xnT7LxANI/AAAAAAAAAiY/GArl5dgqRjo/s1600/KeyboardLayout-German.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="German Keyboard Layout"><img border="0" height="108" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/S8xnT7LxANI/AAAAAAAAAiY/GArl5dgqRjo/s320/KeyboardLayout-German.png" width="320" /></a></div><li>The command to run a full scan is (notice the capital <b>D</b> on <b>D</b>evices):</li><blockquote style="font-family: "Courier New",Courier,monospace;">antivir -s -e -ren /media/Devices/hda1</blockquote>Which (on a UK keyboard) translates to: <blockquote><div style="font-family: "Courier New",Courier,monospace;">antivir /s /e /ren &media&Devices&hda1</div></blockquote><li>Once the scanner starts, it should look something like this:</li><div class="separator" style="clear: both; text-align: center;"><a alt="Avira Command Line Scan Running" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/S8xpdBgSrMI/AAAAAAAAAig/TiEqg7b_-Ic/s1600/aviracmd2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Avira Command Line Scan Running"><img border="0" height="135" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/S8xpdBgSrMI/AAAAAAAAAig/TiEqg7b_-Ic/s320/aviracmd2.png" width="320" /></a></div><li>Use the command <span style="font-family: "Courier New",Courier,monospace;">reboot</span> to safely dismount the file system and reboot once complete</li></ol><b><span style="font-size: large;">Conclusion</span></b><br />In this post looked at the easy creation of two types of alternative boot media to aid in the removal of malware.<br /><br />Also discussed was an advanced method should issues occur. <br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/easy-bootable-antivirus-cdusb/">Easy Bootable Antivirus CD/USB</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 19, 2010.</p>
https://polarclouds.co.uk/on-day-skies-went-quiet2010-04-15T23:46:00+01:002010-04-15T23:46:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a alt="Where have all the planes gone? 22:45 15 April 2010" href="http://3.bp.blogspot.com/_2xKZgKYJlJs/S8eKI9Yib9I/AAAAAAAAAg4/7KzOz_00cOY/s1600/noplanesuk.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Where have all the planes gone? 22:45 15 April 2010"><img border="0" height="320" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/S8eKI9Yib9I/AAAAAAAAAg4/7KzOz_00cOY/s320/noplanesuk.png" width="313" /></a></div><br />If you are not aware, all UK airports are closed tonight due to an ash cloud from a volcanic eruption in Iceland:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a alt="Ash cloud" href="http://3.bp.blogspot.com/_2xKZgKYJlJs/S8eRyXD0bZI/AAAAAAAAAhA/rbvjI8Xk9ug/s1600/1iceland_volcano466.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Ash cloud"><img border="0" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/S8eRyXD0bZI/AAAAAAAAAhA/rbvjI8Xk9ug/s320/1iceland_volcano466.jpg" /></a></div><br />See this <a href="http://news.bbc.co.uk/1/hi/world/europe/8623534.stm" target="_blank">BBC article</a> for additional detail. <br /><br />Following on for my live aircraft tracking link-around <a href="http://chall32.blogspot.com/2010/01/live-aircraft-tracking-link-around.html" target="_blank">here</a>, I thought it would be fun to look see what is happening for myself. <br /><br />Unfortunately <a href="http://www.radarvirtuel.com/" target="_blank">radarvirtuel</a> looked to be having technical difficulties, but <a href="http://www.flightradar24.com/" target="_blank">flightradar24</a> was up and running OK. Its only when you zoom out that you finally find some air traffic: <br /><br /><div class="separator" style="clear: both; text-align: center;"><a -="" 15="" 2010="" 22:45="" alt-="" april="" european="" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/S8eIZuFiGCI/AAAAAAAAAgw/D5Mte6T07qA/s1600/noplanes.png" imageanchor="1" north="" skies="" style="margin-left: 1em; margin-right: 1em;" title="North European skies - 22:45 15 April 2010"><img border="0" height="302" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/S8eIZuFiGCI/AAAAAAAAAgw/D5Mte6T07qA/s320/noplanes.png" width="320" /></a></div><br />Still, nice sunset though:<br /><br /><div style="text-align: center;"><a alt="Sunset over the fence earlier this evening" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/S8eSQAm-jwI/AAAAAAAAAhI/Y8IgBs_ObOc/s1600/img_0143.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Sunset over the fence earlier this evening"><img border="0" height="300" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/S8eSQAm-jwI/AAAAAAAAAhI/Y8IgBs_ObOc/s400/img_0143.jpg" width="400" /></a></div><br />I especially like the lack of aircraft trails in this shot.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/on-day-skies-went-quiet/">On the Day the Skies Went Quiet</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 15, 2010.</p>
https://polarclouds.co.uk/ubuntu-1004-beta2-first-look2010-04-14T22:12:00+01:002010-04-14T22:12:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/S8TYZZMcDAI/AAAAAAAAAfw/F8sTx4E46cY/s1600/ubuntu-logo.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="Ubuntu 10.04 Beta2: First Look" alt="Ubuntu 10.04 Beta2: First Look"><img height="200" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/S8TYZZMcDAI/AAAAAAAAAfw/F8sTx4E46cY/s200/ubuntu-logo.jpg" style="border-style: none;" width="173" /></a></div><br />As last Thursday (April 8th) saw the Beta 2 release of <a href="http://www.ubuntu.com/" target="_blank">Ubuntu</a> v10.04-LTS (Long Term Support), I thought I would give this new version a trial run on my test-bed laptop.<br /><br />Besides I was getting bored with running Windows 7 release candidate and it's bi-hourly reboots.<br /><br />Also as this is a beta, and I've had such success using UNetbootin to create a VMware ESX 4.0 bootable installer USB, I'm going to have a bash at creating a bootable Ubuntu USB installer - (yet another first for me!) <br /><br /><b><span style="font-size: large;">Test-Bed Laptop</span></b><br />Nothing flash. A Dell Latitude D600 with:<br /><ul><li>1.4GHz Pentium M</li><li>1Gb RAM</li><li>Intel 2200BG 54Mb Wireless</li><li>Secondary (modular bay) battery</li></ul>(Yes, I agree, it did struggle somewhat to run Windows 7!)<br /><br /><br /><b><span style="font-size: large;">Creating USB Installer</span></b><br /><i>I've decided to make this into another post - See <a href="http://chall32.blogspot.com/2010/04/unetbootin-strikes-again-ubuntu-1004.html" target="_blank">HERE</a></i><br /><br /><br /><b><span style="font-size: large;">Installing</span></b><br />Nothing much untoward, looks like the installer application has a fresh new look, but other than that, standard easy to follow fare.<br /><br /><br /><b><span style="font-size: large;">First Impressions</span></b><br />WOW! Looks good... Very good... Continuing from the last release, v9.10 - See my Installation guide <a href="http://chall32.blogspot.com/2009/11/ubuntu-910-ch-installation-guide.html" target="_blank">HERE</a> Once again, there was no post install playing around required. Everything just ...worked!<br /><br />Here are some eye candy and comments:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a alt="Desktop. Also both batteries!" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/S8Tww4PQMsI/AAAAAAAAAgA/k-trO8O4wI4/s1600/Desktop.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Desktop. Also both batteries!"><img border="0" height="240" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/S8Tww4PQMsI/AAAAAAAAAgA/k-trO8O4wI4/s320/Desktop.png" width="320" /></a></div><div style="text-align: center;">Desktop. Also both batteries!</div><div style="text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a alt="Start Menu. Wa-hey! The brown is gone!" href="http://3.bp.blogspot.com/_2xKZgKYJlJs/S8TxKjE6LVI/AAAAAAAAAgI/HvtmpYXa8gQ/s1600/menu.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Start Menu. Wa-hey! The brown is gone!"><img border="0" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/S8TxKjE6LVI/AAAAAAAAAgI/HvtmpYXa8gQ/s320/menu.png" /></a></div><div style="text-align: center;">Start Menu</div><div style="text-align: center;">Wa-hey! The brown is gone!</div><div style="text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a alt="File explorer. Nice and simple" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/S8TxgFsWyMI/AAAAAAAAAgQ/uk2qPgkTomQ/s1600/files.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="File explorer. Nice and simple"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/S8TxgFsWyMI/AAAAAAAAAgQ/uk2qPgkTomQ/s320/files.png" /></a></div><div style="text-align: center;">File explorer. Nice and simple</div><div style="text-align: center;">Seems to make more sense than previous versions</div><div style="text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a alt="Progress dialogue" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/S8TyFMKe_rI/AAAAAAAAAgY/ZX7eBHIZm8I/s1600/filecopy.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Progress dialogue"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/S8TyFMKe_rI/AAAAAAAAAgY/ZX7eBHIZm8I/s320/filecopy.png" /></a></div><div style="text-align: center;">Progress dialogue</div><div style="text-align: center;">The red certainly does stand out!</div><div style="text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a at="Firefox" href="http://3.bp.blogspot.com/_2xKZgKYJlJs/S8Tyb6SFYqI/AAAAAAAAAgg/ML1rAtWDjqQ/s1600/ffox.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Firefox"><img border="0" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/S8Tyb6SFYqI/AAAAAAAAAgg/ML1rAtWDjqQ/s320/ffox.png" /> </a></div><div style="text-align: center;">Firefox.</div><div style="text-align: center;">I've also installed <a href="http://www.getpersonas.com/en-US/persona/2070" target="_blank">Balck and White</a> Firefox persona<br /><br /><div class="separator" style="clear: both; text-align: center;"><a alt="Remote Desktop with built in RDP client" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/S8TzinB_g5I/AAAAAAAAAgo/NqUtyhDIC4I/s1600/rdp.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/S8TzinB_g5I/AAAAAAAAAgo/NqUtyhDIC4I/s320/rdp.png" /></a></div>Remote Desktop with built in RDP client</div><br />All in all, I think you'll agree, looking very nice!<br /><br />Also compared to Windows 7, this old laptop is flying once again. A real performance boost from the old girl! <br /><br />According to <a href="https://wiki.ubuntu.com/LucidReleaseSchedule" target="_blank">https://wiki.ubuntu.com/LucidReleaseSchedule</a> the final 10.04 release is on 28th April. Not long to wait now!!<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/ubuntu-1004-beta2-first-look/">Ubuntu 10.04 Beta2: First Look</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 14, 2010.</p>
https://polarclouds.co.uk/unetbootin-strikes-again-ubuntu-10042010-04-13T23:08:00+01:002010-04-13T23:08:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a alt="UNetbootin - It's great!" href="http://3.bp.blogspot.com/_2xKZgKYJlJs/S8Thv3f9ryI/AAAAAAAAAf4/71hU5HOCh4A/s1600/Screenshot-UNetbootin.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="UNetbootin - It's great!"><img border="0" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/S8Thv3f9ryI/AAAAAAAAAf4/71hU5HOCh4A/s320/Screenshot-UNetbootin.png" /></a></div><br />As I've had such great success using <a href="http://unetbootin.sourceforge.net/" target="_blank">UNetbootin</a> to create a VMware ESX 4.0 bootable installer USB - See <a href="http://chall32.blogspot.com/2009/11/vmware-esx-4-install-from-usb.html" target="_blank">here</a> for details - I'm going to have a bash at creating a bootable Ubuntu 10.04 USB installer.<br /><br />Really this is such an easy process, I'm amazed that it's not used more often to create installation media.<br /><br />What is UNetbootin?<br /><blockquote><i>UNetbootin allows you to create bootable Live USB drives for a variety of Linux distributions from Windows or Linux, without requiring you to burn a CD. You can either let it download one of the many <a href="http://unetbootin.sourceforge.net/#features" target="_blank">distributions supported out-of-the-box</a><a href="http://unetbootin.sourceforge.net/#other" target="_blank">supply your own Linux .iso file</a> if you've already downloaded one or your preferred distribution isn't on the list.</i></blockquote><a href="http://unetbootin.sourceforge.net/" target="_blank">UNetbootin Website</a> <br /><br />So with that in mind, lets get cracking.<br /><br /><ul><li>Firstly you will need to download UNetbootin (well duh!)</li><li>Secondly you are going to need to grab / download a copy of an ISO image containing the install files of the Windows or Linux distribution that you would like to copy to onto USB.</li><li>Lastly you will need a USB memory stick. Anything 1Gb or above will do for most CD based distributions.</li></ul>Here goes: <br /><ol><li>Format your USB stick using Windows format. FAT32 file system is fine:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a alt="Format USB Stick - FAT32 is fine" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/SwxNDh2nvbI/AAAAAAAAAT8/BuEm42hfB18/s1600/format.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Format USB Stick - FAT32 is fine"><img border="0" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/SwxNDh2nvbI/AAAAAAAAAT8/BuEm42hfB18/s200/format.png" /></a> </div></li> <li>Once format is complete, leave USB stick plugged in and start UNetbootin:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a alt="UNetbootin dialogue" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/SwxNoYPxNzI/AAAAAAAAAUE/UHsNNLjOpks/s1600/unetbootin.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="UNetbootin dialogue"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/SwxNoYPxNzI/AAAAAAAAAUE/UHsNNLjOpks/s200/unetbootin.png" /></a> </div></li> <li>Select "Diskimage" and locate your ISO file (in our case ubuntu-10.04-beta2-desktop-i386.iso)</li><li> Select your USB drive</li><li>Click OK and let UNetbootin extract and copy the installation and boot sector files on to the USB</li><li>Once complete, Reboot </li></ol>What could be simpler?<br /><br /><b><i>PLUS</i></b> think of all those burnable CD's and DVD's you'll be saving!<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/unetbootin-strikes-again-ubuntu-1004/">UNetbootin Strikes Again! Ubuntu 10.04 Beta 2</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 13, 2010.</p>
https://polarclouds.co.uk/what-blog-tour-2010-diary2010-04-01T00:01:00+01:002010-04-01T00:01:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://www.flickr.com/photos/mamboman/506006207/" imageanchor="1" target="_blank" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="Suitcase by Mamboman1" alt="Suitcase by Mamboman1"><img border="0" height="127" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/S7PFPX1eDgI/AAAAAAAAAfY/KNWjGmMSuYA/s200/506006207_7ec0cb402f.jpg" width="200" /></a></div>With over 10,000 hits coming from America alone, it was decided that this year's <i>What the.....? Blog</i> tour should be to go visit Uncle Sam - to say thank you in person like.<br /><br />Besides, it's been a while since the <i>What the.....? </i>UK team and the <i>What the.....? </i>US team have had a get together. Well, as you know, the team like to spare zero expense on these tours. <br /><br /><span style="font-size: large;"><b>Day 1</b></span><br />The level of expenditure was pretty evident when we hit the airport. The kind production team had chartered us our own jet!<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/S2dXiAFtBHI/AAAAAAAAAZk/uge5dfKvy_8/s1600-h/plane.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="213" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/S2dXiAFtBHI/AAAAAAAAAZk/uge5dfKvy_8/s320/plane.png" width="320" /></a></div><br />The fact that we had to share with the Swedish all ladies cheerleader squad, just seemed to add to the excitement....<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/S2ddM71LQQI/AAAAAAAAAZ8/aV9d-x2rcmY/s1600-h/hostess.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/S2ddM71LQQI/AAAAAAAAAZ8/aV9d-x2rcmY/s320/hostess.png" width="229" /></a></div><br />Once we landed and had picked up our limo:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/S2dbCq4JiiI/AAAAAAAAAZ0/X5tS-Co3sgM/s1600-h/limo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="152" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/S2dbCq4JiiI/AAAAAAAAAZ0/X5tS-Co3sgM/s320/limo.png" width="320" /></a></div><br />We hit the streets. First to was a gas station for supplies as strangely the limo had zero gas:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/S2dYuEyjj-I/AAAAAAAAAZs/HXymYK7yOMQ/s1600-h/gas.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/S2dYuEyjj-I/AAAAAAAAAZs/HXymYK7yOMQ/s320/gas.png" width="257" /></a></div><br />After that, we found the hotel:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/S2dgGF8dUfI/AAAAAAAAAaE/1YGnc0hzMSw/s1600-h/hotel.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="229" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/S2dgGF8dUfI/AAAAAAAAAaE/1YGnc0hzMSw/s320/hotel.png" width="320" /></a></div><br />And settled our selves in for the rest of the afternoon. With that much fudge on tap, we knew we were in for a great time!<br /><br />Soon it was time for some dinner, so back into the the limo. We eventually found a place:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/S2dgmJ3v2tI/AAAAAAAAAaM/pOlWUt7ydd8/s1600-h/littlepigs.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/S2dgmJ3v2tI/AAAAAAAAAaM/pOlWUt7ydd8/s320/littlepigs.png" width="252" /></a></div><br />mmmm the pork was just cracking. Back to the hotel for some shut eye... and more fudge.<br /><br /><span style="font-size: large;"><b>Day 2</b></span><br />Up early and flushed, we hit the road. Today were due to visit the US <i>What the.....? </i>team at their offices:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/S2djDfvWQhI/AAAAAAAAAaU/BEQ5zSAbWzk/s1600-h/offices.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="226" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/S2djDfvWQhI/AAAAAAAAAaU/BEQ5zSAbWzk/s320/offices.png" width="320" /></a> </div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">We all felt proud as we pulled up out front.</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">After a very quick tour of the desk, we were where whisked off to our very own book signing event at Pack Place:</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div style="text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/S2dlrW_wUPI/AAAAAAAAAac/LNk--o78w4g/s1600-h/packplace.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="222" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/S2dlrW_wUPI/AAAAAAAAAac/LNk--o78w4g/s320/packplace.png" width="320" /></a></div><br />The crowd looked 'bitchin'. What The.....? book we hear you say. Well, here you go:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/S2dmPMU_CoI/AAAAAAAAAak/-4oo3FuseOc/s1600-h/book.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/S2dmPMU_CoI/AAAAAAAAAak/-4oo3FuseOc/s320/book.png" width="254" /></a> </div><div class="separator" style="clear: both; text-align: center;"><br /></div>Yeah. We were thrilled with it too.<br /><br />After 30 mins of signing, we were bushed. Back to the hotel for a wash and bush up (and yet more fudge).<br /><br />For dinner the US team had laid on an all American treat:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/S2dnbsN1CTI/AAAAAAAAAas/ItR3NBBGoqE/s1600-h/chinese.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/S2dnbsN1CTI/AAAAAAAAAas/ItR3NBBGoqE/s320/chinese.png" width="255" /></a></div><br />man this was livin.<br /><br /><span style="font-size: large;"><b>Day 3</b></span><br />Up early again to the sound of fresh fudge being made, we called the US team. Turns out for our last day in town they had laid on a street party style send off. WOW!!!<br /><br />Luckily we managed to grab a photo before the riot police turned up:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/S2dolqSLjsI/AAAAAAAAAa0/H12HKX8aGjA/s1600-h/street+party.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="220" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/S2dolqSLjsI/AAAAAAAAAa0/H12HKX8aGjA/s320/street+party.png" width="320" /></a></div><br />With that we were rushed out of the country post haste.<br /><br />Well there you have it readers another successful Blog Tour. We loved it too!<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/what-blog-tour-2010-diary/">What the.....? Blog Tour 2010 - A Diary</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 01, 2010.</p>
https://polarclouds.co.uk/t-mobile-pulse-eye-candy2010-03-17T20:54:00+00:002010-03-17T20:54:00+00:00Chris Hallhttps://polarclouds.co.uk
A couple of gratuitous eye candy screenshots from my Android T-Mobile Pulse (based on the Huawei U8220).<br /><br />You'll see why I know it as my "Funky Phone":<br /><br /><div class="separator" style="clear: both; text-align: center;"><a alt="Home Screen" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/S6Et-mZSIaI/AAAAAAAAAeg/bVIfsE6Bebc/s1600-h/snap20100317_192158.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Home Screen"><img border="0" height="400" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/S6Et-mZSIaI/AAAAAAAAAeg/bVIfsE6Bebc/s400/snap20100317_192158.png" width="267" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a alt="Applications 1" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/S6Eurr96HjI/AAAAAAAAAew/gKvURbu1K2o/s1600-h/snap20100317_095732.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Applications 1"><img border="0" height="400" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/S6Eurr96HjI/AAAAAAAAAew/gKvURbu1K2o/s400/snap20100317_095732.png" width="267" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a alt="Applications 2" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/S6EucqdWneI/AAAAAAAAAeo/QE02UkZcgXc/s1600-h/snap20100317_192235.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Applications 2"><img border="0" height="400" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/S6EucqdWneI/AAAAAAAAAeo/QE02UkZcgXc/s400/snap20100317_192235.png" width="267" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a alt="Email Application Folder" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/S6EvG_TTvmI/AAAAAAAAAe4/RQHV1xk4YtY/s1600-h/snap20100317_192203.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Email Application Folder"><img border="0" height="400" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/S6EvG_TTvmI/AAAAAAAAAe4/RQHV1xk4YtY/s400/snap20100317_192203.png" width="267" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a alt="Lock Screen" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/S6EvQU0UOkI/AAAAAAAAAfA/UOdYrN2gKIo/s1600-h/snap20100317_192311.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Lock Screen"><img border="0" height="400" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/S6EvQU0UOkI/AAAAAAAAAfA/UOdYrN2gKIo/s400/snap20100317_192311.png" width="267" /></a></div><br /><span style="font-size: large;"><b>Operating System</b></span><br />Android 1.5 (CupCake) <a href="http://android.modaco.com/content/t-mobile-pulse-pulse-modaco-com/296925/09-feb-1-7-modaco-custom-rom-u8230-vanilla-style-now-with-online-kitchen/" target="_blank">MoDaCo Custom ROM 1.7</a> - U8230 Vanilla Style<br /><br /><span style="font-size: large;"><b>Apps</b></span><br />All of these applications were downloaded and installed via the <a href="http://www.android.com/market/" target="_blank">Android Market</a>. Links below are to the developer's website:<b> </b><br /><ul><li>Beautiful Widgets - <a href="http://levelupstudio.com/widgets/weather" target="_blank">LevelUp Studio</a> - With <a href="http://drp.ly/upA9x" target="_blank">HTCDesire</a> skin </li><li>Audio Manager - <a href="http://www.smartandroidapps.com/audiomanager.php" target="_blank">SmartAndriodApps</a></li><li>Barcode Scanner - <a href="http://code.google.com/p/zxing/" target="_blank">Zebra Crossing</a></li><li>Battery Indicator - <a href="http://www.darshancomputing.com/android/battery_indicator/" target="_blank">Darshan Computing</a></li><li>BBC News - <a href="http://jimblackler.net/blog/?p=124" target="_blank">Jim Blackler</a></li><li>ebuddy - <a href="http://www.ebuddy.com/android/" target="_blank">ebuddy</a></li><li>Google Sky Map - <a href="http://www.google.com/sky/skymap/" target="_blank">Google</a></li><li>Ringdroid - <a href="http://code.google.com/p/ringdroid/" target="_blank">Ringdroid</a></li><li>Shazam - <a href="http://www.shazam.com/music/web/pages/android.html" target="_blank">Shazam</a></li><li>ShootMe- <a href="http://www.cyrket.com/p/android/com.bw.picme.local/" target="_blank">Johan Cloetens</a></li><li>ShopSavvy - <a href="http://www.biggu.com/apps/shopsavvy-android/" target="_blank">Big in Japan</a></li><li>Timeriffic - <a href="http://code.google.com/p/autosettings/wiki/Timeriffic" target="_blank">Ralf Odide</a></li><li>WeatherBug - <a href="http://weather.weatherbug.co.uk/mobile/android.html" target="_blank">WeatherBug</a></li><li>WiFinder - <a href="http://www.pgmsoft.com/" target="_blank">pgmsoft</a></li><li>Zedge - <a href="http://www.zedge.net/" target="_blank">Zedge</a></li></ul>To name just a few over and above those that come bundled with Android O/S (Gmail, RoadSync, Google Talk, YouTube etc).<br /><br />One of the plus points about Android is that there are always more apps to install and play with just around the corner.<br /><br /><span style="color: red;">AND 99% OF ANDROID APPS ARE FREE! </span>(take that iPhone!)<br /><br />Here's what the handset (running the stock T-Mobile Android Operating System) looks like:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a alt="Pulse / Huawei U8220 Handset" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/S6Ev2kbuMBI/AAAAAAAAAfI/kgDMZ9ySmYw/s1600-h/tm.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Pulse / Huawei U8220 Handset"><img style="border-style: none" height="367" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/S6Ev2kbuMBI/AAAAAAAAAfI/kgDMZ9ySmYw/s400/tm.jpg" width="400" /></a></div><br />More Information on the Pulse can be found here: <a href="http://wiki.modaco.com/index.php/Huawei_U8220" target="_blank">MoDaCo Wiki</a><br /><br />Pretty funky I think you'll agree!<br /><br />Next job is to <a href="http://android.modaco.com/content/t-mobile-pulse-pulse-modaco-com/297009/unlock-your-pulse-at-a-s10-discount-now-s19-99-p12/" target="_blank">unlock</a> it as T-Mobile reception here is... well, lets just say it's not the best...<br /><br /><span style="font-size: large;">*** Update 19/03 ***</span><br />Unlocked a treat!<br /><br /><div class="separator" style="clear: both; text-align: center;"><a alt="Unlocked Loveliness" href="http://3.bp.blogspot.com/_2xKZgKYJlJs/S6NMOU8sjoI/AAAAAAAAAfQ/9TEPYdfAUHI/s1600-h/snap20100319_092847.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Unlocked Loveliness"><img border="0" height="400" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/S6NMOU8sjoI/AAAAAAAAAfQ/9TEPYdfAUHI/s400/snap20100319_092847.png" width="267" /></a></div> Funkadellic.<br /><br /> - Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/t-mobile-pulse-eye-candy/">T-Mobile Pulse Eye Candy</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on March 17, 2010.</p>
https://polarclouds.co.uk/choogle-power-searching-google2010-03-04T13:53:00+00:002010-03-04T13:53:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a alt="I hope we will find them this way... Pic: Stefan" href="http://www.flickr.com/photos/st3f4n/3951143570/" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank" title="I hope we will find them this way... Pic: Stefan"><img border="0" height="213" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/S4rrCjNw6oI/AAAAAAAAAeA/Sx2O9NvYSmo/s320/google-droids.jpg" width="320" /></a></div>Google.<br /><br />Love them or hate them as a company and leaving the privacy issues aside for a moment, you have to agree that Google have built themselves a pretty good search engine. Given enough time, you can find just about anything using Google.<br /><br />This leaves all of us with just one problem. How to use this massive resource to its best effect; how to quickly and effectively find exactly what your looking for.<br /><br /><div class="separator" style="clear: both; text-align: center;"></div>May I present to you:<br /><br /><span style="font-size: x-large;">CHoogle: Chris' Google Power Searches </span><br /><br />Here are some tweaked Google searches to help you gain the very best results from Google.<br /><br /><br /><span style="font-size: x-large;"><i>File Search</i></span><br />Need a file? Enter part or the full filename here:<br /><br /><div style="color: #0b5394; text-align: center;"><span style="font-size: large;"><span style="color: blue;">C</span><span style="color: red;">H</span><span style="color: #f1c232;">o</span>og<span style="color: #38761d;">l</span>e <i>File Search</i></span></div><div class="separator" style="clear: both; text-align: center;"></div><div style="text-align: center;"><span style="font-size: large;"></span></div><div style="text-align: center;"><input id="filename" onchange=";document.getElementById('FILEgtsnrb2');" size="30" type="text" value="" /> <input id="FILEgtsnrb2" onclick="window.open('http://www.google.com/search?hl=en&source=hp&q=-inurl%3A(htm|html|php)+intitle%3A%22index+of%22+%22Last+modified%22+%22XXX%22'.replace(/XXX/gm,document.getElementById('filename').value));FILEadd2url();" type="button" value="Google Search" /></div><br /><br /><b>What's happening here?</b><br />This search will add the following to your search term: <br /><br /><b>-inurl:(htm|html|php) intitle:"index of" "Last modified" "<span style="font-family: "Courier New",Courier,monospace;">{User Input}</span>"</b><br /><br /><b>-inurl:(htm|html|php)</b> - Instructs Google not to return results with ".htm", ".html" and ".php" in the results. Effectively, this filters out results that contain just the name of the file being searched for.<br /><br /><b>intitle:"index of" "Last modified" -</b> Instructs Google to only return pages with "index of" or "Last Modified" in the title of the page. These pages are generally web server generated file listings. An example of such a site would be <a href="http://downloadue.info/ISO/" target="_blank">http://downloadue.info/ISO/</a><br />Click <a href="http://www.google.com/search?hl=en&source=hp&q=-inurl%3A%28htm%7Chtml%7Cphp%29+intitle%3A%22index+of%22+%22Last+modified%22+%22ultimate-edition-2.4-x64-gamers.iso%22" target="_blank">here</a> for an example search!<br /><br /><br /><span style="font-size: x-large;"><i>Weather</i></span><br />What's the weather like today and for the next 3 days in, say, Reykjavik, Iceland? Enter the place name here:<br /><br /><div style="color: #0b5394; text-align: center;"><span style="font-size: large;"><span style="color: blue;">C</span><span style="color: red;">H</span><span style="color: #f1c232;">o</span>og<span style="color: #38761d;">l</span>e <i>Weather</i></span></div><div class="separator" style="clear: both; text-align: center;"></div><div style="text-align: center;"><input id="weather" onchange=";document.getElementById('WEATHERgtsnrb2');" size="30" type="text" value="" /> <input id="WEATHERgtsnrb2" onclick="window.open('http://www.google.com/#hl=en&q=weather%3A+XXX&meta=&aq=&oq=&fp=1&cad=b'.replace(/XXX/gm,document.getElementById('weather').value));WEATHERadd2url();" type="button" value="Google Search" /></div><br /><b>What's happening here?</b><br />This search will add the following to your search term:<br /><br /><b>Weather: </b>- Instructs Google to return weather details and a list of results that contain "weather" and the place name entered. Click <a href="http://www.google.co.uk/#hl=en&q=weather%3A+wellington+new+zealand&meta=&aq=f&oq=weather%3A+wellington+new+zealand" target="_blank">here</a> for an example search!<br /><br /><br /><span style="font-size: x-large;"><i>Phone Book</i></span><br />What's John Doe's phone number? Enter John's name here:<br /><br /><div style="color: #0b5394; text-align: center;"><span style="font-size: large;"><span style="color: blue;">C</span><span style="color: red;">H</span><span style="color: #f1c232;">o</span>og<span style="color: #38761d;">l</span>e <i>Phone Book</i></span></div><div style="text-align: center;"><input id="phone" onchange=";document.getElementById('PHONEgtsnrb2');" size="30" type="text" value="" /> <input id="PHONEgtsnrb2" onclick="window.open('http://www.google.com/search?hl=en&q=phonebook%3A+XXX&btnG=Search&meta=&aq=f&oq='.replace(/XXX/gm,document.getElementById('phone').value));PHONEadd2url();" type="button" value="Google Search" /></div><br /><b>What's happening here?</b><br />This search will add the following to your search term:<b> </b><br /><br /><b>Phonebook: </b>- Instructs Google to open its residential phone book and search for the name entered.<br />Click <a href="http://www.google.co.uk/search?hl=en&q=phonebook%3A+john+doe" target="_blank">here</a> for an example search!<br /><br /><br /><span style="font-size: x-large;"><i>Movies</i></span><br />What time is that movie on in my local cinema? Just enter your town here:<br /><br /><div style="color: #0b5394; text-align: center;"><span style="font-size: large;"><span style="color: blue;">C</span><span style="color: red;">H</span><span style="color: #f1c232;">o</span>og<span style="color: #38761d;">l</span>e <i>Movies</i></span></div><div style="text-align: center;"><input id="movie" onchange=";document.getElementById('MOVIEgtsnrb2');" size="30" type="text" value="" /> <input id="MOVIEgtsnrb2" onclick="window.open('http://www.google.com/movies?q=movie%3A+XXX&btnG=Search+Films&hl=en&ie=UTF-8'.replace(/XXX/gm,document.getElementById('movie').value));MOVIEadd2url();" type="button" value="Google Search" /></div><br /><b>What's happening here?</b><br />This search will add the following to your search term:<br /><br /><b>Movie: </b>- Instructs Google to list movies and start times in Cinemas in or close by to the place name entered. <br />Click <a href="http://www.google.co.uk/movies?hl=en&q=movie:+wellington+new+zealand" target="_blank">here</a> for an example search!<br /><br /><br /><span style="font-size: x-large;"><i>Time</i></span><br />What is the time right now in, say Wellington New Zeland? Just enter the location here:<br /><br /><div style="color: #0b5394; text-align: center;"><span style="font-size: large;"><span style="color: blue;">C</span><span style="color: red;">H</span><span style="color: #f1c232;">o</span>og<span style="color: #38761d;">l</span>e <i>Time</i></span></div><div style="text-align: center;"><input id="time" onchange=";document.getElementById('TIMEgtsnrb2');" size="30" type="text" value="" /> <input id="TIMEgtsnrb2" onclick="window.open('http://www.google.com/#hl=en&q=time%3A+XXX&meta=&aq=&fp=1&cad=b'.replace(/XXX/gm,document.getElementById('time').value));TIMEadd2url();" type="button" value="Google Search" /></div><br /><b>What's happening here?</b><br />This search will add the following to your search term:<br /><br /><b>Time: </b> - Instructs Google to return the current time of place name entered. <br />Click <a href="http://www.google.co.uk/#hl=en&source=hp&q=time%3A+wellington+new+zealand" target="_blank">here</a> for an example search!<br /><br /><br /><span style="font-size: x-large;"><i>Dictionary</i></span><br />What does that mean? Just enter it here:<span style="font-size: large;"><i> </i></span><br /><div style="color: #0b5394; text-align: center;"><span style="font-size: large;"><span style="color: blue;">C</span><span style="color: red;">H</span><span style="color: #f1c232;">o</span>og<span style="color: #38761d;">l</span>e <i>Dictionary</i></span></div><div style="text-align: center;"><input id="define" onchange=";document.getElementById('DEFINEgtsnrb2');" size="30" type="text" value="" /> <input id="DEFINEgtsnrb2" onclick="window.open('http://www.google.co.uk/search?hl=en&q=define%3A+XXX&btnG=Search&meta='.replace(/XXX/gm,document.getElementById('define').value));DEFINEadd2url();" type="button" value="Google Search" /></div><br /><b>What's happening here?</b><br />This search will add the following to your search term:<br /><br /><b>Define: </b>- Instructs Google to return a definition of the term searched for <br />Click <a href="http://www.google.co.uk/search?hl=en&q=define%3A+antidisestablishmentarianism" target="_blank">here</a> for an example search!<br /><br />Search-tastic!<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/choogle-power-searching-google/">CHoogle: Power Searching Google</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on March 04, 2010.</p>
https://polarclouds.co.uk/easily-test-for-64bit-capability2010-02-22T18:31:00+00:002010-02-22T18:31:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a alt="CPU Up Close and Personal. Pic: Loan Sameli" href="http://www.flickr.com/photos/biwook/153052118/" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank" title="CPU Up Close and Personal. Pic: Loan Sameli"><img border="0" height="150" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/S315qQp_bNI/AAAAAAAAAdI/KqbDXzSH3QI/s200/cpu.jpg" width="200" /></a></div>It's a simple question. A question that seems to be popping up more and more these days.<br /><br /><i>"Can my laptop / desktop / server / whatever run a 64bit Operating System and applications?"</i><br /><br />Here are the simplest ways I've found to quickly test whether the processor in any system is capable of running a 64bit OS and applications. I'm sure there are other ways to discover the same, but these work for me and there is no reason why they shouldn't work for you too.<br /><br />Luckily for us, these tests can be run without having to install any applications and can be run on whatever operating system you have running now. No need to wipe your hard disk and test for 64bit operation the hard way!<br /><br /><br /><span style="font-size: large;"><b>Linux / VMware ESX</b></span><br />Open up a terminal prompt and enter the following command:<br /><blockquote><span style="font-family: "Courier New",Courier,monospace;">cat proc/cpuinfo</span></blockquote>This will produce an output similar to the following:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a alt="Processor Information - 32bit Machine" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/S4HKMypS5bI/AAAAAAAAAdQ/ffgu58anyF0/s1600-h/linux.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Linux Processor Information - 32bit Machine"><img border="0" height="225" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/S4HKMypS5bI/AAAAAAAAAdQ/ffgu58anyF0/s320/linux.PNG" width="320" /></a></div><br />The area of interest is "flags" list:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a alt="Processor Capability Flags" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/S4HKzs4ouMI/AAAAAAAAAdY/FKfXN52jKhc/s1600-h/tinylinux.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Processor Capability Flags"><img border="0" height="37" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/S4HKzs4ouMI/AAAAAAAAAdY/FKfXN52jKhc/s400/tinylinux.png" width="400" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/S4LD8EBCs6I/AAAAAAAAAdg/D4f7Q2NADHw/s1600-h/putty.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="VMware ESX Server running on 64bit Machine" alt="VMware ESX Server running on 64bit Machine"><img border="0" height="202" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/S4LD8EBCs6I/AAAAAAAAAdg/D4f7Q2NADHw/s320/putty.PNG" width="320" /></a></div><br /><br />If the "lm" flag is listed, then your processor is capable for running 64bit OS and applications. LM stands for 64bit Long Mode, details of which can be found at Wikipedia <a href="http://en.wikipedia.org/wiki/Long_mode" target="_blank">here</a><br /><br /><br /><span style="font-size: large;"><b>Windows</b></span> <br />Hop over to Gibson Research Corp and grab yourself a copy of <a href="http://www.grc.com/securable.htm" target="_blank">securable</a> (115k). This little program was written to, amongst other things, test for 64bit processing capability. It doesn't need installing and can be run from USB if desired. <br /><br />Example outputs are as follows:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/S4LHAxCyX3I/AAAAAAAAAdo/bZyc1lIgy3s/s1600-h/securable32.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Securable on a 32bit Machine" alt="Securable on a 32bit Machine"><img border="0" height="249" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/S4LHAxCyX3I/AAAAAAAAAdo/bZyc1lIgy3s/s320/securable32.PNG" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/S4LHGCWNlhI/AAAAAAAAAdw/ZeP9yGzXjrw/s1600-h/securable64.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Securable on a 64bit Machine" alt="Securable on a 64bit Machine"><img border="0" height="244" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/S4LHGCWNlhI/AAAAAAAAAdw/ZeP9yGzXjrw/s320/securable64.PNG" width="320" /></a></div><br />Full details regarding Hardware D.E.P. and Hardware Virtualisation can be obtained by clicking on the respective titles in the Securable window.<br /><br /><br /><span style="font-size: large;"><b>No Operating System Installed</b></span><br />What? You would like to test for 64bit compatibility <i>before</i> installing an OS?<br /><br />Sure, no problem! Head over to the <a href="http://www.vmware.com/download/shared_utilities.html" target="_blank">Shared Utilities area on VMware's website</a>. Download their CPU Identification Utility (130Kb), extract cpuid.iso file from the zip and burn to CD.<br /><br />Example output is as follows:<br /><br /><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="http://i713.photobucket.com/albums/ww133/chall321/vmwareCPUid.png" imageanchor="1" rel="lightbox" style="margin-left: 1em; margin-right: 1em;" title="VMware CPU ID - 32bit Machine" alt="VMware CPU ID - 32bit Machine"><img border="0" height="201" src="http://i713.photobucket.com/albums/ww133/chall321/vmwareCPUid.png" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/S4LLI-OoeEI/AAAAAAAAAd4/Wn2gt27BcRg/s1600-h/vmtool64.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="VMware CPU ID - 64bit Machine" alt="VMware CPU ID - 64bit Machine"><img border="0" height="222" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/S4LLI-OoeEI/AAAAAAAAAd4/Wn2gt27BcRg/s320/vmtool64.PNG" width="320" /></a></div><br />Again, if "longmode : Yes" then your processor is capable for running 64bit OS and applications.<br /><br /><br />That concludes our 64bit Operating System compatibility testing. It's simple to test for 64bit when you know how! <br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/easily-test-for-64bit-capability/">Easily Test for 64bit Capability!</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 22, 2010.</p>
https://polarclouds.co.uk/google-lesson-in-advertising2010-02-08T17:22:00+00:002010-02-08T17:22:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/S3A968hgS4I/AAAAAAAAAdA/W33kmK1vX0o/s1600-h/google.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="Google Super Bowl Ad: How to advertise properly" alt="Google Super Bowl Ad: How to advertise properly"><img style="border-style: none" height="148" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/S3A968hgS4I/AAAAAAAAAdA/W33kmK1vX0o/s320/google.PNG" width="320" /></a></div><br /><br /><br />As readers will know, advertising in general really does wind me up. <br /><br /><br /><br /><br /><br />So, why prey tell am I posing an advert here?<br /><br />Simple. This advert typifies the exact kind of advertising I <i>do</i> like.<br /><br />Don't get hung up on the product its selling, just enjoy it for its zero gimmicks, blaring noise or general overblown tripe:<br /><br /><br /><object width="480" height="295"><param name="movie" value="http://www.youtube-nocookie.com/v/nnsSUqgkDwU&hl=en_GB&fs=1&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube-nocookie.com/v/nnsSUqgkDwU&hl=en_GB&fs=1&rel=0" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="480" height="295"></embed></object><br /><br /><br />Just show us the product, how it works and demonstrate how it impacts peoples lives. It is a product we already know and use, so just reinforce why we use it.<br /><br />Apparently this was shown during yesterday's Super Bowl. An oasis of calm in all that hell for leather flashy on screen graphics and on pitch fireworks.<br /><br />Why can't all advertising be like this?<br /><br />Go-Compare / Injury Lawyers for You / Money-Supermarket - You really really don't have a clue do you?<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/google-lesson-in-advertising/">Google: Lesson in Advertising</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 08, 2010.</p>
https://polarclouds.co.uk/windows-7-fix-wireless-trouble2010-02-05T00:15:00+00:002010-02-05T00:15:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/S2tEyVaMfdI/AAAAAAAAAb8/tmP64ltO5po/s1600-h/wireless.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="Windows 7 Wireless" alt="Windows 7 Wireless"><img style="border-style: none" height="200" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/S2tEyVaMfdI/AAAAAAAAAb8/tmP64ltO5po/s200/wireless.png" width="185" /></a></div><br />With the proliferation of wireless networks, it is becoming more and more likely that if you live in upwards of a fairly well a populated area, you are going to have problems with your wireless LAN.<br /><br />Problems that are likely to include random wireless drops, undetectable or uncontactable wireless networks, data throughput problems, etc etc.<br /><br />The question is - what can be done to try and get to the bottom of these problems?<br /><br />Perhaps the best place to start is to run a single command line tool to find out as much information as we can about:<br /><ul><li>Wireless adapter model</li><li>Adapter card driver details</li><li>Configured wireless LAN profile(s)</li><li>Full details of wireless networks currently visible </li></ul>As you can see, quite a lot of information from a single command!<br /><br />Historically to get this level of information, you would need to look in several places (device manager, wireless networking info) and install 3rd party applications such as <a href="http://www.netstumbler.com/" target="_blank">NetStumbler</a> etc.<br /><br />OK, so how do you get all this info from the single command? Easy peasy.<br /><ol><li>Click Start (aka Windows Orb) and enter <span style="font-family: "Courier New",Courier,monospace;">cmd</span> into the text box and hit enter to open a command prompt</li><li>Into the command prompt window, enter the command:</li><blockquote style="font-family: "Courier New",Courier,monospace;">netsh wlan show all >wireless.txt</blockquote><li>This will run the command and pipe the output of the command into the file wireless.txt for easy reading</li><li>Still in the command prompt window, run</li><blockquote style="font-family: "Courier New",Courier,monospace;">notepad wireless.txt</blockquote><li>This will open the output from the "netsh wlan show all" command in notepad</li></ol>With a bit of luck, you should now be looking at something that looks a bit like this: <br /><br /><blockquote><span style="font-size: xx-small;">======================================================================= <br />============================== SHOW DRIVERS =========================== <br />=======================================================================<br />Interface name: Wireless Network Connection<br /><br /> Driver : Intel(R) PRO/Wireless 2200BG Network Connection<br /> Vendor : Intel Corporation<br /> Provider : Intel<br /> Date : Wed 19/12/2007<br /> Version : 9.0.4.39<br /> INF file : C:\Windows\INF\oem1.inf<br /> Files : 3 total<br /> C:\Windows\system32\DRIVERS\w29n51.sys<br /> C:\Windows\system32\Netw2c32.dll<br /> C:\Windows\system32\Netw2r32.dll<br /> Type : Legacy Wi-Fi Driver<br /> Radio types supported : 802.11g 802.11b<br /> FIPS 140-2 mode supported : No<br /> Hosted network supported : No<br /> Authentication and cipher supported in infrastructure mode:<br /> Open None<br /> Open WEP<br /> Shared None<br /> Shared WEP<br /> WPA-Enterprise TKIP<br /> WPA-Enterprise CCMP<br /> WPA-Personal TKIP<br /> WPA-Personal CCMP<br /> WPA2-Enterprise TKIP<br /> WPA2-Enterprise CCMP<br /> WPA2-Personal TKIP<br /> WPA2-Personal CCMP<br /> Authentication and cipher supported in ad-hoc mode:<br /> Open WEP<br /> Shared WEP<br /> Open None<br /> Shared None</span><br /><span style="font-size: xx-small;">======================================================================= </span><br /><span style="font-size: xx-small;">============================= SHOW INTERFACES ========================= </span><br /><span style="font-size: xx-small;">=======================================================================</span></blockquote>etc etc etc!<br /><br /><b><span style="font-size: large;">Troubleshooting:</span></b><br /><br /><b>Channels in "SHOW NETWORKS MODE=BSSID" section</b> <br />Find your wireless LAN and compare this to the channel details of the other wireless networks detailed in the results file. If your wireless network is using the same channel as someone else's then change your wireless access point or router to use a different wireless channel. <br /><br /><b>Signal strength in "SHOW NETWORKS MODE=BSSID" section</b> <br />Yes I know the Windows 7 GUI gives you signal strength (and that's about all), but this method is more accurate. Is the strength any good? With a higher signal strength, is the wireless connection more stable? <br /><ul></ul><u>These two are the most likely culprits when it comes to unstable wireless connections.</u><br /><br />Some more advance troubleshooting includes:<b> </b><br /><br /><b>Driver in "SHOW DRIVERS" section</b><br />In my case:<br /><ul></ul><blockquote><span style="font-size: xx-small;"> Driver : Intel(R) PRO/Wireless 2200BG Network Connection<br /> Vendor : Intel Corporation<br /> Provider : Intel<br /> Date : Wed 19/12/2007<br /> Version : 9.0.4.39</span></blockquote>Armed with this info, I can hit <a href="http://downloadcenter.intel.com/Default.aspx" target="_blank">Intel's website</a> and see if there is a newer version driver available and update.<br /><br />Alternatively, I could go to the <a href="http://go.microsoft.com/fwlink/?LinkId=8973" target="_blank">Windows Update Catalogue</a> and search for MS approved driver updates or hotfixes. See <a href="http://support.microsoft.com/kb/323166" target="_blank">here</a> for how to use the catalogue.<br /><br /><b>Basic Rate and Other Rate in "SHOW NETWORKS MODE=BSSID" section</b><br />Try configuring your wireless card via device manager to run at one of the basic rates listed. Does this make any difference? Trial and error to see how fast you can go whilst remaining stable.<br /><br /><span style="font-size: large;"><b>Conclusion</b></span><br />As we have seen, by running one simple command you can grab all sorts of valuable wireless information and have a real good stab at fixing wireless networking woes.<br /><br />If all else fails, then there is always <a href="http://www.netgear.com/Products/PowerlineNetworking.aspx?for=Home+Networking" target="_blank">Ethernet over power</a>!<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/windows-7-fix-wireless-trouble/">Windows 7: Fix Wireless Trouble</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 05, 2010.</p>
https://polarclouds.co.uk/blogger-related-posts-widget2010-02-03T23:10:00+00:002010-02-03T23:10:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a alt="Gimme those related posts!" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/S2nzXASlYgI/AAAAAAAAAbM/aiszs69p_2g/s1600-h/relatedposts.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="Gimme those related posts!"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/S2nzXASlYgI/AAAAAAAAAbM/aiszs69p_2g/s320/relatedposts.png" /></a></div><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />Do you like my latest addition?<br /><br />Yeah, I do too!<br /><br />In an effort to lower the <a href="http://en.wikipedia.org/wiki/Bounce_rate" target="_blank">bounce rate</a> of this site, I found this excellent related posts widget. The killer feature for me has to be the thumbnails.<br /><br />Web-surfing experience shows that everyone likes to click on a thumbnail!<br /><br />So, how is it done?<br /><br />Quite simple. Head on over to <a href="http://www.bloggerplugins.org/2009/08/related-posts-thumbnails-blogger-widget.html" target="_blank">this post at Blogger Widgets</a> to see how and to get the code. I'm not going to repost the article here, there really is no point.<br /><br />Rather than using the standard relatedthumbs21.js java file as used in the article, I downloaded the original (available <a href="http://blogergadgets.googlecode.com/files/relatedthumbs21.js">here</a>), tweaked and re hosted it just as I did with the java files in my <a href="http://chall32.blogspot.com/2009/11/slimbox2-blogger-integration.html" target="_blank">slimbox2 post</a>.<br /><br />Here are the two changes to relatedthumbs21.js I made:<br /><br />Changed the link text from 35 characters:<br /><br /><blockquote><span style="font-size: x-small;">if(relatedTitles[relatedTitlesNum].length>35) relatedTitles[relatedTitlesNum]=relatedTitles[relatedTitlesNum].substring(0, 35)+"..."; </span></blockquote><br />to 30 characters:<br /><br /><blockquote><span style="font-size: x-small;">if(relatedTitles[relatedTitlesNum].length>30) relatedTitles[relatedTitlesNum]=relatedTitles[relatedTitlesNum].substring(0, 30)+"..."; </span></blockquote><br />This was because at 35 characters, the blue highlight background fails to cover the whole block of text:<br /><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><br /><div class="separator" style="clear: both; text-align: center;"><a alt="Before and After" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/S2n-7Wi1NMI/AAAAAAAAAbc/1lBvAqzrkBE/s1600-h/35ba.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Before and After"><img border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/S2n-7Wi1NMI/AAAAAAAAAbc/1lBvAqzrkBE/s320/35ba.png" /></a></div><br />Also, 5 lines of link text looks (to me at least) a bit too much.<br /><br />The final change was to tweak the "Related Posts:" header. Originally it was too big, too bold and looked (to me) in contention with the post titles.<br /><br />Again, quite simple. This:<br /><br /><blockquote><span style="font-size: x-small;">if(relatedTitles.length>0) document.write('</span><br /><span style="font-size: x-small;">< h2 ></span><br /><span style="font-size: x-small;">'+relatedpoststitle+'< /h2 ></span><br /><span style="font-size: x-small;">');</span></blockquote><br />To this:<br /><br /><blockquote><span style="font-size: x-small;">if(relatedTitles.length>0) document.write(' '+relatedpoststitle+' ');</span></blockquote><br />Nice. Feel free to have a click around. There's much more to this blog than just one page you know!<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/blogger-related-posts-widget/">Blogger Related Posts Widget</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 03, 2010.</p>
https://polarclouds.co.uk/how-to-enable-access-windows-72010-02-01T20:36:00+00:002010-02-01T20:36:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a alt="Administrative Shares... They're Grrreat!" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/S2Xq3ZQAfnI/AAAAAAAAAY8/-w9waKd-s0Q/s1600-h/c%24.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="Administrative Shares... They're Grrreat!"><img border="0" height="176" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/S2Xq3ZQAfnI/AAAAAAAAAY8/-w9waKd-s0Q/s200/c%24.png" width="200" /></a></div>From Wikipedia:<br /><br /><i>The administrative shares are the default network shares created by all Windows NT-based operating systems (NT / 2000 / XP / 2003 / Vista / Windows 7). These default shares share every hard drive partition in the system. These shares will allow anyone who can authenticate as any member of the local Administrators group access to the root directory of every hard drive on the system.</i><br /><br />Microsoft in their wisdom have added an additional step in the process required to enable Administrative shares in Windows 7. Follows is the process required:<br /><br /><span style="font-size: large;"><b>1. Enable Use Sharing Wizard</b></span><br /><ul><li>Click <b>Start</b></li><li>Click <b>Computer</b></li><li>Click <b>Organize </b>and <b>Folder and Search Options</b></li><li>Select <b>View </b>tab</li><li>Ensure that <b>Use Sharing Wizard</b> is selected:</li> <div class="separator" style="clear: both; text-align: center;"><a alt="Enable Use Sharing Wizard" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/S2ct8uIm5UI/AAAAAAAAAZM/cqSfwBnmfgk/s1600-h/folderoptions.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Enable Use Sharing Wizard"><img border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/S2ct8uIm5UI/AAAAAAAAAZM/cqSfwBnmfgk/s320/folderoptions.png" /></a></div><li>Click <b>OK</b></li></ul><span style="font-size: large;"><b>2. Open Windows Firewall</b></span><br /><ul><li>Click <b>Start </b></li><li>Click <b>Control Panel</b></li><li>Click <b>Category</b> and select <b>Small Icons</b></li><li>Click <b>Windows Firewall</b></li><li>Click <b>Allow a Program or feature through Windows Firewall</b></li><li>Find<b> File and Printer Sharing</b> and enable <b>Home/Work </b>and <b>Public </b>network </li></ul><div class="separator" style="clear: both; text-align: center;"><a alt="Open Windows Firewall" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/S2cweYd2gRI/AAAAAAAAAZU/jCNa6eDxGJM/s1600-h/fnpsharing.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Open Windows Firewall"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/S2cweYd2gRI/AAAAAAAAAZU/jCNa6eDxGJM/s320/fnpsharing.png" /></a></div><ul><li> Click <b>OK</b> and close Control Panel</li></ul><span style="font-size: large;"><b>3. Enable Local Account Token Filter Policy</b></span><br />This is the new bit.<br /><ul><li>Click <b>Start</b></li><li>Type <b>regedit </b>in the <b>Start Search</b> box, and then click <b>regedit</b> in the <b>Programs </b>list.</li><li>Expand the following subkey:<br /> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System</li><li>If the <b>LocalAccountTokenFilterPolicy</b> registry entry does not exist, follow these steps: <br /><ol><li type="a">On the <b class="uiterm">Edit</b> menu, click <b class="uiterm">New</b>, and then click <b class="uiterm">DWORD Value</b> </li><li type="a">Type <b><span class="userInput">LocalAccountTokenFilterPolicy</span></b>, and then press ENTER</li></ol></li><li>Right-click <b class="uiterm">LocalAccountTokenFilterPolicy</b>, and then click <b class="uiterm">Modify</b></li><li>In the <b>Value data</b> box, type <b>1</b>, and then click <b>OK</b></li> <div class="separator" style="clear: both; text-align: center;"><a alt="Enable LocalAccountTokenFilterPolicy" href="http://3.bp.blogspot.com/_2xKZgKYJlJs/S2c2VrbHRjI/AAAAAAAAAZc/UtSP3aKOIbk/s1600-h/latfp.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Enable LocalAccountTokenFilterPolicy"><img border="0" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/S2c2VrbHRjI/AAAAAAAAAZc/UtSP3aKOIbk/s320/latfp.png" /></a></div><li>Exit Registry Editor </li></ul>Job done. No need to reboot.<br /><br />For further reading on see <a href="http://support.microsoft.com/kb/951016" target="_blank">KB951016</a><br /><br />Apparently you also had to do this to enable access to Administrative Share in Vista too... But who cares about that?<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/how-to-enable-access-windows-7/">How to Enable Access to Windows 7 Administrative Shares</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on February 01, 2010.</p>
https://polarclouds.co.uk/pork-chops-on-bus2010-01-28T21:04:00+00:002010-01-28T21:04:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/S2H6GkwmkoI/AAAAAAAAAYw/vsEsdJF-fAw/s1600-h/bus%283%29.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Pork Chops on the Bus" alt="Pork Chops on the Bus"><img border="0" height="267" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/S2H6GkwmkoI/AAAAAAAAAYw/vsEsdJF-fAw/s400/bus%283%29.jpg" width="400" /></a><br /></div><br />They certainly are!<br /><br /><a href="http://ruletheweb.co.uk/b3ta/bus/" target="_blank">Bus Slogan Generator</a> Have fun.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/pork-chops-on-bus/">Pork Chops on the Bus</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 28, 2010.</p>
https://polarclouds.co.uk/live-aircraft-tracking-link-around2010-01-27T00:09:00+00:002010-01-27T00:09:00+00:00Chris Hallhttps://polarclouds.co.uk
<a alt="The airport used to around here somewhere... honest!" href="http://3.bp.blogspot.com/_2xKZgKYJlJs/S190DXiIgvI/AAAAAAAAAYg/ZkwFUiv1_DQ/s1600-h/busy.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="The airport used to around here somewhere... honest!"><img border="0" height="193" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/S190DXiIgvI/AAAAAAAAAYg/ZkwFUiv1_DQ/s200/busy.PNG" width="200" /></a>Ever looked up into the sky and thought "I wonder where that plane is off to or coming from?"<br /><br />Or more importantly "I bet they're going somewhere warm.... lucky buggers!" <br /><br />Or "Ha ha! Heading back to Gatwick? Heathrow? Stansted? Looks like your holiday is over!"<br /><br />No? Just me then.... ahem.....<br /><br />How about "I wonder what time uncle Bob's flight gets in?" <br /><br />Anyway, thanks to the internet it's simple to find out what's where and where it's going. Follows is a link-around of online flight tracking websites. <br /><br /><a href="http://www.radarvirtuel.com/" target="_blank">radarvirtuel</a> - provides tracking and data for pretty much the whole of Europe. Used for screenshot above. Top Site!<br /><br /><a href="http://casper.frontier.nl/" target="_blank">casper</a> - tracks air traffic around and in or out of Schiphol airport<br /><br /><a href="http://gmapsflighttracker.com/" target="_blank">gmapsflighttracker</a> - Fight data for eight major US airports<br /><br /><a href="http://radar.zhaw.ch/radar.html" target="_blank">radar.zhaw</a> - data on flights around Zurich airport<br /><br /><a href="http://www.flightradar24.com/" target="_blank">flightradar24</a> - details on flights around central and northern Europe<br /><br /><a href="http://www.aeroseek.com/webtrax/airnav.html" target="_blank">aeroseek</a> - search for and track a single or random flight to track. (Top site to track uncle Bob!)<br /><br />Getting as close as possible realtime flight data right to your desktop - done.<br /><br />Now all you need to decide is how long to leave it until you need to jump in the car to pick uncle Bob up from the airport....<br /><br />PS - If you know of any other sites, let me know.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/live-aircraft-tracking-link-around/">Live Aircraft Tracking Link-around</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 27, 2010.</p>
https://polarclouds.co.uk/vmware-esx-4-update-to-build-number2010-01-25T23:43:00+00:002010-01-25T23:43:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: left;"><a alt="ESX" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/S2nbCYgLaZI/AAAAAAAAAbE/zLBnyYDAdKs/s1600-h/esx.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="ESX"><img border="0" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/S2nbCYgLaZI/AAAAAAAAAbE/zLBnyYDAdKs/s320/esx.png" /></a></div><br /><br />Simple bit of info, often hard to find:<br /><br /><br />ESX 4.0 = Build 164009 - Released 21 May 2009<br />ESX 4.0 Update 1 = Build 208167 - Released 19 Nov 2009<br />ESX 4.0 Update 2 = Build 261974 - Released 10 June 2010<br />ESX 4.0 Update 3 = Build 398348 - Released 5 May 2011 <br /><br />An easy way to find build numbers without logging into the VI Client is to run:<br /><blockquote style="font-family: "Courier New",Courier,monospace;">vmware -v</blockquote><br />See <a href="http://chall32.blogspot.com/2009/07/vmware-esx-35-update-to-build-number.html" target="_blank">here</a> for VMware ESX 3.5 Update to Build Number.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/vmware-esx-4-update-to-build-number/">VMware ESX 4 Update to Build Number</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 25, 2010.</p>
https://polarclouds.co.uk/expected-drugging2010-01-22T17:38:00+00:002010-01-22T17:38:00+00:00Chris Hallhttps://polarclouds.co.uk
Just signed in to facebook. Sending a quick reply to a comment, you know, no biggie.<br /><br />Looks like you have to enter some captcha words before you are allow to post...<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/S1nhbzBRRfI/AAAAAAAAAYQ/ANd5z7X1duE/s1600-h/drugging.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Expected Drugging??!?!?!" alt="Expected Drugging??!?!?!"><img border="0" height="196" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/S1nhbzBRRfI/AAAAAAAAAYQ/ANd5z7X1duE/s400/drugging.png" width="400" /></a><br /></div><br />What the.....?<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/S1njLb_41MI/AAAAAAAAAYY/ZdtWpDfLb2A/s1600-h/drugging2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Expected Drugging??!?!?!" alt="Expected Drugging??!?!?!"><img border="0" height="227" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/S1njLb_41MI/AAAAAAAAAYY/ZdtWpDfLb2A/s400/drugging2.png" width="400" /></a><br /></div><br />Is this a comment on my weekend plans?<br /><br />Does someone know something I don't?<br /><br />Who's expecting to be drugged? <br /><br />What drugs?<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/expected-drugging/">Expected Drugging?</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 22, 2010.</p>
https://polarclouds.co.uk/vmware-esx-35-esx-4-reset-lost-or2010-01-21T21:45:00+00:002010-01-21T21:45:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: left;"><a alt="Forgotten Something? Pic: KayVee.INC" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/S1i-Rt4sMUI/AAAAAAAAAXY/CAyFAvQamZI/s1600-h/dontforget.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="Forgotten Something? Pic: KayVee.INC"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/S1i-Rt4sMUI/AAAAAAAAAXY/CAyFAvQamZI/s200/dontforget.jpg" /></a></div>It happens to us all eventually.<br /><br />Just like anything else, appointments, meetings, conference calls, you name it, wedding anniversaries (especially wedding anniversaries) at some point you are going to forget a password or two.<br /><br />All well and good, most passwords can easily be reset without any real problem. After all what good is a password system that doesn't allow for this oh so regular occurrence?<br /><br />But what happens if you forget the root password to one or more of your VMware ESX servers? Hmm that's not so easy to sort out. Or is it?<br /><br />Yes it's easy to reset, but you are going to need an outage.<br /><br /><b><span style="font-size: large;">How To Reset root Password</span></b><br /><ol><li>Shutdown or migrate all Virtual Machines off of the ESX server in question<br /></li><li> Reboot ESX server and at the grub boot menu screen press a to modify the kernel arguments:</li><div class="separator" style="clear: both; text-align: center;"><a alt="ESX Grub Boot Menu, Press a" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/S1jEGEgO2oI/AAAAAAAAAXo/rlt8DzduNMc/s1600-h/esx-password.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="ESX Grub Boot Menu, Press A"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/S1jEGEgO2oI/AAAAAAAAAXo/rlt8DzduNMc/s320/esx-password.png" /></a> </div><li>At the following screen, enter the word <span style="font-family: "Courier New",Courier,monospace;">single</span> at the end of the kernel arguments line:</li><div class="separator" style="clear: both; text-align: center;"><a alt="ESX Kernel Arguments. Add the word single" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/S1jEDLdpj2I/AAAAAAAAAXg/HXHXsg3RCAQ/s1600-h/esx-password1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="ESX Kernel Arguments. Add the word single"><img border="0" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/S1jEDLdpj2I/AAAAAAAAAXg/HXHXsg3RCAQ/s320/esx-password1.png" /></a> </div><li>Hit Enter. The ESX server will now boot into a single user environment:</li><div class="separator" style="clear: both; text-align: center;"><a alt="ESX Single User Environment" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/S1jFgq3UQEI/AAAAAAAAAXw/eyZ-64nh5bw/s1600-h/esx-password2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="ESX Single User Environment"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/S1jFgq3UQEI/AAAAAAAAAXw/eyZ-64nh5bw/s320/esx-password2.png" /></a> </div><li>At the # prompt enter <span style="font-family: "Courier New",Courier,monospace;">passwd</span> This will prompt you to enter a new password for the root user:</li><div class="separator" style="clear: both; text-align: center;"><a alt="root Password Reset!" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/S1jGI50wiwI/AAAAAAAAAX4/oKJTzLOx2bI/s1600-h/esx-password3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="root Password Reset!"><img border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/S1jGI50wiwI/AAAAAAAAAX4/oKJTzLOx2bI/s320/esx-password3.png" /></a> </div><li>Once you have entered your new root password, reboot the ESX server with the <span style="font-family: "Courier New",Courier,monospace;">reboot </span>command:</li><div class="separator" style="clear: both; text-align: center;"><a alt="Reboot ESX" href="http://3.bp.blogspot.com/_2xKZgKYJlJs/S1jGp7ltnRI/AAAAAAAAAYA/P3C3DOIUvQg/s1600-h/esx-password4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Reboot ESX"><img border="0" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/S1jGp7ltnRI/AAAAAAAAAYA/P3C3DOIUvQg/s320/esx-password4.png" /></a> </div><li>Allow the ESX server to reboot as normal. Double check your new root user password works as expected, bring up any shut down Virtual Machines.</li></ol>Job Done!<br /><br />Although I have used ESX 3.5 in the screenshots, this procedure also works for ESX 4.<br /><br /><i>Isn't this a "back door" into ESX? </i><i>Is this procedure really a legitimate way to reset root passwords?</i> No, it's not a back door! Honest Guv'nor!<br /><br />As for legitimacy, see this <a href="http://kb.vmware.com/kb/1317898" target="_blank">VMware knowledgebase article</a><br /><br />Thanks go to Martin for calling this afternoon and asking how this is done - before you called I always wondered... Now we know!<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/vmware-esx-35-esx-4-reset-lost-or/">VMware ESX 3.5, ESX 4 - Reset Lost or Forgotten root Password</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 21, 2010.</p>
https://polarclouds.co.uk/chris-natural-disaster-tracker-trending2010-01-15T22:26:00+00:002010-01-15T22:26:00+00:00Chris Hallhttps://polarclouds.co.uk
OK, this was a fun little side line project until it got serious. <br /><br />All our heats and prayers go out to all those affected by the recent earthquake in Haiti. <br /><br /><div class="separator" style="clear: both; text-align: center;"><a alt="DEC Haiti Appeal" href="http://www.dec.org.uk/" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="DEC Haiti Appeal"><img border="0" src="http://www.dec.org.uk/download/724/injured-boy.jpg" /></a><br /></div><br />Please give as much as you can.<br /><br />I'm not going to say much more in this post other than to say I've found a way to add seven day trending to the Natural Disaster Tracker. <br /><br /><div class="separator" style="clear: both; text-align: center;"><a alt="twitter Earthquake Trending 9 - 15 Jan 2010" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/S1DqWLAP2bI/AAAAAAAAAXQ/8XD8alIXkSc/s1600-h/earthquake.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="twitter Earthquake Trending 9 - 15 Jan 2010"><img border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/S1DqWLAP2bI/AAAAAAAAAXQ/8XD8alIXkSc/s320/earthquake.png" /></a><br /></div><br />The trending really does speak for itself. <a href="http://bit.ly/distrak" target="_blank">http://bit.ly/distrak</a><br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/chris-natural-disaster-tracker-trending/">Chris' Natural Disaster Tracker - Trending</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 15, 2010.</p>
https://polarclouds.co.uk/chriscontrol-v2-beta-2-released-get2010-01-12T23:55:00+00:002010-01-12T23:55:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: left;"><a alt="ChrisControl" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/S00MGXjZ-zI/AAAAAAAAAW8/mHcm-VCWhYo/s1600-h/chriscontrol.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="ChrisControl"><img border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/S00MGXjZ-zI/AAAAAAAAAW8/mHcm-VCWhYo/s320/chriscontrol.png" /></a><br /></div>Quick post to mention that I've just released ChrisControl v2 Beta 2.<br /><br />See all the details on the ChrisControl Google code site <a href="http://code.google.com/p/chriscontrol/wiki/CC2_Beta2_12Jan10" target="_blank">here</a><br /><br />Download from the ChrisControl Google code site <a href="http://code.google.com/p/chriscontrol/downloads/list" target="_blank">here</a><br /><br />What is ChrisControl? See the history <a href="http://chall32.blogspot.com/2009/07/chriscontrol-is-not-dead-its-just.html" target="_blank">here</a> and a brief overview <a href="http://code.google.com/p/chriscontrol/" target="_blank">here</a><br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/chriscontrol-v2-beta-2-released-get/">ChrisControl v2 Beta 2 Released - Get your copy now!</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 12, 2010.</p>
https://polarclouds.co.uk/sel-updating-realtime-search-chris2010-01-11T00:02:00+00:002010-01-11T00:02:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/S0pNtbEftOI/AAAAAAAAAW0/7rzH144k0OA/s1600-h/earth.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="Global Events..." alt="Global Events..."><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/S0pNtbEftOI/AAAAAAAAAW0/7rzH144k0OA/s200/earth.png" /></a></div>What's happening around the world now?<br /><br />No, right now <i>- this minute?</i><br /><br />By now, I'm sure we are all aware about the magnitude 6.5 earthquake off off the California coast on yesterday (Saturday 9th Jan).<br /><br />No? Strange. Big news in the LA Times <a href="http://www.latimes.com/news/la-me-earthquake-mobile10,0,5725817.story" target="_blank">here</a> and <a href="http://www.latimes.com/news/local/la-me-eureka-earthquake11-2010jan11,0,4670388.story" target="_"blank"">here</a>. See <a href="http://mashable.com/2010/01/09/eureka-earthquake/" target="_blank">this mashable article</a> for some of the on the ground pictures of the Eureka earthquake.<br /><br />Yet there has been zero coverage on any of the regular UK news media. Why didn't we hear about it? Well without being sombre - probably because no one died.<br /><br />OK, Chris so how did you find out about it? - One word: twitter.<br /><br /><b>STOP!!</b><br /><b>Before you close this page thinking I'm just someone one else banging on about bloomin twitter and how I couldn't live without out it - I'm not.</b><br /><br />All I will say is that increasingly these days, twitter is there first with the news and pictures from the source of the story - or those very close to it. Far sooner than any other news source.<br /><br />Yea, yea yea - I know, you've heard it all before.<br /><br />But consider this; turning the whole twitter thing on it's head and using it to track events around the world - as they happen.<br /><br />With a few selected self updating twitter search feeds and a bit of html to hold it all together, you can find out what's happening in any of the following areas all from one web page:<br /><ul><li>Earthquakes (had to be on there really didn't it!)</li><li>Hurricanes / Tornadoes / Cyclones</li><li>Floods</li><li>Volcanos</li><li>Heavy Snow / Avalanches (topical at the moment - great pic <a href="http://news.bbc.co.uk/1/hi/uk/8447023.stm" target="_blank">here</a>)</li><li>Tsunami <br /></li></ul>Yes, I'm carrying on the theme of natural disasters, but just think; you could have a page search for pretty much anything of interest to you.<br /><br />Hmm interested now? Yea I know, it's worth a quick peak - just to see if anything is happening:<br /><br /><div style="text-align: center;"><span style="font-size: x-large;"><a href="http://bit.ly/distrak" target="_blank"><b>Chris' Natural Disaster Tracker</b></a></span><br /></div><div style="text-align: center;"><a href="http://bit.ly/distrak" target="_blank">http://bit.ly/distrak</a><br /></div><br />Now, I don't suggest you spend every waking hour in front of this site, just bookmark it and check in now and then.<br /><br />And if you do hear of some natural disaster going on in the regular news media, you can bet that just visiting the tracker, it will get you more up to date with the real story than any 24 hour news service could...<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/sel-updating-realtime-search-chris/">Self Updating Realtime Search - Chris' Natural Disaster Tracker</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 11, 2010.</p>
https://polarclouds.co.uk/logmein-free-client-with-embeded2010-01-09T01:00:00+00:002010-01-09T01:00:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a alt="LogMeIn" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/S0EJG-PrIcI/AAAAAAAAAWs/qz-rf2azMbg/s1600-h/logmein.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="LogMeIn - Great but could be easier to install"><img border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/S0EJG-PrIcI/AAAAAAAAAWs/qz-rf2azMbg/s200/logmein.jpg" /></a></div>On the two or three occasions I've used LogMeIn 'in anger' to remotely assist in resolving issues with friends computers, I've always had the same issue. Namely:<br /><br /><i>Is there a simple way to install a LogMeIn client and have it automatically point to my LogMeIn account?</i><br /><br />The problem with the free LogMeIn client is that it's generic.<br /><br />That is, it prompts the person installing the client for some LogMeIn account credentials. As we are talking about supporting friends remotely here, I've often resorted giving my LogMeIn account credentials out to so that friends can install the client on my behalf. At that point I can then access their machines remotely and (hopefully) fix the issues - happy users all round.<br /><br />Surely there must be a way to embed LogMeIn account credentials into the installer and then make that installer available as needed. <br /><br />Well it turns out there is, it can be done with free utilities and here is how you do it:<br /><br /><b><span style="font-size: large;">Requirements</span></b><br />A LogMeIn account. A free account can be created <a href="https://secure.logmein.com/UK/products/free/register.aspx" target="_blank">here</a><br /><br />You will need to download the following. Save all files into a temporary folder EG: C:\Logmein<br /><i>[Links updated 28/09/2010]</i><br /><i> </i> <br /><ul><li>Inno Setup <a href="http://www.innosetup.com/download.php/ispack.exe" target="_blank">quick start pack</a> from <a href="http://innosetup.com/" target="_blank">innosetup.com</a></li><li>AddWinUser.exe from <strike><a href="http://drop.io/sbsuvbd/asset/addwinuser-exe" target="_blank">here</a></strike> <a href="https://sites.google.com/site/chall32/blog/logmein/AddWinUser.zip">here</a></li><li>LogmeInSetupGeneric.iss from <strike><a href="http://drop.io/sbsuvbd/asset/logmeinsetupgeneric-iss" target="_blank">here</a></strike> <a href="https://sites.google.com/site/chall32/blog/logmein/LogmeInSetupGeneric.iss">here</a> </li><li>A copy of the generic free LogMeIn client from the LogMeIn website or <a href="http://download.cnet.com/LogMeIn-Free/3000-7240_4-10317491.html" target="_blank">here</a></li></ul><b><span style="font-size: large;">Creating the Custom Client</span></b><br /><ol><li>Install Inno setup quick start pack, ensuring that you also download and install ISTool, Inno setup preprocessor and encryption support (these are downloaded and installed as part of the quick start pack installer)</li><li>Launch Inno Setup Compiler and open LogmeInSetupGeneric.iss <br /></li><li>Look for <span style="font-family: "Courier New",Courier,monospace;">#define FilesDir "D:\Download\LogmeinSupport"</span> [line 34] and change the the path to match the folder created above. EG: <span style="font-family: "Courier New",Courier,monospace;">#define FilesDir "C:\Logmein"</span> </li><li>Change <span style="font-family: "Courier New",Courier,monospace;">#define MyEmail "myemail@mydomain.com"</span> [line 36] to match your LogMeIn login account email address</li><li>Change <span style="font-family: "Courier New",Courier,monospace;">#define MyPassword "myaccountpwd"</span> [line 37] to match your LogMeIn account password</li><li>Change <span style="font-family: "Courier New",Courier,monospace;">#define UserPassword "userpwd"</span> [line 38] to something you'll remember. (This password will only apply if the machine and user account session you are accessing remotely doesn't already have a windows logon password)</li><li>Change <span style="font-family: "Courier New",Courier,monospace;">Password=1234</span> [line 66] to set a password on the installer. You don't want just anyone installing your custom LogMeIn client do you? I suggest something simple-ish as the person installing the client on your behalf will have to enter this</li><li>Save your modified LogmeInSetupGeneric.iss</li><li>Compile; Click Build and Compile </li><li>If all is OK, the installer will then create a LogmeInSetup.exe installer file in your temporary folder created above and launch the installer for testing</li><li>Test the client and ensure that the newly installed client shows up in your LogMeIn account.</li></ol><span style="font-size: large;"><b>Making your Custom LogMeIn Client Easily Available<br /></b></span>So you've got a working client that you now need to make easily available.<br /><br />I suggest you create a <a href="http://sites.google.com/" target="_blank">free Google site</a> and host it there. You will need to zip the LogmeInSetup.exe installer file first as you cannot host .exe files on Google sites.<br /><br />See step 3 <a href="http://chall32.blogspot.com/2009/11/slimbox2-blogger-integration.html" target="_blank">here</a> for more on hosting files on Google sites.<br /><br />Once uploaded, find the direct URL to the file. Typically the URL's are in the format:<br /><blockquote style="font-family: Times,"Times New Roman",serif;">http://sites.google.com/site/[username]/[foldername]/[filename].zip</blockquote><br />To make the URL even simpler for friends to type, I suggest you use a URL shortening service such as <a href="http://bit.ly/" target="_blank">bit.ly</a> (bit.ly's not just for the twitterarti you know!). The good thing about bit.ly is that you can create a custom shortened URL.<br /><br />Say something like:<br /><blockquote style="font-family: Times,"Times New Roman",serif;">http://bit.ly/mylogmi</blockquote><br />So now you have a custom LogMeIn client that even your mate Dave's mother-in-law can locate, download and install with minimal fuss.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/logmein-free-client-with-embeded/">LogMeIn Free Client with Embedded Credentials</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 09, 2010.</p>
https://polarclouds.co.uk/chriscontrol-v2-beta-06-jan2010-01-06T23:00:00+00:002010-01-06T23:00:00+00:00Chris Hallhttps://polarclouds.co.uk
OK, OK, It's been a while since I promised to, but I've started development on ChrisControl again.<br /><br />Decided to host the shebang over at google code. Link to ChrisControl Project page <a href="http://code.google.com/p/chriscontrol/" target="_blank">here</a> Or just use the chriscontrol tab at the top of this page.<br /><br />I've just posted the very first v2 Beta, for testing. Release details on the ChrisControl Wiki <a href="http://code.google.com/p/chriscontrol/wiki/CC2Beta06JanReleaseDetail" target="_blank">here</a><br /><br />Here's a bit of eye-candy to get you interested:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://www.chall.plus.com/winpe/chriscontrol/chriscontrol2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" rel="lightbox" title="ChrisControl v2" alt="ChrisControl v2"><img border="0" height="400" src="http://www.chall.plus.com/winpe/chriscontrol/chriscontrol2.png" width="263"/></a></div><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/chriscontrol-v2-beta-06-jan/">ChrisControl v2 Beta - 06 Jan</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 06, 2010.</p>
https://polarclouds.co.uk/cheapest-way-to-faster-broadband-part-22010-01-03T03:14:00+00:002010-01-03T03:14:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/S0BjN9iB9PI/AAAAAAAAAWk/H7-kErlZsN4/s1600-h/speeds.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://lh3.ggpht.com/_2xKZgKYJlJs/S0BjN9iB9PI/AAAAAAAAAWk/H7-kErlZsN4/s320/speeds.PNG" /></a></div>Back in May 2009 (blimey... <i>that</i> long ago?!), I posted <a href="http://chall32.blogspot.com/2009/05/cheapest-way-to-faster-broadband.html" target="_blank">this guide</a> on how to get faster ADSL broadband for less than £20.<br /><br /><blockquote><i><b>Recap:</b> the deal is to purchase a DG834GT router, install some custom firmware and tweak the Signal to Noise Ratio (SNR) percentage to as low as possible, thus gaining a higher ADSL sync rate, IP Profile and actual throughput.<br /><br />See <a href="http://www.thinkbroadband.com/faq/sections/radsl.html#225" target="_blank">this thinkbroadband FAQ article</a> regarding actual connection speed vs IP profile.</i></blockquote><br /><br />So here we are almost eight months later and time for an update.<br /><br /><b><span style="font-size: large;">The Good News</span></b> <br />The good news is that my broadband has now stabilised at a connection speed of somewhere in the region between 3000Kbps to 3200Kbps, giving me an IP Profile and throughput speed of 2.5Mbs. Not bad at all considering I started at 1Mbs!<br /><br /><b><span style="font-size: large;">The Not So Good News</span></b> <br />Unfortunately it's not all been plain sailing.<br /><br />After some problems with instantly dropping signal to noise ratios and a slow depreciation of line quality in late October and November, something had to give and I logged a call with BT.<br /><br />Luckily there was nothing major wrong with the line and the problem was tracked down to water penetration problems on the line. The repair was quite simple and the BT engineer also threw in an BT Openreach master socket I-Plate like this into the bargain:<br /><div class="separator" style="clear: both; text-align: center;"><a alt="BT Openreach I-Plate" href="http://www.thinkbroadband.com/images/iplate/bt-nte5-openreach-200px.jpg" imageanchor="1" rel="lightbox" style="margin-left: 1em; margin-right: 1em;" title="BT Openreach I-Plate"><img border="0" height="200" src="http://www.thinkbroadband.com/images/iplate/bt-nte5-openreach-200px.jpg" width="200" /></a></div>For further reading on I-Plates, see <a href="http://www.thinkbroadband.com/tools/bt-master-socket.html" target="_blank">this thinkbroadband article</a>.<br /><br />For me, the jury is still out on whether the I-Plate has actually made any difference. I'm not saying that they are no good, an in fact I know of several others that have seen speed increases just by fitting them, I'm just stating that here on my line it's not made any noticeable performance difference. Has it made my line more stable? Not sure. Line stability is very subjective and hard to quantify.<br /><br /><span style="font-size: large;"><b>All Tweaked Out?</b></span><br />Looking at the thinkbroadband Line Sync vs IP Profile table once again:<br /><div class="separator" style="clear: both; text-align: center;"><a alt="thinkbroadband Line Sync vs IP Profile table" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/Szpks93qaVI/AAAAAAAAAV8/04Pwk_xzu7E/s1600-h/table.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="thinkbroadband Line Sync vs IP Profile table"><img border="0" src="https://lh3.ggpht.com/_2xKZgKYJlJs/Szpks93qaVI/AAAAAAAAAV8/04Pwk_xzu7E/s400/table.PNG" /></a></div>Notice that my sync speed of somewhere between 3000Kbps and 3200Kbps is quite close to the next step up in IP Profile; 3424Kbps = 3Mbps throughput.<br /><br />In fact, I've already had (albeit fleetingly) an IP Profile of 3Mbps as posted <a href="http://chall32.blogspot.com/2009/07/3mb-barrier-smashed.html" target="_blank">here</a>, so I know that 3Mb is potentially possible on my line. <br /><br />So, being that some tweaking has already gained me a hefty speed increase, is it possible to squeeze that last drop out of the line to get even more speed?<br /><br /><span style="font-size: large;"><b>Going For More - The Warm Up</b></span><br />We need a very quick recap here just so that what follows is not total gobbledygook.<br /><blockquote><i><b>Signal to Noise Ratio</b></i><br /><i>Put simply, Signal to Noise Ratio (SNR) compares the level of a desired signal (in my case the ADSL signal) to the level of background noise on the telephone line. My line is set at the exchange to provide a 15dB signal to noise ratio. Therefore, when handshaking with the exchange, my router will always synchronise at a speed that will ensure that there is a 15dB SNR. <br /><br /><u>This is achieved at the expense of connection speed.</u></i><br /><br /><i>However with a SNR adjustment at the router end, It is possible to override the exchange's preferred SNR which in turn allows the router to synchronise the broadband connection at a faster rate, gaining a higher IP Profile and higher throughput.</i></blockquote>The down side is that as the connection speed increases the line stability decreases. The art is in trading stability for speed - achieving a higher throughput whilst keeping the line stable.<br /><br />The action of overriding the exchange preferred SNR achievable on <u>ANY ADSL line</u>. There really are no smoke and mirrors here, my ADSL line is the same as anyone else's.<br /><br />First off, lets look at my existing stats:<br /><div class="separator" style="clear: both; text-align: center;"><a alt="3264Kbps for a SNR of 8.8dB (taken on a pretty good day!)" href="http://3.bp.blogspot.com/_2xKZgKYJlJs/ShXxiZjuJ9I/AAAAAAAAAA0/K4ICIwlMN8s/s1600/stats.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="3264Kbps for a SNR of 8.8dB (taken on a pretty good day!)"><img border="0" src="https://lh3.ggpht.com/_2xKZgKYJlJs/ShXxiZjuJ9I/AAAAAAAAAA0/K4ICIwlMN8s/s320/stats.png" /></a></div>3264Kbps for a SNR of 8.8dB (taken on a pretty good day!)<br /><br />The 'million dollar question' is how low can the SNR go? What's the lowest SNR (and hence the highest Sync speed) I can get?<br /><br />Looking at <a href="http://www.kitz.co.uk/adsl/maxdsl2.htm" target="_blank">Kitz's forum FAQ</a> (SNR /SNR Margin section) they believe that a SNR of 3dB is probably as low as you can go. In the interests of stability I think I'll double that and go for a SNR of 6dB. <br /><br />But how can I tweak my SNR down further? I'm already at 1% on my SNR Slider in the <a href="http://dgteam.ilbello.com/index.php?pid=12" target="_blank">DGTeam firmware</a> running on my router:<br /><div class="separator" style="clear: both; text-align: center;"><a alt="DGTeam SNR Percentage Slider" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/ShXuitegTFI/AAAAAAAAAAs/TJV6lq4r9VY/s1600/advanced.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="DGTeam SNR Percentage Slider"><img border="0" src="https://lh3.ggpht.com/_2xKZgKYJlJs/ShXuitegTFI/AAAAAAAAAAs/TJV6lq4r9VY/s320/advanced.png" /></a></div>Well, it just so happens that some additional tweaking is possible. LOL You guessed it!<br /><br />Whilst scouting around trying to find out how to drop my SNR further, I found this thread over at Kitz's forums - <a href="http://forum.kitz.co.uk/index.php/topic,5195.0.html" target="_blank">Tweaking Broadcom based routers</a>. It turns out that the DGTeam firmware doesn't drive down the SNR as hard as hoped or first thought.<br /><br />From the forum:<br /><blockquote style="font-family: Times,"Times New Roman",serif;">Broadcom-based routers can be tweaked to change the target noise margin set in the exchange, using the adslctl command in telnet. With Netgear routers, the DGTeam firmware makes it possible to perform the same tweak in the web interface. But in either case the tweak is limited to about - 5.5 dB in the downward direction, so if your target noise margin has been increased to 15 dB you won't be able to get it down to less than about 9.5 dB using documented methods. Note that, without the DGTeam firmware, this tweak doesn't survive a re-boot. So if you power down the router or re-boot you'll have to enter the command again.<br /><br />The normal form of the adslctl noise margin tweak command is<br /><br /><i>adslctl configure --snr N</i></blockquote><i>Roseway - Kitz forums</i>.<br /><br />Values for N are as follows:<br /><br /><table align="center" border="1" cellpadding="3" cellspacing="0" style="width: 300px;"><tbody><tr><td><b>Change you want in SNR</b></td><td><b>Value for N</b> </td></tr><tr><td>No change/reset to default value </td><td>100</td></tr><tr><td>Lower by 1.5 dB</td><td>75</td></tr><tr><td>Lower by 3 dB</td><td>50</td></tr><tr><td>Lower by 4.5 dB</td><td>25</td></tr><tr><td>Lower by 6 dB</td><td>65550*</td></tr><tr><td>Lower by 7.5 dB</td><td>65525*</td></tr><tr><td>Lower by 9 dB</td><td>65500*</td></tr><tr><td>Lower by 10.5 dB</td><td>65475*</td></tr><tr><td>Lower by 12 dB</td><td>65450*</td></tr><tr><td>Lower by 13.5 dB</td><td>65425*</td></tr><tr><td>Lower by 15 dB</td><td>65400*</td></tr></tbody></table><br />* The command does not accept negative numbers. However the command can be tricked into accepting negative numbers by entering high positive numbers.<br /><br /><span style="font-size: large;"><b>Going for More - Making It Happen</b></span><br />As mentioned earlier, it looks like the target SNR set by the exchange on my line is 15dB.<br />I want to override this and sync at a SNR of 6dB.<br /><br /><div style="text-align: center;">15 - 6 = 9dB</div><br />Therefore I need to issue this command to my router:<span style="font-family: "Courier New",Courier,monospace;"> </span><br /><br /><div style="text-align: center;"><span style="font-family: "Courier New",Courier,monospace;">adslctl configure --snr 65500</span></div><br />In for a penny, in for a pound, I'm going to go for a drop of 9.5dB (setting my SNR at 5.5dB), so that'll be N = 65480.<br /><br />Here is how to do it:<br /><ol><li>Enable debug via the web interface by browsing to <a href="http://192.168.0.1/setup.cgi?todo=debug" target="_blank">http://192.168.0.1/setup.cgi?todo=debug</a> [remember to change the IP address of you are not using 192.168.0.1 for your router]<br /></li><li>Open a command prompt</li><li>Enter the following command: <span style="font-family: "Courier New",Courier,monospace;">telnet 192.168.0.1</span></li><li>Login using your usual router username (admin) and password</li><li>Issue the command <span style="font-family: "Courier New",Courier,monospace;">adslctl configure --snr N</span> (in my case: <span style="font-family: "Courier New",Courier,monospace;">adslctl configure --snr 65480</span>)</li><li>Connect to router using browser as normal and check your connections statistics. </li></ol>Here are mine:<br /><div class="separator" style="clear: both; text-align: center;"><a alt="Spot on! 5.5dB SNR with a sync of 3680!" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/Szp9N74YIbI/AAAAAAAAAWE/1UYewd09uPg/s1600-h/tweaked.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Spot on! 5.5dB SNR with a sync of 3680!"><img border="0" src="https://lh3.ggpht.com/_2xKZgKYJlJs/Szp9N74YIbI/AAAAAAAAAWE/1UYewd09uPg/s320/tweaked.png" /></a></div>Spot on! 5.5dB SNR with a sync of 3680!<br /><br />3680Kbps is nicely above the 3424Kbps minimum connection speed for a 3Mbps IP profile.<br /><br />I now need to wait for my IP Profile and ISP to wake up to my new sync speed. <a href="http://www.kitz.co.uk/adsl/IPprofile.htm#IPprofile_increase_time" target="_blank">This Kitz FAQ</a> has the details on how long I roughly need to wait. <br /><br />So here we are four days later. ;o)<br /><div class="separator" style="clear: both; text-align: center;"><a alt="3Mb IP Profile - OFFICIAL!" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/S0AGhyq2rfI/AAAAAAAAAWc/cmAwdyy_xSo/s1600-h/bt.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="3Mb IP Profile - OFFICIAL!"><img border="0" src="https://lh3.ggpht.com/_2xKZgKYJlJs/S0AGhyq2rfI/AAAAAAAAAWc/cmAwdyy_xSo/s320/bt.PNG" /></a></div>Looks good. Also looks like Plusnet are on board:<br /><div class="separator" style="clear: both; text-align: center;"><a alt="Aha! plusnet sees 3Mb!" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/Sz_O0H9WwMI/AAAAAAAAAWM/bXCLCSgwJp4/s1600-h/Capture.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Aha! plusnet sees 3Mb!"><img border="0" src="https://lh3.ggpht.com/_2xKZgKYJlJs/Sz_O0H9WwMI/AAAAAAAAAWM/bXCLCSgwJp4/s320/Capture.PNG" /></a></div>Looks like a result to me!<br /><br />Here's some speed test results:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://www.speedtest.net/result/670312963.png" imageanchor="1" rel="lightbox" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://www.speedtest.net/result/670312963.png" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://speed.io/pics/2782/1249/speed.io.png" imageanchor="1" rel="lightbox" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="140" src="http://speed.io/pics/2782/1249/speed.io.png" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://www.mybroadbandspeed.co.uk/results/08937071.png" imageanchor="1" rel="lightbox" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://www.mybroadbandspeed.co.uk/results/08937071.png" /></a></div>So that's it then.<br /><br /><span style="font-size: x-large;"><b>MORE SPEED... DONE! </b></span> <br /><br /><b>REMEMBER</b>: The action of overriding the exchange preferred SNR achievable on <u>ANY ADSL line</u>. There really are no smoke and mirrors here, my ADSL line is the same as anyone else's.<br /><br />What's stopping you trying this for yourself on your line?<br /><br />- Chris<br /><br /><b>## POST SCRIPT ##</b><br />According to this <a href="http://www.digitalspy.co.uk/forums/showthread.php?t=467553" target="_blank">digital forums thread</a>, it may be possible to set the <i>adslctl configure --snr</i> value via URL injection. Using this method, here is the command I would use to configure my router:<br /><blockquote style="font-family: Times,"Times New Roman",serif;"><span style="font-size: x-small;">http://192.168.0.1/setup.cgi?todo=ping_test&c4_IPAddr=%26/usr/sbin/adslctl+configure+--snr+65480</span></blockquote><br />I've not tried it, but there looks to be no reason why this shouldn't work.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/cheapest-way-to-faster-broadband-part-2/">Cheapest way to faster broadband?!? - Part 2: Going for More</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on January 03, 2010.</p>
https://polarclouds.co.uk/monopoly-not-what-it-was-or-mistaken2009-12-31T18:56:00+00:002009-12-31T18:56:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a alt="Monopoly - Collect £200 or £400? Pic: Josh Russell" href="http://farm1.static.flickr.com/187/442322392_5edc792fc7.jpg" imageanchor="1" rel="lightbox" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="Monopoly - Collect £200 or £400? Pic: Josh Russell"><img border="0" height="150" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/TC_BmQC4DrI/AAAAAAAAAk4/6ZtI5XJq5pg/s200/monopolly.jpg" width="200" /></a></div>And so it came to pass.<br /><br />Having lent our old Monopoly game many years ago and not got it back, it was time to purchase a new game. The idea being; lets introduce the children to the world of Monopoly. Its Christmas and board games are traditional in the downtime between Christmas and New Year. <br /><br />At the very least it will help the children with their maths and may start to help them understand the value of money.<br /><br />All very admirable you may think. Yes I guess it was. <br /><br />That was until we started playing and rule memories / strange-ties started surfacing. It turns out that both Mrs H. and I remember different additional rules not present in the rule book of our 2009 edition. Namely:<br /><ul><li><b><i>Each player should circumnavigate the board at least once before purchasing any sites </i></b> - Mrs H.</li></ul><ul><li><i><b>If the player lands directly on GO, they collect double salary: £400</b></i> - Me</li></ul><ul><li><i><b>You need to throw a total of seven, eleven or a double to get out of Jail</b></i> - Me</li></ul><ul><li><i><b>Speed Monopoly (if desired) - shuffle and deal the site cards to evenly to each player</b></i> - Me</li></ul>Now is this the case of mistaken memory?<br /><br />Or is it the "dumbing down" of a classic?<br /><br />Sure a quick Google would solve all of this, but where's the fun in that?<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/monopoly-not-what-it-was-or-mistaken/">Monopoly - Not what it was or mistaken identity?</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on December 31, 2009.</p>
https://polarclouds.co.uk/avi-mp4-divx-xvid-to-dvd-free-way2009-12-23T21:47:00+00:002009-12-23T21:47:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a alt="AVI / MP4 / DivX / XviD to DVD - The Free Way" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/SzIuEVpP_-I/AAAAAAAAAVc/ezj3HQPPAMs/s1600-h/avi-dvd.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="AVI / MP4 / DivX / XviD to DVD - The Free Way"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/SzIuEVpP_-I/AAAAAAAAAVc/ezj3HQPPAMs/s200/avi-dvd.png" /></a></div>So you've taken the plunge and bought one of those flashy digital 'straight to memory card' video camcorders.<br /><br />Excellent. So you've shot all this video and now you would like to put it onto DVD before wiping the memory card and starting again.<br /><br />The problem is what's the easiest way to convert it to DVD? The DVD needs to be 100% standards compliant so that it will play in any DVD player any-time anywhere. <br /><br />Sure there are lots of commercial conversion tools around that will do the job just fine, but why pay the money when you can achieve perfect 100% standards compliant results using free software? Is this possible?<br /><br />The answer is a most definite YES! What's more, here's how:<br /><br /><b><span style="font-size: large;">Software Required</span></b><br />You will need three pieces of software (two if you have a DVD burning application already installed)<br /><ul><li><a href="http://www.videohelp.com/tools/gui4ffmpeg" target="_blank">gui4ffmpeg </a>- Used to convert the AVI / MP4 / DivX / XviD file to a DVD compliant MPEG2 video stream. Direct download link <a href="http://www.videohelp.com/download/Gui4ffmpeg3.0.zip" target="_blank">here</a>. To install, extract the zip file to a folder of your choice. Ensure you extract with folders intact!<br /></li><li><a href="http://download.videohelp.com/liquid217/dvdauthorgui.pl" target="_blank">DVDAuthorgui</a> - Used to convert the MPEG2 video stream into DVD VOB files ready for burning onto DVD. Direct download link <a href="http://download.videohelp.com/liquid217/download.pl?d=DVDAuthorGUI_1.017.exe" target="_blank">here</a><br /></li><li>(Optional) <a href="http://cdburnerxp.se/" target="_blank">CDBurnerXP</a> - Used burn the files onto DVD disk. Direct download link <a href="http://cdburnerxp.se/downloadsetup.exe" target="_blank">here</a></li></ul><b><span style="font-size: large;">How To</span></b><br /><b><span style="font-size: small;">Step 1 - Create MPEG2 file</span></b><br /><ol><li>Open your video file and make sure that the video file plays OK. Also make a note of the aspect ratio of the file to be converted. Is it normal (4:3) or widescreen (16:9)? <br /></li><li>Launch gui4ffmpeg.exe. You should be presented with a window that looks like this:</li><div class="separator" style="clear: both; text-align: center;"><a alt="gui4ffmpeg" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/SzIy1O2LrAI/AAAAAAAAAVk/PMeXpC1B3iM/s1600-h/gui4ffmpeg.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="gui4ffmpeg"><img border="0" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/SzIy1O2LrAI/AAAAAAAAAVk/PMeXpC1B3iM/s320/gui4ffmpeg.png" /></a> </div><li>Open your AVI / MP4 / DivX / XviD file using Open File button </li><li>Select "dvd" in the Target drop down box</li><li>Select your appropriate format (PAL = Europe, NTSC = North America) in the Format drop down box<br /></li><li>Using the Aspect drop down, select the aspect ratio noted down in step 1</li><li>Ensure that the Bitrate stays at "6000"</li><li>Change the audio target to "mp2"</li><li>Click Save File and chose a filename and location to save the converted video</li><li>Click the Generate button. This will populate the command sting box next to the Generate button</li><li>Click Encode </li><li>The ffmpeg command line tool will start and run in a command line window </li><li>The command line window will show conversion progress. Go make a cup of tea. This may take a while<br /></li><li>Close the window once the encoding is complete<br /></li></ol><b>Step 2 - Convert MPEG2 file to DVD VOB Format</b><br /><ol><li>Launch DVDAuthorgui. You should be presented with a window that looks like this:</li><div class="separator" style="clear: both; text-align: center;"><a alt="DVDAuthorGUI" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/SzKEGbXeayI/AAAAAAAAAVs/M5An2BFvfos/s1600-h/dvdauthorgui.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="DVDAuthorGUI"><img border="0" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/SzKEGbXeayI/AAAAAAAAAVs/M5An2BFvfos/s320/dvdauthorgui.png" /></a> </div><li> Select your appropriate format (PAL = Europe, NTSC = North America) in the DVD Format drop down box</li><li>Click "add title"</li><li>Change the file type to "mpeg with NAV packets" and open the mpg file created by gui4ffmpeg.exe</li><li>The file should show up in the Titles Loaded box<br /></li><li>(Optional) I like to add some chapters to my video to make skipping forward through the DVD easier. Add chapters by clicking "Chapters", "Visual Editors", OK, and "go" to auto add 5 minute chapters</li><div class="separator" style="clear: both; text-align: center;"><a alt="DVDAuthorGUI Chapters" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/SzKG6KuZjiI/AAAAAAAAAV0/mNAnR-sc2Ao/s1600-h/chapters.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="DVDAuthorGUI Chapters"><img border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/SzKG6KuZjiI/AAAAAAAAAV0/mNAnR-sc2Ao/s320/chapters.png" /></a> </div><li> (Optional) you can be more precise with the chapters using the visual editor if you want to be. [I personally can never be bothered.] Click accept</li><li>When you are happy, click "author DVD"</li><li>Specify the name of the folder where you want the DVD output to be written to and click save</li><li>Put your feet up again. This shouldn't take that long - certainly not as long as the gui4ffmpeg conversion <br /></li></ol><b>Step 3 - Burn DVD</b><br />If you already have a preferred DVD burning application installed then feel free to use that. If not, here is how to use CDBurnerXP.<br /><ol><li>Launch CDBurnerXP </li><li>Select Data Disc and click OK<br /></li><li>Click File and "Video DVD Layout"</li><li> Navigate and select the VIDEO_TS folder created under the the output folder created by DVDAuthorGUI<br /></li><li>Click Create Movie Image and OK<br /></li><li>Click Burn</li></ol><b>Further reading </b><br />If you get stuck or want to create DVD's with Menus etc. Here are the more advanced guides:<br /><ul><li>gui4ffmpeg <a href="http://forum.videohelp.com/topic264362.html#1271288" target="_blank">guide</a> <br /></li><li>DVDAuthourGUI <a href="http://download.videohelp.com/liquid217/dvdauthorgui.pl?p=guide1" target="_blank">guide</a></li></ul><br />Job done!<br /><br />Pretty easy really. Honest!<br />By the time you converted your fourth or fifth video, you'll have the process down.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/avi-mp4-divx-xvid-to-dvd-free-way/">AVI / MP4 / DivX / XviD to DVD - The Free Way</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on December 23, 2009.</p>
https://polarclouds.co.uk/happy-christmas2009-12-20T12:00:00+00:002009-12-20T12:00:00+00:00Chris Hallhttps://polarclouds.co.uk
As is<i> almost </i>traditional on this blog, (see my Halloween <a href="http://chall32.blogspot.com/2009/10/happy-halloween.html">post</a>), it's time for some more cards.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/SypecuvBFTI/AAAAAAAAAVE/SYja1_Z2iYM/s1600-h/card1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Booze" alt="Booze"><img border="0" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/SypecuvBFTI/AAAAAAAAAVE/SYja1_Z2iYM/s400/card1.PNG" /></a><br /></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/SypeL80lrUI/AAAAAAAAAU8/kyKCPsRSbIs/s1600-h/card2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Holiday Cheer" alt="Holiday Cheer"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/SypeL80lrUI/AAAAAAAAAU8/kyKCPsRSbIs/s400/card2.PNG" /></a><br /></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/SypeluIfH1I/AAAAAAAAAVM/8sz-E0V31Ps/s1600-h/card3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Half-Ass Shopping" alt="Half-Ass Shopping"><img border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/SypeluIfH1I/AAAAAAAAAVM/8sz-E0V31Ps/s400/card3.PNG" /></a><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div>And finally, not a Christmas card per-se, but topical anyway:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/Sype24tOu9I/AAAAAAAAAVU/xuH7689cVr8/s1600-h/card4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Elevate Golf" alt="Elevate Golf"><img border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/Sype24tOu9I/AAAAAAAAAVU/xuH7689cVr8/s400/card4.PNG" /></a><br /></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">From <a href="http://www.someecards.com/">someecards</a> again. <br /></div><br />Have a Happy Christmas and a Joyous New Year.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/happy-christmas/">Happy Christmas</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on December 20, 2009.</p>
https://polarclouds.co.uk/black-mesa-return-to-lamda-complex2009-12-18T12:27:00+00:002009-12-18T12:27:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a alt="Hmm that looks familiar" href="http://www.blackmesasource.com/media/c1a0_release11_001.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="Hmm that looks familiar" rel="lightbox"><img border="0" height="192" src="http://www.blackmesasource.com/media/c1a0_release11_001.jpg" width="320" /></a></div>I'm not that much of a game player. XBox, Playstation, Wii, PC - I can take or leave them all, and I generally leave them.<br /><br />In the true sense of the phrase; <i>I don't play games sonny..</i><br /><br />That said, there has only really been one game that I have played and completed: Half-Life. I enjoyed it so much, I also completed the add-ons Opposing Force and Blue Shift.<br /><br />Mrs H even bought me Half-Life 2 when it came out - I never finished it.<br /><br />Ten years on (yea I know - 10!) It looks like a return to the Lambda Complex might just be in order.<br /><br />That's when I found these:<br /><br /><object height="295" width="480"><param name="movie" value="http://www.youtube-nocookie.com/v/G32_q_3es8E&hl=en_GB&fs=1&"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube-nocookie.com/v/G32_q_3es8E&hl=en_GB&fs=1&" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="480" height="295"></embed></object><br /><br /><object height="344" width="425"><param name="movie" value="http://www.youtube-nocookie.com/v/tOYxPgQThf4&hl=en_GB&fs=1&"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube-nocookie.com/v/tOYxPgQThf4&hl=en_GB&fs=1&" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object><br /><br /><span style="font-size: x-large;">HOLY COW!</span><br /><br /><i>WHAT IS BLACK MESA?<br />Black Mesa is a complete re-creation of the game Half-Life, utilizing the </i>[more up to date Half-Life 2] <i>Source engine. Black Mesa will let you re-visit the world that started the Half-Life continuum. </i><br /><br />Although the first trailer shows a release date of 2009, according to the official website <a href="http://www.blackmesasource.com/" target="_blank">www.blackmesasource.com</a> that is not going to happen. It'll be released "when it's done"<br /><br />I know what your asking - Why play a game that you've already completed?<br />Simple:<br /><ul><li>Nostalgia </li><li>There's no way I'll remember it all</li><li>I know it's going to be good - the original game was<br /></li></ul>All that and the price can't be beaten either! <br /><br />Bring it on... after ten years, I can wait just a bit longer...<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/black-mesa-return-to-lamda-complex/">Black Mesa: Return to the Lamda Complex</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on December 18, 2009.</p>
https://polarclouds.co.uk/windows-7-aero-glass-without-wddm2009-12-04T22:11:00+00:002009-12-04T22:11:00+00:00Chris Hallhttps://polarclouds.co.uk
<a alt="You too can have Aero Glass!" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/SxmCikNcFWI/AAAAAAAAAUU/jW08o2H0KnM/s1600-h/glassy-title.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="You too can have Aero Glass!"><img border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/SxmCikNcFWI/AAAAAAAAAUU/jW08o2H0KnM/s200/glassy-title.png" style="cursor: move;" /></a><i>OK, this is could be called a cheat, but it achieves the desired effect and works well.</i><br /><br />Having only run Windows 7 either in a VMware virtual machine or on my Pentium M laptop, I wasn't really interested in Windows 7 Aero Glass.<br /><br />All well and good you may think - well I did too...<br /><br />Then I tried Windows 7 RC on my new MSI motherboard.... Wow - this glass molarky is actually quite nice!<br /><br />(Yes I know Aero Glass was available with Windows Vista.... But who bothered with Vista?) <br /><br />So, what can be done to get my laptop to also run Aero Glass?<br /><br />Well as it turns out it's all to do with Windows Display Driver Model (WDDM) video card drivers - or the lack there of.<br /><br /><span style="font-size: large;"><b>Bad News</b></span><br />My laptop has a built in ATI Mobility Radeon 9000 video card. Unfortunately - long story short - there are no WDDM drivers for this video card and there probably never will be. As the card is built onto the laptop motherboard, the upgrade path is pretty much zero. Boo!<br /><div class="separator" style="clear: both; text-align: center;"><a alt="What no WDDM?" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/SxmDCwLLxMI/AAAAAAAAAUc/kWXrdksy1cA/s1600-h/wddm.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="What no WDDM?"><img border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/SxmDCwLLxMI/AAAAAAAAAUc/kWXrdksy1cA/s320/wddm.png" /></a></div><span style="font-size: large;"><b>Good News</b></span><br />With the installation of couple of small applications we can get very close to Aero Glass without having to effectively ditch the non WDDM compliant laptop in pursuit of Windows 7 glassyness!!<br /><br /><b><span style="font-size: large;">How to</span></b><br /><b>Video Card Drivers</b><br />So the first step is to get some better drivers over and above the Windows 7 default VGA driver.<br /><br />For my ATI Mobility Radeon 9000 I installed <strike><a href="http://rapidshare.com/files/231461174/Vista_ATI_Radeon_XDDM_6.14.10.6606.zip" target="_blank">these</a> drivers from rapidshare</strike> [Update 21/02/10] - <a href="http://www.mediafire.com/?5tieomimroy" target="_blank">these</a> drivers from mediafire.<br /><br />They look to be the very last Windows Vista drivers available for my video card.<br /><br />These drivers will also work with any of the following video cards:<br /><blockquote style="font-family: Times,"Times New Roman",serif;"><span style="font-size: x-small;">RADEON FIRE GL 8800 </span><br /><span style="font-size: x-small;">RADEON MOBILITY </span><br /><span style="font-size: x-small;">RADEON MOBILITY </span><br /><span style="font-size: x-small;">RADEON MOBILITY </span><br /><span style="font-size: x-small;">ATI ES1000 </span><br /><span style="font-size: x-small;">ATI ES1000 </span><br /><span style="font-size: x-small;">ATI ES1000 </span><br /><span style="font-size: x-small;">ATI FireMV 2200 PCI </span><br /><span style="font-size: x-small;">ATI FireMV 2200 PCI Secondary </span><br /><span style="font-size: x-small;">ATI MOBILITY RADEON 9000 </span><br /><span style="font-size: x-small;">ATI MOBILITY RADEON 9000 Secondary </span><br /><span style="font-size: x-small;">ATI MOBILITY RADEON 9200 </span><br /><span style="font-size: x-small;">ATI MOBILITY RADEON 9200 </span><br /><span style="font-size: x-small;">ATI MOBILITY/RADEON 9200 Secondary </span><br /><span style="font-size: x-small;">ATI MOBILITY/RADEON 9200 Secondary </span><br /><span style="font-size: x-small;">RADEON 7200 Family </span><br /><span style="font-size: x-small;">RADEON 7500 Family </span><br /><span style="font-size: x-small;">RADEON 8500 / Radeon 8500 LE Family </span><br /><span style="font-size: x-small;">RADEON 8500 / Radeon 8500 LE Family </span><br /><span style="font-size: x-small;">RADEON 8500 / Radeon 8500 LE Family </span><br /><span style="font-size: x-small;">RADEON 8500 DV Family </span><br /><span style="font-size: x-small;">RADEON 8500 Family </span><br /><span style="font-size: x-small;">RADEON 8800 Family </span><br /><span style="font-size: x-small;">RADEON 9000 Family </span><br /><span style="font-size: x-small;">RADEON 9000 LE Family </span><br /><span style="font-size: x-small;">RADEON 9000 LE SEC Family </span><br /><span style="font-size: x-small;">RADEON 9000 SEC Family </span><br /><span style="font-size: x-small;">RADEON 9000U Family </span><br /><span style="font-size: x-small;">RADEON 9000U SEC Family </span><br /><span style="font-size: x-small;">RADEON 9100 Family </span><br /><span style="font-size: x-small;">RADEON 9100 SEC Family </span><br /><span style="font-size: x-small;">RADEON 9200 LE Family </span><br /><span style="font-size: x-small;">RADEON 9200 LE SEC Family </span><br /><span style="font-size: x-small;">RADEON 9200 SE Family </span><br /><span style="font-size: x-small;">RADEON 9200 SE SEC Family </span><br /><span style="font-size: x-small;">RADEON 9250 </span><br /><span style="font-size: x-small;">RADEON 9250 Secondary </span><br /><span style="font-size: x-small;">RADEON IGP 320 </span><br /><span style="font-size: x-small;">RADEON IGP 320M </span><br /><span style="font-size: x-small;">RADEON IGP 340 </span><br /><span style="font-size: x-small;">RADEON IGP 340M </span></blockquote><br /><b>Transparent Window Borders</b> <br />The application to do this is TrueTransparency which can be downloaded from <a href="http://www.crystalxp.net/galerie/en.id.5139-truetransparency-lefreut-explorer-tools.htm" target="_blank">here</a>. There is no installation, just extract the zip file and run TrueTransparency.exe <br /><br />The application will put an icon in the notification tray (by the clock) from where you can choose your transparent skin and ensure that the application runs at Windows start up:<br /><div class="separator" style="clear: both; text-align: center;"><a alt="TrueTransparency Config" href="http://3.bp.blogspot.com/_2xKZgKYJlJs/SxmFemLVYfI/AAAAAAAAAUk/dEnbOOrPEzk/s1600-h/tt.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="TrueTransparency Config"><img border="0" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/SxmFemLVYfI/AAAAAAAAAUk/dEnbOOrPEzk/s320/tt.png" /></a></div><br /><b>Transparent Taskbar</b><br />Download Transbar from <a href="http://home.no/aksoftware/" target="_blank">here</a>, Install and run.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a alt="Transbar Config" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/SxmGGP-5oxI/AAAAAAAAAUs/wIZxEQJduvA/s1600-h/transbar.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="TransBar Config"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/SxmGGP-5oxI/AAAAAAAAAUs/wIZxEQJduvA/s320/transbar.png" /></a></div>Not much to say here, other than tweak the slider to set your taskbar transparency and click OK.<br /><br /><br />Job done! and the best bit is that these two little applications should run on any non WDDM compliant hardware; not just ATI video cards!<br /><br />Click <a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/SxmCikNcFWI/AAAAAAAAAUU/jW08o2H0KnM/s1600-h/glassy-title.png" target="_blank">here</a> to see the full size version in all it's glassyness.... <br /><br />MMMMM Glasssy!<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/windows-7-aero-glass-without-wddm/">Windows 7: Aero Glass Without WDDM Drivers</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on December 04, 2009.</p>
https://polarclouds.co.uk/vmware-esx-4-install-from-usb2009-11-24T21:41:00+00:002009-11-24T21:41:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a alt="VMWare ESX 4 Installation USB Stick" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/SwxU44-6EzI/AAAAAAAAAUM/BnB-lt732XY/s1600/esxusb.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="VMWare ESX 4 Installation USB Stick"><img border="0" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/SwxU44-6EzI/AAAAAAAAAUM/BnB-lt732XY/s200/esxusb.png" /></a></div><br /><br />This took a bit of searching and a fair bit of trial and error, but here it is, how to install VMware ESX from a USB stick.<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><b><span style="font-size: large;">Requirements</span></b><br /><ol><li>A copy of VMware ESX 4. Download an evaluation copy from <a href="http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4" target="_blank">here</a> (free VMware logon required)</li><li>A copy of UNetbootin from <a href="http://unetbootin.sourceforge.net/" target="_blank">here</a>. UNetbootin allows you to create bootable Live USB drives for a variety of Linux distributions including VMware ESX 4.</li><li> A USB stick. Nothing special is required here, for example I've got a couple of really cheap 1Gb sticks that work just fine.</li></ol><br /><span style="font-size: large;"><b>How To</b></span><br /><ol><li>Format your USB stick using Windows format. FAT32 file system is fine:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a alt="Format USB Stick - FAT32 is fine" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/SwxNDh2nvbI/AAAAAAAAAT8/BuEm42hfB18/s1600/format.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Format USB Stick - FAT32 is fine"><img border="0" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/SwxNDh2nvbI/AAAAAAAAAT8/BuEm42hfB18/s200/format.png" /></a></div></li><li>Once format is complete, leave USB stick plugged in and start UNetbootin:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a alt="UNetbootin dialogue" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/SwxNoYPxNzI/AAAAAAAAAUE/UHsNNLjOpks/s1600/unetbootin.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="UNetbootin dialogue"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/SwxNoYPxNzI/AAAAAAAAAUE/UHsNNLjOpks/s200/unetbootin.png" /></a></div></li><li>Select "Diskimage" and locate your ESX 4 iso file.</li><li> Select your USB drive.</li><li>Click OK and let UNetbootin extract and copy the ESX 4 installation and boot sector files on the USB</li><li>Close UNetbootin and open USB stick in Windows Explorer</li><li>Open the file syslinux.cfg (located in the root of the USB) with <b>Wordpad </b>- NOT Notepad</li><li>Add <span style="font-family: "Courier New",Courier,monospace;">askmedia</span> to the end of each text section. For example:</li></ol><blockquote style="font-family: Times,"Times New Roman",serif;"><span style="font-size: x-small;">label ubnentry0<br />menu label Install ESX in graphical mode<br />kernel /isolinux/vmlinuz<br />append initrd=/isolinux/initrd.img vmkopts=debugLogToSerial:1 mem=512M quiet </span></blockquote><br />becomes:<br /><br /><blockquote style="font-family: Times,"Times New Roman",serif;"><span style="font-size: x-small;">label ubnentry0<br />menu label Install ESX in graphical mode<br />kernel /isolinux/vmlinuz<br />append initrd=/isolinux/initrd.img vmkopts=debugLogToSerial:1 mem=512M quiet <b>askmedia</b></span></blockquote><br />Or alternatively replace the complete contents of syslinux.cfg with this:<br /><br /><blockquote style="font-family: Times,"Times New Roman",serif;"><span style="font-size: x-small;">default vesamenu.c32<br />prompt 0<br />menu title CH ESX4 Update 1 USB<br />timeout 100<br /><br />label unetbootindefault<br />menu label Install ESX in graphical mode<br />kernel /isolinux/vmlinuz<br />append initrd=/isolinux/initrd.img vmkopts=debugLogToSerial:1 mem=512M quiet askmedia<br /><br />label ubnentry0<br />menu label Install ESX in text mode<br />kernel /isolinux/vmlinuz<br />append initrd=/isolinux/initrd.img vmkopts=debugLogToSerial:1 mem=512M text quiet askmedia<br /><br />label ubnentry1<br />menu label ESX Scripted Install using USB ks.cfg<br />kernel /isolinux/vmlinuz<br />append initrd=/isolinux/initrd.img vmkopts=debugLogToSerial:1 mem=512M ks=usb quiet<br /><br />label ubnentry2<br />menu label ESX Scripted Install to first disk<br />kernel /isolinux/vmlinuz<br />append initrd=/isolinux/initrd.img vmkopts=debugLogToSerial:1 mem=512M ks=file:///usr/lib/vmware/weasel/examples/ks-first-safe.cfg quiet<br /><br />label ubnentry3<br />menu label ESX Scripted Install to first disk (overwrite VMFS)<br />kernel /isolinux/vmlinuz<br />append initrd=/isolinux/initrd.img vmkopts=debugLogToSerial:1 mem=512M ks=file:///usr/lib/vmware/weasel/examples/ks-first.cfg quiet<br /><br />label ubnentry4<br />menu label ^Boot from first hard disk<br />kernel /ubnkern<br />append initrd=/ubninit </span></blockquote><br />As you can see from the above, I've tweaked the boot menu to A) remove the "Default" entry B) Add a personalised boot menu title.<br /><br />Save syslinux.cfg file back onto the USB and eject.<br /><br />Easy and ESX installation is a lot quicker too!<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/vmware-esx-4-install-from-usb/">VMware ESX 4: Install From USB</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on November 24, 2009.</p>
https://polarclouds.co.uk/vmware-esx-troubleshooting2009-11-17T14:11:00+00:002009-11-17T14:11:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/SwFvU69vy1I/AAAAAAAAATk/LzUEIsJqj7I/s1600/vmware-logo.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/SwFvU69vy1I/AAAAAAAAATk/LzUEIsJqj7I/s320/vmware-logo.jpg" /></a></div>Just recently I've had cause to analyse some VMware ESX logs in a bid to understand what was going on with a problematic ESX server and just what could be done to remedy the situation.<br /><br />Up until now I hadn't given ESX logging much thought, mainly easing my conscience by thinking "Yea I'm sure ESX keeps a log of everything somewhere. It's Linux after all..!"<br /><br />Well as I've discovered, its no longer time to keep parts of me buried in the sand, it's time to get looking at these logs. After all they are there to help (I think) and with a bit of prior knowledge you too can start to understand "ESX log speak".<br /><br />The first thing to realise with ESX logs is that there aren't just three (like Windows) there are in fact twelve!<br /><br /><b><span style="font-size: large;">Obtaining ESX Log Bundles</span></b><br />Rather than go delving around on a live ESX server, lets get the copies of the logs downloaded locally so that we can analyse them at our leisure.<br /><br />Using the Virtual Infrastructure (VI) Client this is quite a simple thing to do:<br /><ol><li>Logon to your Virtual Center or your ESX host directly</li><li>File - Export - Export Diagnostic Data</li><li>Select your ESX host, whether you wish to include Virtual Center Server and VI Client Logs and where you wish to download the logs to<br /></li></ol>Now just sit back and wait - it can take a while for the logs to be generated and downloaded.<br /><br /><b><span style="font-size: large;">Viewing the ESX Log Bundles</span></b><br />Now I'm sure that there are other ways to do this, but the method I find easiest is to use <a href="http://www.rarlab.com/" target="_blank">WinRAR</a>. Two reasons:<br /><ol><li>WinRAR can open .tgz compressed files</li><li>WinRAR's view function properly displays the log files are in a readable format. - The only other to way view the log files in Windows is to open the files with Wordpad </li></ol>I don't normally bother extracting the .tgz bundle file, I just use the view function in WinRAR to show me the contents of the log files.<br /><br /><b><span style="font-size: large;">Which Log is Which?</span></b><br />OK on to the 'meat and potatoes' of this post. Here is a break down of what is logged in each ESX log file. <br /><br /><table border="1" cellpadding="4"><tbody><tr align="left"><td><span style="font-size: large;"><b>Log File</b></span></td> <td><span style="font-size: large;"><b>Name</b></span></td> <td><span style="font-size: large;"><b>Details</b></span></td> </tr><tr align="left"> <td>/var/log/vmkernel</td> <td>Vmkernel</td> <td>Records activities related to the virtual machines and ESX host [1]</td> </tr><tr align="left"> <td>/var/log/vmkwarning</td> <td>Vmkernel Warnings</td> <td>A copy of everything marked as a warning or higher severity from vmkernel log. Easier to look through than vmkernel log [1]</td> </tr><tr align="left"> <td>/var/log/vmksummary</td> <td>Vmkernel Summary</td> <td>Used for avaialability and uptime statistics. Human-readable summary in vmksummary.txt</td> </tr><tr align="left"> <td>/var/log/vmware/hostd.log</td> <td>Host Agent Log</td> <td>Contains information on the agent that manages and configures the ESX host and its virtual machines</td> </tr><tr align="left"> <td>/var/log/vmware/vpx</td> <td>VirtualCenter Agent</td> <td>Contains information on the agent that communicates with VirtualCenter</td> </tr><tr align="left"> <td>/var/log/messages</td> <td>Service Console</td> <td>Log from the Linux kernel. Useful for underlying Linux issues. The kernel has no awareness of VMs running on the VMkernel [2]</td> </tr><tr align="left"> <td>/var/log/vmware/esxcfg-boot.log</td> <td>ESX Boot Log</td> <td>ESX Boot log, logs all ESX boot events [2]</td> </tr><tr align="left"> <td>/var/log/vmware/webAccess</td> <td>Web Access</td> <td>Records information on Web-based access to ESX Server</td> </tr><tr align="left"> <td>/var/log/secure</td> <td>Authentication Log</td> <td>Contains records of connections that require authentication, such as VMware daemons and actions initiated by the xinetd daemon</td> </tr><tr align="left"> <td>/var/log/vmware/esxcfg-firewall.log</td> <td>ESX Firewall Log</td> <td>Contains all firewall rule events [1]</td> </tr><tr align="left"> <td>/var/log/vmware/aam</td> <td>High Availability Log</td> <td>Contains information related to the High Availability (HA) service</td> </tr><tr align="left"> <td>/var/log/vmware/esxupdate.log</td> <td>ESX Update Log</td> <td>Logs all updates completed using the esxupdate tool</td> </tr></tbody></table><br /><b>NOTES:</b><br />[1] Logs rotated by logrotate, see <a href="http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=3402740" target="_blank">KB3402740</a>. Rotated with a numeric extension, current log has no extension and the next newest one has a .1 extension.<br />[2] Log is symbollically linked to the current real file. Run an 'ls -l logname.log' to see the link.<br /><br /><div style="margin: 0px;"><b><span style="font-size: large;">What to Look For</span></b></div>This really depends on the error you are trying to troubleshoot!<br /><br />A good starter for ten is to search for the text "error" in any of the logs ;o)<br /><br /><b><span style="font-size: large;">Further Information</span></b><br />Additional Reading:<br /><ul><li>VI3 Advanced Log Analysis - <a href="http://vmetc.com/wp-content/plugins/download-monitor/download.php?id=12" target="_blank">Powerpoint</a></li><li>Troubleshooting VMware ESX Server 3and VMware VirtualCenter 2 - <a href="http://download3.vmware.com/vmworld/2006/mdc9694.pdf" target="_blank">PDF</a></li><li>Tips for Troubleshooting VMware ESX Server Faults - <a href="http://download3.vmware.com/vmworld/2006/tac0028.pdf" target="_blank">PDF</a></li><li>ESX Server 3 Log Map - <a href="http://viops.vmware.com/home/docs/DOC-1451" target="_blank">link</a></li><li>Which ESX Log File - <a href="http://www.vmwarewolf.com/which-esx-log-file/" target="_blank">link</a></li></ul>VMware Lab Presentation Videos:<br /><ul><li>Tips for Troubleshooting ESX Server 3.x Faults - <a href="http://www.vmworld.com/docs/DOC-2029" target="_blank">Presentation</a> (free VMworld login required to view <br /></li><li>Troubleshooting VI3 - <a href="http://www.vmworld.com/docs/DOC-2087" target="_blank">Presentation</a> (free VMworld login required to view)</li></ul><b><span style="font-size: large;">Conclusion</span></b><br />It's not possible to cover every eventuality in just one blog post. Hopefully the information provided here will at the very least set you on the right road to resolving ESX issues for yourself.<br /><br />One final thought - All of the ESX issues I've come up against have a logical cause and hence a totally logical solution. There are no smoke and mirrors here. With that in mind, have fun.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/vmware-esx-troubleshooting/">VMware ESX Trouble Shooting</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on November 17, 2009.</p>
https://polarclouds.co.uk/windows-7-all-in-one-32-and-64-bit-dvd2009-11-15T00:21:00+00:002009-11-15T00:21:00+00:00Chris Hallhttps://polarclouds.co.uk
<a alt="Which Version?" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/Sv8mnkvFxoI/AAAAAAAAAS8/7IeAZC9--yg/s1600-h/Win7-Choice.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="Which Version?"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/Sv8mnkvFxoI/AAAAAAAAAS8/7IeAZC9--yg/s200/Win7-Choice.PNG" /></a>Confused by the plethora of Windows 7 versions available?<br /><br />Not sure what the difference is between Windows 7 Home Premium and Windows 7 Professional?<br /><br />You want to encrypt the file system using Windows BitLocker but don't know which version to buy?<br /><br />Let me assure you, you're not the only one. All in all there are six 32bit and five 64bit versions available. <br /><br />Of all the Windows 7 version feature comparion charts I've seen, Wikipedia's <a href="http://en.wikipedia.org/wiki/Windows_7_editions#Comparison_chart" target="_blank">chart</a> is the best. <br /><br />Still confused which DVD to get? Don't be. Have ALL ELEVEN versions on one DVD!<br /><br />This method was originally posted <a href="http://forums.mydigitallife.info/showthread.php?t=12185" target="_blank">here</a>.<br /><br /><b><span style="font-size: large;">All In One - How To</span></b> <br /><b>1. Requirements</b><br /><b>Base Images / DVDs</b> <br />As cited by Microsoft here: <a href="http://windowsteamblog.com/blogs/windows7/archive/2009/02/04/a-closer-look-at-the-windows-7-skus.aspx" target="_blank">A closer look at the Windows 7 SKUs</a><br /><div style="color: #0b5394;"><i>2. </i><i>Customers wanted upgrading to a different SKU to be easier. <b>So…for Windows 7, we are using a single image for all SKUs. This means the bits for all the editions are already on your computer if you are running Windows 7. With Windows Anytime Upgrade, users can unlock and upgrade to a different SKU much easier than before.</b></i></div><br />So we are only going to need to get hold of two DVD's to make the all in one DVD (four if we are going to also add Windows 7 Enterprise):<br /><ul><li>Windows 7 Ultimate 32bit<br /></li><li>Windows 7 Ultimate 64bit</li><li> Windows 7 Enterprise 32bit (Optional)</li><li>Windows 7 Enterprise 64bit (Optional)</li></ul>I'm not going to tell you where to get these from. Just remember <i>Google is your friend</i>.<br /><br /><b>ImageX</b><br />This is the main tool we will be using to create the DVD.<br />You will need the version to match the architecture of your current windows install. ImageX can be downloaded from:<br /><br /><ul><li>32bit version <strike><a href="http://www.mediafire.com/download.php?21njzltgyjm" target="_blank">here</a> or <a href="http://www.megaupload.com/?d=ZJB8QV48" target="_blank">here</a></strike> <a href="http://dl.dropbox.com/u/17212049/imagex.zip">here</a> </li><li>64bit version <strike><a href="http://www.mediafire.com/download.php?oinftyz4mzv" target="_blank">here</a> or <a href="http://www.megaupload.com/?d=YTIMB1QF" target="_blank">here</a></strike><br /></li></ul><b>ISO</b><b> File Manipulation Tool</b><br />I suggest something like <a href="http://www.magiciso.com/" target="_blank">MagicISO</a> <br /><br /><b>2. Method</b><br />Once you have copies your original media, a copy of ImageX and MagicISO installed we are ready to start.<br /><br />A) Create the following Folder structure from the root of C:\ :<br /><br /><div class="separator" style="clear: both; text-align: left;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/Sv8yHVgBauI/AAAAAAAAATE/6IdQmlspL6E/s1600-h/path.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/Sv8yHVgBauI/AAAAAAAAATE/6IdQmlspL6E/s400/path.PNG" /></a></div><br />B) Extract the Base Images / DVDs as follows:<br /><ul><li>Ultimate 64bit - to C:\Win7\64bit <br /></li><li>Ultimate 32bit - to C:\Win7\Allbit<br /></li><li> (Optional) Enterprise 64bit - to C:\Win7\E64</li><li>(Optional) Enterprise 32bit - to C:\Win7\E86</li><li>ImageX download extracted to C:\Win7\Imagex</li></ul>C) Open a command prompt (Run as administrator if using Vista / Win 7) and copy and paste the in following one line at a time:<br /><blockquote><span style="font-size: x-small;"> </span><br /><div style="font-family: "Courier New",Courier,monospace;"><span style="font-size: x-small;">C:\Win7\ImageX\Imagex.exe /export C:\Win7\Allbit\Sources\install.wim 3 C:\Win7\Allbit\Sources\install.wim "Windows 7 HOMEPREMIUM" <br /></span><br /><span style="font-size: x-small;">C:\Win7\ImageX\Imagex.exe /export C:\Win7\Allbit\Sources\install.wim 4 C:\Win7\Allbit\Sources\install.wim "Windows 7 PROFESSIONAL"<br /></span><br /><span style="font-size: x-small;">C:\Win7\ImageX\Imagex.exe /export C:\Win7\64bit\Sources\install.wim 1 C:\Win7\Allbit\Sources\install.wim "Windows 7 HOMEBASIC x64"<br /></span><br /><span style="font-size: x-small;">C:\Win7\ImageX\Imagex.exe /export C:\Win7\64bit\Sources\install.wim 2 C:\Win7\Allbit\Sources\install.wim "Windows 7 HOMEPREMIUM x64"<br /></span><br /><span style="font-size: x-small;">C:\Win7\ImageX\Imagex.exe /export C:\Win7\64bit\Sources\install.wim 3 C:\Win7\Allbit\Sources\install.wim "Windows 7 PROFESSIONAL x64"<br /></span><br /><span style="font-size: x-small;">C:\Win7\ImageX\Imagex.exe /export C:\Win7\64bit\Sources\install.wim 4 C:\Win7\Allbit\Sources\install.wim "Windows 7 ULTIMATE x64"<br /></span><br /><span style="font-size: x-small;">C:\Win7\ImageX\Imagex.exe /export C:\Win7\E86\Sources\install.wim 1 C:\Win7\Allbit\Sources\install.wim "Windows 7 ENTERPRISE"<br /></span><br /><span style="font-size: x-small;">C:\Win7\ImageX\Imagex.exe /export C:\Win7\E64\Sources\install.wim 1 C:\Win7\Allbit\Sources\install.wim "Windows 7 ENTERPRISE x64"</span></div></blockquote>Just leave out any the lines for any versions you don't want to include on your All In One DVD.<br /><br />D) Open C:\Win7\Allbit\sources and delete the following files:<br /><ul><li>ei.cfg</li><li>install_Windows 7 STARTER.clg</li><li>install_Windows 7 HOMEBASIC.clg</li><li>install_Windows 7 HOMEPREMIUM.clg</li><li>install_Windows 7 PROFESSIONAL.clg</li><li>install_Windows 7 ULTIMATE.clg </li></ul>E) If you used DVD media in step B), create an ISO image of Ultimate 32bit and save it to C:\Win7 folder. Call the ISO "Win 7 All-In-One.iso"<br />If you used an ISO image, then create another copy of Ultimate 32bit and save it to C:\Win7 folder. Call the ISO "Win 7 All-In-One.iso" <br /><br />F) Open "Win 7 All-In-One.iso" created in E) above in MagicISO:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a alt="Open Win 7 All-In-One.iso" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/Sv9E4TVS7FI/AAAAAAAAATM/aqwlrKjvQb0/s1600-h/magiciso1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Open Win 7 All-In-One.iso"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/Sv9E4TVS7FI/AAAAAAAAATM/aqwlrKjvQb0/s200/magiciso1.png" /></a></div><br />Delete all files and folders from the image:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a alt="Delete all files and folders" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/Sv9FDXsJ2HI/AAAAAAAAATU/9J4ijI7qa4U/s1600-h/magiciso2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Delete all files and folders"><img border="0" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/Sv9FDXsJ2HI/AAAAAAAAATU/9J4ijI7qa4U/s200/magiciso2.png" /></a></div><br />Add all files and folders from the C:\Win7\Allbit folder:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a alt="Add files and folders" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/Sv9FKf4T4oI/AAAAAAAAATc/C5APdFB6tRg/s1600-h/magiciso3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Add files and folders"><img border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/Sv9FKf4T4oI/AAAAAAAAATc/C5APdFB6tRg/s200/magiciso3.png" /></a></div><br />Observant readers will also notice I've added a Versions.txt and a Comparison.jpg to my ISO image. These list the versions included in the image / DVD and detail the differences between versions respectively.<br /><br />My complete DVD (including both Enterprise versions) weighed in at 3.9 GB. Not bad.<br /><br /><span style="font-size: large;"><b>Test</b></span><br />Save ISO and test in VMware / Virtual PC etc. Burn using your favourite DVD burning program.<br /><br />Ahh - now that's freed up some space in my DVD case!<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/windows-7-all-in-one-32-and-64-bit-dvd/">Windows 7: All in One (32 & 64 bit) DVD - How To</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on November 15, 2009.</p>
https://polarclouds.co.uk/slimbox2-blogger-integration2009-11-09T23:05:00+00:002009-11-09T23:05:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a alt="Slimbox2" href="http://3.bp.blogspot.com/_2xKZgKYJlJs/SvimmRZ73jI/AAAAAAAAAS0/WNmGj98Qzf4/s1600-h/slimbox.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="Slimbox2"><img border="0" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/SvimmRZ73jI/AAAAAAAAAS0/WNmGj98Qzf4/s200/slimbox.PNG" /></a></div>Click on any image in this blog and you will see that it opens in a 'floating dialogue' above the current web page. Perhaps <a href="http://en.wikipedia.org/wiki/Lightbox_%28JavaScript%29" target="_blank">Wikipedia</a> describes it better:<br /><br /><div style="color: #0b5394;"><i>On a Lightbox-enabled page, a user can click an image to have it magnified in a Lightbox window, which resizes itself according to the size of the image using a gliding animation.</i><br /></div><br />This is achieved using a Java script called <a href="http://www.huddletogether.com/projects/lightbox2/" target="_blank">Lightbox</a>, or it's clone (as I've used here) <a href="http://www.digitalia.be/software/slimbox2" target="_blank">Slimbox</a>.<br /><br />So, the question is; how do you incorporate this into a Blogger / Blogspot blog?<br /><br />Unfortunately the answer is not quite so straight forward. The installation process can be broken down into four steps:<br /><br /><span style="font-size: large;"><b>Step 1 - Obtaining The Script</b></span><br />This is the simple bit.<br />Download the Slimbox 2.02 script from <a href="http://www.digitalia.be/software/slimbox2#download" target="_blank">here</a><br />You will also need JQuery 1.3.2 'minified' version from <a href="http://code.google.com/p/jqueryjs/downloads/detail?name=jquery-1.3.2.min.js" target="_blank">here</a><br />Rename this file from <i>jquery-1.3.2.min.js</i> to <i>jquery-1.3.2.js</i><br /><br /><br /><span style="font-size: large;"><b>Step 2 - Modifying Script to work with Blogger Hosted Images</b></span><br />Here is the bit that took me ages to work through and understand. Hover over a couple of the images on this blog and you will notice that most of the images are hosted on http://*.bp.blogger.com/XXX<br /><br />* being any number between 1 and 4<br />/XXX being some random url of letters and numbers<br /><br />Unfortunately Slimbox2.2 script doesn't understand this random jumble of nunbers and letters and hence doesn't load when images hosted on bp.blogger.com are clicked.<br /><br />The workaround is to open slimbox2.js (from the js folder in the downloaded slimbox-2.02.zip) with Wordpad.<br /><br />Add the following to the bottom of the file:<br /><blockquote style="font-family: "Courier New",Courier,monospace;">jQuery(function($) {<br />$("a[href^='http://1.bp.blogspot.com'] > img:first-child[src]").parent().slimbox({}, function(el) {<br />return [el.firstChild.src.replace(/\/s\d+(?:\-c)?\/([^\/]+)$/, "/s512/$1"),<br />(el.title || el.firstChild.alt) + '<br />'];<br />});<br />});<br /></blockquote>Add the above three more times into slimbox2.js, each time incrementing the <span style="font-family: "Courier New",Courier,monospace;">[href^='http://1.bp.blogspot.com']</span>by one, so that you have separate code blocks for 1, 2, 3 and 4 .bp.blogspot.com<br /><br />If anyone knows of a wildcard character to use here, I would be much obliged!<br /><br /><br /><span style="font-size: large;"><b>Step 3 - Hosting The Script</b></span><br />OK, so you have the script.<br />Next problem: Blogger doesn't have the facility to host java scripts.<br /><br />OK, no issue. If you have a blogger account, then you have a google account and through you google account you can create websites using <a href="http://sites.google.com/" target="_blank">sites.google.com</a>. These sites can be used to host java scripts.<br /><br />Create you site and create a page at the top level. Ensure that the page is a 'File Cabinet':<br /><div class="separator" style="clear: both; text-align: center;"><a alt="New Page - File Cabinet" href="http://3.bp.blogspot.com/_2xKZgKYJlJs/Svh7bZIXF7I/AAAAAAAAASc/qyLW3k_zcJY/s1600-h/newpage.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="New Page - File Cabinet"><img border="0" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/Svh7bZIXF7I/AAAAAAAAASc/qyLW3k_zcJY/s200/newpage.PNG" /></a><br /></div>I called my page <i>scripts.</i><br /><br />Select the newly created scripts page and create two more file cabinet pages inside of <i>scripts</i> called <i>css</i> and <i>js.</i><br /><br />Your site map should now look like this:<br /><div class="separator" style="clear: both; text-align: center;"><a alt="Site Map - Page Layout" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/Svh9ktpAVXI/AAAAAAAAASk/eqM3dK8BdDM/s1600-h/sitemap.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Site Map - Page Layout"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/Svh9ktpAVXI/AAAAAAAAASk/eqM3dK8BdDM/s200/sitemap.PNG" /></a><br /></div><div class="separator" style="clear: both; text-align: left;"><br /></div>Open the slimbox-2.02.zip downloaded in step 1 and upload the files<br /><ul><li>closelabel.gif</li><li>loading.gif</li><li>nextlabel.gif</li><li>prevlabel.gif</li><li>slimbox2.css</li></ul>into the <i>css</i> folder.<br />Similarly upload the files:<br /><ul><li>slimbox2.js (the modified from step 2)<br /></li><li>jquery-1.3.2.js</li></ul>to the <i>js</i> folder created above.<br /><br /><br /><span style="font-size: large;"><b>Step 4 - Modify Blog Template </b></span><br />Log onto blogger, select your blog and then select Layout - Edit HTML.<br />Add the following three lines to the section of the target blog:<br /><blockquote style="font-family: "Courier New",Courier,monospace;">< link href='http://sites.google.com/site/XXX/scripts/css/slimbox2.css' media='screen' rel='stylesheet' type='text/css'/ ><br /><br />< script src='http://sites.google.com/site/XXX/scripts/js/jquery-1.3.2.js' type='text/javascript'/ ><br /><br />< script src='http://sites.google.com/site/XXX/scripts/js/slimbox2.js' type='text/javascript'/ > <br /></blockquote>Replace "XXX" with your google sitename.<br /><br />Here's how it looks for me:<br /><div class="separator" style="clear: both; text-align: center;"><a alt="Header Content" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/SviRu3VkYgI/AAAAAAAAASs/kRIJzXe9ETo/s1600-h/layout.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Header Content"><img border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/SviRu3VkYgI/AAAAAAAAASs/kRIJzXe9ETo/s200/layout.PNG" /></a><br /></div><br /><br /><span style="font-size: large;"><b>Testing</b></span><br /><b>.bp.blogspot.com Hosted Images</b><br />Because of the additional lines of code we inserted into slimbox2.js in step 2, you should just be able to click any image hosted .bp.blogspot.com and the slimbox script should launch and show the image.<br /><br /><b>Images Hosted Elsewhere</b><br />When linking to images hosted elsewhere on the web, add <span style="font-family: "Courier New",Courier,monospace;">rel="lightbox"</span> to display image in slimbox.<br /><br />For example:<br /><blockquote style="font-family: "Courier New",Courier,monospace;">href="http://YOURHOST.com/YOUR_IMAGE.jpg" rel="lightbox" title="IMAGE_TITLE" <br /></blockquote><br /><b><span style="font-size: large;">Job Done</span></b><br />So, as I say, not all that straight forward but hey, we've learnt a little about java scripting and how blogger host images!<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/slimbox2-blogger-integration/">Slimbox2 Blogger Integration</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on November 09, 2009.</p>
https://polarclouds.co.uk/ubuntu-910-ch-installation-guide2009-11-02T22:33:00+00:002009-11-02T22:33:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a alt="Ubuntu Logo" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/Su3sKkN2_NI/AAAAAAAAAQk/aayW3CEguDc/s1600-h/UbuntuVertLogo.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="Ubuntu Logo"><img style="border-style: none;" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/Su3sKkN2_NI/AAAAAAAAAQk/aayW3CEguDc/s200/UbuntuVertLogo.png" /></a></div>Regular readers will have noticed that one of the countdown timers on this blog (they are gone now) was to the latest <a href="http://www.ubuntu.com/" target="_blank">Ubuntu</a> release - version 9.10 aka "Karmic Koala".<br /><br />The Ubuntu developer team deliver two releases of Ubuntu per year. One release in April (the <i>year.04</i> release) and one in October (the <i>year.10</i> release). This makes the version released on 27 October version 9.10.<br /><br />As you can probably guess, I'm a bit of a Linux fan. It all started with Ubuntu. <br /><br />If you are a "Linux Virgin" and are completely baffled as to which of the seeming endless Linux distributions is for you then I whole heartedly recommend you start with Ubuntu.<br /><br />I've been using Ubuntu on and off since 2007 and upon installation (on the same laptops each time), each release has had something that has caused me some level of head scratching and some degree of <a href="http://ubuntuforums.org/" target="_blank">Ubuntu forum</a> bashing. Whilst this is fine for someone like me who wants to understand the workings of Linux, this doesn't make it all that suitable for the average user who wants to 'install and go'.<br /><br />For example the 2007 releases had problems with my Wireless cards (mainly my fault), one of the 2008 releases had a problem with sound, last years October release had problems with video - specifically Intel display drivers. <br /><br />However - at the risk of sounding like a gushy Linux convert (I'm not) - there was none of that post installation troubleshooting with Ubuntu version 9.10. This latest version really is the easiest install I've ever done.<br /><br /><b>If you are interested in Linux, I whole heartedly recommend you try Ubuntu 9.10!<br /></b><br /><br />So, here goes with my own personal guide to installing Ubuntu. What makes this different from the other 1001 Ubuntu installation guides out there? Well to be honest, nothing. My motivation here is to:<br /><ol><li>Pull together my installation notes into one place </li><li>Make this available to all on-line. If this helps you too then you are more than welcome! </li></ol>So lets crack on.<br /><br /><span style="font-size: large;">CD Download and Burning</span><br />I'm not going to cover old ground here. Instead here are some links detailing my recommendations. I strongly advise you follow all the steps in this section as it is guaranteed to save you problems later on. <br /><ol><li>Download CD ISO image from <a href="http://www.ubuntu.com/getubuntu/download" target="_blank">here</a>. Whilst there are several versions available (netbook remix etc), I go for the 32bit Ubuntu Desktop version.<br /></li><li>Once the download is complete, verify that the image has not got corrupted on route by checking the md5sum. <a href="https://help.ubuntu.com/community/HowToMD5SUM" target="_blank">This page</a> will help. </li><li>Boot the CD and select "Check CD for Defects". I know this might seem overkill but I seem to make more 'coasters' when burning Ubuntu CD's than when burning almost anything else. </li></ol><span style="font-size: large;">Installation</span><br />So you've got the CD, it's verified a good 'un and your ready to go.<br />OK, here is what I recommend you do next:<br /><ol><li>Connect the PC / Laptop you are installing Ubuntu on to your network using a NETWORK CABLE. The installation will go off and connect to the internet to check for newer software packages during the install, so for ease use a cable.</li><li>Boot the CD and choose "Try Ubuntu without any change to your computer". This way we can verify that Ubuntu runs on our PC / Laptop before we commit to installing it.</li><li>The rest of the install is detailed quite nicely in this video:</li></ol><div style="text-align: center;"><object height="344" width="425"><param name="movie" value="http://www.youtube-nocookie.com/v/_MLKaOKRhBE&hl=en&fs=1&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube-nocookie.com/v/_MLKaOKRhBE&hl=en&fs=1&rel=0" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object><br /></div><br />Notes from the video:<br /><ul><li>Step 4 (Prepare disk space) - I always erase and use entire disk</li><li>Step 5 (Who are you?) - Use first name only in all lower-case in the "What is your name" [the top] box. To my eyes this makes the Ubuntu log on screen look tidier. <br /></li></ul><span style="font-size: large;">Post Installation Add-ons </span><br />So you've got your Ubuntu installed and it's [hopefully] looking good.<br /><br />As you can see, Ubuntu installs lots and lots of software 'off the bat'; Open Office, Firefox, Evolution email, Empathy instant messenger to name just a few.<br /><br />Lets get on with real 'meat and potatoes' of this post, the post installation tasks.<br /><br />Quick Note - Installing packages:<br />Linux applications are sometimes referred to as packages. In my experience, when it comes to Linux software, the two terms are interchangeable.<br /><br />There are three ways to install packages in Ubuntu<b>:</b> <br /><ul><li><b>Command Line:</b> Don't be afraid of the command line - it's really not worth it! Using command line here makes it easier for me to post and for you to cut and paste into a terminal window.</li><li><b>Synaptic Package Manager:</b> (System - Administration - Synaptic Package Manager). A nice GUI tool for installing applications. </li></ul><div class="separator" style="clear: both; text-align: center;"><a alt="Synaptic Package Manager" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/Su8TII6AecI/AAAAAAAAAQ0/47iJppQHT1U/s1600-h/synaptic.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Synaptic Package Manager"><img border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/Su8TII6AecI/AAAAAAAAAQ0/47iJppQHT1U/s200/synaptic.png" /></a><br /></div><ul><li><b>Firefox apt: Links: </b>Where possible I've created links that when clicked from within firefox running on Ubuntu will achieve the same result as running the command line. If you are using the links below and are prompted by Firefox as to which application to launch, select 'apturl' and 'Remember my choice for apt links': <br /></li></ul><div class="separator" style="clear: both; text-align: center;"><a alt="Opening apturls with Firefox" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/Su8OzPMggzI/AAAAAAAAAQs/w36sz70KQS4/s1600-h/apturl.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" title="Opening apturls with Firefox"><img border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/Su8OzPMggzI/AAAAAAAAAQs/w36sz70KQS4/s200/apturl.png" /></a><b> </b><br /></div><br /><b>Updates</b><br />The Ubuntu developer team are releasing updates all the time, so before we do anything else, lets get fully up to date. Open a terminal window (Applications - Accessories - Terminal) and paste in the following command:<br /><blockquote style="font-family: 'Courier New',Courier,monospace;">sudo apt-get update<br /></blockquote>Once you are returned to the $ prompt, run:<br /><blockquote style="font-family: 'Courier New',Courier,monospace;">sudo apt-get upgrade<br /></blockquote>and answer 'Y' to the install question.<br /><br />Now that's done, we can move on to installing some additional applications. <br /><br /><b>Restricted Extras</b><br />Put simply, this is a load of additional software Ubuntu aren't allowed to include in the distribution iso file we downloaded earlier.<br /><br />See <a href="http://packages.ubuntu.com/karmic/ubuntu-restricted-extras" target="_blank">here</a> for details of what's included.<br /><blockquote style="font-family: 'Courier New',Courier,monospace;">sudo apt-get install ubuntu-restricted-extras<br /></blockquote>Or click <a href="apt:ubuntu-restricted-extras">here</a> to install ubuntu-restricted-extras.<br /><br /><b>Clipboard Manager - Parcellite</b><br /><div class="separator" style="clear: both; text-align: center;"><a alt="Parcellite Clipboard Manager" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/Su8eBcs5MII/AAAAAAAAARE/oL2cbKd-5iQ/s1600-h/parcellite.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="Parcellite Clipboard Manager"><img border="0" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/Su8eBcs5MII/AAAAAAAAARE/oL2cbKd-5iQ/s200/parcellite.png" /></a><br /></div>Ubuntu has an annoying habit of clearing the native clipboard if the source window is closed before you complete the paste part of a cut and paste operation.<br /><br />Luckily we can use a replacement clipboard manager to get around this issue. <br /><blockquote style="font-family: 'Courier New',Courier,monospace;">sudo apt-get install parcellite<br /></blockquote>Or click <a href="apt:parcellite">here</a> to install parcellite.<br /><br />Launch from Applications - Accessories - Parcellite<br /><br /><b>Media Player - VLC</b><br /><div class="separator" style="clear: both; text-align: center;"><a alt="VLC Media Player" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/Su8lmmihH1I/AAAAAAAAARM/DZx2ceM2ds0/s1600-h/vlc.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="VLC Media Player"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/Su8lmmihH1I/AAAAAAAAARM/DZx2ceM2ds0/s200/vlc.png" /></a><br /></div>Simply the best open source media player there is. Will play virtually any kind of media you can throw at it. Especially good when it comes to <a href="http://chall32.blogspot.com/2009/10/advert-free-radio.html" target="_blank">Internet Radio</a>.<br /><blockquote style="font-family: 'Courier New',Courier,monospace;">sudo apt-get install vlc<br /></blockquote>Or click <a href="apt:vlc">here</a> to install VLC.<br /><br />Launch from Applications - Sound and Video - VLC Media Player<br /><br /><b>Firewall Control - Uncomplicated Firewall</b><br /><a alt="Uncomplicated Firewall" href="http://3.bp.blogspot.com/_2xKZgKYJlJs/Su8Y9vpzQNI/AAAAAAAAAQ8/p9VL1WebIdw/s1600-h/Firewall.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="Uncomplicated Firewall"><img border="0" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/Su8Y9vpzQNI/AAAAAAAAAQ8/p9VL1WebIdw/s200/Firewall.png" /></a><br />Not strictly needed, but worth having anyway. <br /><br />The simplest Firewall application I've found is the Uncomplicated Firewall GUI. A nice easy to use GUI interface to the very complex Linux firewall.<br /><blockquote style="font-family: 'Courier New',Courier,monospace;">sudo apt-get install gufw<br /></blockquote>Or click <a href="apt:gufw">here</a> to install the Uncomplicated Firewall GUI.<br /><br />Launch from System - Administration - Firewall Configuration.<br /><br /><br /><b>Backup - Back In Time</b><br /><div class="separator" style="clear: both; text-align: center;"><a alt="Back In Time Backup" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/Su8reg7KrQI/AAAAAAAAARU/ytVz2ZAiSF0/s1600-h/Back+In+Time.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="Back In Time Backup"><img border="0" height="142" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/Su8reg7KrQI/AAAAAAAAARU/ytVz2ZAiSF0/s200/Back+In+Time.png" width="200" /></a><br /></div>Backups. We miss them when we don't have them! For simplicity again, I recommend Back In Time.<br /><br />Install or use the following command:<br /><blockquote style="font-family: 'Courier New',Courier,monospace;">sudo apt-get install backintime-gnome<br /></blockquote>Or click <a href="apt:backintime-gnome">here</a> to install Back In Time backup.<br /><br />Launch from Applications - System Tools - Back In Time<br /><br /><b>FireFox Add-ons</b><br /><div class="separator" style="clear: both; text-align: center;"><a alt="Firefox Addons" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/Su8uCqxouDI/AAAAAAAAARc/uIcdaDqoxUU/s1600-h/Add-ons.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="Firefox Addons"><img border="0" height="168" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/Su8uCqxouDI/AAAAAAAAARc/uIcdaDqoxUU/s200/Add-ons.png" width="200" /></a><br /></div>OK, strictly not just for Ubuntu, but here is the list anyway:<br /><br />- <a href="https://addons.mozilla.org/en-US/firefox/addon/1865" target="_blank">Addblock Plus</a> and <a href="http://easylist.adblockplus.org/" target="_blank">Filters</a><br />- <a href="https://addons.mozilla.org/en-US/firefox/addon/3366" target="_blank">British English Dictionary</a><br />- <a href="https://addons.mozilla.org/en-US/firefox/addon/6945" target="_blank">Custom Download Manager</a><br />- <a href="https://addons.mozilla.org/en-US/firefox/addon/13878" target="_blank">Vacuum Places Improved</a> <br />- <a href="https://addons.mozilla.org/en-US/firefox/addon/1803" target="_blank">ProCon Latte Parental Control</a> If the machine is going to be used by the kids.<br /><br />I'm sure the there are more, but that's enough to be getting on with!<br /><br /><b>Star Gazing - Stellarium</b><br /><div class="separator" style="clear: both; text-align: center;"><a alt="Stellarium" href="http://www.stellarium.org/img/screenshots/0.10-constellation-art-on.jpg" imageanchor="1" rel="lightbox" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="Stellarium"><img border="0" height="149" src="http://www.stellarium.org/img/screenshots/0.10-constellation-art-on.jpg" width="200" /></a><br /></div>Ever wondered what that bright star is in the sky? How about trying to spot the Milky Way? Then Stellarium is for you.<br /><br />Install using the following command:<br /><blockquote style="font-family: 'Courier New',Courier,monospace;">sudo apt-get install stellarium<br /></blockquote>Or click <a href="apt:stellarium">here</a> to install Stellarium.<br /><br />Launch from Applications - Science - Stellarium<br /><br /><b>Games</b><br /><div class="separator" style="clear: both; text-align: center;"><a alt="Play Deb Games" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/Su88hBKanlI/AAAAAAAAARk/mIIRbK7eC0o/s1600-h/playdeb.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="Play Deb Games"><img border="0" height="132" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/Su88hBKanlI/AAAAAAAAARk/mIIRbK7eC0o/s200/playdeb.png" width="200" /></a><br /></div><b></b>Highly recommend the <a href="http://www.playdeb.net/welcome/" target="_blank">playdeb website</a><br /><br />Just browse games and install from there. Simple!<br /><br /><br /><br /><br /><br />That's about it.<br /><br />Now it's over to you to start using and customising your install further. The Linux world is you oyster!<br /><br />Other packages to look out for are:<br /><br /><ul><li>Cisco VPN [<a href="http://packages.ubuntu.com/karmic/vpnc" target="_blank">details</a>] - I've had this working, not tried in 9.10 yet.</li><li>FileZilla FTP [<a href="http://filezilla-project.org/" target="_blank">details</a>] - File transfer</li><li>PDFEdit [<a href="http://pdfedit.petricek.net/en/index.html" target="_blank">details</a>] - Edit PDF files</li></ul><br />If you are really stuck, then try <a href="http://ubuntulinuxhelp.com/top-100-of-the-best-useful-opensource-applications/" target="_blank">100 of the best (useful) Opensource Applications</a><br /><br />Looking at the Synaptic package manager as I write this, it has a total of 28,835 packages available for install. That should keep you entertained for a while....<br /> <br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/ubuntu-910-ch-installation-guide/">Ubuntu 9.10 - CH Installation Guide</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on November 02, 2009.</p>
https://polarclouds.co.uk/religion-decide-yours-now2009-11-01T00:01:00+00:002009-11-01T00:01:00+00:00Chris Hallhttps://polarclouds.co.uk
The old religion chestnut cracked once and for all:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://cdn.holytaco.com/www/sites/default/files/images/2009/10/Religion-Flowchart_1.jpg" rel="lightbox" title="Follow the flow!" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="http://cdn.holytaco.com/www/sites/default/files/images/2009/10/Religion-Flowchart_1.jpg" width="416" title="Follow the flow!" alt="Follow the flow!"/></a><br /></div><br />lol. Love the first three questions.<br /><br />Via <a href="http://ffffound.com/" target="_blank">ffffound.com</a><br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/religion-decide-yours-now/">Religion. Decide yours now</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on November 01, 2009.</p>
https://polarclouds.co.uk/happy-halloween2009-10-31T00:01:00+00:002009-10-31T00:01:00+00:00Chris Hallhttps://polarclouds.co.uk
A bit of humor as the weather forecast for trick-o-treating doesn't look up to much.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/StSg5RVlkVI/AAAAAAAAANQ/rViMImFiuy8/s1600-h/Halloween1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/StSg5RVlkVI/AAAAAAAAANQ/rViMImFiuy8/s400/Halloween1.png" /></a><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"> <a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/StShBd5kKfI/AAAAAAAAANY/UCssct4oM2g/s1600-h/Halloween2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/StShBd5kKfI/AAAAAAAAANY/UCssct4oM2g/s400/Halloween2.png" /></a><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/StShGu7INxI/AAAAAAAAANg/FxThPsH3huw/s1600-h/Halloween3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/StShGu7INxI/AAAAAAAAANg/FxThPsH3huw/s400/Halloween3.png" /></a><br /></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/StShNDgMHkI/AAAAAAAAANo/y9XzmmAB26I/s1600-h/Halloween4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/StShNDgMHkI/AAAAAAAAANo/y9XzmmAB26I/s400/Halloween4.png" /></a><br /></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">From <a href="http://www.someecards.com/" target="_blank">someecards</a>.<br /></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">- Chris <br /></div><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/happy-halloween/">Happy Halloween!</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on October 31, 2009.</p>
https://polarclouds.co.uk/windows-7-rc-truecrypt-632009-10-29T21:10:00+00:002009-10-29T21:10:00+00:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/StOYdc_uSNI/AAAAAAAAAM4/S_YEX37ot6Q/s1600/Win7%2BTrueCrypt.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="200" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/StOYdc_uSNI/AAAAAAAAAM4/S_YEX37ot6Q/s200/Win7%2BTrueCrypt.png" width="178" /></a></div><br /><br />Update to my <a href="http://chall32.blogspot.com/2009/10/windows-7-truecrypt-62a.html" target="_blank">Windows 7 and Truecrypt 6.2a</a> post.<br /><br />Truecrypt <a href="http://www.truecrypt.org/downloads" target="_blank">6.3</a> is now available. <br /><br />One slight problem when trying to upgrade:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/Sunxx56MKrI/AAAAAAAAAQE/w-_G_AcbdpQ/s1600-h/tc63err.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/Sunxx56MKrI/AAAAAAAAAQE/w-_G_AcbdpQ/s320/tc63err.png" /></a></div><br />Ho Hum.... This will be because I'm still running the Windows 7 Release Candidate (Build 7100)<br /><br /><span style="font-size: large;">Workaround</span> <br />Install TrueCrypt 6.3 in compatibility mode as follows:<br /><br /><ul><li>Right click the installer, select properties, choose the compatibility tab and select <b>Windows Vista (Service Pack 2)</b>: </li></ul><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/Sun-stLG3eI/AAAAAAAAAQM/kjs7algAsws/s1600-h/tc63compat.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/Sun-stLG3eI/AAAAAAAAAQM/kjs7algAsws/s320/tc63compat.jpg" /></a></div><br /><ul><li>Install as normal (as per the excellent <a href="http://www.informit.com/articles/article.aspx?p=1276279" target="_blank">InformIT article</a>).</li><li>To avoid a repeat of the above annoying message every time you restart, before rebooting after the install, open C:\Program Files\TrueCrypt and repeat the above compatibility tweak for all the executables located in this folder (TrueCrypt Format.exe, TrueCrypt Setup.exe, TrueCrypt.exe).</li><li>Reboot. <br /></li></ul><br />Job done:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/SuoEJe8XXjI/AAAAAAAAAQc/KSBzzuRkltM/s1600-h/tc3-7100.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/SuoEJe8XXjI/AAAAAAAAAQc/KSBzzuRkltM/s320/tc3-7100.png" /></a></div><br />On a side note, the "Evil Maid"attack detailed on <a href="http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html" target="_blank">theinvisiblethings</a> blog looks interesting.<br /><br />I wonder if the same software exists for other full disk encryption software...<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/windows-7-rc-truecrypt-63/">Windows 7 RC & TrueCrypt 6.3</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on October 29, 2009.</p>
https://polarclouds.co.uk/best-astrobash-of-all-known-worlds2009-10-22T21:32:00+01:002009-10-22T21:32:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://www.ashfordastro.org.uk/website/?q=node/50" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Astrobash 2009" border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/SuC6dp2xVqI/AAAAAAAAAP8/_yG1WV4kGQ0/s400/astrobash.JPG" target="_blank" title="Astrobash 2009" /></a><br /></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://www.ashfordastro.org.uk/website/?q=node/50" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img alt="Astrobash 2009" border="0" height="150" src="http://reycenter.org/wp-content/uploads/2008/06/telescope.jpg" target="_blank" title="Astrobash 2009" width="200" /></a></div>Stuck for something to do this weekend? Try Astrobash! <br /><br />Ashford Astronomical Society presents Astrobash. A full afternoon and evening of space, science and fun! It’s Kent’s opportunity to look up into the heavens, and it’s open to all ages!<br /><br />Ashford Astronomical Society is hosting a celebration of Astronomy giving the public a chance to have a look through telescopes at the wonder of the night sky - with friendly guides on hand to explain it all!<br /><br />During the day they plan to use a specially modified 'Solar Telescope' to image the sun on a large projector screen, and they will also be attempting to link up to an earth orbiting satellite and gain a live weather forecast!<br /><br />For younger visitors there is a bouncy castle, a chance to make and fly your own rocket, create your own planet, try your hand at controlling a lunar lander and even meet a Dalek!<br /><br />Astrobash 2009 will run from 2pm until 9pm on October 24th, and will be held at:<br /><br />Woodchurch Community Centre<br />Lower Road<br />Woodchurch<br />Kent<br />TN26 3SQ<br />Click <a href="http://maps.google.co.uk/maps?q=tn26+3sq&oe=utf-8&client=firefox-a&ie=UTF8&split=0&gl=uk&ei=LXydSuuLMdXajQfQiKmgAg&z=16&iwloc=A" target="_blank">here</a> for a Google map<br /><br />Click <a href="http://www.ashfordastro.org.uk/website/" target="_blank">here</a> for Ashford Astronomical Society website<br /><br />Click <a href="http://www.ashfordastro.org.uk/website/files/A4%20astrobash%20poster.pdf" target="_blank">here</a> for an A4 Astrobash poster (pdf)<br /><br />Entry: Adults - £4, Child (5-16) - £2, Under 5’s Free<br />Family Ticket (2 Adults, 3 Children) - £10<br />There is free parking on-site.<br /><br />I'll be there!<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/best-astrobash-of-all-known-worlds/">The best Astrobash of all (known) worlds</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on October 22, 2009.</p>
https://polarclouds.co.uk/if-you-need-laugh-try-this2009-10-22T00:56:00+01:002009-10-22T00:56:00+01:00Chris Hallhttps://polarclouds.co.uk
Very very funny. A must see:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://www.peopleofwalmart.com/" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Click here for peopleofwalmart.com" border="0" src="http://www.peopleofwalmart.com/images/golbal/PeopleofWalmart_logo.png" title="Click here for peopleofwalmart.com" /></a><br /></div>Some say the site makes fun of misfits. And they are right.<br /><br />I'm just enjoying these photos of human beings in all their diverse splendour.<br /><br />oh and the captions are funny too....<br /><br />Here's a <a href="http://www.cnn.com/2009/TECH/09/03/walmart.people/" target="_blank">CNN piece</a> about the site.<br /><br />My favourite:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/St-euaUin0I/AAAAAAAAAP0/UwtbActo3dA/s1600-h/skittles.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/St-euaUin0I/AAAAAAAAAP0/UwtbActo3dA/s400/skittles.png" /></a><br /></div>ROFL<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/if-you-need-laugh-try-this/">If you need a laugh, try this</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on October 22, 2009.</p>
https://polarclouds.co.uk/cisco-discovery-protocol-for-windows2009-10-19T23:40:00+01:002009-10-19T23:40:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://www.flickr.com/photos/kevinkemmerer/3007254818/" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank"><img alt="Where do these go? (photo: fangleman)" border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/StzU3ys3mWI/AAAAAAAAAPQ/gGBUa0bqfII/s200/patch.png" title="Where do these go? (photo: fangleman)" /></a></div><b>UPDATE: </b>Checkout and download my CDP client for Windows over <a href="https://github.com/chall32/WinCDP/blob/master/README.md" target="_blank">on github</a><br /><br /><b> </b>Lets face it. We have all been there; "where does this network cable / uplink / port go?"<br /><br />Until now, it has been a matter of looking up cable numbers in databases, fiddling about in the back of server and network racks or worst case - sending the smallest guy down to play hunchback in the windy air conditioned gloom under the floor.<br /><br />There must be a better way to tell where a network cable goes to without having to go to all that trouble every time...<br /><br />Well there is. It's called Cisco Discovery Protocol (CDP). From <a href="http://en.wikipedia.org/wiki/Cisco_Discovery_Protocol" target="_blank">Wikipedia</a>:<br /><br /><blockquote><i>The Cisco Discovery Protocol (CDP) is a proprietary Data Link Layer network protocol developed by Cisco Systems that is implemented in most Cisco networking equipment and is used to share information about other directly connected Cisco equipment, such as the operating system version and IP address. </i></blockquote><br />In other words, CDP packets will give you a lot of valuable information if you can capture them. They will give you all the details of the Cisco switch your on and the port on that switch you're connected to. Of course as CDP is proprietary, you typically won't find it anywhere else other than on Cisco networking kit.<br /><br />However, VMware knew all about this "trace the cable game" when they where putting together ESX and ESXi v3.5. VMware's solution was to build in support for CDP on all physical network interfaces of the ESX Hypervisor:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/StzZJOmllmI/AAAAAAAAAPY/hvsBTA2eDic/s1600-h/vc-cdp.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/StzZJOmllmI/AAAAAAAAAPY/hvsBTA2eDic/s320/vc-cdp.PNG" /></a></div><div style="text-align: center;"><span style="font-size: x-small;">VMware CDP in action</span></div><br />Well, this was a revelation! For the first time us server techies can check up on the networks techies. Not only could we tell instantly where a network cable was plugged in, we could tell them if it was in the wrong place too! <i>[bwah ha haaa - rubs hands in a maniacal way!]</i><br /><br />Of course this is OK for VMware Hypervisors and Linux based servers / desktops but what about Windows servers / desktops?<br /><br />Capturing CDP is tough in Windows: <a href="http://freshmeat.net/projects/cdpr/" target="_blank">CDPR</a> will do it, as will <a href="http://www.wireshark.org/" target="_blank">Wireshark</a>, but both require <a href="http://www.winpcap.org/" target="_blank">WinPcap</a> to be installed. This isn't really practical as potentially I want to find CDP data without installing any additional software or rebooting the host (WinPcap requires a reboot).<br /><br /><span style="font-size: large;"><b>The Solution - TCPDump</b></span><br />I've found a version of TCPDump for Windows that was built on the WinPCap SDK; this means this little 500k utility can capture CDP packets on a machine without any additional tools. What's more, as it's shipped as single command line .exe file, it's portable meaning it can be run from a USB stick, a batchfile, etc. <br /><br />You can get this updated version of TCPDump from <a href="http://www.microolap.com/products/network/tcpdump/download/" target="_blank">micoOLAP</a><br /><br /><span style="font-size: large;"><b>Using TCPDump</b></span><br />Quite simple, but don't be put off by the plethora of switches.<br /><br />Firstly you need to find the interface number of the network adaptor you are trying to find CDP data for. Use this command:<br /><br /><blockquote style="font-family: "Courier New",Courier,monospace;">tcpdump -D</blockquote><br />This will provide you information similar to this:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/Stzi0l5SwPI/AAAAAAAAAPg/WK9e5dq5cjk/s1600-h/tcpdump-list.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/Stzi0l5SwPI/AAAAAAAAAPg/WK9e5dq5cjk/s320/tcpdump-list.PNG" /></a></div><div class="separator" style="clear: both; text-align: center;"><span style="font-size: x-small;">TCPDump Listing Interfaces</span></div><br />I'm interested in capturing data from my HP NC7782 Gigabit Adaptor; interface 2.<br /><br />So lets run the command and capture some CDP data! Here is the command:<br /><br /><blockquote style="font-family: "Courier New",Courier,monospace;">tcpdump -i 2 -nn -v -s 1500 -c 1 ether[20:2] == 0x2000</blockquote><br />Breaking this down:<br /><ul><li>-i 2 = interface 2</li><li>-nn = not resolving dns or port numbers</li><li>-v = verbose mode</li><li>-s 1500 = snagging up to 1500 bytes of the CDP packet</li><li>-c 1 = capture one packet before exiting </li><li>ether[20:2] == 0x2000 = checking bytes 20 and 21 from the start of the ethernet header for a value of 2000 (hex)</li></ul>Phew! I feel a batch file coming on, because I'm never going to remember all of that!<br /><br />Here is what output looks like:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/Stzl3cNwdiI/AAAAAAAAAPo/0N_zAcoO6x0/s1600-h/tcpdump.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/Stzl3cNwdiI/AAAAAAAAAPo/0N_zAcoO6x0/s320/tcpdump.PNG" /></a></div><div class="separator" style="clear: both; text-align: center;"><span style="font-size: x-small;">CDP Data in Windows!</span></div><br />Excellent.<br /><br />Oh and by the way, tell the apprentice he can come out from under the computer room floor now, we know where these cables go.<br /><br /><b>*** UPDATE: 4 May 2010 ***</b><br />Here is the batch file I use to list adaptors, prompt for adaptor number and then run tcpdump on that adaptor:<br /><blockquote style="font-family: "Courier New",Courier,monospace;"><span style="font-size: x-small;">@echo off</span><br /><span style="font-size: x-small;">tcpdump -D</span><br /><span style="font-size: x-small;">echo.</span><br /><span style="font-size: x-small;">echo.</span><br /><span style="font-size: x-small;">echo.</span><br /><span style="font-size: x-small;">Set /P adaptor=Please Enter Adaptor Number to Listen on: </span><br /><span style="font-size: x-small;">tcpdump -i %adaptor% -nn -v -s 1500 -c 1 ether[20:2] == 0x2000</span><br /><span style="font-size: x-small;">pause</span></blockquote><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/cisco-discovery-protocol-for-windows/">Cisco Discovery Protocol For Windows</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on October 19, 2009.</p>
https://polarclouds.co.uk/new-look2009-10-19T00:42:00+01:002009-10-19T00:42:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/S2oGQrkzg2I/AAAAAAAAAbk/DqfR2fBbUgA/s1600-h/tictac.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/S2oGQrkzg2I/AAAAAAAAAbk/DqfR2fBbUgA/s320/tictac.PNG" /></a></div><br /><br />Well I've been umm-ing and arr-ing about a new blog layout for a while now.<br /><br /><br />So after a bit of searching and some minor tweaking of the new template, here we are! <br /><br /><br /><br />The old <a href="http://www.blogcrowds.com/resources/blogger-templates/21-tic-tac-blue" target="_blank">template and look</a> was getting, well, old. Hope you like the new look and layout....<br /><br />I do!<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/new-look/">New Look!</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on October 19, 2009.</p>
https://polarclouds.co.uk/who-else-wants-to-make-music2009-10-16T22:52:00+01:002009-10-16T22:52:00+01:00Chris Hallhttps://polarclouds.co.uk
<a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/StjkT22N-TI/AAAAAAAAAPA/d75wevhr6-8/s1600-h/inudge.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/StjkT22N-TI/AAAAAAAAAPA/d75wevhr6-8/s200/inudge.png" /></a>You've never tried?<br />You don't know where to start?<br />You can't read music?<br />You don't know your semi-breve from your semi-tone?<br /><br />No problem! If you can use a mouse, you can start making music like a pro, and there's not a crotchet in sight!<br /><br />Let me introduce you to <a href="http://www.inudge.net/" target="_blank">iNudge</a>, the hideously addictive online music making machine. <br /><br />OK it's not quite composing for the London Philharmonic, but I guarantee you'll be addicted anyway.<br /><br />Oh and my first attempt? Well if you must:<br /><br /><object height="400" width="390"><param name="movie" value="http://embed.inudge.net/nudge.swf" /><param name="wmode" value="window" /><param name="FlashVars" value="id=5aiv" /><embed src="http://embed.inudge.net/nudge.swf" flashvars="id=5aiv" type="application/x-shockwave-flash" wmode="window" width="390" height="400"></embed></object><br /><br />I agree, I'm sure you can do better. Just don't stay up all night!<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/who-else-wants-to-make-music/">Who Else Wants To Make Music?</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on October 16, 2009.</p>
https://polarclouds.co.uk/stop-0x050011462009-10-15T17:00:00+01:002009-10-15T17:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/S2nYIUVhveI/AAAAAAAAAa8/4aRsNJl1yUs/s1600-h/bsod.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="148" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/S2nYIUVhveI/AAAAAAAAAa8/4aRsNJl1yUs/s200/bsod.png" width="200" /></a></div><br />No I don't know what STOP 0x05001146 <a href="http://en.wikipedia.org/wiki/Blue_Screen_of_Death" target="_blank">BSOD</a> stop code stands for either.<br /><br />Seen on a HP DL580 G2 when booting from either Windows 2003 or Windows 7 based <a href="http://en.wikipedia.org/wiki/Windows_Preinstallation_Environment" target="_blank">WinPE</a> CD's.<br /><br />Makes a top <a href="http://www.google.co.uk/#hl=en&source=hp&q=STOP+0x05001146&btnG=Google+Search&meta=&aq=f&oq=STOP+0x05001146&fp=38c542da47a26377" target="_blank">googlewhack</a> though!<br /><br />If you're here via Google be sure to say hello and where you're from.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/stop-0x05001146/">STOP 0x05001146</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on October 15, 2009.</p>
https://polarclouds.co.uk/dr-who-official-new-series-logo2009-10-14T08:30:00+01:002009-10-14T08:30:00+01:00Chris Hallhttps://polarclouds.co.uk
The eleventh logo for the eleventh Doctor:<br /><br /><object height="340" width="560"><param name="movie" value="http://www.youtube-nocookie.com/v/3yt9aek4mdw&hl=en&fs=1&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube-nocookie.com/v/3yt9aek4mdw&hl=en&fs=1&rel=0" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="340"></embed></object><br /><br />Looks better than the flying discotheque sign....!<br /><br />Also found this. The show is due to air 2010 on Disney XD in the UK:<br /><br /><object height="340" width="560"><param name="movie" value="http://www.youtube-nocookie.com/v/R4iKUROhv_A&hl=en&fs=1&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube-nocookie.com/v/R4iKUROhv_A&hl=en&fs=1&rel=0" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="340"></embed></object><br /><br />I'm sorry but that doesn't look any good at all. <br /><br />As we all know, K-9 is SUPPOSED to look like this...<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/StT8tEuIzTI/AAAAAAAAANw/eunumy0PS14/s1600-h/K9WHO.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/StT8tEuIzTI/AAAAAAAAANw/eunumy0PS14/s320/K9WHO.JPG" /></a><br /></div><div style="text-align: center;"><span style="font-size: x-small;">Proper K-9</span><br /></div>...not just sound like it!<br /><br />You faithfully stick with the same design for some 30+ years, licence the concept to Disney for a spin off and hey presto K-9 isn't K-9 any more.<br /><br />£*%$!ng Disney.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/dr-who-official-new-series-logo/">Dr Who: Official New Series Logo</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on October 14, 2009.</p>
https://polarclouds.co.uk/word-clock2009-10-13T18:15:00+01:002009-10-13T18:15:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://www.flickr.com/photos/gabyu/2596450048/in/pool-wordclock" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="102" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/StRL5_sCL0I/AAAAAAAAANI/3947dm9oN_4/s200/wordclock.jpg" title="Word Clock. I like it alot! (photo: gabyu)" width="152" /></a></div>A free, small, simple and functional piece of software I love.<br /><br />Word Clock is a typographic screen-saver for Windows and Mac OS X. It displays a fixed list of all numbers and words sufficient to express any possible date and time as a sentence. Word Clock displays time by highlighting appropriate words as each second passes.<br /><br />There are two display modes; linear block of text and rotary which has a nice relationship with traditional analogue clocks.<br /><br />Here is a video of the screen-saver clock running, showing both rotary and linear modes:<br /><br /><object height="239" width="425"><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="movie" value="http://vimeo.com/moogaloop.swf?clip_id=1476011&server=vimeo.com&show_title=0&show_byline=0&show_portrait=0&color=ffffff&fullscreen=1" /><embed src="http://vimeo.com/moogaloop.swf?clip_id=1476011&server=vimeo.com&show_title=0&show_byline=0&show_portrait=0&color=ffffff&fullscreen=1" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" width="425" height="239"></embed></object><br /><br />Word Clock is written by Simon Heys. <br /><br />Head over to Simon's site <a href="http://www.simonheys.com/wordclock/" target="_blank">http://www.simonheys.com/wordclock/</a> and grab yourself a copy now. <br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/word-clock/">Word Clock</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on October 13, 2009.</p>
https://polarclouds.co.uk/windows-7-truecrypt-62a2009-10-12T23:54:00+01:002009-10-12T23:54:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/StOYdc_uSNI/AAAAAAAAAM4/S_YEX37ot6Q/s1600-h/Win7%2BTrueCrypt.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img $r="true" border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/StOYdc_uSNI/AAAAAAAAAM4/S_YEX37ot6Q/s200/Win7%2BTrueCrypt.png" title="Windows 7 and TrueCrypt 6.2a - easy bed fellows once you know how" /></a></div>I like <a href="http://www.microsoft.com/windows/windows-7/" target="_blank">Windows 7</a>. I also like <a href="http://www.truecrypt.org/" target="_blank">TruCrypt</a> full disk encryption on my personal laptop. It may potentially be the last line of defence should my personal laptop fall in the the wrong hands. However getting Windows 7 and TrueCrypt to play together is a bit of a pain.<br /><br />Unknown to almost all users, the Windows 7 installation routine creates a small 100Mb 'hidden' primary partition alongside it's traditional "C:\" partition. The 100Mb partition holds the Windows Recovery Environment (WinRE), system files and bootable files that are essential to boot and repair Windows 7 in the event of a need to recover the OS.<br /><br />What's interesting is that once the partition has been unknowingly created, it is almost impossible to remove it. Long-story-short this is because the 100MB partition does not use the standard sector zoning format.<br /><br />Of course, TrueCrypt 6.2a does not understand this and simply refuses to install.<br /><br /><i>Why not just use <a href="http://en.wikipedia.org/wiki/BitLocker_Drive_Encryption" target="_blank">Windows 7 BitLocker</a>?</i> I hear you say...<br />Simple. My laptop does not have a TPM chip which means I would have to use a USB key to boot my laptop. So every time I switch on my laptop I have to find and plug in a USB key?!!! What a pain in the ar$£! What's wrong with an fashioned boot prompt and a complex password?!? <br /><br />Anyway, luckily enough there is a simple way to stop the creation of the 100Mb partition all together, thus allowing TrueCrypt to install and run without issue. Unfortunately you need to backup your data and start a fresh Windows 7 install: <br /><ul><li>Boot from Windows 7 installation DVD<br /></li><li>Once setup loads, press Shift and F10 at the first setup screen (language, keyboard and locale selection). This will open a Command Prompt window. </li><li>Enter <span style="font-family: "Courier New",Courier,monospace;">diskpart</span> </li><li>Enter the following commands one by one. (comments in brackets)</li><li><span style="font-family: "Courier New",Courier,monospace;">list disk </span>(to show the ID number of the hard disk to partition, normally Disk 0)</li><li><span style="font-family: "Courier New",Courier,monospace;">select disk 0</span> (change 0 to another number if applicable)</li><li><span style="font-family: "Courier New",Courier,monospace;">clean </span>(delete any existing disk partitioning and data)<br /></li><li><span style="font-family: "Courier New",Courier,monospace;">create partition primary size=80000 </span>(create a partition with 80 GB space. To use entire disk as one partition, omit the “size=value” parameter)</li><li style="font-family: "Courier New",Courier,monospace;">select partition 1</li><li style="font-family: "Courier New",Courier,monospace;">active</li><li style="font-family: "Courier New",Courier,monospace;">format fs=ntfs quick</li><li style="font-family: "Courier New",Courier,monospace;">exit</li><li>Type <span style="font-family: "Courier New",Courier,monospace;">exit</span> at command prompt to close Command Prompt window.</li><li>Continue Windows 7 installation as usual. </li><li>At the disk partitioning dialogue, highlight and select the newly created partition</li><li>Once the install completes, run Computer Management: <span style="font-family: "Courier New",Courier,monospace;">compmgmt.msc </span></li><li>Double check that your disk partitioning is as expected (i.e. no hidden disk partitions)<br /></li></ul>Then it's just a case of installing TrueCrypt as usual.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/StOs63PgO8I/AAAAAAAAANA/dU38WpY_jlg/s1600-h/installed.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/StOs63PgO8I/AAAAAAAAANA/dU38WpY_jlg/s320/installed.png" /></a><br /></div><div class="separator" style="clear: both; text-align: center;"> <span style="font-size: x-small;">TrueCrypt 6.2a installed and running on Windows 7<br /></span><br /></div>If you are not sure how to or just curious how TrueCrypt is configured to do full disk encryption, then check out this excellent <a href="http://www.informit.com/articles/article.aspx?p=1276279" target="_blank">InformIT article</a>.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/windows-7-truecrypt-62a/">Windows 7 & TrueCrypt 6.2a</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on October 12, 2009.</p>
https://polarclouds.co.uk/minimalist-fading-google-homepage2009-10-08T19:57:00+01:002009-10-08T19:57:00+01:00Chris Hallhttps://polarclouds.co.uk
<div style="text-align: center;">I know what your thinking, Google's home page is pretty minimalist already. How can it cut down down any further?<br /></div><br />Have a look at this:<br /><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/Ss40MS11KdI/AAAAAAAAAMw/w2Qdrr9dLNM/s1600-h/goog-minimal.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/Ss40MS11KdI/AAAAAAAAAMw/w2Qdrr9dLNM/s320/goog-minimal.PNG" /></a><br /></div><br />Looks pretty minimal to me. How about also a fading effect as shown here:<br /><br /><object height="344" width="425"><param name="movie" value="http://www.youtube.com/v/Yh8rWgrlKb0&hl=en&fs=1&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/Yh8rWgrlKb0&hl=en&fs=1&rel=0" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object><br /><br />Here's how:<br /><br /><ul><li>Open <a href="http://www.google.co.uk/" target="_blank">http://www.google.co.uk</a></li><li>Cut and paste the following code into your address bar:</li></ul><blockquote>javascript:void(document.cookie="PREF=ID=abac7a90f5a3784b:LD=en:NR=10:<br />TM=1254990196:LM=1254990236:S=uB6F4jDnMP_DuxtT;path=/; domain=.google.co.uk");<br /></blockquote><ul><li> Reload google.co.uk and enjoy</li></ul>When Google first loads, you will see only the single logo, text input and two buttons as per my screenshot above. Move your mouse around the page, and the familiar text fades in underneath the search and up top.<br /><br />Simple!<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/minimalist-fading-google-homepage/">Minimalist Fading Google Homepage</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on October 08, 2009.</p>
https://polarclouds.co.uk/vmware-esxi-ssh-sftp-access2009-10-07T00:09:00+01:002009-10-07T00:09:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://www.vmware.com/files_inline/images/products_esx_diagram.gif" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="188" src="http://www.vmware.com/files_inline/images/products_esx_diagram.gif" title="VMware ESX + ESXi - Share your physical resources between your virtual machines! (Image: VMware)" width="200" /></a></div>Understandably, the free hypervisors (or Virtual Infrastructure Nodes - VINs - as we used to call them back in the old days) ESX 3i and 4i from VMWare have some limitations over their paid for brethren.<br /><br />One of them is that access via SSH to the server is not available. SCP is also not possible 'out of the box'.<br /><br />This means that remote console or file transfer to the base Linux install via Secure FTP are not possible.<br /><br />However, SSH and SCP can be enabled with this little hack / trick / workaround:<br /><ol><li>At the console of the ESXi, hit ALT+F1 to view the console window</li><li>Enter the word <b>unsupported</b> and press ENTER (nothing will show on the screen)</li><li>A support warning will show if you typed in correctly.</li><li>Enter root login password</li><li>At the ~# prompt type <b>vi /etc/inetd.conf</b> to edit the configuration file<br /></li><li>Find the line #SSH and remove the # by placing the cursor on the sign, press ESC and press x</li><li>Be sure that complete line moves to the left, so that there's no space before SSH</li><li>Save the file by pressing ESC and :wq!</li><li>Back at the ~# type <b>ps aux |grep inetd</b> make a note of the PID for inetd</li><li><b>kill -HUP PID </b>to restart the inetd process<br /></li><li>Now test if SSH is working with PuTTY (Can be downloaded <a href="http://www.chiark.greenend.org.uk/%7Esgtatham/putty/download.html" target="_blank">here</a>).</li><li>If SSH is still not working, try rebooting the ESXi server</li></ol>Use <a href="http://winscp.net/eng/index.php" target="_blank">WinSCP</a> for SCP.<br /><br />Obviously this is not officially supported by VMware, although the functionality enabled by the above is used for troubleshooting by VMware support.<br /><br />Funny what you miss when it's taken away...!<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/vmware-esxi-ssh-sftp-access/">VMware ESXi SSH & SCP Access</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on October 07, 2009.</p>
https://polarclouds.co.uk/advert-free-radio2009-10-02T21:40:00+01:002009-10-02T21:40:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://farm4.static.flickr.com/3005/2647702042_b845a436c7_b.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="200" src="http://farm4.static.flickr.com/3005/2647702042_b845a436c7_b.jpg" title="Alexandra Palace, North London. Still transmitting DAB Radio today! (Photo: pand0ra23)" width="129" /></a></div>Continuing on in the "I don't like being advertised AT" series [previous posts <a href="http://chall32.blogspot.com/2009/09/annoying-tv-adverts-at-what-cost.html" target="_blank">here</a> and <a href="http://chall32.blogspot.com/2009/09/add-block-plus.html" target="_blank">here</a>]. Quick recap for those catching up; As you may have guessed, I really don't like being advertised at. Yes thats right, AT. <br /><br />So, now lets turn attention to Radio.<br /><br />Event though Radio is the oldest form of broadcast media, it seems in recent years to have become the worst affected of all broadcast media when it comes to advertising annoyance. Is it advertising one-up-man-ship or some obscure advantage to have the most annoying advert there is? Having listened to some of this tripe, I think I know the answer and I think you do too.<br /><br />Additional annoyance comes in the form of one particular commercial radio broadcast conglomerate that seems to have been swallowing up / re-branding all of their stations recently. This particular <a href="http://en.wikipedia.org/wiki/Radio_Data_System" target="_blank">RDS enabled</a> broadcast group like to transmit the same programming across their stations, but different adverts. The idea of RDS - AF (Alternative Frequency) is that it "allows a receiver to re-tune to a different frequency providing the same station when the first signal becomes too weak".<br /><br />This was obviously lost on the oblivious advertising execs of this particular broadcasting group. Why transmit the same adverts at the same time on all transmitters when you can divide up each transmitter individually and sell that airtime individually? Effectively multiplying your advertising income by the number of individual transmitters you have.<br /><br />Sure the commercial (no pun - honest) aspect aspect of this is clear. However how about the poor traveller? Remember around 95% of all RDS enabled radios are in cars / vans / lorries / etc. Certainly around here, the transmitting areas somewhat overlap. So depending on where you are you may get anything up to 20 seconds of one transmitter and then one or two minutes of the other transmitter before switching back to the first.<br /><br />The upshot is as the travelling listener merrily listening to the music (which seems to have been selected purely on the basis of which recording artiste's tour the conglomerate is currently sponsoring), not noticing the RDS-AF swaps. Come advert time, the listener then gets confronted with a hotch-potch of half an advert here and half an advert there, bit of an advert here, bit of an advert there, or if they are truly lucky they may get the same advert twice, one right after the other.<br /><br />Let me assure you this is even more annoying than the annoying adverts in the first place! Anyone travelling on <a href="http://en.wikipedia.org/wiki/Romney_Marsh" target="_blank">Romney Marsh</a> whilst tuned into this conglomerate will know what I mean.<br /><br />So. As is common, vote with your feet time. Lets look at the alternatives.<br /><br />Well, since we are on the subject of travelling, how can you get away from radio adverts on the road. Hmm tough. Just one provider (including <a href="http://en.wikipedia.org/wiki/Digital_Audio_Broadcasting" target="_blank">DAB</a>): <a href="http://www.bbc.co.uk/radio/" target="_blank">BBC Radio</a>.<br /><br />As is usual, the internet is where the real choice is at. Follows is a very quick list of sites providing <b>commercial free</b> radio stations or (as more commonly referred to) audio streams:<br /><br /><table border="0"><tbody><tr align="center"><td><b>Site</b><br /></td> <td><b>Radio Genre</b><br /></td> <td><b>Number Streams</b><br /></td> </tr><tr align="center"> <td><a href="http://www.bbc.co.uk/iplayer/radio/" target="_blank">BBC Radio</a><br /></td> <td>Various<br /></td> <td>12<br /></td> </tr><tr align="center"> <td><a href="http://somafm.com/" target="_blank">SomaFM</a><br /></td> <td>Underground / Alternative<br /></td> <td>18<br /></td> </tr><tr align="center"> <td><a href="http://www.radioparadise.com/" target="_blank">Radio Paradise</a><br /></td> <td>Contemporary<br /></td> <td>1<br /></td> </tr><tr align="center"> <td><a href="http://www.eye97.com/" target="_blank">eye 97</a><br /></td> <td>70s, 80s, 90s, Today<br /></td> <td>1<br /></td> </tr><tr align="center"> <td><a href="http://radiornr.com/" target="_blank">RadioRnR</a><br /></td> <td>Rock<br /></td> <td>1<br /></td> </tr><tr align="center"> <td><a href="http://www.dublab.com/" target="_blank">dublab</a><br /></td> <td>Chilled Dance<br /></td> <td>1<br /></td> </tr><tr align="center"> <td><a href="http://lost80s.com/" target="_blank">Lost 80s</a><br /></td> <td>1980's<br /></td> <td>1<br /></td> </tr><tr align="center"> <td><a href="http://www.allworship.com/" target="_blank">All Worship</a><br /></td> <td>Christian Worship<br /></td> <td>3<br /></td> </tr><tr align="center"> <td><a href="http://www.lounge-radio.com/" target="_blank">Lounge-Radio</a><br /></td> <td>Lounge + Downtempo<br /></td> <td>1<br /></td> </tr><tr align="center"> <td><a href="http://www.netmusique.com/" target="_blank">netmusique</a><br /></td> <td>Electronic / House <br /></td> <td>3<br /></td> </tr></tbody></table><br />To listen to these the streams (other than BBC via their iPlayer) I recommend <a href="http://www.videolan.org/vlc/" target="_blank">VLC</a> Media Player. This freeware media player will play pretty much anything you throw at it. No problems with codecs etc, it's all built in. Excellent.<br /><br />TIP: The easiest way is to listen is to choose any of the above stations, find the listen now link, choose the Quicktime or iTunes link (the link should end in ".pls") and open with VLC. Job done!<br /><br />What's even better, nowadays you don't even need a computer to listen to internet radio. See <a href="http://www.internetradioreceiver.co.uk/category/internet-radio-receiver-review/" target="_blank">here</a> for receiver details and reviews.<br /><br />How about down the gym (shudder) or totally mobile? No problem. SomaFM is working to provide as many customised streams for as many mobile devices as possible. See <a href="http://somafm.com/mobile/" target="_blank">here</a>. You never know, your phone may already capable of receiving SomaFM!<br /><br />So how do these stations exist? Listener support. If you like a station, please consider donating. <br /><br />My personal favourite? SomaFM <a href="http://somafm.com/play/groovesalad" target="_blank">Groove Salad</a> <i>A nicely chilled plate of ambient beats and grooves.</i><br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/advert-free-radio/">Advert Free Radio</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on October 02, 2009.</p>
https://polarclouds.co.uk/looking-for-tv-to-keep-children-quiet2009-09-26T23:17:00+01:002009-09-26T23:17:00+01:00Chris Hallhttps://polarclouds.co.uk
Purely by accident, we've stumbled across a winning TV show for keeping children quiet. I think you'll be surprised as Mrs H and I were.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/Sr6Qd1dckvI/AAAAAAAAAL0/UqW9Zz_756U/s1600-h/how_clean_is_your_house.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/Sr6Qd1dckvI/AAAAAAAAAL0/UqW9Zz_756U/s320/how_clean_is_your_house.jpg" /></a><br /></div><div style="text-align: center;"><span style="font-size: x-small;">Aggie MacKenzie & Kim Woodburn <br /></span><br /></div>Yes that's right, Channel 4's <a href="http://www.channel4.com/4homes/on-tv/how-clean-is-your-house/" target="_blank">How Clean is Your House?</a><br /><br />It's probably not all that surprising when you think about it.<br /><br />The show's hosts Kim and Aggie visit a filthy home, scream a bit, checkout the grease, the grime, the creepy crawlies (a particular favourite with the kids), totter over piles of unstable debris and almost always eventually end up standing around a toilet that looks like it's seen continuous service at the last 20 Glastonbury festivals without a clean in between (yes you guessed it - another children's favourite).<br /><br />Kim and Aggie then proceed to clean the disgusting abode from to to bottom. At some point, Aggie takes swab samples from the filthiest areas of the place and has them analysed in the lab, allowing her to reveal to the residents what bacteria and other nasties lurk within (again children love this stuff as they can see that the germs Mum and Dad told them about are actually for real!)<br /><br />Add this to the simple weekly repeating format and you have a children's winner.<br /><br />There is no bad language, no violence, no sexual content, just 'good clean fun'. What more could you ask for to keep kids quiet?<br /><br />The icing on the cake is that the show is on after the children's bedtime so it has to be Sky+'ed. This then means that on playback we can just skip the <a href="http://chall32.blogspot.com/2009/09/annoying-tv-adverts-at-what-cost.html" target="_blank">televisual rubbish</a> and get back to the show.<br /><br />I encourage readers with children of a school going age to give 'How Clean is Your House' a try. You'll not regret it!<br /><br />If all fails, at least you had thirty minutes away from SpongeBob marathon...<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/looking-for-tv-to-keep-children-quiet/">Looking for TV to keep the Children Quiet?</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on September 26, 2009.</p>
https://polarclouds.co.uk/win7-launch-party2009-09-24T18:00:00+01:002009-09-24T18:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/TE2zwX6aEGI/AAAAAAAAAmU/xF8WsjS6fhE/s1600/windows_7_launch_party-thumb-640xauto-8178.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="112" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/TE2zwX6aEGI/AAAAAAAAAmU/xF8WsjS6fhE/s200/windows_7_launch_party-thumb-640xauto-8178.png" width="200" /></a></div><br /><br /><br />Is this really for real?<br /><br /><br /><br /><br /><br /><br /><object height="295" width="480"><param name="movie" value="http://www.youtube.com/v/1cX4t5-YpHQ&hl=en&fs=1&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/1cX4t5-YpHQ&hl=en&fs=1&rel=0" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="480" height="295"></embed></object><br /><br />When was the last time you watched something that cringe-worthy?<br /><br />My favourite quotes (ohh but there are so many):<br /><br />2:41 - <i>"Ohh you went straight to the activities?!?" </i>- What the.....?<br /><br />3:12 - <i>"I just left computer on and running and let folks mess around with it, right?"</i> - Dunno about you, but NO WAY! As the ISP bill payer, I like having the internet.... and my freedom from incarceration...<br /><br />4:02 - <i>"make something your demonstrating personal to someone at the party"</i> - And here's some long range photos of [guest x] in the shower, taking out the trash, getting in the car etc etc <br /><br />I also like the way the oven clock in the background looses and then gains several hours over the course of the video.<br /><br />The best part is that it is real: <a href="http://houseparty.com/windows7/details" target="_blank">housparty.com</a><br /><br />Jiminy Jillikers - I can't wait to attend one....! (actually no thanks)<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/win7-launch-party/">Win7 Launch Party</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on September 24, 2009.</p>
https://polarclouds.co.uk/add-block-plus2009-09-22T23:46:00+01:002009-09-22T23:46:00+01:00Chris Hallhttps://polarclouds.co.uk
<a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/SrktN7j_bkI/AAAAAAAAAKo/FYUZV-qlT6k/s1600-h/firefox-adblock-plus-addon.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img style="border-style: none;" height="141" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/SrktN7j_bkI/AAAAAAAAAKo/FYUZV-qlT6k/s200/firefox-adblock-plus-addon.png" width="141" /></a>Following on from my post blog <a href="http://chall32.blogspot.com/2009/09/annoying-tv-adverts-at-what-cost.html" target="_blank">post</a> regarding TV advertising. As you may have guessed, I really don't like being advertised at. Yes thats right, AT. <br /><br />Now it's time to turn attention to internet advertising. This is perhaps even more annoying than TV advertising. Mention banners, pop-ups, overlays, etc, and we all know what they are and we all know that we really don't like them that much (is loathe too stronger word here?). <br /><br />Luckily help is at hand in the shape of Adblock Plus (ABP). ABP is a free Firefox add-on that will block pretty much all web advertising. For those adverts that do scrape through, you can right click them and instantly block those too. OK, I admit it, I must be the last person on earth to find out about this excellent Firefox add-on. <b> </b><br /><br /><b>Linkage</b><br />Links to everything you need to be ad free:<b> </b><br /><ul><li>ABP plug-in at <a href="https://addons.mozilla.org/en-US/firefox/addon/1865" target="_blank">addons.mozilla.org</a> </li><li>ABP developer <a href="http://adblockplus.org/en/" target="_blank">website</a> (not needed to install, but worth a visit)<br /></li><li>Rick752's <a href="http://easylist.adblockplus.org/" target="_blank">easylist filters</a> for ABP</li></ul>That's all you need to an advert free internet!<br /><ul></ul><b>Why you need ABP and Filters / Subscriptions</b> <br />From Rick752's ABP <a href="http://easylist.adblockplus.org/adblock_plus_faqs.htm" target="_blank">FAQ page</a>:<br /><blockquote>ABP by itself blocks nothing on its own! ... only 'Subscriptions' or filters do. Adblock Plus is a fabulous piece of work created and maintained by Wladimir Palant ... but it comes as an empty, non-blocking program that is awaiting instructions on what to do. It will not block anything at all if it is not given any instructions.<br /><br />When ABP is installed for the first time, it will ask you if you want to 'subscribe' to a known maintained list of 3rd-party filters. If you select one or have installed one, this now becomes the responsibility of the subscription author and not the ABP author.<br /></blockquote><br />OK, so ABP is the 'framework' and the subscriptions / filters are the lists of files or adverts to block.<br /><br /><b>Installation</b><br />A breeze:<br /><ul><li>Install the Firefox add-on from the mozilla link above</li><li> Choose which default list to install - I chose the top list</li><li> Navigate to Rick752's site (again link above) and choose which filters or subscriptions to install </li></ul>For my set-up, I chose:<br /><ul><li>EasyList - <i>The default list</i><br /></li><li>EasyPrivacy - <i>Paranoid? Me? ;o)</i><br /></li><li>Adult/Dating Blocking - <i>No one likes a smart a*se or any type of a*se popping up</i></li></ul><div class="separator" style="clear: both; text-align: left;"><b>Testing</b><br /></div><div class="separator" style="clear: both; text-align: left;">Now it's installed, lets take this baby out for a spin. Follows are some before and after screenshots. Obviously these won't catch the annoyance of those flash based adverts that ..er.. flash away when you're trying to read something, but I think you'll get my drift when you look at the screenshots.<br /></div><br /><div style="text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/SrlLb-nEQlI/AAAAAAAAALA/_mr6yTjksbA/s1600-h/imdb.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/SrlLb-nEQlI/AAAAAAAAALA/_mr6yTjksbA/s320/imdb.PNG" /></a><br /></div><div class="separator" style="clear: both; text-align: center;"><span style="font-size: x-small;"><a href="http://www.imdb.com/" target="_blank">IMDB</a> with and without adverts</span><br /></div><div class="separator" style="clear: both; text-align: center;"><span style="font-size: x-small;"><br /></span><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/SrlMQrfBWFI/AAAAAAAAALQ/O6VGn6_Km4Y/s1600-h/thereg.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/SrlMQrfBWFI/AAAAAAAAALQ/O6VGn6_Km4Y/s320/thereg.PNG" /></a><br /></div><div style="text-align: center;"><span style="font-size: x-small;">The <a href="http://www.theregister.co.uk/" target="_blank">Reg</a>. That HP advert flashes like a bugger<br /></span><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/SrlNCzxeFPI/AAAAAAAAALY/cFcFRUTlZkc/s1600-h/skynews.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/SrlNCzxeFPI/AAAAAAAAALY/cFcFRUTlZkc/s320/skynews.PNG" /></a><br /></div><div class="separator" style="clear: both; text-align: center;"><span style="font-size: x-small;"><a href="http://news.sky.com/skynews/" target="_blank">Sky News</a>. "I see the news - at last!"</span> <br /></div><br />Also what's not obvious from the screenshots is that because my browser isn't going off to who-only-knows-whichever advertising servers to grab the adverts from, the loading of the pages is significantly faster.<br /><br />Double bonus!<br /><br />So that's:<br />TV advertising - DONE (Sky+)<br />Internet advertising - DONE (ABP)<br /><br />Next time.... Radio.<br /> <br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/add-block-plus/">Ad Block Plus</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on September 22, 2009.</p>
https://polarclouds.co.uk/garmin-nuvi-wont-switch-on2009-09-21T18:20:00+01:002009-09-21T18:20:00+01:00Chris Hallhttps://polarclouds.co.uk
Panic stations everyone! The Sat-Nav is not switching on!!<br /><br />Good job I was at home and only had to find the location of a birthday party my son had been invited to. The combination of google maps and my memory got him to the party... Just.<br /><br />So, what the.... happened to the sat-nav?<br /> <br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/Src85xwxHiI/AAAAAAAAAJw/AHLUKTnaQAI/s1600-h/garmin_nuvi_760.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/Src85xwxHiI/AAAAAAAAAJw/AHLUKTnaQAI/s320/garmin_nuvi_760.jpg" /></a><br /></div><div style="text-align: center;"><span style="font-size: x-small;">The Garmin nuvi 760... when switched on</span>!<br /></div><div style="text-align: left;"><br /></div>Luckily there is a simple enough fix. To get the unit functioning again you have to perform a 'soft reset'. Here's how:<br /><ul><li>Connect the sat-nav to a PC via USB cable</li><li>Push and hold the power on slider to the on position and hold for 10 to 15 seconds</li><li>Release the power on slider</li><li>Try to power sat-nav on as usual. The unit should switch on as normal</li><li>Unplug USB cable and you're good to go</li></ul>Phew!<br /><br />Link to the Garmin knowledge base article <a href="http://iqc.garmin.com/eCustomer/KODSelfService/request.do?session=%7B43eb82f0-a686-11de-7974-000000000000%7D&event=1&view%28%29=c%7Be5628400-b684-11dd-e87e-000000000000%7D&objectId=&eksObjectId=&objectType=Case&isJumpEnabled=false&isContentJumpEnabled=false&vendorKey=&versionId=105&objectScore=96&from=search&categoryIdLvl2=ontheroad&categoryIdLvl3=problems1d518a90-0807-11de-76c5-000000000000&categoryId=nuvi760&categoryFieldLvl2=On%20the%20Road&categoryFieldLvl3=nuvi%20700%20series&categoryField=nuvi%20760&kbname=garmin" target="_blank">here</a><br /><br />As recommended by the Garmin article, I updated my unit to the latest firmware and software versions. As I've just experienced a '<a href="http://www.urbandictionary.com/define.php?term=bricked" target="_blank">bricked</a>' sat-nav, I performed the updates one at a time.<br /><br />The updates I applied and the versions my unit is now running with (for comparison) are as follows:<br /><ul><li> Chipset firmware / software = 4.80</li><li>Traffic receiver firmware = 5.50 (will only display and update when the unit is powered via the car cradle)</li><li>Audio software = 1.60</li><li>GPS software = 2.90m</li></ul>I also updated the British 'Emily' and 'Daniel' text to speech voices in the hope they can better pronounce some of the more obscure place names around sunny Kent. <br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/garmin-nuvi-wont-switch-on/">Garmin Nuvi Won't Switch On</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on September 21, 2009.</p>
https://polarclouds.co.uk/free-0800-calls-without-tying-up2009-09-20T23:07:00+01:002009-09-20T23:07:00+01:00Chris Hallhttps://polarclouds.co.uk
<b>The Problem</b> <br />In these days of increased office mobility, home working and increased office globalisation (also known as <a href="http://en.wikipedia.org/wiki/Offshoring" target="_blank">off-shoring</a>), the common conference call has proved to be a useful and successful collaboration tool.<br /><br />However, when at home where telephone lines are slightly less abundant - typically only one line per home - tying up this single line for up to two hours at a time isn't very practical. Even more so when others in the house are unaware or forget that you are using the telephone and try to make an outgoing call...<br /><br />So, here's what I want:<br /><ul><li>I need to be able to freely (as in 'free will' and in 'free beer') attend an 0800 call at any time for any length of time <br /></li><li> I want to be able to make outgoing calls. I don't care about incoming calls. In fact, I don't want any.</li><li>I'm on a budget here - absolute minimum spend solutions need only apply. </li></ul><b>The Solution - Part 1 - Technology, Provider and Account</b><br />Why not use Voice over IP for the conference calls? That way I can attend conference calls as needed without tying up the home telephone line!<br /><br />I'm sure we have all heard of <a href="http://en.wikipedia.org/wiki/Voice_over_Internet_Protocol" target="_blank">Voice over IP</a> (VoIP), <a href="http://www.skype.com/" target="_blank">skype</a>, <a href="http://www.vonage.co.uk/" target="_blank">Vonage</a> etc.<br /><br />The problem with a majority of these VoIP providers is that you have to to have credit in your account before you make even free (0800) calls. The call may not cost anything thus leaving your credit intact, but you have to have that credit in the account in the first place. Since I only plan to make 0800 calls, how can I get my credit back?<br /><br />The solution? <a href="http://www.sipgate.co.uk/" target="_blank">sipgate</a> <i>[At this point I would like to point out that I am in no way affiliated to sipgate]</i><br /><br /><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/Sracx-QwLOI/AAAAAAAAAJo/1OcsuQqxwHA/s1600-h/sipgate_logo.gif" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/Sracx-QwLOI/AAAAAAAAAJo/1OcsuQqxwHA/s320/sipgate_logo.gif" /></a>Registration is free, you get a free incoming telephone number, there are zero account costs and perhaps more importantly, sipgate allows you to make outgoing 0800 calls without you having to have any credit in your account. Remember with 0800 calls, the receiving end pays for the call. This is how sipgate make their money on 0800 calls.<br /><br /><b>The Solution - Part 2 - Software</b><br />Potentially any VoIP client will work with sipgate, although they do recommend X-Lite free VoIP softphone for Windows. <a href="http://www.counterpath.net/x-lite.html&active=4" target="_blank">This</a> is the version I use.<br /><div style="text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/SraOI50KK1I/AAAAAAAAAJQ/B4MTYwx249M/s1600-h/x-lite.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/SraOI50KK1I/AAAAAAAAAJQ/B4MTYwx249M/s320/x-lite.gif" /></a><br /></div><div style="text-align: center;"><span style="font-size: x-small;">X-Lite free VoIP for Windows</span><br /><div style="text-align: left;"><br /></div><div style="text-align: left;">Configuration of X-Lite is fully documented in this <a href="http://www.sipgate.de/lang/en/to_configure_x.pdf" target="_blank">sipgate pdf file</a><br /></div></div>For Linux, I tend to use what ever is already installed or available in the distribution repositories.<br /><br /><b>The Solution - Part 3 - Hardware</b><br />OK, you've got the free VoIP account and you've installed a free softphone. Next step the hardware.<br /><br />Obviously you are going to need a PC sound card. 99.9% of PC's these days come with sound cards, so zero spend there too.<br /><br />Headset - OK minimum spend time.<br />I need a cheap-as-chips headset that won't break the bank (I really don't care what it looks like or how much of a twat or trolly dolly or whatever I feel when I'm wearing it). As I said earlier, I'm on a budget here. <br /><br />As is usual with this kind of thing, <a href="http://shop.ebay.co.uk/?_from=R40&_trksid=p3907.m38.l1312&_nkw=voip+headset&_sacat=See-All-Categories" target="_blank">ebay</a> to the rescue. I managed to pick up a headset like this for around a fiver including delivery:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/SraVBOqh73I/AAAAAAAAAJY/DZLeNbYmwXs/s1600-h/CH-Phones.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/SraVBOqh73I/AAAAAAAAAJY/DZLeNbYmwXs/s320/CH-Phones.jpg" /></a><br /></div><div style="text-align: center;"><span style="font-size: x-small;">Trust HS-2100 Headset</span><br /></div><br />As all sound cards have 3.5mm jack type input and output sockets, you are looking for a headset that has two (one for headphones and one for microphone) 3.5mm jack plugs like these:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/SraVj81FxhI/AAAAAAAAAJg/AJbNsILDh2I/s1600-h/jack.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/SraVj81FxhI/AAAAAAAAAJg/AJbNsILDh2I/s200/jack.jpg" /></a><br /></div><div style="text-align: center;"><span style="font-size: x-small;">3.5mm Headset Jack Plugs<br /></span><br /></div>That's it!<br /><br />I can make free 0800 calls all day long and not interrupt normal land line use, or be interrupted mid call.<br /><br /><b>Beyond Free and Incoming Calls</b><br />Of course you can use this solution to make 'real' phone calls - calls that cost money. Other than putting some credit in your sipgate account, you are free to go. Its just I haven't yet had either the need or the inclination to put some money in my sipgate account and do so.<br /><br />Incoming calls are a slightly different kettle of fish in so much as you will have to make some changes to your internet firewall / router. This is chiefly because in the case of an outgoing call, the VoIP traffic is initiated from your end. In the case an incoming call, the sipgate servers are initiating traffic back to your X-Lite client. Most home routers will see this traffic as unwanted and block it before it gets to your PC and X-Lite client.<br /><br />The resolution is to open some specific ports of your router / firewall so that the incoming traffic is not blocked. sipgate have a page <a href="http://www.sipgate.co.uk/faq/index.php?do=displayArticle&article=554&id=249" target="_blank">here</a> detailing the ports required. It all looks quite simple, but I do know of others that have had issues getting incoming calls to work. As I said above, I'm not that interested in incoming calls right now.<br /><br />Outgoing calls are just fine thank-you. As for incoming calls, I already have a company mobile phone for that.<br /><br />Happy calling!<br /><br />-Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/free-0800-calls-without-tying-up/">Free 0800 Calls Without Tying Up The Landline</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on September 20, 2009.</p>
https://polarclouds.co.uk/vmware-esx-reminders2009-09-18T12:57:00+01:002009-09-18T12:57:00+01:00Chris Hallhttps://polarclouds.co.uk
Because I can never remember and the pieces of paper floating around in my laptop bag are looking more and more dog-eared...<br /><br /><b>Mounting USB Stick (needs to be formatted FAT / FAT32):</b><br />1. Log onto console first (tty1 preferred - alt F1)<br />2. Plug in USB stick<br />3. You should see a message detailing device inserted<br />4. Look for a device ID assigned by ESX to the USB. For example '/dev/sda'<br />5. Mount USB device: <span style="font-family: "Courier New",Courier,monospace;"></span><span style="font-family: "Courier New",Courier,monospace;">mount -t auto /dev/sda1 /mnt/flash</span><br />6. sda1 being the 1st partition on the USB stick<span style="font-family: "Courier New",Courier,monospace;">: cd /mnt/flash</span> and then <span style="font-family: "Courier New",Courier,monospace;">ls</span><br /><div style="text-align: left;">7. USB contents will be there<br /></div>8. When finished:<span style="font-family: "Courier New",Courier,monospace;"> umount /mnt/flash</span> (remember to change directory away from /mnt/flash first!)<br />9. Pull USB and go<br /><br />Yea I know. Easy when you know how.<b><br /> </b><br /><b>Setting up SNMP on ESX:</b><br />1. Log onto console first (tty1 preferred - alt F1).<br />2. Sudo to root <span style="font-family: "Courier New",Courier,monospace;">su -</span> <span style="font-family: "Courier New",Courier,monospace;"> </span><br />3. Open snmp config file <span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: inherit;"></span>nano /etc/snmp/snmpd.conf</span><br />4. Edit the following:<br /> <br /><div style="text-align: left;"><span style="font-family: "Courier New",Courier,monospace;">syslocation Datacentre x Bay x, Row x, Rack Asset x, Uxx-Uxx</span><br /><span style="font-family: "Courier New",Courier,monospace;">rocommunity [snmp public string]<snmp public="" string=""></snmp></span><br /><span style="font-family: "Courier New",Courier,monospace;">trapcommunity [snmp admin string] <snmp admin="" string=""></snmp></span><br /><span style="font-family: "Courier New",Courier,monospace;">trapsink [ip address of snmp receiving server]<ip address="" of="" receiving="" server="" snmp=""></ip></span><br /></div><div style="text-align: center;"><br /></div><div style="text-align: left;">5. Restart the snmp daemon<span style="font-family: "Courier New",Courier,monospace;"> /etc/init.d/snmpd restart </span><br /></div>6. Open ESX firewall port for snmp <span style="font-family: "Courier New",Courier,monospace;">esxcfg-firewall -e snmpd</span><br />7. Make snmpd service automatic <span style="font-family: "Courier New",Courier,monospace;">chkconfig snmpd on </span><br /><span style="font-family: "Courier New",Courier,monospace;"></span><br />Use <a href="http://www.solarwinds.com/products/freetools/vm_monitor.aspx" target="_blank">this free tool</a> to test.<br /><br />Screenshots:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/SrN0j9uARuI/AAAAAAAAAJA/l4OiBztD0ME/s1600-h/solarwinds1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/SrN0j9uARuI/AAAAAAAAAJA/l4OiBztD0ME/s320/solarwinds1.PNG" /></a><br /></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/SrN0ukSsrfI/AAAAAAAAAJI/IAc4GgHO8EE/s1600-h/solarwinds2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/SrN0ukSsrfI/AAAAAAAAAJI/IAc4GgHO8EE/s320/solarwinds2.PNG" /></a><br /></div><br />Nice!<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/vmware-esx-reminders/">VMware ESX Reminders</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on September 18, 2009.</p>
https://polarclouds.co.uk/annoying-tv-adverts-at-what-cost2009-09-17T23:05:00+01:002009-09-17T23:05:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://www.flickr.com/photos/n-r-t/663397563/" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="I was quite happy until the adverts came on! Pic: nrtphotos" alt="I was quite happy until the adverts came on! Pic: nrtphotos" ><img border="0" height="133" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/S2s00U6i5rI/AAAAAAAAAbs/Mlq-qBsf4jA/s200/smashed.png" width="200" /></a></div><br />OK, you are happily watching your favourite TV programme and it’s time for the adverts.<br /><br />Before you know it, a whole stream of those really annoying adverts come on – again. 10 or 20 or 30 second chunks of segmented television hell.<br /><br /><br />TV adverts simply aren’t the same these days. Think of the classics:<br /><br /><object height="344" width="425"><param name="movie" value="http://www.youtube.com/v/01u8qI_F51E&hl=en&fs=1&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/01u8qI_F51E&hl=en&fs=1&rel=0" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object><br />Leonard Rossiter, Joan Collins - Cinzano Airliner<br /><br /><object height="344" width="425"><param name="movie" value="http://www.youtube.com/v/vug0qZJJDxY&hl=en&fs=1&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/vug0qZJJDxY&hl=en&fs=1&rel=0" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object><br />Hamlet - Golf - £2.50RRP for 5!!!<br /><br />Notice the absence of Gimmicks, wall to wall muzac and voice over in these old ads. All that nonsense replaced with a bit of simple (yet creative) HUMOUR.<br /><br />Oh well, back to the present. Still, I guess Solace can be taken from the fact that someone somewhere is paying for this oh so regular truckload of TV hell. I wonder: <br /><ul><li>How much is paid for that TV advertising slot?</li><li>How much solace can be taken? </li></ul>I’m talking JUST THE AIRTIME here...<br />The power of the internet to the rescue. According to <a href="http://www.thinkbox.tv/server/show/nav.905">Thinkbox</a>:<br /><br /><i>There are various formulae that you need to know when it comes to buying airtime, as well as an understanding of what all the jargon means.</i><br /><i>The equation to calculate cost per thousands is made up of 4 elements: 3 variable measures - money, cpt and ratings and 1 non variable - universe. You will always know the universe of the target audience you are buying, as these are published figures. They do change from month to month though. The network universes do not change much from month to month but the multi-channel universes usually go up a little each month as digital penetration increases. The network universes may change annually as the population profile changes slightly.</i><br /><i>If you know 2 out of the 3 variable measures, you will be able to calculate the fourth.</i><br /><br />First some jargon busting:<br /><ul><li>CPT = Cost Per Thousands. The cost to place a TV advert to advertise to 1000 people. According to <a href="http://www.tvadvertising.co.uk/costs.php?a=2">this site</a> ITV's typical CPT is = £5.69 </li><li>TVRs = Television Ratings. A TVR is defined as the percentage of a particular audience that has seen a commercial break. Therefore, 10 adult TVRs means 10% of all adults saw the commercial break.</li><li>Universe = a population estimate for a particular audience category. For example, the network universe for ABC1 Women is the total estimated population of ABC1 Women living within television households in the UK. All UK adults with televisions = 48 million.</li></ul><br /> The Equation is:<br /><div style="text-align: center;"> <b>Cost to advertise = TVRs x CPT x universe / 100,000</b></div><br />Example time.<br /><br />Firstly, what’s my market penetration going to be?<br />Well, these annoying adverts seem to go around and around ad-nauseum. Let’s make sure that all 48m UK adults see my advert at the most 5 times each. So my TVR is going to be 500 (500% or 5 times the audience)<br /><br /><div style="text-align: center;"><b>500 x 5.69 x 48,000,000 / 100,000 = £1,365,600 </b></div><br /><span style="font-size: large;"><b>1.4 million quid.</b></span> Nice. <br /><br />Still won’t make me watch the adverts.<br /><br />Where’s the Sky+ remote to fast forward past these buggers... what else is on...?<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/annoying-tv-adverts-at-what-cost/">Annoying TV Adverts - At What Cost?</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on September 17, 2009.</p>
https://polarclouds.co.uk/just-seen-nigel-in-virgin-25-advert2009-09-09T21:45:00+01:002009-09-09T21:45:00+01:00Chris Hallhttps://polarclouds.co.uk
<div style="font-family: Arial,Helvetica,sans-serif;">England - Croatia ITV1 half time adverts.<br /> </div><div style="font-family: Arial,Helvetica,sans-serif;"></div><div style="font-family: Arial,Helvetica,sans-serif;">Virgin 25 advert popped on. You know the one:<br /> </div><div style="font-family: Arial,Helvetica,sans-serif;"></div><div style="font-family: Arial,Helvetica,sans-serif;"><object height="340" width="560"><param name="movie" value="http://www.youtube.com/v/KS_6HHQ7jOA&hl=en&fs=1&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/KS_6HHQ7jOA&hl=en&fs=1&rel=0" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="480" height="295"></embed></object></div><div style="font-family: Arial,Helvetica,sans-serif;"></div><div style="font-family: Arial,Helvetica,sans-serif;"><br />Admittedly this game is the first bit of "proper TV" I've seen in weeks [sorry Mrs H but 'EastEnders', 'location location location', 'how clean is your house' and other such programmes really really don't count]. So I don't know it this was a special one off re-run, or if the adverts are back on again...</div><div style="font-family: Arial,Helvetica,sans-serif;"> </div><div style="font-family: Arial,Helvetica,sans-serif;">Anyway, it reminded me that I hadn't publicly posted the same thought that pops into my mind every time I watch the advert (yea other than the obvious).</div><div style="font-family: Arial,Helvetica,sans-serif;"> </div><div style="font-family: Arial,Helvetica,sans-serif;">Are these two one and the same person?<br /> </div><div style="font-family: Arial,Helvetica,sans-serif;"></div><div class="separator" style="clear: both; font-family: Arial,Helvetica,sans-serif; text-align: center;"><a href="http://i713.photobucket.com/albums/ww133/chall321/NigelInVirginAdvert.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="235" src="http://i713.photobucket.com/albums/ww133/chall321/NigelInVirginAdvert.png" width="420" /></a></div><div style="font-family: Arial,Helvetica,sans-serif; text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/SqgO4MItJVI/AAAAAAAAAI4/x-EMPYbZPqQ/s1600-h/nigel.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/SqgO4MItJVI/AAAAAAAAAI4/x-EMPYbZPqQ/s200/nigel.PNG" /></a></div><div style="font-family: Arial,Helvetica,sans-serif; text-align: center;"><span style="font-size: x-small;">Slightly older guy from Virgin 25 Advert?</span><br /><br /><div style="text-align: left;">OK, due to the current financial climate, we are all forced to economise and take advantage of 'revenue generating opportunities' as and when they come up, (heck I've even started this blog - google ads are on the right) but appearing in an airline advert - wow, that takes some topping. </div><div style="text-align: left;"> </div><div style="text-align: left;">Well done mate and have a good time at Wembley. England 5 - 1 up as I type this.</div><div style="text-align: left;"> </div><div style="text-align: left;">- Chris</div></div><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/just-seen-nigel-in-virgin-25-advert/">Just seen Nigel in Virgin 25 Advert (again)</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on September 09, 2009.</p>
https://polarclouds.co.uk/missing-cat2009-09-06T21:59:00+01:002009-09-06T21:59:00+01:00Chris Hallhttps://polarclouds.co.uk
<h1></h1><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/SqQjoFYDFuI/AAAAAAAAAIw/q9u5dwX_Bgs/s1600-h/2808815696_a9babac814_b.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/SqQjoFYDFuI/AAAAAAAAAIw/q9u5dwX_Bgs/s320/2808815696_a9babac814_b.jpg" /></a></div><br /><div id="e.e8" style="font-family: Arial,Helvetica,sans-serif; text-align: center;"></div><div style="font-family: Arial,Helvetica,sans-serif;">Awesome indeed.....</div><div style="font-family: Arial,Helvetica,sans-serif;"> </div><div style="font-family: Arial,Helvetica,sans-serif;">- Chris</div><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/missing-cat/">Missing Cat</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on September 06, 2009.</p>
https://polarclouds.co.uk/toilet-twitter2009-09-04T09:00:00+01:002009-09-04T09:00:00+01:00Chris Hallhttps://polarclouds.co.uk
<div style="font-family: Arial,Helvetica,sans-serif;">In this age of social-networking, video-sharing, wikis, blogs, mashups, etc, it's always refreshing to see these technological advances being put to good use.<br /><br />Welcome to the twitter-enabled toilet (aka the twitter-sh*tter).</div><div class="separator" style="clear: both; font-family: Arial,Helvetica,sans-serif; text-align: center;"><a href="http://aculei.net/%7Eshardy/hacklabtoilet/toilet.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="http://aculei.net/%7Eshardy/hacklabtoilet/toilet.jpg" width="150" /></a></div><div style="font-family: Arial,Helvetica,sans-serif;">What a great use of web 2.0!<br /> </div><div style="font-family: Arial,Helvetica,sans-serif;"></div><div style="font-family: Arial,Helvetica,sans-serif;">Full details at <a href="http://aculei.net/%7Eshardy/hacklabtoilet/"target="_blank">hacklab.TOilet</a> </div><div style="font-family: Arial,Helvetica,sans-serif;"></div><div style="font-family: Arial,Helvetica,sans-serif;"> <br />Excellent. So many puns, so little time... Feel free to stick yours in the comments.<br /> </div><div style="font-family: Arial,Helvetica,sans-serif;"></div><div style="font-family: Arial,Helvetica,sans-serif;">- Chris</div><div style="font-family: Arial,Helvetica,sans-serif;"></div><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/toilet-twitter/">Toilet Twitter</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on September 04, 2009.</p>
https://polarclouds.co.uk/remote-desktop-grid-corruption2009-09-03T19:24:00+01:002009-09-03T19:24:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; font-family: Arial,Helvetica,sans-serif; text-align: left;">Recently when using MS Remote Desktop (aka RDP) I've started to notice this kind of screen corruption: </div><div class="separator" style="clear: both; font-family: Arial,Helvetica,sans-serif; text-align: left;"></div><div class="separator" style="clear: both; font-family: Arial,Helvetica,sans-serif; text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/SqAFiaOwNrI/AAAAAAAAAIY/DX5c78lm54A/s1600-h/Corruption.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/SqAFiaOwNrI/AAAAAAAAAIY/DX5c78lm54A/s320/Corruption.PNG" /></a></div><div style="font-family: Arial,Helvetica,sans-serif;"></div><div style="font-family: Arial,Helvetica,sans-serif;">Weird grid lines, "noise" type artefacts and general randomness. </div><div style="font-family: Arial,Helvetica,sans-serif;"></div><div style="font-family: Arial,Helvetica,sans-serif;">Specifically, I'm using RDP Client v5.1 (Win XP SP2) to connect to a server running MS RDP v5.2 (Win 2003 SP2).<br /><br />A quick look around has revealed that the recently released and installed MS Security Patch <a href="http://www.microsoft.com/technet/security/bulletin/MS09-044.mspx"target="_blank">MS09-044</a> has caused this problem. At this point I don't know if it's caused by the server or the client patch. Chalk another one up to quality testing... or not.</div><div style="font-family: Arial,Helvetica,sans-serif;"><br /><b>Resolution</b><br />In typical MS style, the fix is to install the latest RDP client. (lol you didn't expect yet another patch did you?). The latest version is Windows XP RDP Client v6.1 - 1.6Mb - Download from <a href="http://www.microsoft.com/Downloads/details.aspx?familyid=6E1EC93D-BDBD-4983-92F7-479E088570AD&displaylang=en"target="_blank">here</a> <br /><br />However, there doesn't appear to be a v6.1 client for Server 2003. The latest version available is v6.0. For many users and admins this is not an issue, but for those using Terminal Services on a Windows Server 2008 it raises a few issues when using some of the more advanced features of 2008 remote desktop.</div><div style="font-family: Arial,Helvetica,sans-serif;"><br />See <a href="http://blogs.msdn.com/rds/archive/2008/06/25/remote-desktop-connection-terminal-services-client-6-1-for-windows-xp-sp2-x86-platforms.aspx"target="_blank">here</a> for detail about v6.1, and it's new features over v6.0 Also notice the loads of comments re v6.1 not being avaialble for Win 2003...<br /><br /><b>Fix: </b>No problem. Download the above and install it on 2003 Server in compatibility mode:</div><ul style="font-family: Arial,Helvetica,sans-serif;"><li>Right-Click the installer</li><li>Select Properties</li><li>Check the "Enable Compatibility box"</li><li>Select "Windows XP"</li><li>Apply and Close </li></ul><div style="font-family: Arial,Helvetica,sans-serif;">Run the installer – follow the prompts and complete the installation<b>.</b><br /><br /><b>Bleedin-edge </b></div><div style="font-family: Arial,Helvetica,sans-serif;">If you want to be on the bleeding edge RDP wise, then you can always use the RDP client from Windows 7. This has the advantage of being able to use all the very latest bells and whistles when connecting to Windows 7 / Windows 2008 servers.<br /><br />See <a href="http://www.neowin.net/news/main/09/03/16/windows-7-rdp-changes-improve-virtual-desktop-performance"target="_blank">here</a> for details of the latest features and screenshots.<br /><br />Getting the Win7 client running on XP is a doodle. Simply copy the following files from Windows 7 Release Candidate [Not got my hands on a RTM yet] to a folder on XP:</div><ul style="font-family: Arial,Helvetica,sans-serif;"><li>mstsc.exe</li><li>mstsc.exe.mui</li><li>mstscax.dll</li><li>mstscax.dll.mui</li></ul><span style="font-family: Arial,Helvetica,sans-serif;">Works fine for me:</span><br /><div style="font-family: Arial,Helvetica,sans-serif;"></div><div class="separator" style="clear: both; font-family: Arial,Helvetica,sans-serif; text-align: center;"></div><div style="font-family: Arial,Helvetica,sans-serif;"><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/SqAKGlPWXLI/AAAAAAAAAIo/sF8NikMp2cA/s1600-h/Win7RDP-XP.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/SqAKGlPWXLI/AAAAAAAAAIo/sF8NikMp2cA/s320/Win7RDP-XP.PNG" /></a></div><br />Also seems a bit quicker!<br /><br />- Chris </div><div style="font-family: Arial,Helvetica,sans-serif;"></div><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/remote-desktop-grid-corruption/">Remote Desktop Grid Corruption</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on September 03, 2009.</p>
https://polarclouds.co.uk/handwriting-fonts2009-08-31T18:52:00+01:002009-08-31T18:52:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://www.flickr.com/photos/hadaway/210607333/" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img title="Handwriting. Pic: xetark" alt="Handwriting. Pic: xetark" border="0" height="200" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/TE9JMVteKTI/AAAAAAAAAm4/PFpHaQQPQ7M/s200/handwriting.jpg" width="150" /></a></div>Just found this website <a href="http://www.fontcapture.com/" target="_blank">http://www.fontcapture.com/</a><br /><br />The purpose of the site is to turn your handwriting into a Windows true type font. It's quite clever in fact and incredibly easy to do. All you need is a printer and a scanner. Best of all it's free!<br /><br />Just follow the wizard on the site.<br /><br /><br />Introducing then:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/SpwJ7RxCM-I/AAAAAAAAAHQ/s8seKt7VdXM/s1600-h/Chris.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/SpwJ7RxCM-I/AAAAAAAAAHQ/s8seKt7VdXM/s320/Chris.PNG" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/SpwJ_eSLHTI/AAAAAAAAAHY/Q4TulgH5r2M/s1600-h/Andrea.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/SpwJ_eSLHTI/AAAAAAAAAHY/Q4TulgH5r2M/s320/Andrea.PNG" /></a></div>As usual, I'm more interested in the potential for mucking about coupled with the time saving (read laziness) aspect of this. Take the following examples:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_2xKZgKYJlJs/SpwKOhm1liI/AAAAAAAAAHg/r1mmJ6siNbM/s1600-h/Autograph.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/SpwKOhm1liI/AAAAAAAAAHg/r1mmJ6siNbM/s320/Autograph.PNG" /></a> </div><div class="separator" style="clear: both; text-align: center;">My autograph. Just print and go baby yeah!</div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/SpwLuG85C1I/AAAAAAAAAH4/HHv9CwwX5UY/s1600-h/School+Note.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="291" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/SpwLuG85C1I/AAAAAAAAAH4/HHv9CwwX5UY/s320/School+Note.PNG" width="296" /></a></div><div style="text-align: center;">Sick note. Just fill in the gaps. Handy...</div><div style="text-align: center;"></div><div style="text-align: center;">Finally, my personal favourite:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/SpwORA04P8I/AAAAAAAAAIQ/hrpjGDvf9AY/s1600-h/Shopping+List.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="393" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/SpwORA04P8I/AAAAAAAAAIQ/hrpjGDvf9AY/s320/Shopping+List.PNG" width="265" /></a></div></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: left;"> Oh it's the simple things in life... </div><div style="text-align: left;"><br />lol</div><div style="text-align: left;"></div><div style="text-align: left;">- Chris </div><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/handwriting-fonts/">Handwriting Fonts</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on August 31, 2009.</p>
https://polarclouds.co.uk/early-christmas-present2009-08-27T21:35:00+01:002009-08-27T21:35:00+01:00Chris Hallhttps://polarclouds.co.uk
Just found out about this. What an excellent piece of kit. I want one.<br /><div style="text-align: center;"><a href="http://farm3.static.flickr.com/2537/3830336293_5fdc1fa128.jpg" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" src="http://farm3.static.flickr.com/2537/3830336293_5fdc1fa128.jpg" style="cursor: pointer; display: block; height: 319px; margin: 0px auto 10px; text-align: center; width: 424px;" /></a> <span style="font-size: 85%;">TV-B-Gone Kit</span></div><span style="font-weight: bold;">What is it?</span><br />Put simply this little gizmo will switch off pretty much any TV anywhere, anyplace - even through glass!<br /><br />Think about it.<br /><br />How many TV's are there out there? What are they all being used for? Take a walk down your average highstreet. To name just a few, TV's used:<br /><ul><li>in the supermarket - telling you about 2p off a tin of beans</li><li>in the mobile phoneshop - the latest phones all free with pay through the nose contracts</li><li>in the travel agents - that flight to Malaga is just too good to miss</li><li>in the electrical stores - well ok, you get the point</li></ul>There are even TV's in fast food places... Is there no escape?!?! Not even for five minutes?!?<br /><br />Wouldn't it be good if you could switch them off?<br /><br />Also think of the comedy element. This youtube video covers it nicely. It's in French, but you get the drift.<br /><br /><object height="344" width="425"><param name="movie" value="http://www.youtube.com/v/FNin9r1YCEU&hl=en&fs=1&"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/FNin9r1YCEU&hl=en&fs=1&" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object><br /><br />Excellent.<br /><br />I want one. Oh please.<br /><br /><span style="font-weight: bold;">Further reading:</span><br /><ul><li>Home website and ready made unit - <a href="http://www.tvbgone.com/">here</a></li><li>DIY kit info - <a href="http://www.ladyada.net/make/tvbgone/">here</a></li><li>DIY kit forum - <a href="http://forums.ladyada.net/viewforum.php?f=23&sid=14ad1d677c85123050df39e16d7c26b1">here</a><br /></li><li>DIY kit retail - <a href="http://www.adafruit.com/index.php?main_page=product_info&cPath=20&products_id=73">here</a></li></ul>- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/early-christmas-present/">Early Christmas Present</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on August 27, 2009.</p>
https://polarclouds.co.uk/vpn-around-your-isp2009-08-25T21:30:00+01:002009-08-25T21:30:00+01:00Chris Hallhttps://polarclouds.co.uk
I know I downloaded that 25Mb file a couple of hours ago, but I've no idea where I saved it. Oh well, I'll download it again. I've got broadband, it's all good :o)<br /><br />Hmmm. Same file, same download location... Now it's only downloading at half the speed. What the.....?<br /><br /><span style="font-weight: bold;">ISP Traffic Shaping</span><br />Say hello to Internet Service Provider (ISP) traffic shaping - or "Prioritisation" as some ISP's like to call it. The idea is - in a nutshell - that as an ISP's network gets busier the ISP avoids total network slow downs / hold ups / congestion /etc to all users by prioritising certain types of traffic at certain times of the day. This prioritisation typically takes the form of allowing time sensitive "legitimate" Internet traffic - such as Voice Over IP (VOIP - aka Internet telephone calls) gaming traffic, video streaming traffic (YouTube / BBC iPlayer etc etc) have priority over download traffic.<br />For further reading, see <a href="http://en.wikipedia.org/wiki/Traffic_shaping">here</a> for a very full explanation.<br /><br /><span style="font-weight: bold;">"Does my ISP employ traffic shaping?"</span><br />- Probably. See <a href="http://www.azureuswiki.com/index.php/Bad_ISPs">this list</a> of ISPs that traffic shape. I'm sure that this is by no means a complete list, but it is a good starter for ten.<br /><br /><span style="font-weight: bold;">"I see your ISP is listed Chris!"<br /></span> - Yes I know. Plusnet were one of the first to start traffic shaping their customers. What's even more confusing is that Plusnet have turned this into a money making scheme. Plusnet will vary your traffic restrictions depending on which Plusnet service offering you are on.<br /><br />Here's the shaping according to my Plusnet Service Offering:<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/SpRDcq9ss2I/AAAAAAAAAGA/o8SDUa02rus/s1600-h/PNShaping.PNG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 195px;" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/SpRDcq9ss2I/AAAAAAAAAGA/o8SDUa02rus/s320/PNShaping.PNG" alt="" id="BLOGGER_PHOTO_ID_5373994415208313698" border="0" /></a>This was taken from the excellent <a href="http://www.kitz.co.uk/isp/plusnet_shaping.htm">Kitz forum</a><br />Here is Plusnet's own <a href="http://www.plus.net/support/broadband/quality_broadband/speed.shtml">explanation</a> - For some reason I find Kitz's explanation better - I think the colours help a lot.<br /><br /><span style="font-weight: bold;">"Right, got it. Now What?"</span> - Virtual Private Networking (VPN).<br />As used by many, many Companies / Institutions / Individuals to route private network traffic over a public network - the Internet. Now, as so many users these days are home / remote / mobile workers, all used to accessing their company networks as Local Area Network (LAN) speeds (100Mb upwards) and the plethora of ISPs these days, any ISP would be crazy to lower the priority of the VPN traffic they carry - especially to those customers who are paying good money for their Internet connection.<br /><br />For example, did you notice that only the cheaper Plusnet service offerings throttle VPN traffic (remember I said that Plusnet had turned this into a money making scheme?)<br /><br /><span style="font-weight: bold;">"As VPN traffic is not throttled by the ISP, is there a way that I can create a VPN connection and still download that file?"</span><br />- Sure. You can VPN in the normal way to your Work's network and download the file that way. Ah. Hang on. My employer has a code of conduct regarding 'proper use' of company assets. Oh okay. No problem.<br /><br /><span style="font-weight: bold;">Its Hidden.com </span><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_2xKZgKYJlJs/SpRENnp-nrI/AAAAAAAAAGI/ATD5ujnKlCU/s1600-h/itshidden.PNG"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 265px; height: 71px;" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/SpRENnp-nrI/AAAAAAAAAGI/ATD5ujnKlCU/s320/itshidden.PNG" alt="" id="BLOGGER_PHOTO_ID_5373995256133885618" border="0" /></a>No, I haven't just bumped into <a href="http://www.lordlucan.com/">Lord Lucan</a> in Tescos. Far from it.<br /><a href="http://www.itshidden.com/">www.itshidden.com</a> is a free service that allows you to create a VPN connection to a server farm in Amsterdam. Using this VPN connection, I can browse the internet, download files etc all without having to put up with my ISP's traffic prioritisation. Whats more is that if I'm using Windows XP or above, I don't need to download any software to use this service.<br /><ul><li>Windows users <a href="http://itshidden.com/Support/VPNXP.html">how to</a></li><li>Linux users <a href="http://ubuntu-chronicles.blogspot.com/2009/07/jaunty-vpn-itshiddencom.html">how to</a></li></ul><span style="font-weight: bold;">Testing</span><br />OK, on to the proof of the pudding - the eating.<br />I decided to test using a download of the latest <a href="http://partedmagic.com/">partedmagic</a> CD - v4.4. This 95Mb download is a available as a download via sourceforge.net or via a bittorrent download.<br /><br /><span style="font-weight: bold;">Download Site</span><br />As sourceforge.net use the University of Kent Mirror site, and that site is listed as a download site on Plusnet's site, I should only expect to see around 1Mb (100kb/s) download speed when not using itshidden VPN.<br /><div style="text-align: center;"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/SpREY8Q-A6I/AAAAAAAAAGQ/29YDe36E664/s1600-h/DLWithoutHidden.PNG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 241px;" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/SpREY8Q-A6I/AAAAAAAAAGQ/29YDe36E664/s320/DLWithoutHidden.PNG" alt="" id="BLOGGER_PHOTO_ID_5373995450644693922" border="0" /></a><span style="font-size:85%;">Download without ItsHidden VPN - 120Kb/sec<br /><br /></span><div style="text-align: left;"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/SpRExcwBHNI/AAAAAAAAAGY/TJioEtqQBac/s1600-h/DLWithHidden.PNG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 240px;" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/SpRExcwBHNI/AAAAAAAAAGY/TJioEtqQBac/s320/DLWithHidden.PNG" alt="" id="BLOGGER_PHOTO_ID_5373995871681715410" border="0" /></a></div></div><div style="text-align: center;"><span style="font-size:85%;">Download with ItsHidden VPN - 119Kb/sec</span></div><br />Hmm No real difference there then.<br /><br /><span style="font-weight: bold;">BitTorrent</span><br />What is Bittorrent? Put simply its a peer-to-peer protocol commonly used for file transfers. See <a href="http://en.wikipedia.org/wiki/BitTorrent_%28protocol%29">here</a> for a full explanation.<br /><br /><div style="text-align: center;"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/SpRFWVKehnI/AAAAAAAAAGg/ITyZmd7cwyE/s1600-h/WithoutHidden.PNG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 240px;" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/SpRFWVKehnI/AAAAAAAAAGg/ITyZmd7cwyE/s320/WithoutHidden.PNG" alt="" id="BLOGGER_PHOTO_ID_5373996505300371058" border="0" /></a><span style="font-size:85%;">Bittorrent without itsHidden - 18.3Kb/sec - ouch!</span><br /></div><br /><div style="text-align: center;"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_2xKZgKYJlJs/SpRF9I_ob0I/AAAAAAAAAGo/NCbbBfH1NRE/s1600-h/WithHidden.PNG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 240px;" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/SpRF9I_ob0I/AAAAAAAAAGo/NCbbBfH1NRE/s320/WithHidden.PNG" alt="" id="BLOGGER_PHOTO_ID_5373997172048555842" border="0" /></a><span style="font-size:85%;">Bittorrent without itsHidden - 106Kb/sec!<br /></span></div><br /><span style="font-weight: bold;">Conclusion<span style="font-weight: bold;"><br /><span style="font-weight: bold;"></span></span></span>So, what have we learnt here?<br /><br />Well, it looks like we have a winner for bittorrent downloads.<br />For ordinary downloads, there is no real difference.<br /><br />Of corse, this is a very subjective test and <a href="http://www.urbandictionary.com/define.php?term=YMMV">YMMV</a><br /><br />I need to spend some more time testing. Especially with Windows rather than Linux. I'm not saying that there is any problem or difference, it's just easier as windows is my 'first language' to fully understand what's what.<br /><br />Given the ease of setup, the fact that no additional software is required and especially the price, what have you got to loose?<br /><br />Certainly 'worth a spin'.<br /><br />- Chris<br /><span style="font-weight: bold;"><span style="font-weight: bold;"><br /></span></span><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/vpn-around-your-isp/">VPN Around Your ISP?</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on August 25, 2009.</p>
https://polarclouds.co.uk/s-off2009-08-10T20:03:00+01:002009-08-10T20:03:00+01:00Chris Hallhttps://polarclouds.co.uk
<div><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_2xKZgKYJlJs/TE9LDUbgOfI/AAAAAAAAAnA/EF-lhFpfkzI/s1600/tenner.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img title="£'s off! Pic: *Melody*" alt="£'s off! Pic: *Melody*" border="0" height="133" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/TE9LDUbgOfI/AAAAAAAAAnA/EF-lhFpfkzI/s200/tenner.jpg" width="200" /></a></div><span class="Apple-style-span" style="font-family: arial;">Just received a letter from a holiday company we have dealt with before offering us "£££££'s off on visits to local attractions." Obviously the company is trying to drum up some additional trade in these times of crunch.</span></div><div><span class="Apple-style-span" style="font-family: arial;"><br /></span></div><div><span class="Apple-style-span" style="font-family: arial;">Hmmm. So, if one "£" is one UK pound sterling, does if follow that "££" is ten UK pounds sterling?</span></div><div><span class="Apple-style-span" style="font-family: arial,serif;">Taken to the logical conclusion, does that mean that the company can save us ten thousand UK pounds sterling?</span></div><div><span class="Apple-style-span" style="font-family: arial;"><br /></span></div><div><span class="Apple-style-span" style="font-family: arial;">Sod the attractions, I'll take the cash equivalent thank-you.</span></div><div><span class="Apple-style-span" style="font-family: arial;"><br /></span></div><div><span class="Apple-style-span" style="font-family: arial;">And - whats all this starting sentances with "and"? </span></div><div><span class="Apple-style-span" style="font-family: arial;">We were never allowed to get away with that in our day.</span></div><div><span class="Apple-style-span" style="font-family: arial;"><br /></span></div><div><span class="Apple-style-span" style="font-family: arial;">Am I getting old? Don't bother, I know the answer.</span></div><div><span class="Apple-style-span" style="font-family: arial,serif;"><br /></span></div><div><span class="Apple-style-span" style="font-family: arial;">- Chris</span></div><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/s-off/">£££££'s off</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on August 10, 2009.</p>
https://polarclouds.co.uk/3mb-barrier-smashed2009-07-19T12:30:00+01:002009-07-19T12:30:00+01:00Chris Hallhttps://polarclouds.co.uk
<span style="font-family:arial;">Following on from my </span><a style="font-family: arial;" href="http://chall32.blogspot.com/2009/05/cheapest-way-to-faster-broadband.html">Cheapest way to faster broadband?!?</a><span style="font-family:arial;"> post in May...</span><br /><br /><span style="font-family:arial;">Things seemed a bit r-r-rapido this morning, so a quick look around settings / speedtest.net:</span><br /><span style="font-size:85%;"><br /></span><div style="text-align: center;font-family:arial;"><span style="font-size:85%;"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/SmMBRRD3doI/AAAAAAAAAFo/gr4Yxnp5cYc/s1600-h/stats.PNG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 214px;" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/SmMBRRD3doI/AAAAAAAAAFo/gr4Yxnp5cYc/s320/stats.PNG" alt="" id="BLOGGER_PHOTO_ID_5360129377650046594" border="0" /></a></span><span style="font-size:85%;">3776?!?! What the.....?<br /><br /></span></div><span style="font-size:85%;"><br /></span><div style="text-align: center;font-family:arial;"><span style="font-size:85%;"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_2xKZgKYJlJs/SmMBlzQmqjI/AAAAAAAAAFw/y02w2iOoyoA/s1600-h/pn3mb.PNG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 174px;" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/SmMBlzQmqjI/AAAAAAAAAFw/y02w2iOoyoA/s320/pn3mb.PNG" alt="" id="BLOGGER_PHOTO_ID_5360129730427660850" border="0" /></a></span><span style="font-size:85%;">PN seems to agree!<br /><br /></span></div><span style="font-size:85%;"><br /></span><div style="text-align: center;font-family:arial;"><span style="font-size:85%;"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.speedtest.net/result/520612076.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 300px; height: 135px;" src="http://www.speedtest.net/result/520612076.png" alt="" border="0" /></a></span><span style="font-size:85%;">2.78Mb/s - not bad<br /><br /></span></div><span style="font-size:85%;"><br /></span><div style="text-align: center;font-family:arial;"><span style="font-size:85%;"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_2xKZgKYJlJs/SmMC5_kmxZI/AAAAAAAAAF4/wK2EtCMJx2I/s1600-h/dl.PNG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 266px;" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/SmMC5_kmxZI/AAAAAAAAAF4/wK2EtCMJx2I/s320/dl.PNG" alt="" id="BLOGGER_PHOTO_ID_5360131176841790866" border="0" /></a></span><span style="font-size:85%;">335kB/Sec - Corr blimey Guv'nor!</span><br /><br /><br /></div><span style="font-family:arial;">I've seen the BT Openreach vans buzzing around recently. No idea what they have been up to, but they can keep it up!</span><br /><br /><span style="font-family:arial;">- Chris</span><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/3mb-barrier-smashed/">3Mb Barrier Smashed!</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on July 19, 2009.</p>
https://polarclouds.co.uk/ashford-lightning2009-07-17T13:04:00+01:002009-07-17T13:04:00+01:00Chris Hallhttps://polarclouds.co.uk
<span style="font-family:arial;">Taken with my own fair hand during last night's storm over Ashford:</span><br /><br /><br /><a style="font-family: arial;" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/SmBnSkzbPDI/AAAAAAAAAFA/90BKu_F3Pmk/s1600-h/Thunderstorm+035.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 240px;" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/SmBnSkzbPDI/AAAAAAAAAFA/90BKu_F3Pmk/s320/Thunderstorm+035.jpg" alt="" id="BLOGGER_PHOTO_ID_5359397125385567282" border="0" /></a><br /><a style="font-family: arial;" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/SmBncNpJaBI/AAAAAAAAAFI/B1rbxYIQb0k/s1600-h/Thunderstorm+010.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 240px;" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/SmBncNpJaBI/AAAAAAAAAFI/B1rbxYIQb0k/s320/Thunderstorm+010.jpg" alt="" id="BLOGGER_PHOTO_ID_5359397290967132178" border="0" /></a><span style="text-decoration: underline;font-family:arial;" ><br /></span><a style="font-family: arial;" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_2xKZgKYJlJs/SmBni1CxUsI/AAAAAAAAAFQ/RKKGSgyXf00/s1600-h/Thunderstorm+006.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 240px;" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/SmBni1CxUsI/AAAAAAAAAFQ/RKKGSgyXf00/s320/Thunderstorm+006.jpg" alt="" id="BLOGGER_PHOTO_ID_5359397404622803650" border="0" /></a><br /><a style="font-family: arial;" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/SmBnvN9CmuI/AAAAAAAAAFY/E-iOyGRSoho/s1600-h/Thunderstorm+018.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 240px;" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/SmBnvN9CmuI/AAAAAAAAAFY/E-iOyGRSoho/s320/Thunderstorm+018.jpg" alt="" id="BLOGGER_PHOTO_ID_5359397617468087010" border="0" /></a><br /><span style="font-family:arial;">OK, Lets get one thing straight off the bat here -</span><br /><br /><ol style="font-family: arial;"><li>My first attempt</li><li>I'm no <a href="http://en.wikipedia.org/wiki/David_Bailey_%28photographer%29">David Bailey</a></li><li>I'm using a camera that's probably not up to the job - <a href="http://www.steves-digicams.com/2003_reviews/a60.html">Ca</a><a href="http://www.steves-digicams.com/2003_reviews/a60.html">non A60</a></li><li>By the time I had worked out how to take lightning shots and then worked out how to setup my camera, the storm was pretty much over</li><li>These four represent about 10% of the total pictures taken</li></ol><br /><span style="font-family:arial;">But ho-hum I'm dead chuffed!</span><br /><br /><span style="font-family:arial;">- Chris</span><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/ashford-lightning/">Ashford Lightning</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on July 17, 2009.</p>
https://polarclouds.co.uk/vmware-esx-35-update-to-build-number2009-07-15T11:21:00+01:002009-07-15T11:21:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: left;"><a alt="ESX" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/S2nbCYgLaZI/AAAAAAAAAbE/zLBnyYDAdKs/s1600-h/esx.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="ESX"><img border="0" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/S2nbCYgLaZI/AAAAAAAAAbE/zLBnyYDAdKs/s320/esx.png" /></a></div><br /><br />Simple bit of info, often hard to find:<br /><br /><br />ESX 3.5.0 Update 1 = Build 64607<br />ESX 3.5.0 Update 2 = Build 110268<br />ESX 3.5.0 Update 3 = Build 123630<br />ESX 3.5.0 Update 4 = Build 153875<br />ESX 3.5.0 Update 5 = Build 207095<br />ESX 3.5.0 June 2011 Rollup = Build 391406<br /><br />An easy way to find build numbers without logging into the VI Client is to run:<br /><blockquote style="font-family: "Courier New",Courier,monospace;">vmware -v</blockquote><br />See <a href="http://chall32.blogspot.com/2010/01/vmware-esx-4-update-to-build-number.html" target="_blank">here</a> for VMware ESX 4.0 Update to Build Number.<br /><br />- Chris<div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/vmware-esx-35-update-to-build-number/">VMware ESX 3.5 Update to Build Number</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on July 15, 2009.</p>
https://polarclouds.co.uk/free-foot-rugby-tennis-balls2009-07-06T22:40:00+01:002009-07-06T22:40:00+01:00Chris Hallhttps://polarclouds.co.uk
<a style="font-family: arial;" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/SlJuU1WK8AI/AAAAAAAAAE4/VdJtiijVv04/s1600-h/mars.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 104px;" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/SlJuU1WK8AI/AAAAAAAAAE4/VdJtiijVv04/s320/mars.png" alt="" id="BLOGGER_PHOTO_ID_5355464211093450754" border="0" /></a><span style="font-family: arial;">This summer Mars is giving away 100,000 balls at </span><a style="font-family: arial;" href="http://www.marsballsgetbritainplaying.com/">this promotional website</a><br /><br /><span style="font-family: arial;">All you need to do is enter a promotional code into the site and click "CHECK CODE". You instantly know if you have won or lost.</span><br /><br /><span style="font-family: arial;">What is not widely known is that no purchase is necessary to have a go at winning a ball. Using the "No purchase necessary" link on the site, Mars will email you a code to have a try.</span><br /><br /><span style="font-family: arial;">Couple this with a quick disposable email address from </span><a style="font-family: arial;" href="http://www.mailinator.com/">Mailinator</a><span style="font-family: arial;"> (my personal favourite) and you are off and running. Mars say that you can only try one email code per 24 hours.</span><span style="font-family: arial;"><br /><br />However, given the ease that you can set up an email address on the Mailinator site (basically just use </span><absolutely style="font-family: arial;" anything="" you="" like="">[anything you like]@mailinator.com), I'll let you work the rest out for yourselves.<br /><br />My ball should be turning up soon.<br /><br />- Chris<br /></absolutely><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/free-foot-rugby-tennis-balls/">Free Foot / Rugby / Tennis Balls</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on July 06, 2009.</p>
https://polarclouds.co.uk/mobile-broadband-unlocked-to-any2009-07-06T17:30:00+01:002009-07-06T17:30:00+01:00Chris Hallhttps://polarclouds.co.uk
<span style="font-family:arial;">How about a mobile phone internet dongle that works with </span><span style="font-weight: bold;font-family:arial;" >any</span><span style="font-family:arial;"> mobile phone provider? (Obviously an internet enabled SIM would be required)</span><br /><br /><span style="font-family:arial;">How about free mobile internet access on that dongle? Access internet / work / home / whatever anywhere?</span><br /><br /><span style="font-family:arial;">How?? Here's how:</span><br /><br /><span style="font-weight: bold;font-family:arial;" >Requirements:</span><br /><ul style="font-family: arial;"><li>The Dongle - goto <a href="http://www.3dongle4free.co.uk/">http://www.3dongle4free.co.uk/</a> These usually cost £29.99, but using this website you only need to pay for postage and packing of the dongle - £4.95</li><li>The unlocking software - <a href="http://rapidshare.com/files/235523732/ZTE2.rar.html">RapidShare </a><br /></li><li>Network Connection Manager Software (optional) - <a href="http://www.thedvdforums.com/forums/showpost.php?p=8634625&postcount=240">DVD Forums </a><br /></li><li>The free Internet access (optional) - O2 iphone SIM with free internet and WIFI - <a href="http://shop.ebay.co.uk/items/?_nkw=o2+iphone+sim+free+internet&_sacat=0&_trksid=p3286.m270.l1313&_odkw=o2+iphone+sim&_osacat=0">ebay</a> OR - your existing mobile SIM<br /></li></ul><br /><span style="font-weight: bold;font-family:arial;" >The Dongle</span>:<br /><a style="font-family: arial;" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/SlIdlAkXmNI/AAAAAAAAAEI/oSNMEi_SAzA/s1600-h/zte.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 143px; height: 290px;" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/SlIdlAkXmNI/AAAAAAAAAEI/oSNMEi_SAzA/s320/zte.png" alt="" id="BLOGGER_PHOTO_ID_5355375428541847762" border="0" /></a><span style="font-family:arial;">A nice little unit. Has a slot for a mobile SIM card plus a MicroSD slot for data storage. The LED (just above the eyelet in the above picture) kind of shows what the dongle is up to:</span><br /><ul style="font-family: arial;"><li>Green - acting as USB storage</li><li>Red - no drivers loaded</li><li>Blue - connected to network</li></ul><span style="font-family:arial;">Disco!</span><br /><br /><span style="font-family:arial;">It also has a retaining plastic "string" so that the cap won't get lost (handy). All in all not bad for £4.95.</span><br /><br /><span style="font-weight: bold;font-family:arial;" >The Unlocking</span>:<br /><span style="font-family:arial;">The major appeal to me of this unit is that it can, with the correct software, be unlocked so it will work with any mobile phone network. Here is how to unlock the dongle. (Some of this next piece is taken from the pdf included in the RapidShare download - most is from the unlocking of my dongle).</span><br /><br /><span style="font-family:arial;"><span style="font-weight: bold;">Use a PC running Windows XP</span>. Vista (and possibly Win 7) can cause the unlocker tool to fail</span>.<br /><ol style="font-family: arial;"><li>Extract the RapidShare download.</li><li>Make sure there is no SIM card inserted into the dongle.</li><li>Plug the dongle into a port directly attached to the system board of your PC / Laptop - so no extender cables etc etc</li><li>The driver auto run install process should start resulting in an installshield application ato starting.</li><li>If the auto run software on the dongle doesn't start the install process, open "My Computer". You should notice you have an additional CD-ROM drive listed. Double click the autorun.exe.</li><li>Install the software (don't worry we are not keeping this) so that the dongle drivers also get installed.</li><li>Finish the installer. Open device manager. You should now have a "ZTE Proprietary USB Modem" installed as shown below:<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/SlIdaG0MMtI/AAAAAAAAAEA/9_zLjR_5C5E/s1600-h/Device.PNG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 226px;" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/SlIdaG0MMtI/AAAAAAAAAEA/9_zLjR_5C5E/s320/Device.PNG" alt="" id="BLOGGER_PHOTO_ID_5355375241240261330" border="0" /></a></li><li>From the folder where you extracted the RaidShare download, run FlashUpdate.exe. You should be greeted with the following dialogue:<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/SlIdxzeE01I/AAAAAAAAAEQ/inDwz7AK3YE/s1600-h/Flash_Ready.PNG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 174px;" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/SlIdxzeE01I/AAAAAAAAAEQ/inDwz7AK3YE/s320/Flash_Ready.PNG" alt="" id="BLOGGER_PHOTO_ID_5355375648364090194" border="0" /></a></li><li>Once the flash software detects the dongle, the "DOWNLOAD" button will appear.</li><li>Click "DOWNLOAD" to start the flash process. Usual flashing procedures apply. DON'T turn PC off mid process, DON'T interrupt the flash mid process, JUST LEAVE IT ALONE!</li><li>My dongle took 26 minutes to complete. Once complete you are greeted with the following dialogue:<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/SlId9mnK7sI/AAAAAAAAAEY/YocJmLQ6bqc/s1600-h/Sucess.PNG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 317px; height: 126px;" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/SlId9mnK7sI/AAAAAAAAAEY/YocJmLQ6bqc/s320/Sucess.PNG" alt="" id="BLOGGER_PHOTO_ID_5355375851071008450" border="0" /></a></li></ol><br /><span style="font-weight: bold;font-family:arial;" >Network Connection Manager (aka dash)</span>:<br /><span style="font-family:arial;">Now that we can use the dongle with any network (depending on our SIM), lets install the software that will make it easy for us to use the dongle with our preferred network provider!</span><br /><br /><span style="font-family:arial;">We have a choice here. We can either go for the 3 branded software as provided by the DVD forums link above, or go for the generic Globe Connection manager provided as part of the dongle flash download from RapidShare.</span><br /><br /><span style="font-family:arial;">I opted to go for the connection manager software from the RapidShare download. I'm not planning to use the 3 network anytime as I'm planning to use either an iPhone O2 SIM or a Vodafone SIM. Also, I'm not into branding.</span><br /><ol style="font-family: arial;"><li>Uninstall the 3 branded connection manager software installed in step 6 above. Once complete, unplug the dongle</li><li>Install either the updated 3 branded software from the DVD Forums link or insert the dongle and repeat steps 4 to 7 above using the updated software flashed onto the dongle</li><li>Once complete (either software) replace the NetConfig.ini with the one provided on the DVD Forums. This file contains the connection details for each UK mobile phone provider</li></ol><span style="font-weight: bold;font-family:arial;" >Testing</span>:<br /><span style="font-family:arial;">The Globe Connection Manager:</span><br /><a style="font-family: arial;" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/SlIelsU3K9I/AAAAAAAAAEg/4iKJZzp2xuY/s1600-h/Globe.PNG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 244px;" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/SlIelsU3K9I/AAAAAAAAAEg/4iKJZzp2xuY/s320/Globe.PNG" alt="" id="BLOGGER_PHOTO_ID_5355376539799595986" border="0" /></a><span style="font-family:arial;">As stated earlier, I wanted get away from the 3 branded software and stick with something generic. Works for me!</span><br /><br /><span style="font-family:arial;">Currently I'm testing with the 3 SIM provided with the dongle. Connection looks good:</span><br /><a style="font-family: arial;" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/SlIhCTv6qEI/AAAAAAAAAEo/U4hw3oDm5Q4/s1600-h/speed.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 240px;" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/SlIhCTv6qEI/AAAAAAAAAEo/U4hw3oDm5Q4/s320/speed.png" alt="" id="BLOGGER_PHOTO_ID_5355379230441646146" border="0" /></a><br /><span style="font-family:arial;">OK, we are not talking about blistering high speed setting the world on fire broadband internet access here. This is reflected in the speed test results:</span><br /><a style="font-family: arial;" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/SlIhfwj6DbI/AAAAAAAAAEw/K3hsn8SF4iY/s1600-h/thinkbb.PNG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 314px;" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/SlIhfwj6DbI/AAAAAAAAAEw/K3hsn8SF4iY/s320/thinkbb.PNG" alt="" id="BLOGGER_PHOTO_ID_5355379736392109490" border="0" /></a><span style="font-family:arial;">As the 3 coverage can best be described as "dire" in my neighbourhood, I'm hoping this may improve when I pick up my O2 SIM tomorrow.</span><br /><br /><span style="font-family:arial;">More about this tomorrow.</span><br /><br /><span style="font-weight: bold;font-family:arial;" >Kudos</span><span style="font-family:arial;"> </span><span style="font-weight: bold;font-family:arial;" >to Tim! AGAIN!!</span><br /><span style="font-family:arial;">As usual, Thanks should go once again to Tim who spotted this and put me (and others!) on to it. Another quality find!</span><br /><span style="font-family:arial;"><br />Cheers Tim!</span><br /><br /><span style="font-family:arial;">- Chris</span><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/mobile-broadband-unlocked-to-any/">Mobile Broadband Unlocked to Any Network + Free Internet Access</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on July 06, 2009.</p>
https://polarclouds.co.uk/chriscontrol-is-not-dead-its-just2009-07-05T15:05:00+01:002009-07-05T15:05:00+01:00Chris Hallhttps://polarclouds.co.uk
<a href="http://www.chall.plus.com/winpe/chriscontrol/chriscontrol.jpg"><img style="FLOAT: left; MARGIN: 0px 10px 10px 0px; WIDTH: 306px; CURSOR: hand; HEIGHT: 465px" alt="" src="http://www.chall.plus.com/winpe/chriscontrol/chriscontrol.jpg" border="0" /></a><br /><br /><span style="font-family:arial;">A long time ago in a galaxy [you know the rest], I created a small program that allowed you to connect to a remote Windows based PC or server and remotely administer it. </span><br /><p><span style="font-family:Arial;"></span></p><p><span style="font-family:Arial;">From my original blurb at the time of release:</span></p><br /><br /><br /><span style="font-family:Arial;"></span><br /><span style="font-family:Arial;"></span><br /><span style="font-family:Arial;"></span><br /><span style="font-family:Arial;"></span><br /><br /><p><em><span style="font-family:arial;"><span class="blsp-spelling-error" id="SPELLING_ERROR_0">ChrisControl</span> works by scanning the remote system to see if either <span class="blsp-spelling-error" id="SPELLING_ERROR_1">RDP</span> (Remote Desktop Protocol aka Terminal Services) or <span class="blsp-spelling-error" id="SPELLING_ERROR_2">VNC</span> (Virtual Network Computing) servers are installed and running.</span> </em></p><ul><li><span style="font-family:arial;"><em>If <span class="blsp-spelling-error" id="SPELLING_ERROR_3">RDP</span> is found then the <span class="blsp-spelling-error" id="SPELLING_ERROR_4">ChrisControl</span> connects to the remote system via <span class="blsp-spelling-error" id="SPELLING_ERROR_5">RDP</span> client</em></span></li> <li><span style="font-family:arial;"><em>If <span class="blsp-spelling-error" id="SPELLING_ERROR_6">VNC</span> is found then the <span class="blsp-spelling-error" id="SPELLING_ERROR_7">ChrisControl</span> connects to the remote system via <span class="blsp-spelling-error" id="SPELLING_ERROR_8">VNC</span> client</em></span></li> <li><span style="font-family:arial;"><em>If neither are found then (here is the clever bit!) <span class="blsp-spelling-error" id="SPELLING_ERROR_9">ChrisControl</span> will prompt the user to remotely install <span class="blsp-spelling-error" id="SPELLING_ERROR_10">VNC</span> Server onto the remote system. </em></span></li></ul><p><span style="font-family:arial;"><em><span class="blsp-spelling-error" id="SPELLING_ERROR_11">ChrisControl</span> will then install <span class="blsp-spelling-error" id="SPELLING_ERROR_12">VNC</span> server, start and connect to the remote system via <span class="blsp-spelling-error" id="SPELLING_ERROR_13">VNC</span>. <span class="blsp-spelling-error" id="SPELLING_ERROR_14">ChrisControl</span> has two further <span class="blsp-spelling-error" id="SPELLING_ERROR_15">tickbox</span> options:</em></span></p><ul><li><span style="font-family:arial;"><em>The option of <span class="blsp-spelling-error" id="SPELLING_ERROR_16">un-installing</span> <span class="blsp-spelling-error" id="SPELLING_ERROR_17">VNC</span> server when <span class="blsp-spelling-corrected" id="SPELLING_ERROR_18">finished</span></em></span></li><li><span style="font-family:arial;"><em>The option of connecting to the console session of the remote system (only supported by Windows 2003 and <span class="blsp-spelling-error" id="SPELLING_ERROR_19">XP</span>)</em></span></li></ul><p><span style="font-family:arial;"><em>Whats more is that <span class="blsp-spelling-error" id="SPELLING_ERROR_20">ChrisControl</span> ships as one convenient file - no other files are required!</em></span></p><p><span style="font-family:Arial;">As with most of my batch files / visual basic scripts / <a href="http://www.autoitscript.com/autoit3/"><span class="blsp-spelling-error" id="SPELLING_ERROR_21">autoit</span></a> programs (such as <span class="blsp-spelling-error" id="SPELLING_ERROR_22">ChrisControl</span>), I write them to help <strong><span style="color:#3366ff;">me</span></strong> out. I'm writing something to make my life simpler (<span class="blsp-spelling-error" id="SPELLING_ERROR_23">coz</span> I'm lazy? Yep almost certainly). If they help others out then, sure, I'm over the moon that I can help someone else out. </span></p><p><span style="font-family:Arial;">Boy did I under-estimate this little bit of CH time saving software.. It's <span class="blsp-spelling-corrected" id="SPELLING_ERROR_24">popularity</span> has just grown and grown and grown.. It's all over the place!!!</span></p><p><span style="font-family:Arial;">I had occasion to look on <span class="blsp-spelling-error" id="SPELLING_ERROR_25">pendrive</span> apps the other day - it's <a href="http://www.pendriveapps.com/portable-vnc-viewer-chriscontrol/">there!</a> It's included on a rescue CD <a href="http://www.fullandfree.info/software/i-have-the-password-utility-cd/">here</a> been blogged about <a href="http://anigan.wordpress.com/2009/03/31/chris-control/">here</a> and <a href="http://www.solo-technology.com/blog/2008/07/18/belt-and-suspenders-with-chriscontrol/">here</a> i</span><span style="font-family:Arial;"><span class="blsp-spelling-error" id="SPELLING_ERROR_26">t's</span> even made it onto <span class="blsp-spelling-error" id="SPELLING_ERROR_27">digg</span> with it's own posting <a href="http://digg.com/security/ChrisControl_RDP_VNC_Remote_Control_Tool_with_remote_VNC_installation">here</a> ... It's used all over the world, for example <a href="http://wiki.houseofsysadmins.com/spip.php?article33">here in Spain</a>, I've had countless emails from various users all over the world. It's been </span><span style="font-family:Arial;">offered as a solution to a problem on <a href="http://www.experts-exchange.com/Networking/Misc/Q_21984657.html">experts-exchange</a> (search for reply by <span class="blsp-spelling-error" id="SPELLING_ERROR_28">JoeZ</span>430)...</span></p><p><span style="font-family:Arial;">OK I think we get the picture.</span></p><br /><span style="font-family:Arial;">With this popularity and the release of Vista, (yea now you start to get a feel for how long ago I wrote it) the <span class="blsp-spelling-corrected" id="SPELLING_ERROR_29">imminent</span> release of Windows 7 (<span class="blsp-spelling-error" id="SPELLING_ERROR_30">ChrisControl</span> checks the O/S it's running on so it knows what switches to send <span class="blsp-spelling-error" id="SPELLING_ERROR_31">RDP</span> client <span class="blsp-spelling-error" id="SPELLING_ERROR_32">mstsc</span>.<span class="blsp-spelling-error" id="SPELLING_ERROR_33">exe</span>) and many newer versions of <span class="blsp-spelling-error" id="SPELLING_ERROR_34">UltraVNC</span> now <span class="blsp-spelling-corrected" id="SPELLING_ERROR_35">available</span>, I really ought to spend some time updating and releasing a new version.</span></p><p><span style="font-family:Arial;color:#3366ff;"><strong>So, <span class="blsp-spelling-error" id="SPELLING_ERROR_36">ChrisControl</span> is not dead... yet... It's just been resting. New versions coming soon</strong></span></p><p><span style="font-family:Arial;">- Chris</span></p><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/chriscontrol-is-not-dead-its-just/">ChrisControl is not dead, it's just been resting</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on July 05, 2009.</p>
https://polarclouds.co.uk/absl2009-07-02T21:15:00+01:002009-07-02T21:15:00+01:00Chris Hallhttps://polarclouds.co.uk
<a href="http://1.bp.blogspot.com/_2xKZgKYJlJs/Sk0ZqoPDzqI/AAAAAAAAACg/GsHFIErtstA/s1600-h/1stBeavers.PNG"><img id="BLOGGER_PHOTO_ID_5353963752159170210" style="DISPLAY: block; MARGIN: 0px auto 10px; WIDTH: 314px; CURSOR: hand; HEIGHT: 119px; TEXT-ALIGN: center" alt="" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/Sk0ZqoPDzqI/AAAAAAAAACg/GsHFIErtstA/s320/1stBeavers.PNG" border="0" /></a><br /><p align="left"><a href="http://www.ashforddistrictscouts.org.uk/site/images/2/2b/1stparkfarm.gif"></a></p><div><span style="font-family:arial;"></span></div><div><span style="font-family:arial;">Well that's it then. I'm a fully paid up leader now. Time to start behaving I suppose!!</span></div><br /><br /><div><span style="font-family:Arial;">Thank-yous should go to all that helped me get here, especially:</span></div><br /><ul><br /><li><span style="font-family:Arial;">Andrea - for suggesting it an knowing me better than myself sometimes</span></li><br /><li><span style="font-family:Arial;">Anita, Judy and Ann - for having me</span></li><br /><li><span style="font-family:Arial;">All those in the Ashford district for welcoming me in</span></li></ul><br /><p><span style="font-family:Arial;">The only slight problem is that I'm already older than the <a href="http://news.bbc.co.uk/1/hi/uk/8054699.stm">Chief Scout</a>... Ho Hum</span></p><p><span style="font-family:Arial;">- Chris</span><br /></p><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/absl/">ABSL!</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on July 02, 2009.</p>
https://polarclouds.co.uk/bye-bye-max-mosley2009-06-24T22:16:00+01:002009-06-24T22:16:00+01:00Chris Hallhttps://polarclouds.co.uk
<span style="font-family:arial;">Shame. No more <span class="blsp-spelling-corrected" id="SPELLING_ERROR_0">Christmas</span> cards...</span><br /><br /><br /><p><a href="http://www.sniffpetrol.com/wp-content/uploads/xmas08_fia.jpg"><img style="DISPLAY: block; MARGIN: 0px auto 10px; WIDTH: 300px; CURSOR: hand; HEIGHT: 300px; TEXT-ALIGN: center" alt="" src="http://www.sniffpetrol.com/wp-content/uploads/xmas08_fia.jpg" border="0" /></a><br /><span style="font-family:arial;">From the very funny Sniff Petrol of <span class="blsp-spelling-corrected" id="SPELLING_ERROR_1">course</span> - <a href="http://www.sniffpetrol.com/">http://www.sniffpetrol.com/</a> - <em>Having a tantrum about rule changes, every month.</em></span><br /><span style="font-family:Arial;"></span><br /><span style="font-family:Arial;">Next issue out last Friday... Late again.</span></p><p><span style="font-family:Arial;">- Chris</span><br /><br /><span style="font-family:Arial;"></span></p><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/bye-bye-max-mosley/">Bye Bye Max Mosley</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on June 24, 2009.</p>
https://polarclouds.co.uk/digihome-dtr160-pvr-personal-video2009-06-01T20:43:00+01:002009-06-01T20:43:00+01:00Chris Hallhttps://polarclouds.co.uk
<div style="text-align: center;"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/SiQz1Lz6baI/AAAAAAAAACA/AKsbQLtdHOA/s1600-h/DVR160.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 130px;" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/SiQz1Lz6baI/AAAAAAAAACA/AKsbQLtdHOA/s320/DVR160.png" alt="" id="BLOGGER_PHOTO_ID_5342452046764862882" border="0" /></a><span style="font-size:78%;">The Digihome DTR160 - Just like mine!</span><br /></div><span style="font-family:arial;"><br />The Digihome DTR160 PVR (Personal Video Recorder) - Based on the Vestel T825. Great unit, shame about some of the stupidities in its firmware (sometimes called software). Our PVR is located in the bedroom (Mrs H did say she needed more entertainment in the bedroom!!!). Consequently, the subtitles are used more than normal due to one or the other of us being asleep (lol see previous comment re bedroom entertainment).<br /><br /><span style="font-weight: bold;">Gripes<br /></span>Say you are watching TV with the subtitles on. You press the up or down buttons to see what else is on on other channels. You finish looking and (perhaps unsurprisingly) there is nothing else on. You leave the remote buttons alone expecting the now and next Electronic Program Guide (EPG) bar to disappear… it doesn’t… ever.<br /><br />So you press the “Back” key to get rid of the bar, the following message is shown every time:<br /><br />"Interactive services are not available while subtitles are on. Would you like to turn subtitles off now? YES / NO”<br /><br />I'm not entering interactive services, I'm only closing the now / next EPG display bar!!! grrrr<br /><br />Also the EPG suffers from random slowdowns, lockups etc.<br /><br /><span style="font-weight: bold;">What to do?</span><br />According to <a href="http://www.futaura.co.uk/vestel.html">http://www.futaura.co.uk/vestel.html</a><br /><br />“Vestel T825 based PVRs first surfaced in December 2007 in limited quantities under the guise of the Wharfedale DTR160 HDMI and DTR250 HDMI units from Argos. The T825 offers Freeview Playback Group 2 compliant software, and hardware is an evolution of the T816 hardware bringing new configuration options such as HDMI, CI slot, low power and USB. In late January 2008, non-HDMI T825 units were made available, with the T816 model being phased out.<br /><br />Currently known variations include (alphabetical order): Alba ALDTR160 (Argos) • Digihome DTR80 and DTR160 (Argos) <span style="font-weight: bold;">[WA-HEY!!]</span> • Hitachi HDR082, HDR162, HDR163 & HDR253 (Argos) • Logik LPVR168 (Currys/Dixons) • ONN DTR80 and DTR160 (Asda) • Sharp TU-R162H & TU-R252H • Wharfedale DTR160 HDMI and DTR250 HDMI (Argos) • Wharfedale LP160DTRHDMI and LP250DTRHDMI (Argos)”<br /><br /><span style="font-weight: bold;">Firmware versions available: </span><br />Version - Build date<br />1.7 - 2007-??-??<br />2.7 - 2007-11-13<br />4.8 - 2008-01-29<br />4.9 - 2008-??-??<br />7.2 - 2008-03-20<br />10.2 - 2008-06-11<br />11.2 - 2008-07-30<br />11.3 - 2008-07-28<br />(yes that's right v11.3 is dated BEFORE v11.2!)<br /><br />My unit is running v2.7 firmware. Could one of these later firmware versions fix these problems?<br /><br /><span style="font-weight: bold;">Download</span><br />As I purchased my unit from Argos, there wasn’t going to be any support there. Also, there is nothing of much value on Vestel’s website.<br /><br />So, after much googling, visiting various forums etc, I managed to find a site were the webmaster had been in contact with Vestel and managed to get them to send him some updated “factory fresh” firmware. The website is <a href="http://newtownsaints.co.uk/freestuff">http://newtownsaints.co.uk/freestuff</a><br /><br />As can be seen from his site, he has managed to get his hands on v10.2 and v4.9. He has also managed to get a backup copy of v2.7 should you ever want to go back.<br /><br /><span style="font-weight: bold;">The Flash Process</span><br />Requirements<br /></span><ul><li><span style="font-family:arial;">Copies of the firmware from site above </span></li><li><span style="font-family:arial;">A 9-pin male to female 'straight through' RS232 Cable:</span></li></ul><div style="text-align: center;"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_2xKZgKYJlJs/SiQ8Abx0qNI/AAAAAAAAACQ/F7xrjg8vIPk/s1600-h/DB9-Straightthru.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 70px;" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/SiQ8Abx0qNI/AAAAAAAAACQ/F7xrjg8vIPk/s320/DB9-Straightthru.png" alt="" id="BLOGGER_PHOTO_ID_5342461036122646738" border="0" /></a><span style="font-size:78%;">RS232 9 pin 'Straight through'</span><br /></div><ul><li><span style="font-family:arial;">PC / Laptop with a COM port </span><span style="font-family:arial;">(not all laptops have COM ports these days!)</span></li><li><span style="font-family:arial;">Ms Hyper Terminal program</span></li></ul><span style="font-family:arial;">My Laptop with a built-in COM port is currently running Windows 7. Unfortunately there is no Hyper Terminal in Windows 7 (that I could find anyway) so the work around is to find a windows XP CD and expand HYPERTRM.DL_ and HYPERTRM.EX_ files into a folder on the Windows 7 machine.<br /><br />The flash process is as follows:<br />1. Connect the serial communication cable between the RS232 port of the receiver and the serial communication port (COM1 or COM2 or COM3 or COM4 etc.,) of the laptop.<br />2. Run Hyper Terminal program<br />3. Choose File--> New connection<br />4. Give a name and choose an icon for the connection. (You do not need to make a new connection every time. You can use this name for the future connections.)<br />5. Choose communication port in the new coming window (COM1 or COM2) whichever you have used in Step 1.<br />6. Port settings should be as follows:<br /></span><ul><li><span style="font-family:arial;">Bits per second : 115200</span></li><li><span style="font-family:arial;">Data Bits : 8</span></li><li><span style="font-family:arial;">Parity : None</span></li><li><span style="font-family:arial;">Stop bits : 1</span></li><li><span style="font-family:arial;">Flow control : None</span></li></ul><span style="font-family:arial;">7. Now Hyper Terminal connection is established. From “Transfer” menu, choose “Send File”.<br />8. Enter file name to be sent (the file you choose should have *.bin as extension).<br />9. Choose Xmodem1K as protocol type.<br />10. Press Send button. To activate the Software Upgrade function of the receiver, power off and then on the receiver.<br />11. You will see the progress on the PC screen.<br />12. Wait for the transfer to be completed.<br />13. You should see something like this in the hyper-terminal box : “WAIT…OK… cabot bootloader version: aurora-3-1-freeback-br-2007-11-12-22-06-09 C$BB0”<br /><br /></span><div style="text-align: center;"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/SiQ1E_coJsI/AAAAAAAAACI/EFG-owfpKus/s1600-h/Firmware.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 214px;" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/SiQ1E_coJsI/AAAAAAAAACI/EFG-owfpKus/s320/Firmware.png" alt="" id="BLOGGER_PHOTO_ID_5342453417835505346" border="0" /></a><span style="font-size:78%;">Flash all done</span><br /></div><span style="font-family:arial;"><br />14. Wait until the led on the front panel turns green<br />15. Power off and then on, then receiver will automatically start to operate on the new software.<br /><br /></span><span style="font-family:arial;"><span style="font-weight: bold;">Mixed Results</span><br />Now, one of the things I do like about the Digihome EPG is that once the now and next bar is enabled you can press the “ < “ key to get programme info about the current program or the “ > “ button to get info about the next programme. Neat – not even Sky EPG (which I generally regard to be one of the better EPG’s I've used) does this.<br /><br />However this feature is broken, or at least it doesn’t work in either firmware versions 4.9 or 10.2… oh no!!<br /><br />v4.9 enables low power mode, where the unit will pretty much switch everything off, including the clock display on the front to save power. This feature is carried through to v10.2.<br />Excellent I thought. However (there's that H word again...) this is all well and good, but it appears to turn the remote control infrared receiver off too!!<br />The only way to power on the receiver is push and hold the power button on the front. Not much good when you are tucked up in bed on a cold evening…<br /><br />Also, when coming out of low power standby, the unit takes up to 2 minutes to “wake up”. Again, not very good for those that are impatient like me!<br /><br />OK you could choose not to use low power standby thus avoiding that problem.<br /><br />The final nail in both v4.9 and v10.2 respective coffins are that the annoying "Interactive services are not available while subtitles are on. Would you like to turn subtitles off now? YES / NO” problem is not fixed – in either version!!!<br /><br />Couple that with the lack of now & next programme info (it’s amazing how often you use a function when you don’t have it) means that unfortunately at this point I gave up and reverted back to v2.7.<br /><br />Ho hum. It was worth a try. Sometimes newer isn’t always better...<br /><br />- Chris<br /><br /></span><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/digihome-dtr160-pvr-personal-video/">Freeview Firmware Upgrade</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on June 01, 2009.</p>
https://polarclouds.co.uk/cheapest-way-to-faster-broadband2009-05-21T22:48:00+01:002009-05-21T22:48:00+01:00Chris Hallhttps://polarclouds.co.uk
<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/ShXMTLzxzzI/AAAAAAAAAAU/gU0PirQObxY/s1600-h/speeds.png"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 305px; height: 320px;" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/ShXMTLzxzzI/AAAAAAAAAAU/gU0PirQObxY/s320/speeds.png" alt="" id="BLOGGER_PHOTO_ID_5338397563277135666" border="0" /></a><span style="font-family:arial;">The broadband speed test figures on the left speak for themselves.<br /><br /><br />Around double the download speed all for less than £20. </span><br /><br /><br /><span style="font-family:arial;">How is this done?<br /></span><span style="font-family:arial;"><br /><br /><span style="font-weight: bold;">Back Story</span><br />For several years now I have resigned myself to only ever being abl</span><span style="font-family:arial;">e to get a 1Mb broadband connection at home. "No biggie" I thought, "I guess that's it". But something didn't sit right, especially when you consider that:<br /><br />1. I Iive on a fairly modern housing estate and as such BT have run fibre from my local telephone exchange (some 2 to 3 miles away) up to the box in my street, leaving the last 500ish yards run in copper.<br />[I know this to be true as this reason was given to me by BT in the early days of broadband to be the <span style="font-weight: bold;">exact reason</span> as to why I couldn't get broadband! See <a href="http://news.zdnet.co.uk/communications/0,1000000085,2133329,00.htm">here</a> for the whole sorry story]<br /></span><br /><span style="font-family:arial;">2. The "big push" as announced recently by the UK government to get everyone onto at least 2Mb broadband.<br /><br />3. The Virgin TV <a href="http://www.guardian.co.uk/media/video/2009/jan/02/virginmedia-internet">advert</a> - fibre optic saves the day!<br /><br />So why can I only get a 1Mb broadband connection, I'm on fibre!!! (grrr) What can I do to improve the situation?<br /><br />I've tried:<br /></span><ul><li><span style="font-family:arial;">Plugging the router into the master socket</span></li><li><span style="font-family:arial;">Removing the bell wire (details <a href="http://www.thinkbroadband.com/faq/sections/radsl.html#235">h</a></span><span style="font-family:arial;"><a href="http://www.thinkbroadband.com/faq/sections/radsl.html#235">ere</a>)</span></li><li><span style="font-family:arial;">Monitoring my signal to noise ratio whilst turning all electromagnetic noise generating devices off (lol isn't that what the individual RCB's in your consumer unit are for? turn everything else in the house off apart from the ring main your router is plugged into?!?)</span></li><li><span style="font-family:arial;">DGTeam firmware (more on this later)</span></li><li><span style="font-family:arial;">Plus a whole host of ADSL micro filter tweaks etc etc etc</span></li></ul><span style="font-family:arial;">Next step was to look closer at my ro</span><span style="font-family:arial;">uter and see what could be done there.<br /><br /><span style="font-weight: bold;">Old Router<br /></span>As you'll probably guess, I'm a Netgear fan. My old router was a Netgear DG834G version 1:<br /></span><div style="text-align: center;"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_2xKZgKYJlJs/ShXXFTL-UOI/AAAAAAAAAAc/cxUIbrmjoDU/s1600-h/dg834g.gif"><img style="cursor: pointer; width: 260px; height: 150px;" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/ShXXFTL-UOI/AAAAAAAAAAc/cxUIbrmjoDU/s320/dg834g.gif" alt="" id="BLOGGER_PHOTO_ID_5338409419367403746" border="0" /></a><br /><span style="font-size:78%;">DG834G - Great Router<br /></span></div><span style="font-family:arial;"><br />Pros:<br /></span><ul><li><span style="font-family:arial;"> Stable</span></li><li><span style="font-family:arial;"> Simple to administer</span></li><li><span style="font-family:arial;">It's never let me down</span></li></ul><span style="font-family:arial;">Cons:<br /></span><ul><li><span style="font-family:arial;">Doesn't do WPA2 wireless encryption</span></li><li><span style="font-family:arial;"> The DG834G v1 is based on the Texas Instruments AR7 chipset, which no stranger to controversy with Zen raising <a href="http://www.theregister.co.uk/2007/10/22/zen_ar7_infineon_bt_fault/">concerns</a> over it's stability.</span></li><li><span style="font-family:arial;"> I purchased this sometime around September / October 2003, what advances in broadband router technology (if any) am I missing out on?</span></li></ul><span style="font-family:arial;"><span style="font-weight: bold;">Firmware</span><br />Netgear firmware is open source, and I had heard that using custom firmware additional router adjustments - "tweaks" - were available. Could one of these tweaks help me?<br /><br />Step in <a href="http://dgteam.ilbello.com/">DGTeam</a> firmware.<br />As can be seen from the DGTeam firmware change log, they have managed to just make one or two (hundred) changes to the standard Netgear firmware making it far superior to the standard firmware.<br /><br />One of the tweaks </span><span style="font-family:arial;">included in the DGTeam firmware </span><span style="font-family:arial;">that interested me was the signal to noise (SNR) percentage adjustment. Put simply, SNR compares the level of a desired signal (in my case the ADSL signal) to the level of background noise on the telephone line.<br /><br />My line is set to provide a 15dB signal to noise ratio. Therefore, when handshaking with the exchange, my router will always synchronise at a speed that will ensure that there is a 15dB SNR. It will do this at the expense of connection speed...!<br /><br />With the </span><span style="font-family:arial;">signal to noise percentage adjustment, </span><span style="font-family:arial;"> I could tweak this 15dB down to, say, 10dB (or lower!) which in turn would allow my router to synchronise my broadband connetion at a faster rate...!<br /><br />PROBLEM - the SNR percentage adjustment is not available on the AR7 chipset DGTeam firmware... doh!<br /></span><span style="font-family:arial;"><span style="font-weight: bold;"><br />So what to do?<br /></span>It was clear that I was potentially in the market for a new router.<br />Budget? Hmm nothing that would break the bank...<br />Make? Netgear<br />Model? Hmm...<br /><br /><span style="font-weight: bold;">Step in Tim and take a bow!</span><br />I can't write this post without mentioning him. Tim had already done the leg work on this and was (as usual) light years ahead. As usual, Tim had put 2 and 2 together and correctly arrived at 4 whilst the rest of us were still counting 1... 2... 3...<br /><br />Tim had realised that:<br /></span><ol><li><span style="font-family:arial;">Lots of ex-BSkyB Broadband customers were selling their old Sky branded Netgear routers on ebay.</span></li><li><span style="font-family:arial;">White (not the black or grey) ex-BSkyB routers were BSkyB branded DG834G<span style="font-weight: bold;">T</span>s. A Broadcom BCM6348 chipset based router.<br /></span></li><li><span style="font-family:arial;">The </span><span style="font-family:arial;">BSkyB branded DG834GTs ran Sky specific firmware, but this could be removed using standard Netgear supplied software<br /></span></li></ol><span style="font-family:arial;">Further digging on my side revealed all but the very very latest Netgear models also contain the </span><span style="font-family:arial;">same BCM6348 chipset, thus proving that there is life left in the </span><span style="font-family:arial;">BCM6348 chipset yet</span>.<br /><span style="font-family:arial;"><br /></span><span style="font-family:arial;"><span style="font-weight: bold;">So, New Router time!</span></span><br /><span style="font-family:arial;">I managed to pick one of these ex-BSkyB babies up for a princely sum of £16 including delivery!!!<br /><br /></span><div style="text-align: center;"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/ShXspdD4yMI/AAAAAAAAAAk/lvkcc6RqLVE/s1600-h/0fd3_1.JPG"><img style="cursor: pointer; width: 240px; height: 320px;" src="http://1.bp.blogspot.com/_2xKZgKYJlJs/ShXspdD4yMI/AAAAAAAAAAk/lvkcc6RqLVE/s320/0fd3_1.JPG" alt="" id="BLOGGER_PHOTO_ID_5338433130237315266" border="0" /></a><span style="font-size:78%;"> </span><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_2xKZgKYJlJs/ShaH4UihN8I/AAAAAAAAABE/R5dZ9hs-xKY/s1600-h/DSC00189.JPG"><img style="cursor: pointer; width: 320px; height: 240px;" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/ShaH4UihN8I/AAAAAAAAABE/R5dZ9hs-xKY/s320/DSC00189.JPG" alt="" id="BLOGGER_PHOTO_ID_5338603809950218178" border="0" /></a><br /><span style="font-size:78%;">Dg834GT - £16 including delivery!</span><br /></div><span style="font-family:arial;"><br /></span><span style="font-family:arial;"><span style="font-weight: bold;">The Plan</span><br /></span><ol><li><span style="font-family:arial;">Purchase an ex-BSkyB DG834GT from <a href="http://www.ebay.co.uk/">ebay</a> cheap (as above)<br /></span></li><li><span style="font-family:arial;">Unlock it using the method described on <a href="http://www.kitz.co.uk/routers/skyDG834GT_flash.htm">Kitz's site</a></span></li><li><span style="font-family:arial;">Flash on the latest </span><span style="font-family:arial;"><a href="http://dgteam.ilbello.com/">DGTeam</a></span><span style="font-family:arial;"> firmware</span></li><li><span style="font-family:arial;">Tweak SNR and see how fast we can go!</span></li></ol><span style="font-family:arial;"><span style="font-weight: bold;">The SNR Tweak<br /><br /></span></span><div style="text-align: center;"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_2xKZgKYJlJs/ShXuitegTFI/AAAAAAAAAAs/TJV6lq4r9VY/s1600-h/advanced.png"><img style="cursor: pointer; width: 320px; height: 199px;" src="http://2.bp.blogspot.com/_2xKZgKYJlJs/ShXuitegTFI/AAAAAAAAAAs/TJV6lq4r9VY/s320/advanced.png" alt="" id="BLOGGER_PHOTO_ID_5338435213408095314" border="0" /></a><br /><span style="font-size:78%;">SNR Percentage Tweaking... 1% you say?</span><br /></div><span style="font-family:arial;"><br />I've played with this a fair bit and just kept on dropping the percentage until my router could no longer connect. The problem (or not) was, it still connected at 1% SNR!!! What's more it's rock solid stable. I guess that fibre connection between the exchange and the box in my street may just be paying dividends after all!!!<br /><br /><span style="font-weight: bold;">The Results<br /></span>My BRAs download profile (see <a href="http://www.thinkbroadband.com/faq/sections/radsl.html#225">here</a> for explanation of BRAs profiles) has gone from 1.75Mb to 2.5Mb </span><span style="font-family:arial;">speed.<br /><br />My new router is still rock solid with zero drops and reconnects, statistics as follows:<br /><br /></span><div style="text-align: center;"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_2xKZgKYJlJs/ShXxiZjuJ9I/AAAAAAAAAA0/K4ICIwlMN8s/s1600-h/stats.png"><img style="cursor: pointer; width: 320px; height: 215px;" src="http://3.bp.blogspot.com/_2xKZgKYJlJs/ShXxiZjuJ9I/AAAAAAAAAA0/K4ICIwlMN8s/s320/stats.png" alt="" id="BLOGGER_PHOTO_ID_5338438506596149202" border="0" /></a><br /><span style="font-size:78%;">Wa-Hey!!!</span><br /><br /></div><span style="font-family:arial;"><span style="font-weight: bold;">Conclusion</span><br />I've moved up to a more modern router with a more stable chipset, </span><span style="font-family:arial;">got my WPA2 wireless encryption and almost doubled my download speeds to-boot!</span><br /><br /><span style="font-family:arial;">I'm not guaranteeing this will work for everyone, your mileage may vary, but at around £20 for the hardware, some firmware and a bit of "tweak" time, what's stopping you?<br /><br />- Chris<br /><br />Follow up to this post <a href="http://chall32.blogspot.com/2009/07/3mb-barrier-smashed.html">here</a> and <a href="http://chall32.blogspot.com/2010/01/cheapest-way-to-faster-broadband-part-2.html">part 2 here</a><br /></span><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/cheapest-way-to-faster-broadband/">Cheapest way to faster broadband?!?</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on May 21, 2009.</p>
https://polarclouds.co.uk/vm-tools-upgrade-error-17222009-05-20T18:48:00+01:002009-05-20T18:48:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_2xKZgKYJlJs/TE9NRY_R1vI/AAAAAAAAAnI/fMoz-v6scOw/s1600/vmtools1722.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/TE9NRY_R1vI/AAAAAAAAAnI/fMoz-v6scOw/s320/vmtools1722.jpg" /></a></div><span style="font-family: arial;">Here's the fix:</span><br /><br /><span style="font-family: arial;">1. Create a directory (c:\vmtools)</span><br /><span style="font-family: arial;">2. Mount the VMware Tools CD</span><br /><span style="font-family: arial;">3. Copy VMware Tools.msi to the directory you created</span><br /><span style="font-family: arial;">4. Copied the VCBRequested.dll and VCBSnapshotProvider.dll from vmware tools cd\program files\VMware\VMware Tools\Drivers\vss\Win2003 to the directory your created</span><br /><span style="font-family: arial;">5. Cancel the VMware tools installation that has started itself</span><br /><span style="font-family: arial;">6. Using 7Zip (http://www.7zip.org/) I extracted the VMware Tools.msi file (rightclick on the MSI, Open Context Menu for 7-Zip, selected Extract to VMware Tools</span><br /><span style="font-family: arial;">7. Now within the c:\vmtools directory you will have VMware Tools Folder</span><br /><span style="font-family: arial;">8. Within the VMware Tools Folder there will be a file Binary.ComReg.exe, take a copy of this a place it somewhere within the %path% - say c:\windows\ and rename it ComReg.exe</span><br /><span style="font-family: arial;">9. Now create the following path c:\program files\VMware\VMware Tools\Drivers\vss</span><br /><span style="font-family: arial;">10. Copy both the VCBRequested.dll and VCBSnapshotProvider.dll from the folder you created in step one to the path you created at step 8</span><br /><span style="font-family: arial;">11. now run the following command - comreg.exe -register "c:\Program Files\VMware\VMware Tools\Drivers\vss\VCBSnapshotProvider.dll" "VMware Snapshot Provider" "vmvss" "VMware Snapshot Provider"</span><br /><span style="font-family: arial;">12. Finally, run the Vmware Tools install process, and this time it should work</span><br /><br /><span style="font-family: arial;">From </span><a href="http://communities.vmware.com/thread/167005?start=15&tstart=0" style="font-family: arial;">http://communities.vmware.com/thread/167005?start=15&tstart=0</a><br /><br /><span style="font-family: arial;">- Chris</span><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/vm-tools-upgrade-error-1722/">VM Tools Upgrade - Error 1722</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on May 20, 2009.</p>
https://polarclouds.co.uk/windows-7-dual-vpn2009-05-19T22:01:00+01:002009-05-19T22:01:00+01:00Chris Hallhttps://polarclouds.co.uk
<div class="separator" style="clear: both; text-align: center;"><a alt="VPN. Pic: el finco" href="http://www.flickr.com/photos/el_finco/3335071948/" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" title="VPN. Pic: el finco"><img border="0" height="132" src="http://4.bp.blogspot.com/_2xKZgKYJlJs/S_LdXq-VqRI/AAAAAAAAAjw/UyiyqeK84YQ/s200/3335071948_17e19e53e7.jpg" width="200" /></a></div><span style="font-family: arial;">Often it's said that you cannot install and run 2 VPN clients on a Windows platform.<br /><br />Well, whatever...<br /><br />Those, like I, that know different and have legitimate use for "double hopping" VPN connections, will be glad to know that after extensive testing, I have found 2 popular VPN clients both of which run fine under Windows 7 Release Candidate (build 7100). What's more is that they both work together to give you that "double hop" experience!<br /><br />Of course, these VPN clients don't have to be installed together - they run just fine individually. So if you are after a Windows 7 VPN client, here you go!<br /><br />The VPN client details and download locations are below.<br /><br /></span><span id="phMain" style="font-family: arial; font-weight: bold;">Nortel Networks Contivity VPN Client (version 6.07) for Windows Vista</span><span id="phMain" style="font-family: arial;"> - </span><strike><span style="font-family: arial; font-size: 100%;"><a href="http://support.galileo.com/SGC/GSC/Software+Library.htm" target="_blank">http://support.galileo.com/SGC/GSC/Software+Library.htm</a></span></strike><br /><strike><span style="font-family: arial;">Search for "</span><span style="font-family: arial;">version 6.07"</span> <span style="font-family: arial;">on the page</span>.</strike><br /><strike><span style="font-family: arial;"><br />Although it's listed as a Vista VPN client, this one works fine with Windows 7.</span></strike><br /><br /><b><i>[UPDATE 18/05/10 - New Nortel download links:</i></b><span style="font-family: arial;"> <a href="http://download.fiko.no/Programmer/vpn-klient/vista/">here</a> or <a href="https://sites.google.com/site/chall32/blog/vpn/eac607d.zip" target="_blank">here</a> <i><b>]</b></i></span><br /><br /><span style="font-family: arial;">Connection profiles are held in "baynet.tbk" file, so copy this file from an existing Nortel Contivity install. Group ID & Group password (under Options > Authentication Options) will have to be filled out manually on the new install - unless anyone knows how to also copy these from one machine to another... answers on a postcard please!!<br /><br /><strike><span style="font-weight: bold;">Cisco VPN Client 5.0.05.290 - </span><span style="font-size: 100%;"><a href="http://neotericnotion.com/files/Cisco/VPN%20Client/">http://neotericnotion.com/files/Cisco/VPN%20Client/</a></span><br /></strike></span><strike></strike><br /><b><i>[UPDATE 20/10/09 - New Cisco download link: <a href="http://rapidshare.com/files/267039711/vpnclient-win-msi-5.0.05.0290-k9.exe">http://rapidshare.com/files/267039711/vpnclient-win-msi-5.0.05.0290-k9.exe</a>]</i></b><br /><br /><b><i>[UPDATE 22/01/10 - <a href="http://www.google.com/search?hl=en&q=intitle%3A%22index+of%22+vpnclient-win-msi-5.0.05.0290-k9.exe&btnG=Search&aq=f&aql=&aqi=&oq=" target="_blank">Google file search</a> for "vpnclient-win-msi-5.0.05.0290-k9.exe"]</i></b> <br /><br /><span style="font-family: arial;">Download & install.<br /><br />Connection profiles are held in <cisco>[cisco vpn client install location]\Profiles folder. One file per connection, usually with file extension .pcf. Just copy these between machines and off you go.<br /><span style="font-size: 130%;"> <br /></span><span style="font-weight: bold;"><span style="font-size: 130%;">Installation on Windows 7</span><span style="font-weight: bold;"><span style="font-size: 100%;"><span style="font-weight: bold;"><br /><br /></span></span></span></span>As the Nortel client is usually the client that gives the most grief, I install this one first.<br />Reboot and install Cisco client.<br />Reboot once again, and your good to go.<br /><br />If you are going to "double hop", then remember to untick the Nortel Eacfilt Driver from the Cisco Vpn network adaptor:<br /></cisco></span><br /><div style="text-align: center;"><a alt="Un-tick Eacfilt Driver" href="http://1.bp.blogspot.com/_2xKZgKYJlJs/ShX1jb3kNKI/AAAAAAAAAA8/y8fOX5j9whc/s1600-h/eacfilt.png" title="Un-tick Eacfilt Driver"><img src="http://1.bp.blogspot.com/_2xKZgKYJlJs/ShX1jb3kNKI/AAAAAAAAAA8/y8fOX5j9whc/s320/eacfilt.png" style="cursor: pointer; height: 320px; width: 254px;" /></a><br /><span style="font-size: 78%;">Un-tick Eacfilt Driver</span></div><span style="font-family: arial;"><cisco>- Chris<br /></cisco></span><div class="blogger-post-footer"><p>
<p><a href="https://polarclouds.co.uk/windows-7-dual-vpn/">Windows 7 - Dual VPN</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on May 19, 2009.</p>
https://polarclouds.co.uk/hello/hello2008-04-05T08:35:00+01:002008-04-05T08:35:00+01:00Chris Hallhttps://polarclouds.co.uk
<p>Hello world</p>
<p><a href="https://polarclouds.co.uk/hello/hello/">Hello</a> was originally published by Chris Hall at <a href="https://polarclouds.co.uk">Polar Clouds</a> on April 05, 2008.</p>