tag:blogger.com,1999:blog-17958871806585390892024-03-13T06:49:09.013-07:00Useful Documents for your virutal WorldUseful documents for your Virtual EnvironmentS-http://www.blogger.com/profile/02654291732561398833noreply@blogger.comBlogger30125tag:blogger.com,1999:blog-1795887180658539089.post-50794195584452880372021-03-01T06:50:00.016-08:002021-03-01T09:12:00.492-08:00Using Server hardware as Primary Workstation<p> Sometimes you plan for expansion, other times it is thrust upon you.</p><p>The other day my primary workstation just died. Here is what it was:</p><p></p><ul style="text-align: left;"><li>Intel Q6600</li><li>8GB RAM</li><li>Radeon RX 570</li><li>5 drives, total of ~8 TB of data</li></ul><p> Not knowing if the problem was the motherboard, processor, or power supply, decided to junk it, pull the drives and video card and go with a new machine.</p><p>Now I normally build my workstations, I enjoy it, but since I was caught with a loss of functionality, I wanted to get back up and running quickly I decided to repurpose one of my ESXi Servers, an IBM DX360 M4. Here is the info about it from <a href="https://lenovopress.com/tips0878-idataplex-dx360-m4" target="_blank">Lenovo</a>:<br /></p><p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://lenovopress.com/assets/images/tips0878/0.2226.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="228" data-original-width="600" height="153" src="https://lenovopress.com/assets/images/tips0878/0.2226.jpg" width="400" /></a></div><br /><br /><p></p><p>The machine is built with the following:</p><ul style="text-align: left;"><li>E5-2650 (2)</li><li>32GB of memory</li></ul><p>It is it a little overkill, probably, but it is what I have, and there are a couple of advantages:</p><ul style="text-align: left;"><li>When idle, only uses about 100W</li><li>When idle, the fan speed, and noise is relatively low.</li><li>It has 32 cores with Hyperthreading</li><li>It has 32GB, and there are 12 more RAM slots available</li><li>It can handle 250W video cards, so my RX570 will be child's play for it</li><li>With the GPU Tray, I get 2 x16 PCIe slots, for a total of 4 PCIe slots. Also I get the option of adding a 2nd HDD / SSD into the system. <br /></li></ul><p style="text-align: center;"> <a href="https://lenovopress.com/assets/images/tips0878/15.2B84.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="316" data-original-width="511" height="247" src="https://lenovopress.com/assets/images/tips0878/15.2B84.jpg" width="400" /></a></p><p></p><p>But it has a couple of disadvantages: </p><ul style="text-align: left;"><li>Only has two Drive bays.</li><li>Doesn't have USB3.0</li><li>No sound <br /></li><li>Very difficult to find a power cable for PCI-e video card!!</li></ul><p></p><p><br /></p><p>To get it running it needed a couple of things:</p><ul style="text-align: left;"><li>480GB SSD to boot</li><li>3TB drive which has my data from old computer</li><li>MSI R7 240, to get a simple video card that can do HDMI</li><li><a href="https://www.amazon.com/gp/product/B07HCX1NY9/ref=ppx_yo_dt_b_asin_title_o00_s01?ie=UTF8&psc=1" target="_blank">ASUS Xonar 5.1 Sound card</a></li><li><a href="https://www.amazon.com/gp/product/B00AJHD0YM/ref=ppx_yo_dt_b_asin_title_o00_s01?ie=UTF8&psc=1" target="_blank">Ethernet Cable</a> </li><li><a href="https://www.amazon.com/gp/product/B00IACID2C/ref=ppx_yo_dt_b_asin_title_o00_s01?ie=UTF8&psc=1" target="_blank">PS/2 to USB adapter for my keyboard</a></li><li><a href="https://www.ebay.com/itm/193117971043" target="_blank">PCI-e power cord</a> <br /></li></ul><p> </p><p>After about a week, I am pretty happy with this computer. Pretty quiet, great on productivity, and even without the RX570 installed, works OK with games.</p><p>Normally use <a href="https://twitter.com/intent/tweet?status=+https://shop.shadow.tech/usen/pre-order/invite/SHAMW5RA" target="_blank">Shadow.tech</a> for gaming, but once RX570 is up and running, might cancel this service.</p><h4 style="text-align: left;">Interesting things that I learned</h4><p style="text-align: left;">I use a VPN from time to time. Before when downloading, I wold get from 8.5 to 9.8 MB/s down. Now I get 10.00 down. That is because on my MOCA adapter, it has a 100mbit port and OpenVPN is not multi-threaded, so I am saturating the port, and almost a whole core to do VPN traffic. </p><p style="text-align: left;">There are USB 3.0 cards out there that don't need a SATA / MOLEX connector in order to work like this from <a href="https://www.amazon.com/dp/B08M5YHWFD/?coliid=I29RFMA3BARLRY&colid=PK5TS4XAOIQY&psc=1&ref_=lv_ov_lig_dp_it">Inateck</a> or <a href="https://www.amazon.com/dp/B08B5BNZQ6/?coliid=I3VQAB7USW2DXX&colid=PK5TS4XAOIQY&psc=1&ref_=lv_ov_lig_dp_it">LTERIVER</a>. This is important with a server that doesn't have additional power ports available inside of the device. I am considering an external JBOD chassis from <a href="https://www.amazon.com/dp/B076ZH262B/?coliid=I1OFDWQIQ88MW&colid=PK5TS4XAOIQY&psc=1&ref_=lv_ov_lig_dp_it" target="_blank">SYBA</a> for adding more drives to the system.<br /></p><div><p><br /></p></div>S-http://www.blogger.com/profile/02654291732561398833noreply@blogger.com0tag:blogger.com,1999:blog-1795887180658539089.post-496232433888158662019-09-18T08:32:00.006-07:002021-03-01T07:25:39.049-08:00Review of Crashplan 7 on WindowsUpdated: 2020.02.26 <br />
<br />
This is a living review of Crashplan for Small Business 7. Please refer back to it frequently because the plan is to continuously review it and update the community that either rely on or are considering CrashPlan after its directional change to only supply the Small Business and Enterprise versions<br />
<br />
On Feb 20, adding my notes and updates with the 7.7.0 Build 883 update, all differences will be noted with <b>(7.7.0-new)</b><br />
<h2>
Previous History:</h2>
<ul>
<li>Was very familiar with and used extensively the 4.x version for home for all my backups. It contained over 10 personal workstation and servers in my household running multiple versions of Windows and Linux</li>
<li>Infrastructure configuration contained 1 "server" that housed backups of all my other machines. CrashPlan Home had the very powerful ability where it could store backups in the Cloud, which were CrashPlan's servers, and also had the ability to send backups to another machine in your account. Essentially you could designate a device of your own choosing to collect all the backups of other devices. </li>
<li>Completely destroyed my 4.x infrastructure once it was announced that the Home product was being discontinued, and used other methods for backup; did not wait for the EOL date or conversion to CrashPlan Pro reduced rate.</li>
</ul>
<br />
I really liked CrashPlan Home Version. It was powerful. It had the ability to backup whatever I wanted to the cloud and also the ability to send backups to another device attached to your account. I had over 10 machines sending backups to 1 device, and that became my "server". Yes it was a peer to peer infrastructure, but it had a lot of advantages. It was fast, it encrypted all my data, and it was resilient, the software just worked and everything I need was backed up in one location. Restores were fast and it did save me from times when I needed to recover data.<br />
<br />
I have accepted that the new product that Code42 has given us is different. From my 60 days evaluating it I have noticed the following things:<br />
<ul>
<li>The client is less powerful than the previous Home version; all peer to peer functions have been stripped out.</li>
<li>The client is slower, both on communication to Code42's servers over the internet, to local drives, and remote drives within my own network. The program throughput is less than what my disk and network subsystems can provide, so I have to conclude either the code is throttled, or less efficient. </li>
<li>With the loss of the Peer-to-peer functionality, The client does not like working with network connectivity. </li>
<ul>
<li>Mapping network drives does not work</li>
<li>iSCSI does work, so a remote location to backup is possible, but still slow **This has been improved with optimizations, please continue to read**. </li>
</ul>
</ul>
I wanted to love the new CrashPlan for Business. After 20 days of usage, can only sort of like it. After 60 days of usage, it is not bad and I can learn to live with its directions<br />
<br />
<ul>
<li>(NEG) Despite the hard coded file exclusions, it backups up a lot of data. Personally I miss that I cannot backup virtual disk files like .vdi or .vmdk, but knowing that I can take alternative measures to back it up</li>
<li>(NEG-20 Days) The slowness is annoying especially when copying to a local location to the client, but once your dataset is built, keeping is up to date is a painless process</li>
<li>(NEG-60 Days) Local and remote backups are are capped at the ~7 Mbs bandwidth, not great, but I am OK with it as long as It keeps working at that rate. This means it will take a week to backup 1TB, but after the initial backup, keeping my date up to date will be simple </li>
</ul>
<ul>
<li>(POS)It defaults to backup continuously, so once your data is backed up, keeping it up to date is a automatic process</li>
<li>(POS) Really, really like using iSCSI as a local destination for my clients. Very versatile and resilient. If my iSCSI disk is offline, local backups are not available, once it becomes available, Crashplan starts right up and backs up, no reboot of client, no restart of service.</li>
<li>(POS) $10/month for unlimited backup of client to cloud is cheap and really easy to plan for. Don't have to worry about cost of upload / download transfer and storage costs </li>
<li>(POS) <b>(7.7.0-new)</b> I started up the Crashplan client after a 7 days and it did a deep pruning, and backed up 30GB to my online and onsite repository in under 7 hours, that feels like an improvement. Trying to look for evidence in logs </li>
</ul>
<h2>
The Great workaround</h2>
OK, so the new CrashPlan for small business is not perfect, but I have developed a workaround that will work and it pretty clean. I want a solution where my data is backed up in 2 locations; first in the cloud and second on-site that is not on the same machine where my data is. This is my workaround.<br />
<br />
<ol>
<li>Setup an iSCSI target to hold all of your local data. I can be Windows, Linux or BSD. I am using StarWind Software Virtual San because Windows because my primary OS that I am familiar with was only doing 2 nodes and it was proof of concept</li>
<li>Create a LUN for each machine you want to backup and set up for each client. My test Laptop has a 20 GB LUN, and my test desktop has a 1.05 GB LUN </li>
<li>Provide each client you wish to backup a new drive letter, in my case with Windows clients, it was the R: Drive</li>
<li>Configure Crashplan for one backup set to the cloud, and another backup set the R: drive for local backups.</li>
<li>Use script robocopy and copy over all the standard excluded files in CrashPlan files like *.vdi, *.vmdk. They wont be backed up into the cloud but at least you will have a second copy of them. </li>
<li>If you don't want to use CrashPlan for your local backup, robocopy everything over to the R: drive</li>
</ol>
Here is my robocopy script, I needed to add the attrib command because there is a bug where robocopy will sometimes hide the destination directory:<br />
<br />
robocopy g:\ R:\backup_robocopy_G *.vdi *.vfd *.vhd *.vmdk *.vmem *.vmsd *.vmx *.vmxf /S /PURGE /XD $RECYCLE.BIN OneDriveTemp Recoverybin /A-:SH<br />
attrib -s -h R:\backup_robocopy_G<br />
<br />
I think this is a decent workaround. I know if you don't decide to use CrashPlan for you local backups, then setting up an iSCSI target might be overkill, but if it is used for some, then the process is consistent and with iSCSI, you don't need to map network drives, it just attaches as long as the client and server are up.<br />
<br />
UPDATE: 2019.10.24 After doing tweaks and overcoming my stall, which I documented below, it has been smooth sailing.<br />
<br />
Feel free to comment here or on <a href="https://www.reddit.com/r/Crashplan/comments/d5zi7u/living_review_of_crashplan_7_on_windows/" target="_blank">reddit</a><br />
<br />
<h3>
Tweaks for Better Perfomance</h3>
I am researching what will improve performance to speed up backups, here is my attempts and how they behaved.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-C_1gLz7-j6U/XcNK0g448tI/AAAAAAAAGbI/8QFGNzXFXqMJL8zb7oSi9D178-HW9BRqACLcBGAsYHQ/s1600/notepad%252B%252B_m8dTjVltoK.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="305" data-original-width="402" height="242" src="https://1.bp.blogspot.com/-C_1gLz7-j6U/XcNK0g448tI/AAAAAAAAGbI/8QFGNzXFXqMJL8zb7oSi9D178-HW9BRqACLcBGAsYHQ/s320/notepad%252B%252B_m8dTjVltoK.png" width="320" /></a></div>
<ul>
<li>Increase CPU usage on Idle / Active from 80 / 20 to 100 / 100. After changing this setting I was seeing higher CPU usage but no where total CPU usage. I have suspected and a Crashplan technician confirmed that the engine is not multi threaded, so with a 2 core system, will max CPU Usage at 50%, 4 cores, 25%</li>
<li>Exclude the backup directory (R:\backup_Crashplan) and the Crashplan cache (C:\Programdata\crashplan\cache) from Microsoft Defender or any other virus scanners. There is no need to scan the CrashPlan files, let Microsoft Defender focus on the source files.</li>
<li> Exclude large files that are already highly compressed like .mkv, .pst, .rar, .ress (Data files from the game Tacoma), and .zip by modifying the file C:\ProgramData\CrashPlan\conf\my.service.xml. Here is my exemptions:</li>
<li><b>(7.7.0-new) </b>The file my.service.xml is now gone, and I cannot find any xml file that would offer any control. I do know that my exemptions are still in place because I can see evidence of it in the following files:</li>
<ul>
<li>C:\ProgramData\CrashPlan\log\service.log.0</li>
<li>C:\ProgramData\CrashPlan\log\app.log<br /></li>
</ul>
</ul>
For local backups from my client to a remote drive via iSCSI, I sometimes get 35 Mbps for highly compressible data, but for mostly compressed data I get 6 to 7 Mbps. Cloud backups I normally see from 5 to 7 Mbps. I see no improvement on backups to crashplan.com so something on their side or how the engine is programmed that is slowing things down.<br />
<br />
<h3>
Watching for Stalls and Rectify - 2019.10.23</h3>
In my instance, local backup were just stopped at 29% for days and would not go anywhere. I could see that the engine was running, but nothing was backing up and nothing was being written to the log file C:\ProgramData\CrashPlan\log\backup_files.log.0 that was useful<br />
<br />
Using Resource Monitor I could see it was spending a lot of time reading the file sharedassets3.assets.ress in a directory for the game Tacoma. It was a 2GB file and it never backed up, but it was always working with that file.<br />
<br />
I surmised that CrashPlan was trying to compress this file and was having difficulty. Once I exempted the extension of .ress, it was moved right into the destination without incident. <br />
<br />
<h3>
Turned a corner and not looking back - 2019.11.06</h3><p>
Since the 23rd, CrashPlan has been continuing to do a local backup and just before the start of the month it finished, I now have my 1TB of crucial data backed up on the CrashPlan servers, and on a local iSCSI disk. And I have to say it is pretty good. With average usage, I generate 7 to 15 GB of new data or overwrite of previous data, and the the system can handle it without breaking a sweat.<br />
<br />
I have done test restores from remote and local data, and the process has been clean, my data is backed up and able to be recovered if the need arrises. Granted I only backup 2 machines, and the second will be decommissioned soon because it was always a Proof of Concept, but while the behavior of Crashplan, is different, I consider this tool much more of an asset than a liability for me to use.</p><p></p><p></p><p></p><p></p><p></p><p></p><h3>Latest update - 2021.03.01 <br /></h3><p>
CrashPlan has done some updates, like moving to version 8.5.0, and now they are Code42, but it has still performed reliably for me. Earlier this year I needed to cutover to a new computer, and the migration was painless, and I am still protected. Yes it is limited to uploads of 700 KB/s but with only 1.6 TB of data, it works tirelessly to keep a copy of my data safe. For me the possibility change my cost for $10/month to $6/month is not worth the hassle at this time. <br />
<br />
</p><ul>
</ul>
<ul>
</ul>
<ul>
</ul>
S-http://www.blogger.com/profile/02654291732561398833noreply@blogger.com0tag:blogger.com,1999:blog-1795887180658539089.post-22125469728693514992018-01-24T18:26:00.004-08:002018-01-24T18:26:51.819-08:00pfSense router and EasyNews VPNWith the little help of the internet, a little trial and error, and previous knowledge, I was able to get pfSense setup to use the VPN service provided by EasyNews. This was done for the following reasons. <br />
<ul>
<li>Price is good for the VPN servers about $12 and it gets you access to NNTP servers</li>
<li>Logging in not kept and many VPN endpoints</li>
<li>Already have it and why not use what already paying for</li>
<li>No one has a tutorial on how to setup pfSense with EasyNews VPN, so good to be the first</li>
</ul>
Please note that these directions were originally built for pfSense
2.2.5-6, but then finished on pfSense 2.3.1. While the directions are
almost the same, did not see the need or had the time to redo the
pictures that were in the 2.2.x format.<br />
<br />
<br />
<ul>
</ul>
<h2>
Creating an Internal CA</h2>
<h2>
</h2>
<h2>
Creating a local certificate from the Internal CA</h2>
<br />
<h2>
Create the CA Certificate</h2>
<ol>
<li>Select menu item: <i>System->Cert Manager</i></li>
<li>Select<i> <i>CAs</i> </i>tab</li>
<li><i></i>Click <i>Plus</i> symbol to add CA Certificate</li>
<li>Configure as follows:</li>
<div class="separator" style="clear: both; text-align: center;">
</div>
<ol>
<li>Descriptive Name = <b>EasynewsVPN</b></li>
<li>Method = Import an existing Certificate Authority (Location of certificate is <a href="https://www.easynews.com/vpn/software/guideCRT.txt" target="_blank">here</a>)<br /><b>--BEGIN CERTIFICATE--<br /><br />--END CERTIFICATE--</b></li>
<li>Certificate Private Key = <b>Leave Blank</b></li>
<li>Serial for Next Certificate = Leave Blank</li>
<li>Click Save</li>
</ol>
</ol>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-y0l1VE7BmzA/VoGtHD9F3uI/AAAAAAAAAps/lkzU0tGfKcU/s1600/EasyNewsVPN_01.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://2.bp.blogspot.com/-y0l1VE7BmzA/VoGtHD9F3uI/AAAAAAAAAps/lkzU0tGfKcU/s1600/EasyNewsVPN_01.png" /></a></div>
[<a href="http://www.bodenzord.com/archives/324" target="_blank">ref1</a>],[<a href="https://www.easynews.com/vpn/software/guideCRT.txt" target="_blank">ref2</a>]<br />
<h2>
Create OpenVPN Client</h2>
<ol>
<li>Select menu: <i>VPN->OpenVPN</i></li>
<li>Select <i>Client</i> tab</li>
<li>Click <i>Plus</i> symbol to add client</li>
<li>Configure as Follows:<br /><ul>
<li><i>Disabled =</i> <b>unchecked</b></li>
<li><b></b><i>Server Mode =</i> <b>Peer To Peer (SSL/TLS) </b></li>
<li><i>Protocol</i> = <b>UDP</b></li>
<li><i>Device Mode</i> = <b>TUN</b></li>
<li><i>Interface<b> = </b></i><b>WAN</b><b> </b></li>
<li><i>Server Host Address</i> = <b>nyc-a01.wlvpn.com (or other server address from EasyNews. full list is <a href="https://account.easynews.com/vpnservers.php" target="_blank">here)</a></b></li>
<li><i>Server Port = </i><b>1194 </b>or <b>443</b></li>
<li><i>Proxy Host or address = </i><b>(Leave Blank)</b><i><br /></i></li>
<li><i>Proxy Port = </i><b>(Leave Blank)</b></li>
<li><i>Proxy Authentication Extra Options = </i><b>none</b></li>
<li><i>Server host name resolution = </i><b>Che</b><b>cked</b></li>
<li><i>Description = </i><b>easynewsVPN (or whatever you want)</b></li>
<li><i>Username = </i><b>username@easynews</b></li>
<li><i>Password = </i><i><b> </b></i><b>(Your password for easynews)</b><b> </b></li>
<li><i>TLS Authentication = </i><b>Unchecked</b></li>
<li><i>Peer Certificate Authority = </i><b>easynewsVPN</b></li>
<li><i>Client Certificate =</i><b> None</b></li>
<li><i>Encryption Algorithm = </i><b>AES-256-CBC (256-bit)</b></li>
<li><i>Auth Digest Algorithm = </i><b>SHA1 (160 bit)</b></li>
<li><i>Hardware Crypto = </i><b>No Hardware Crypto Acceleration</b></li>
<li><i>IPv4 Tunnel Network = </i><b>(leave blank)</b></li>
<li><i>IPv6 Tunnel Network</i><i> = </i><b>(leave blank)</b></li>
<li><i>IPv4 Remote Network/s</i><i> = </i><b>(leave blank)</b></li>
<li><i>IPv6 Remote Network/s</i><i> = </i><b>(leave blank)</b></li>
<li><i>Limit outgoing bandwidth</i><i> = </i><b>(leave blank)</b></li>
<li><i>Compression</i><b> = No Preference</b></li>
<li><i>Type of Service = </i><b>Unchecked</b></li>
<li><i>Disable IPv6 = <b>Checked</b></i></li>
<li><i>Don't Pull routes</i><i> = </i><b>Unchecked</b></li>
<li><i>Don't add/remove routes</i><b><i> = </i><b>Unchecked</b></b></li>
<li><i>Advanced</i><b><b> </b></b>remote-cert-tls server<br />resolv-retry infinite<br />persist-key<br />persist-tun<br />persist-remote-ip<br />comp-lzo<br />verb 3<br />auth SHA256<br />keysize 256<br />tls-cipher DHE-RSA-AES256-SHA<br />auth-nocache</li>
</ul>
</li>
<li>Click Save </li>
</ol>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-6Z2goGZlgxk/VoG5FU_vSvI/AAAAAAAAAqA/onFngLV9Y4U/s1600/EasyNewsVPN_02.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://1.bp.blogspot.com/-6Z2goGZlgxk/VoG5FU_vSvI/AAAAAAAAAqA/onFngLV9Y4U/s1600/EasyNewsVPN_02.png" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-2oHV57c5nfU/VoG5FJz054I/AAAAAAAAAqI/c3Sfy3w0zqA/s1600/EasyNewsVPN_03.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://2.bp.blogspot.com/-2oHV57c5nfU/VoG5FJz054I/AAAAAAAAAqI/c3Sfy3w0zqA/s1600/EasyNewsVPN_03.png" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-JDt0-f0ixLk/VoG5FAgdBRI/AAAAAAAAAqQ/xK2XpY5OmFk/s1600/EasyNewsVPN_04.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://3.bp.blogspot.com/-JDt0-f0ixLk/VoG5FAgdBRI/AAAAAAAAAqQ/xK2XpY5OmFk/s1600/EasyNewsVPN_04.png" /></a></div>
<br />
[<a href="http://www.bodenzord.com/archives/324" target="_blank">ref1</a>],[<a href="https://www.easynews.com/vpn/setup.html#routers" target="_blank">ref2</a>]<br />
<br />
<h3>
Updates of custom settings from other implementations</h3>
Other documents detailed of the advanced settings as thus:<br />
<br />
remote-cert-tls server<br />
resolv-retry infinite<br />
persist-key<br />
persist-tun<br />
persist-remote-ip<br />
comp-lzo<br />
verb 3<br />
auth SHA256<br />
keysize 256<br />
tls-cipher DHE-RSA-AES256-SHA<br />
<br />
but my configuration is as this:<br />
<br />
remote-cert-tls server<br />
resolv-retry infinite<br />
persist-key<br />
persist-tun<br />
persist-remote-ip<br />
comp-lzo<br />
verb 3<br />
auth SHA256<br />
keysize 256<br />
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA<br />
auth-nocache<br />
<br />
I changed the tls-cypher because when opening connection, the logs said that DHE-RSA-AES256-SHA was depreciated and TLS-DHE-RSA-WITH-AES-256-CBC-SHA should be used.<br />
Also there was a warning that credentials were cached and adding auth-nocache would be more secure. Since the connection still worked with these extra settings, I left them in place<br />
<br />
<h2>
Create new Interface for OpenVPN</h2>
<ol>
<li>Go to [Interfaces -> Assign]</li>
<li>Under {Interface Assignments} there will be "Available Network Ports", drop down to ovpnc1() and click ADD, the Network interface OPT1 will be created</li>
<li>Click on the OPT1 interface to edit it.</li>
<li>Configure as follow:</li>
<ol>
<li>Description: ENVPN</li>
<li>IPv4 Configuration Type: None</li>
<li>IPv6 Configuration Type: None</li>
<li>MAC Controls: Leave blank</li>
<li>MTU: Leave Blank</li>
<li>MSS: Leave Blank</li>
<li>Block Private Network: Unchecked</li>
<li>Block Bogon Network: Unchecked</li>
</ol>
<li>Save this configuration</li>
</ol>
<h2>
Configure NAT Rules</h2>
<ol>
<li>Go to [Firewall -> NAT]</li>
<li> Go to {Outbound}</li>
<li>Change from "Automatic outbound NAT rule generation. (IPsec passthrough included)" to "Manual Outbound NAT rule generation. (AON - Advanced Outbound NAT)"</li>
<li><br /></li>
</ol>
References:<br />
https://www.privateinternetaccess.com/pages/client-support/pfsense<br />
http://www.giganews.com/support/vyprvpn/vpn-setup/dd-wrt/openvpn.html<br />
https://forum.pfsense.org/index.php?topic=35292.0<br />
https://www.easynews.com/vpn/setup.html#ubuntu<br />
https://www.easynews.com/vpn/setup.html#routers<br />
https://support.code42.com/CrashPlan/4/Configuring/Excluding_Networks_Used_For_Backup_And_Restore<br />
https://www.reddit.com/r/OpenVPN/comments/3tmfjz/showing_connected_to_vpn_but_still_getting_actual/S-http://www.blogger.com/profile/02654291732561398833noreply@blogger.com3tag:blogger.com,1999:blog-1795887180658539089.post-8802864402037931132015-04-26T20:06:00.000-07:002015-04-26T20:06:16.501-07:00Virtual Windows 8 ... Sort of.OK, I know there are people there that love Windows 8, and those that don't really like it. I am not going to debate that here, but lets say, I need to advance with the times because of my job and will use Windows 8, and try to get the most out of it<br />
<br />
Having said that, I work with servers, so my main system is Windows 2012. Now on first look Windows 2012 looks a lot like Windows 8, so why cannot my Windows 2012 system also be my Windows 8 system. Now I don't want a completely transformed OS, but try to get the best of both worlds. So here are the things that I did to my system and hopefully guide you on your transformation. And for why I did this, I can say only 1 thing: I want to play Halo: Spartan Strike on my computer along with my phone.<br />
<br />
<u><b>Add the Desktop Experience</b></u> <br />
<br />This is a straight forward process, just adding a feature called 'Desktop Experience' If you need directions on how to add <a href="http://www.elmajdal.net/WindowsServer/How_To_Enable_Windows_8_Features_in_Windows_Server_2012.aspx" target="_blank">this web site has it.</a><br />
<br />
Please remember in order you use the Windows App store, you need a Microsoft account, and your logon account cannot be administrator.<br />
<br />
<u><b>Install Halo: Spartan Strike</b></u><br />
<br />
Go to the Windows store and install it. Now this application is not free, and for some reason I could not purchase it within the application store, but I used my phone to purchase because it is a single purchase for phone and desktop, so once that was done, it installed fine on Windows 2012<br />
<br />
<u><b>Issue with running app and Xinput1_4.dll</b></u><br />
<br />
Halo: Spartan Strike installed, but when it ran I was getting an Xinput1_4.dll error, and it bombed out. I found <a href="https://answers.unrealengine.com/questions/43879/program-cant-start-because-xinput1-4dll-is-missing.html" target="_blank">better description of the error here</a>, and then <a href="http://www.win2012workstation.com/xinput-and-xaudio-dlls/" target="_blank">another page that comes with files and an install script</a><br />
<br />
The script is straight forward and comes with 6 files. Now I normally don't trust these files especially since they are not signed, and I didn't want to expose my system to any unscrupulous files, so I built a Virtual Windows 8, and extracted the same files to install into my 2012 system. I did compare my files to the downloaded files, and they were same on the binary level, but better safe than sorry.<br />
<br />
Once those files were added the program worked fine, and I am hoping that all other DirectX games will also behave as well.<br />
<br />
<u><b>Issue with keyboard - Halo: Spartan Strike</b></u><br />
<br />
Now the program is running but for some reason, the mouse works, but the keyboard does not. For me fixing that is a simple solution. My system has PS/2 keyboard and mouse, so I just add my USB wireless Logitech K400 keyboard, now the game works!!!<br />
<br />
<u><b>Better Gaming experience - Xbox 360 Game controller</b></u><br />
<br />
I have a working game, but using the keyboard is a little kludgey because the key choices are chosen and you cannot change them, also with the AWSD to move, it is a little choppy.<br />
<br />
So I picked up a used Rock Candy controller. It plugged in fine, but didn't work. Went to the vendor's web site, pdp.com and they state the controller is for Xbox 360, so there are no drivers for windows.<br />
<br />
Well not being discourage, went looking for a driver for a Microsoft Xbox 360 drivers from Microsoft and found them <a href="http://www.microsoft.com/hardware/en-us/d/xbox-360-controller-for-windows" target="_blank">here.</a><br />
<br />
Installed the driver, rebooted, and the controller worked fine. It plays like a dream and now I can spend all of my time killing the Covenant!!<br />
<br />
I hope my work will enable you to play this game with Windows 2012, and your system primed to play other games from Windows Store.S-http://www.blogger.com/profile/02654291732561398833noreply@blogger.com0tag:blogger.com,1999:blog-1795887180658539089.post-59720027827664134402015-04-25T12:24:00.000-07:002015-04-25T12:25:29.040-07:00Getting Windows 8 or 2012 to work as a guest under vSphere 4.1There have been other blogs and kbase articles that define how to get Windows 8/8.1 or Windows 2012 / 2012 R2 running under vSphere 4.1. I plan to to offer you a complete document with references<br />
<br />
For the guest configuration, I would choose the following:<br />
<br />
<u>Windows 2012 / 2012 R2</u><br />
Guest OS: Windows 2008 R2<br />
vCPU: 2<br />
vMemory: 2GB<br />
Network Card: E1000<br />
<br />
<u>Windows 8 / 8.1</u><br />
Guest OS: Windows 7 (32 or 64 to match your media)<br />
vCPU: 2, but 1 should work <br />
vMemory: 1GB, but 2 would be better<br />
Network Card: E1000<br />
<br />
After you build the OS, but before the OS is installed the VMX file needs to be modified, so use the vSphere client to do these steps<br />
<ol>
<li>Browse to the datastore where the VMX files is located</li>
<li>Download the VMX file to your windows system</li>
<li>Edit the file with a Linux compatible editor like Notepad++ and add the following lines:</li>
<ol>
<li>bios440.filename = bios.440.rom<br />mce.enable = "TRUE"<br />cpuid.hypervisor.v0 = "FALSE"<br />vmGenCounter.enable = "FALSE</li>
</ol>
</ol>
Then upload the updated VMX file and the bios ROM file from this <a href="http://communities.vmware.com/thread/394669" target="_blank">location</a>. If you feel a little unsure about using a random file acquired from the internet there are directions on how to <a href="http://pete.akeo.ie/2011/06/extracting-and-using-modified-vmware.html" target="_blank">extract the file from VMware Player</a>. I have not done this yet, but trust the ROM file that is the VMware community<br />
<br />
Next just install the OS as normal, it should work fine, no BSOD.<br />
<br />
Now what I have not seen is anything on VMware tools, and from what it looks like any version of the VMware tools that come with 4.1 will corrupt the video and make it unusable, so when installing VMware tools, use the OSP version.<br />
<br />
Here is the root location of all the tools: <a href="http://packages.vmware.com/tools/esx/index.html" target="_blank">http://packages.vmware.com/tools/esx/index.html</a><br />
Here is the version that I have used successfully: <a href="http://packages.vmware.com/tools/esx/5.5p01/windows/index.html" target="_blank">http://packages.vmware.com/tools/esx/5.5p01/windows/index.html</a><br />
But guessing the latest which is for vSphere 6 would also work:<br />
<ul>
<li>64-bit <a href="http://packages.vmware.com/tools/esx/latest/windows/x64/VMware-tools-windows-9.4.11-2400950.iso" target="_blank">http://packages.vmware.com/tools/esx/latest/windows/x64/VMware-tools-windows-9.4.11-2400950.iso</a></li>
<li>32-bit: <a href="http://packages.vmware.com/tools/esx/latest/windows/x86/VMware-tools-windows-9.4.11-2400950.iso" target="_blank">http://packages.vmware.com/tools/esx/latest/windows/x86/VMware-tools-windows-9.4.11-2400950.iso</a></li>
</ul>
If you want read more about OSP tools, this <a href="https://www.vmware.com/support/packages/" target="_blank">page is useful.</a><br />
<br />
Good luck with your Window 8 / 2012 builds!!S-http://www.blogger.com/profile/02654291732561398833noreply@blogger.com0tag:blogger.com,1999:blog-1795887180658539089.post-31968337102893572982014-01-07T15:49:00.002-08:002014-01-07T15:50:34.072-08:00Updataing blacklist in pfSense from urlblacklist.comThis is a modified procedure to use a local file instead of the blacklist from urlblacklist.com. This is a modified procedure for Squidguard. It should be able to go to the website directly and download then update.<br /><br />From my experience lately either the download doesn't finish, or if it does finish. it doesn't use the full size. So this modified procedure will use Firefox to download, transfer to a Linux Web server, then let it pull from a local source<br /><br />
<ol>
<li>Download the file bigblacklist.tar.gz from <a href="http://urlblacklist.com/cgi-bin/commercialdownload.pl?type=download&file=bigblacklist" target="_blank">http://urlblacklist.com/cgi-bin/commercialdownload.pl?type=download&file=bigblacklist</a> </li>
<li>Use WinSCP to copy to Linux box with web server</li>
<li>Log into Linux box and copy bigblacklist.tar.gz to /var/www</li>
<li>Go to pfSense box and login</li>
<li>Services -> Proxy Filter, find the field blacklist URL, enter http://ipaddress/bigblacklist.tar.gz</li>
<li>Go to the Tab 'Blacklist' click [download]</li>
<li>Wait until complete</li>
</ol>
S-http://www.blogger.com/profile/02654291732561398833noreply@blogger.com1tag:blogger.com,1999:blog-1795887180658539089.post-51960151802544902332014-01-06T16:51:00.001-08:002014-01-13T15:48:27.439-08:00Syncing this Blog with other media sourcesIn order to get more exposure of this blog, I decided to publish this blog automatically onto other sources like Facebook, Twitter, and Linkedin. So far I just started with Facebook and hopefully this set of directions will work:<br />
<br />
<a href="http://www.earning66.blogspot.com/2012/06/publish-your-posts-on-facebook-using.html" target="_blank">http://www.earning66.blogspot.com/2012/06/publish-your-posts-on-facebook-using.html</a><br />
<br />
Update 2014.01.13: added the ability to publish to twitter using twitterfeed. S-http://www.blogger.com/profile/02654291732561398833noreply@blogger.com0tag:blogger.com,1999:blog-1795887180658539089.post-57117473794234081122014-01-02T07:47:00.001-08:002014-01-02T07:47:44.547-08:00Windows 8 / 2012 on ESXi 4.0 / 4.1 hostsOK, so others have documented on how to enable using Windows 8 and Server 2012 with an ESXi 4.0 / 4.1 host. I am not going to recreate the procedure, but here are links to some:<br />
<br />
<a href="http://communities.vmware.com/thread/394669" target="_blank">http://communities.vmware.com/thread/394669</a><br />
<a href="http://community.spiceworks.com/topic/312358-how-to-install-windows-2012-server-on-esxi-4-1" target="_blank">http://community.spiceworks.com/topic/312358-how-to-install-windows-2012-server-on-esxi-4-1</a><br />
<a href="http://en.blog.skydriver.org/2013/02/03/windows-server-2012-and-windows-8-on-vmware-esxi-4-1/" target="_blank">http://en.blog.skydriver.org/2013/02/03/windows-server-2012-and-windows-8-on-vmware-esxi-4-1/</a><br />
<br />
What I was curious about was where this bios.440.rom file came from and is it safe. From the first reference from the VMware communities it came from a vmware employee. Did some more searching and found these two sites that detailed building / modifying BIOS-es<br />
<br />
<a href="http://forums.mydigitallife.info/threads/19329-HOWTO-Modify-VMWare-BIOS-with-SLIC-2-1" target="_blank">http://forums.mydigitallife.info/threads/19329-HOWTO-Modify-VMWare-BIOS-with-SLIC-2-1</a><br />
<br />
While it was detailed, and looked like it used some files that were coming from questionable sources, the original toolkit was sound<br />
<br />
<a href="http://www.bios.net.cn/Files/soft/biosfile/qt/SLIC_ToolKit_V3.2.rar" target="_blank">http://www.bios.net.cn/Files/soft/biosfile/qt/SLIC_ToolKit_V3.2.rar</a><br />
<br />
So I concluded to accept the file and not research further. <br />
<br />S-http://www.blogger.com/profile/02654291732561398833noreply@blogger.com0tag:blogger.com,1999:blog-1795887180658539089.post-21414373486602405122013-05-16T06:11:00.002-07:002013-05-16T06:11:56.165-07:00First impressions about Microsoft IntuneOK, so last month, I cane across <a href="http://www.microsoft.com/en-us/windows/windowsintune/pc-management.aspx" target="_blank">Microsoft Intune</a> last month and wanted to see what it could do. Hey they were giving me a month and I figured why not. I can say that after a month, it is not bad, and does have it's place in the world out there.<br />
<br />
In the past I have used other products to manage systems. Tools like WSUS, Qualys, and Tivoli Endpoint Manager or TEM.<br />
<br />
So what does Intune do. From what I see it does three big things:<br />
<br />
<ul>
<li>Install Microsoft Patches</li>
<li>Manage Windows Defender</li>
<li>Have the ability to publish software that can be installed by your clients.</li>
</ul>
Whey you sign up you need to create a company account and at least one administrator account. I didn't really work much with the company account, but can see where there is a need for separation between the two. Also there are different permissions for administrators like read only so there can be multiple persons that can get access to the account and the systems managed.<br />
<br />
OK so what I like. I like that you as an administrator have the ability to approve patches like in WSUS. When a patch comes out, you have to approve it and then it will be available for installation on your infrastructure.<br />
<br />
Another think that I like is that you can take an MSI and add it to your list of company apps. So if you want to deploy something like Adobe Acrobat, just add it and publish.<br />
<br />
Also like the ability to create groups. I didn't use them, but it was nice they were there.<br />
<br />
So now my favorite feature: Due dates on patches. One thing you can do is assign due date and Install now. This means that if a client is on, the Intune app will get pushed the patches, so you don't have to visit the clients, they will update themselves.<br />
<br />
Now it is not all great with Intune, and here are some of my issues with it. First all of the connectivity is to the internet, so all of your machines that you manage need to have access to the internet. Also with this connectivity, there are slew of <a href="http://technet.microsoft.com/en-us/library/jj676651.aspx" target="_blank">them to configure.</a> So it might be challenging for a company that has an IDS or proxy installed.<br />
<br />
There was one last feature that I did not test and it was the easy assist. This looks like the Lync client so you can have your computer remote controlled by the administrator. Maybe I will look to it in the future.<br />
<br />
So down to <a href="http://www.microsoft.com/en-us/windows/windowsintune/buy.aspx" target="_blank">pricing.</a> From what I can see, in the US it is a low, low $6 a month for a year. It looks like you sign up for a year at a time, but can be billed monthly. And if I am reading it right, that is the cost for the administrator, not for the clients. So if you have 2 machines or 25, the price would be the same. <br />
<br />
I stopped at 25 because that is the limit of my license that I was given. I am guessing that as you increase the number of endpoints, that the cost would also increase, but I cannot find that information.<br />
<br />
Pros<br />
<br />
<ul>
<li>Easy to set up</li>
<li>Pricing good</li>
<li>Handles Microsoft patches very well</li>
</ul>
Cons<br />
<br />
<ul>
<li>Only supports Vista, Windows 7 and 8</li>
<li>client need internet connection to work</li>
</ul>
S-http://www.blogger.com/profile/02654291732561398833noreply@blogger.com0tag:blogger.com,1999:blog-1795887180658539089.post-41331481931465528902013-04-23T19:05:00.002-07:002014-01-13T15:49:48.833-08:00NAS4Free in ESXiFor the last couple of years I have been using FreeNAS 7.x for my go to simple fileshare tool within my ESX infrastructure.<br />
<br />
Well as we all know that platform has reached the end of life, and at first the natural progression was to use FreeNAS 8. Well I liked it, but it has a completely different GUI, and I just could not get the hang of it.<br />
<br />
So last month I found out there is a new branch of FreeNAS7, NAS4Free. I have just started to install it and get it configured, but I recommend using this web site to get a jump on things:<br />
<br />
<a href="http://www.liquidobject.com/index.php/2013/03/09/nas4free-under-esxi/" target="_blank">NAS4Free under ESXi at liquidobject.com</a>S-http://www.blogger.com/profile/02654291732561398833noreply@blogger.com0tag:blogger.com,1999:blog-1795887180658539089.post-15883335056266133442013-01-15T22:24:00.001-08:002013-01-15T22:24:37.884-08:00DLNA Servers for WindowsKnow this is a little off base for my blog, but hey it is kind of virtual, and it is useful. The other day I picked up a new Blue-Ray player and it had DLNA capabilities, so I wanted to try it and test it out with a DLNA server.<br />
<br />
Did some research with <a href="http://en.wikipedia.org/wiki/List_of_UPnP_AV_media_servers_and_clients" target="_blank">Wikipedia</a> and the one product came to the front, <a href="http://www.conceiva.com/products/mezzmo/default.asp" target="_blank">Mezzemo</a>. I gave it a try and while the software was easy to set up, I was having a very difficult time to get it to work with my <a href="http://www.amazon.com/Sony-BDP-S590-Blu-ray-Player-Wi-Fi/dp/B006U1YUZE/ref=sr_1_1?ie=UTF8&qid=1358316908&sr=8-1&keywords=sony+blu+ray+player" target="_blank">Sony BDP-S590</a>, and only 1 file was playing. Did some further research and there were many other persons saying that this model was giving it some problem.<br />
<br />
So today I was doing some work with my DivX player and noticed that the DivX player has a streaming option. Confirmed it was a DLNA server and it is easy to <a href="http://rovicorp.force.com/apex/Show_DivxB2C_Article?id=kA540000000Cb5a&language=en_US&url=How-do-I-enable-the-Media-Server-in-the-DivX-Plus-Player" target="_blank">setup</a><br />
<br />
Well turned it on, added a folder and tried it. It works beautifully. I can play .AVI, MKV, MP4, and M4V files without any issue. Can fast-forward and rewind with no issues. Bar none, works with no issue, and I strongly recommend it. The only issue I could see is that I need to have the player running, unlike a service, but for perfectly playing files to a Blu-Ray player over wireless, that is a very, very small issue.S-http://www.blogger.com/profile/02654291732561398833noreply@blogger.com0tag:blogger.com,1999:blog-1795887180658539089.post-11886345159139203742012-11-16T21:38:00.001-08:002012-11-16T21:41:37.692-08:00High End Video Cards, IBM servers and Virtulization.Today I found this announcement of new products for the <a href="http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5091880&brandind=5000008&myns=x008&mync=E" target="_blank">dx360 M4</a><br />
<br />
Now I normally don't use this model of computer, but just decided to look at it. So I looked at the specs of the <a href="http://www.redbooks.ibm.com/abstracts/tips0878.html?Open" target="_blank">server</a> then saw the specs of two of the cards, the NVIDIA Tesla K20, and the <a href="http://www.nvidia.com/object/vgx-boards.html" target="_blank">NVIDIA VGX K1 / K2</a><br />
<br />
The server can handle 2 half length full height cards, with 2 servers in a 2 u space, so that is 4 GPUs in 2U. <br />
The K20 was just a number cruncher, nothing exciting there, could be used for mathematics, or large scale models or something like that. but the VGX K1 was interesting. It was a video card that is supposed to be used for virtualized workloads. From their website:<br />
<br />
"VGX boards feature NVIDIA Kepler-based GPUs that, for the first time,
allow hardware virtualization of the GPU. This means multiple users can
share a single GPU, improving user density while providing true PC
performance and compatibility."<br />
<br />
Now that is interesting. What struck me as more interesting is this. The GPU is supported right now under the following OS's<br />
<br />
<ul>
<li>XenDesktop with HDX 3D Pro</li>
<li>XenServer</li>
</ul>
And is coming for these platforms:<br />
<br />
<ul>
<li>XenDesktop with HDX</li>
<li>XenServer with NVIDIA VGX Hypervisor</li>
<li> RemoteFX</li>
<li>Windows Server 2012</li>
<li>VMware View with vSGA</li>
<li>ESX</li>
</ul>
And I see that the dx360 M4 supporting these OS's<br />
<br />
<ul>
<li>Microsoft Windows Server 2008 R2</li>
<li>Microsoft Windows Server 2008, Datacenter x64 Edition</li>
<li>Microsoft Windows HPC Server 2008</li>
<li>Red Hat Enterprise Linux 5 Server with Xen x64 Edition</li>
<li>Red Hat Enterprise Linux 6 Server x64 Edition</li>
<li>SUSE Linux Enterprise Server 10 x64 Edition</li>
<li>SUSE Linux Enterprise Server 11 with Xen x64 Edition</li>
<li>SUSE Linux Enterprise Server 11 x64 Edition</li>
<li>VMware ESX 4.1, ESXi 4.1, and 5.0</li>
</ul>
So if I look and see what both card and Server OS support, right now, there is nothing. Now knowing IBM and what the officially support on their products, I don't see XenServer being a platform that they will add. And I don't see any development of support of the VGX on RedHat which would say it would be supported by KVM. I can see This server being supported by Windows 2012 when things get rolling, and that leaves one thing in the wings...<br />
<br />
..VMware. I am guessing that there might be an upgrade on the hypervisor's part for it to better handle virtual GPUs. For vSphere and for View. I don't think IBM would work on and develop a > $3500 video card for a server that no platform will support. <br />
<br />
I guess we will have to wait and see. <br />
<br />
<br />S-http://www.blogger.com/profile/02654291732561398833noreply@blogger.com0tag:blogger.com,1999:blog-1795887180658539089.post-61106260393163461262011-07-24T04:30:00.000-07:002011-07-24T04:30:50.516-07:00Building new Windows XP GuestCurrently I have the need to build a new Windows XP Guest in VirtualBox. So I figure that I want the latest and greatest so that I wont have to keep upgrading it. <br />
<br />
On the OS side, I want it to be pre-installed with SP3, and possibly some or all of the patches<br />
<br />
On the Virtual Hardware side I want for the Hard drive to be SATA, not IDE, and for the bridge to be ICH9, not PXII3.<br />
<br />
My ultimate goal is for it to be point and shoot, no installing as IDE / PXII3 and convert, but to choose SATA / ICH9 straight from the start. Also want to do it without any other tools like nlite. Starting work today, lets see where this gets usS-http://www.blogger.com/profile/02654291732561398833noreply@blogger.com0tag:blogger.com,1999:blog-1795887180658539089.post-84942198687776268592011-07-12T19:53:00.000-07:002011-07-12T19:53:00.038-07:00Cracking the contents of the VMware VMU vibs filesI was patching my ESXi server today with the VMware Host Update Utility and was thinking about a couple of things. First when I do an update the VMU first downloads a bunch of data to my C:\Documents and Settings\All Users\Application Data\VMware\VMware VI Update\vmw, about 1.2GB of data.<br />
<br />
I was thinking that if I wanted to switch back to using a scripting tool then I would have to re-download all of the patches again manually and then script it up. So I wanted the shortcut to see if I really needed to download it again. Inside the <u>MetaData</u> directory, there are four zip files; 4.0 ESX and ESXi, and 4.1 ESX and ESXi. and then in the <u>vibs</u> directory there are a bunch of vibs files ranging from 60 to 130 MB. Those had to be the patches.<br />
<br />
Any search on how to open a VIBS file came up empty so I then looked at the Metadata zips again and opened them all up. Inside there is a file called Packages. Once I looked into it I noticed that it was all names of the patches, but was was most interesting was the filename was a .deb file.<br />
<br />
So I renamed one of the .vibs file to a .deb copied it over to my Linux server and ran the command ar vx something.deb, and viola, it opened up and showed its contents. <br />
<br />
Unfortunately for me, it looks like the contents inside the .deb / .vibs file is not easily compatible the downloaded manual patches, but I learned a little more on how the VMware VMU architecture works.<br />
<br />
What I found very interesting was that even though it was for ESXi, these are debian patch packages, so still somewhere in that tiny ESXi Hypervisor, there is some Linux, however small.<br />
<br />
Thanks to <a href="http://www.g-loaded.eu/2008/01/28/how-to-extract-rpm-or-deb-packages/">http://www.g-loaded.eu/2008/01/28/how-to-extract-rpm-or-deb-packages/</a> on how to extract DEB packagesS-http://www.blogger.com/profile/02654291732561398833noreply@blogger.com0tag:blogger.com,1999:blog-1795887180658539089.post-4137153719415728992010-11-16T17:51:00.000-08:002010-11-16T17:51:29.084-08:00Testing to see if aligned partitions on ESX - an IntroductionI have been looking at documents that detail speed improvements with ESX where the partitions are aligned. These documents detail and only deal with SAN paritions:<br />
<br />
<a href="http://media.netapp.com/documents/tr_3593.pdf">http://media.netapp.com/documents/tr_3593.pdf</a><br />
<a href="http://www.vmware.com/pdf/vi_performance_tuning.pdf">http://www.vmware.com/pdf/vi_performance_tuning.pdf</a><br />
<a href="http://www.vmware.com/pdf/esx3_partition_align.pdf">http://www.vmware.com/pdf/esx3_partition_align.pdf</a><br />
<br />
Now I don't have access to a SAN but wanted to develop and test this with my Direct Attached Storage (DAS) for my ESXi host. Here is the configuration of my ESX host:<br />
<br />
Hypervisor OS: ESXi 4.0 Releasebuild 294855<br />
Systemboard: Intel S5000PSL<br />
SCSI Controller: IBM ServeRaid 6M - 128 MB cache<br />
RAID for Testing: RAID5 built with 5 73GB 10K U320 disks.<br />
RAID Stripe Size: 64KB<br />
<br />
To do the testing I created two Windows 2003 guests with the following configurations:<br />
<br />
OS: Windows 2003 Standard<br />
Service Pack: SP2<br />
Hotfixes: All hotfixes presented over Windows update as of 11/15/2010<br />
Virtual Disk: 12 GB dynamic<br />
Virtual Memory: 512MB<br />
NTFS Format: default (4K) <br />
<br />
The only difference is that for SERVERB, the disk was aligned to 64K as described in the documents, and SERVERA had no alignment.<br />
<br />
I then tested the servers using iozone.org version 3.53. In order to isolate each server I rebooted the ESX host, then gave it 5 minutes to settle, and started up the Guest target alone with no other guests running with another 5 minutes of settle time before starting the testing.<br />
<br />
The tests were done three times for each server and the results were averaged. Then the results for each aggregate server were compared as a percentage difference. <br />
<br />
Now the big question, is it worth it. The short answer is yes, I saw an improvement on average of about 10 to 40% per test. There were points where the aligned disk was slower, but if you look at the aggregate of the data there is an improvement. I need to do some more cleanup of the data but I will be posting it soon.S-http://www.blogger.com/profile/02654291732561398833noreply@blogger.com0tag:blogger.com,1999:blog-1795887180658539089.post-24048026897446221772010-10-29T17:51:00.000-07:002010-10-29T17:51:29.681-07:00Installng Zabbix appliance into Virtualbox with VMDK to VDI conversion OK, I know the title is a little long, but it is descriptive. Yesterday I stumbled across the Zabbix appliance and wanted to see what it could do.<br />
Well I am still checking out Zabbix, but I wanted to see if I could run the Zabbix appliance using VirtualBox's native disk format VDI instead of the originally provided VMDK virtual disk.<br />
<br />
First off adding the VMDK into VirtualBox is easy as cake<br />
<br />
<ol><li>Download the appliance from www.zabbix.com</li>
<li>Extract the VMDK and VMX files.</li>
<li>By looking at the VMX file, you notice the parameters that are pertinent to create</li>
<ol><li>OS: Linux</li>
<li>Version: OpenSUSE</li>
<li>Memory: 512MB</li>
<li>Storage Controller: SATA</li>
<li>Network Attached Adapter: Bridged</li>
<li>Adapter type Intel PRO/1000 MT</li>
</ol><li>Copy the VMDK to where you keep your VDI files, go to the Virtual Media Manager and add the disk to the list, then attach the disk to the SATA adapter and away you go. </li>
</ol> For me it started up fine the first time without any problems.<br />
Now for the fun part; converting the file to VDI<br />
<br />
<br />
Use the following command:<br />
<br />
vboxmanage.exe clonehd <path to="" vmdk="">\file.vmdk zabbix.vdi --format vdi</path><br />
<br />
Now you just go to the Virtual Media Manager and attach the VDI and away you go. The one thing that I did learn is that you need to convert the VMDK to a VDI before you start up the machine the first time. So if you did the test with at the top of the article, just delete it and pull a new copy of the VMDK from the archive you download.S-http://www.blogger.com/profile/02654291732561398833noreply@blogger.com0tag:blogger.com,1999:blog-1795887180658539089.post-77327073890051095602010-08-19T13:55:00.000-07:002010-08-19T14:18:41.307-07:00Success in improving RAID speedsAfter a long and hard trial process, I have increased the speed of my RAID5 array on an IBM ServeRAID-6M to a very acceptable level<br />
<br />
Before I worked on this, guests on a 5 disk RAID5 were getting 5MB/s and after-wards I am getting the following Speeds<br />
<br />
<ul><li>Windows 2003, 12GB, Read tests with HD_speed are 92 MB/s</li>
<li>Ubuntu 9.04 server, 8GB Read+Write tests, using dd are 32 MB/s</li>
</ul>My second RAID was only 3 disks because I had a problem with 2 of the disks. Here are my suggestions for building a RAID5 from used parts<br />
<br />
<ul><li>Test the READ and WRITE speeds of each disk by itself. I had 1 U320 disk that was reading fine at 60 MB/s but crippled down and would only write at 5 MB/s</li>
<li>Have the same interface; one disk was a U160, and it could only read at 50 MB/s</li>
<li>Do not include any disks that are considerably slower than others, it will slow down the whole array.</li>
<li>Not sure this is true with all Array controllers, but make sure that both the disks and the array are set to write back, not write through. Also the setting for the disks can only be change <span style="font-weight: bold;">while they are not in an array, and cannot be change once they are built into an array</span></li>
</ul>These are my preferences, and not sure they will affect anything.<br />
<br />
<ul><li>When building the array use the largest stripe size. The ServeRAID-6M goes up to 64K</li>
<li>When formatting the VMFS Datastore choose a larger block size like 4MB or 8MB.<br />
</li>
</ul>S-http://www.blogger.com/profile/02654291732561398833noreply@blogger.com0tag:blogger.com,1999:blog-1795887180658539089.post-28320628489926084432010-08-17T13:51:00.000-07:002010-08-19T13:55:10.528-07:00ESXi on USB - Part III have been working with a test version of ESX 4i, 4.0 U2 on a USB stick. I installed it the USB stick like I documented on my August 4th post. I like it but seeing some problems. For some reason it is slowing down my system. When I benchmark my ESX host it is only getting 5MB/s on disk access for the guests.<br /><br />Now these guests are either on a single SCSI U320 disk attached to a ServeRaid-6M, or in a RAID 5 config on that same card, and they are behaving poorly.<br /><br />I believe that somehow the ESX hypervisor is writing to the USB stick and slowing the whole system down. So I am going back to an installable version on a SCSI diskS-http://www.blogger.com/profile/02654291732561398833noreply@blogger.com0tag:blogger.com,1999:blog-1795887180658539089.post-37178269976455239422010-08-04T21:23:00.000-07:002010-08-05T07:51:40.933-07:00ESXi on USBI found this great little tutorial on how to install ESXi onto a USB stick. I know that there are a bunch of ways, but this was fast, simple, and can be done from windows with tools that I already have: WinRAR and WinImage<br /><br /><a href="http://www.vladan.fr/how-to-install-esxi-40-on-usb-memory-key">http://www.vladan.fr/how-to-install-esxi-40-on-usb-memory-key</a><br /><br />Give it a shot.<br /><br />UPDATE: I use this on a dedicated system so I am not concerned with data loss, but from my tests with 4.0 U2 the hypervisor will grab a partition and format it with VMFS.S-http://www.blogger.com/profile/02654291732561398833noreply@blogger.com0tag:blogger.com,1999:blog-1795887180658539089.post-68787112994334452692010-07-29T23:23:00.000-07:002010-07-29T23:29:56.089-07:00Client Desktop Laptop HypervisorsIt looks like there is a new front for the virtual world, notebook hypervisors. There are two products out there that are touting that you can use a laptop for two images like a corporate / home product or a WinXP / Win 7 product.<br /><br />No matter what you would be using it for, it looks like there is a new market out there. So far I found two products. Citrix <a href="http://citrix.com/FreeXenClientExpress">XenClient</a>, which is available for download, and VMware's <a href="http://www.vmware.com/products/mobile">Mobile Virtual Platform (MVP)</a>.<br /><br />Just to check things out I purchased a second hardrive from my T400 in order to test it. Citrix recommends strongly for XenClient that you have an Intel vPro system, and the Lenovo T400 fits the bill. I will be trying it out and getting back to you.S-http://www.blogger.com/profile/02654291732561398833noreply@blogger.com1tag:blogger.com,1999:blog-1795887180658539089.post-23881528642281090952010-05-20T20:11:00.001-07:002010-05-20T20:11:58.328-07:00Interesting new features for VirtualBox 3.2.0Hey, I was looking at the new VirtualBox, and it has some really new features. They are memory ballooning, memory page de-duplication, and new IO sub-system.<br /><br /> It looks like Sun is really upgrading this product for prime time!<br /><br /><br />http://www.ubuntugeek.com/virtualbox-3-2-released-and-ubuntu-installation-instructions-included.html#more-5719<br />http://www.virtualbox.org/wiki/ChangelogS-http://www.blogger.com/profile/02654291732561398833noreply@blogger.com0tag:blogger.com,1999:blog-1795887180658539089.post-81636220691864327742010-05-19T20:56:00.000-07:002010-05-19T21:19:36.308-07:00Improving SCSI performance on ESXi WhiteboxOK, the upgrade to SCSI went well, I converted from a SATA to SCSI system.<br /><br />Added the following components:<br /><ul><li>IBM ServeRAID 6M, PCI-X card</li><li>1 36GB drive to use as boot, and ISO storage<br /></li><li>5 74GB drives in RAID5 to be used as main datastore (272 GB)</li><li>1 500GB SATA drive from old ESXi Server. Source Datastore to move data onto RAID5</li></ul>Now everything was going well, but was noticing that the speed performance was slow. Now I expected it to be slower with writes on RAID5, but I was expecting the reads to scream.<br /><br />That was not what was happening. So I started using <a href="http://www.steelbytes.com/?mid=20">HD_Speed</a> and noticed some things.<br /><br /><ul><li>Read speed on SATA drives 115</li><li>Read Speed on SCSI RAID5 4.5</li></ul>That was a big difference. So I did some digging and did the following changes to make some improvements<br /><br /><ul><li>Moved the ServerRAID 6M to PCI-X slot 1 because it was 133 Mhz, Removed the other SCSI card because if there was anything in Slot 2, it downgrade to 100 Mhz and the card was only rated at 133.</li><li>Made sure that the Cache was on</li><li>Upped the queue limit from 64 to 96 into the BIOS</li></ul>After I did that the Read speed moved up to 45. Not bad. One other thing that I noticed is that when you move to larger downloads like 4MB it would move up to the 100 to 200 range.<br /><br />Also I could benchmark 2 servers simultaneously from the SCSI RAID5 and it did not impact each other.S-http://www.blogger.com/profile/02654291732561398833noreply@blogger.com0tag:blogger.com,1999:blog-1795887180658539089.post-56365222053336388382010-03-31T11:26:00.000-07:002010-03-31T11:33:26.965-07:00Upgrading Home ESX host to SCSICurently I am upgrading my ESX host from SATA to SCSI. I am doing this for the following reasons:<br /><br /><ul><li>ESXi will not recogonize SATA as RAID array.</li><li>While SATA is cheap, I have noticed that running 4 or 5 VM's concurrently on the same datastore that is comprised of 1 disk it will tax the datastore where I can see delays in the guest systems.</li><li>Noticing heavy background disk access that does not show up on the Performance Graphs for the disk. Essentally it is useless busy disk time.</li><li>I have this cool IBM ServeRAID 6M card I want to give a try with some SCSI disks</li></ul><p>Now my current ESX host has a 73GB SCSI drive that is used for the boot of the ESXi OS and to store the ISO's and a 500GB sata for the storage of the Guest VMs. I plan to replace it with a 6 disk 73GB RAID 5 SCSI array and see how it performs.</p><p>Currently I have only half of the disks, and awaiting the purchase of the remaining ones from ebay to complete my conversion.</p>S-http://www.blogger.com/profile/02654291732561398833noreply@blogger.com0tag:blogger.com,1999:blog-1795887180658539089.post-48326652710273754352010-02-10T22:21:00.001-08:002010-02-10T22:25:25.951-08:00Getting VMware Patch Notices AutomaticallyHello all.<br /><br />I found this extremely interesting and surprised that no one has told you about this. VMware has a ListServ for it's patch releases. Great for getting automatic notices of vulnerabilities of your vmware products.<br /><br />Here is the link to get onto the ListServ<br /><a href="http://lists.vmware.com/mailman/listinfo/security-announce">http://lists.vmware.com/mailman/listinfo/security-announce</a><br /><br />Here is the archive of their archives:<br /><a href="http://lists.vmware.com/pipermail/security-announce/">http://lists.vmware.com/pipermail/security-announce/</a><br /><br />Sign up right nowS-http://www.blogger.com/profile/02654291732561398833noreply@blogger.com0tag:blogger.com,1999:blog-1795887180658539089.post-69234413525986476062010-01-31T00:15:00.000-08:002010-01-31T00:21:18.774-08:00New WidgetAdded the BT-Cumulus widget so that it would be easier to see my tags<br /><br />Thanks to <a href="http://www.roytanck.com/">Roy Tanck</a> for creating this and to <a href="http://kaynere.blogspot.com/2009/04/installing-wp-cumulus-in-blogger-as.html">kayenere</a> for the code to get it onto my pageS-http://www.blogger.com/profile/02654291732561398833noreply@blogger.com0