0

How to set SNMP on Vmware

Posted by paris on Dec 8, 2016 in Random

ESX Version 5

You need to use the CLI to edtit this per below : 

PowerCLI C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI> get-vmho

stsnmp | set-vmhostsnmp -enable:$true -readonlycommunity @(“%communityname%”) -addtarg

et -targetcommunity ‘%communityname%’ -targethost ip.ip.ip.ip

PowerCLI C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI> get-vmho

stsnmp | test-vmhostsnmp

 

ESX version > 5

 

esxcli system snmp set --communities %communityname%
 
esxcli system snmp --targets ip.ip.ip.ip@162/%communityname%
 
esxcli system snmp set --enable true
 
esxcli system snmp test
 
/etc/init.d/snmpd restart

 

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , ,

 
0

Minimum permission Solarwinds Polling account needs for domain controller

Posted by paris on Dec 5, 2016 in Random

solarwinds-inc-logo[1]Solarwinds has an Application Monitoring Template for Domain Controllers.

The permission usually recommended is to give the account Local Administrator on the computer , however on a domain controller this means Domain Administrator which means if the account gets compromised it has all the access!

These are the minimum permissions you need via Script : 

  1. Give the Solarwinds Polling account WMI Access to these services. You will need to Change the SID 
    S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXX
    To the one of your polling account. You can use this 
wmic useraccount get name,sid

Replacing Useraccount to your solarwinds account

Then save this as a BAT file and Run As Administrator

Sc sdset scmanager D:(A;;CCLCRPRC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:
 
(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD) ::Makes All Users Access to SC Manager
 
Sc sdset  DNS D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)
 
(A;;CCLCSWRPLOCRRC;;;SU)(A;;CR;;;AU)(A;;LC;;;S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXX)S:
 
(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD) ::Gives Goldcorp_CA\SVC_SLWWMIAccess access to DNS Service
 
Sc sdset  DFSR D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)
 
(A;;CCLCSWRPLOCRRC;;;SU)(A;;CR;;;AU)(A;;LC;;;S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXX)S:
 
(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD) ::Gives Goldcorp_CA\SVC_SLWWMIAccess access to DFSR Service
 
 
Sc sdset  IsmServ D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)
 
(A;;CCLCSWRPLOCRRC;;;SU)(A;;CR;;;AU)(A;;LC;;;S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXX)S:
 
(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD) ::Gives Goldcorp_CA\SVC_SLWWMIAccess access to IsmServ Service
 
Sc sdset  W32Time D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)
 
(A;;CCLCSWRPLOCRRC;;;SU)(A;;CR;;;AU)(A;;LC;;;S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXX)S:
 
(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD) ::Gives Goldcorp_CA\SVC_SLWWMIAccess access to W32Time Service
 
Sc sdset  LanmanServer D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)
 
(A;;CCLCSWRPLOCRRC;;;SU)(A;;CR;;;AU)(A;;LC;;;S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXX)S:
 
(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD) ::Gives Goldcorp_CA\SVC_SLWWMIAccess access to LanmanServer Service
 
Sc sdset  LanmanWorkstation D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)
 
(A;;CCLCSWRPLOCRRC;;;SU)(A;;CR;;;AU)(A;;LC;;;S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXX)S:
 
(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD) ::Gives Goldcorp_CA\SVC_SLWWMIAccess access to LanmanWorkstation Service
 
Sc sdset  Netlogon D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)
 
(A;;CCLCSWRPLOCRRC;;;SU)(A;;CR;;;AU)(A;;LC;;;S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXX)S:
 
(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD) ::Gives Goldcorp_CA\SVC_SLWWMIAccess access to Netlogon Service
 
Sc sdset  NTDS D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)
 
(A;;CCLCSWRPLOCRRC;;;SU)(A;;CR;;;AU)(A;;LC;;;S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXX)S:
 
(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD) ::Gives Goldcorp_CA\SVC_SLWWMIAccess access to NTDS Service
 
Sc sdset  ADWS D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)
 
(A;;CCLCSWRPLOCRRC;;;SU)(A;;CR;;;AU)(A;;LC;;;S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXX)S:
 
(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD) ::Gives Goldcorp_CA\SVC_SLWWMIAccess access to ADWS Service

 

 

 

2) Use this modified PowerShell Script from Palo Alto( Changed $ace.AceFlags to 2 for to inherit Permissions to subcontainers ) to add the account WMI access

Save as .ps1 and run as administrator with this

.\name_of_powershellfile.ps1 root add Domain\Svc_serviceaccountname Enable,RemoteAccess

 

# Copyright (c) Microsoft Corporation.  All rights reserved. 
# For personal use only.  Provided AS IS and WITH ALL FAULTS.
 
# Set-WmiNamespaceSecurity.ps1
# Example: Set-WmiNamespaceSecurity root/cimv2 add steve Enable,RemoteAccess
 
Param ( [parameter(Mandatory=$true,Position=0)][string] $namespace,
    [parameter(Mandatory=$true,Position=1)][string] $operation,
    [parameter(Mandatory=$true,Position=2)][string] $account,
    [parameter(Position=3)][string[]] $permissions = $null,
    [bool] $allowInherit = $false,
    [bool] $deny = $false,
    [string] $computerName = ".",
    [System.Management.Automation.PSCredential] $credential = $null)
 
Process {
    $ErrorActionPreference = "Stop"
 
    Function Get-AccessMaskFromPermission($permissions) {
        $WBEM_ENABLE            = 1
                $WBEM_METHOD_EXECUTE = 2
                $WBEM_FULL_WRITE_REP   = 4
                $WBEM_PARTIAL_WRITE_REP              = 8
                $WBEM_WRITE_PROVIDER   = 0x10
                $WBEM_REMOTE_ACCESS    = 0x20
                $WBEM_RIGHT_SUBSCRIBE = 0x40
                $WBEM_RIGHT_PUBLISH      = 0x80
        $READ_CONTROL = 0x20000
        $WRITE_DAC = 0x40000
 
        $WBEM_RIGHTS_FLAGS = $WBEM_ENABLE,$WBEM_METHOD_EXECUTE,$WBEM_FULL_WRITE_REP,`
            $WBEM_PARTIAL_WRITE_REP,$WBEM_WRITE_PROVIDER,$WBEM_REMOTE_ACCESS,`
            $READ_CONTROL,$WRITE_DAC
        $WBEM_RIGHTS_STRINGS = "Enable","MethodExecute","FullWrite","PartialWrite",`
            "ProviderWrite","RemoteAccess","ReadSecurity","WriteSecurity"
 
        $permissionTable = @{}
 
        for ($i = 0; $i -lt $WBEM_RIGHTS_FLAGS.Length; $i++) {
            $permissionTable.Add($WBEM_RIGHTS_STRINGS[$i].ToLower(), $WBEM_RIGHTS_FLAGS[$i])
        }
 
        $accessMask = 0
 
        foreach ($permission in $permissions) {
            if (-not $permissionTable.ContainsKey($permission.ToLower())) {
                throw "Unknown permission: $permission`nValid permissions: $($permissionTable.Keys)"
            }
            $accessMask += $permissionTable[$permission.ToLower()]
        }
 
        $accessMask
    }
 
    if ($PSBoundParameters.ContainsKey("Credential")) {
        $remoteparams = @{ComputerName=$computer;Credential=$credential}
    } else {
        $remoteparams = @{ComputerName=$computerName}
    }
 
    $invokeparams = @{Namespace=$namespace;Path="__systemsecurity=@"} + $remoteParams
 
    $output = Invoke-WmiMethod @invokeparams -Name GetSecurityDescriptor
    if ($output.ReturnValue -ne 0) {
        throw "GetSecurityDescriptor failed: $($output.ReturnValue)"
    }
 
    $acl = $output.Descriptor
    $OBJECT_INHERIT_ACE_FLAG = 0x1
    $CONTAINER_INHERIT_ACE_FLAG = 0x2
 
    $computerName = (Get-WmiObject @remoteparams Win32_ComputerSystem).Name
 
    if ($account.Contains('\')) {
        $domainaccount = $account.Split('\')
        $domain = $domainaccount[0]
        if (($domain -eq ".") -or ($domain -eq "BUILTIN")) {
            $domain = $computerName
        }
        $accountname = $domainaccount[1]
    } elseif ($account.Contains('@')) {
        $domainaccount = $account.Split('@')
        $domain = $domainaccount[1].Split('.')[0]
        $accountname = $domainaccount[0]
    } else {
        $domain = $computerName
        $accountname = $account
    }
 
    $getparams = @{Class="Win32_Account";Filter="Domain='$domain' and Name='$accountname'"}
 
    $win32account = Get-WmiObject @getparams
 
    if ($win32account -eq $null) {
        throw "Account was not found: $account"
    }
 
    switch ($operation) {
        "add" {
            if ($permissions -eq $null) {
                throw "-Permissions must be specified for an add operation"
            }
            $accessMask = Get-AccessMaskFromPermission($permissions)
 
            $ace = (New-Object System.Management.ManagementClass("win32_Ace")).CreateInstance()
            $ace.AccessMask = $accessMask
            if ($allowInherit) {
                $ace.AceFlags = $OBJECT_INHERIT_ACE_FLAG + $CONTAINER_INHERIT_ACE_FLAG
            } else {
                $ace.AceFlags = 2
            }
 
            $trustee = (New-Object System.Management.ManagementClass("win32_Trustee")).CreateInstance()
            $trustee.SidString = $win32account.Sid
            $ace.Trustee = $trustee
 
            $ACCESS_ALLOWED_ACE_TYPE = 0x0
            $ACCESS_DENIED_ACE_TYPE = 0x1
 
            if ($deny) {
                $ace.AceType = $ACCESS_DENIED_ACE_TYPE
            } else {
                $ace.AceType = $ACCESS_ALLOWED_ACE_TYPE
            }
 
            $acl.DACL += $ace.psobject.immediateBaseObject
        }
 
        "delete" {
            if ($permissions -ne $null) {
                throw "Permissions cannot be specified for a delete operation"
            }
 
            [System.Management.ManagementBaseObject[]]$newDACL = @()
            foreach ($ace in $acl.DACL) {
                if ($ace.Trustee.SidString -ne $win32account.Sid) {
                    $newDACL += $ace.psobject.immediateBaseObject
                }
            }
 
            $acl.DACL = $newDACL.psobject.immediateBaseObject
        }
 
        default {
            throw "Unknown operation: $operation`nAllowed operations: add delete"
        }
    }
 
    $setparams = @{Name="SetSecurityDescriptor";ArgumentList=$acl.psobject.immediateBaseObject} + $invokeParams
 
    $output = Invoke-WmiMethod @setparams
    if ($output.ReturnValue -ne 0) {
        throw "SetSecurityDescriptor failed: $($output.ReturnValue)"
    }
}

 

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , , ,

 
0

IBM IMM Module can’t login Internet Explorer

Posted by paris on Dec 4, 2016 in Fixes

image41Been working on a IBM X3550 M4 Server. When trying to login to this server using Internet Explorer 11 the pages refresh and just takes me back to the login screen!

This still does not work if I add the IMM site to Trusted Sites or Compatibility mode

Next I try Google Chrome which Logs me in  however this does not use the JAVA integration so I can’t use the Remote Management Java interface to control the server

Next I install Firefox which Logs me in and lets me launch the Java Applet ( Once I have added this to Permitted sites in Java Control Panel Security ) however I am greeted with an Error

AvctIBMviewer.jar invalid character in hostname

Turns out it does not like me to refer to the Ilo via DNS name ( Maybe because it has an _ in the name )

Once I use the IP , I can launch the server Ilo 

Once the IMM Firmware is updated to 5.8 I can login to IMM with Internet Explorer 11

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , , , , , , ,

 
0

Power-on Reset Occuring on Vmware Host

Posted by paris on Nov 30, 2016 in Fixes

 

Use this command on the host to check for Power-On Reset Errors

grep vob.scsi.scsi.scsipath.por /var/log/vobd.log

e.g.

Note – ESXi uses UTC for its timezone so minus 5 hours to match EST

These should corrolate with Event log

Source multiple Errors/ Disk and LSI_SAS

“need to be taken offline to perform a Full Chkdsk”

Resolution

Migrate machine to new host to still see it happens and update all firmware and Vmware version before Vmware Support tell you to! 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , ,

 
0

IIS Performance Counter – Total Locked Errors – How to detect locked files

Posted by paris on Nov 16, 2016 in Random

solarwinds-inc-logo[1]We had some alerts coming up for an IIS site in Solarwinds which read the value for this 


Win32_PerfFormattedData_W3SVC_WebService(SITECODE)\TotalLockedErrors

And alerted us when above 0. This is a Custom Performance Counter Monitor which uses WMI to get the counter by reading the IIS Log Files.

Per Microsoft Description of the alert : 

Number of requests that could not be satisfied by the server because the requested document was locked (since service startup).Generally reported as HTTP error 423.

There is no other way to find out which files were locked apart from Parsing the IIS Log Files

How to do this?

Download and install these both

https://www.microsoft.com/en-us/download/confirmation.aspx?id=24659

https://blogs.msdn.microsoft.com/friis/2014/02/06/how-to-analyse-iis-logs-using-logparser-logparser-studio/

Once done , open up Studio and insert the IIS Log Files. ( Click here for how to find these

Make sure the Log type is set to IISW3CLOG 

Use the Query below to Query all the 423 Errors

The list you are presented should show you all the files that have been locked which you can inspect and up the threshold if needed or increase the value of this Threshold!

 

/* All 423 errors to any IIS/.NET Web Service */
 
SELECT cs-uri-stem as Uri,
 
sc-status as HttpStatus,
 
sc-substatus as SubStatus,
 
sc-win32-status as Win32Status,
 
       COUNT(*) AS Total
 
FROM '[LOGFILEPATH]'
 
WHERE (sc-status = 423)
 
GROUP BY Uri, HttpStatus, SubStatus, Win32Status
 
ORDER BY Total DESC

 

VN:F [1.9.22_1171]
Rating: 10.0/10 (1 vote cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , , , , ,

 
0

Squarespace Fix errors on your AMP pages

Posted by paris on Nov 4, 2016 in Fixes

Recently I got errors

Height: The attribute logo.height has an invalid value.
Width: The attribute logo.width has an invalid value.

Per here : https://developers.google.com/structured-data/rich-snippets/articles

Logos should have a wide aspect ratio, not a square icon.
Logos should be no wider than 600px, and no taller than 60px.
Always retain the original aspect ratio of the logo when resizing. Ideally, logos are exactly 60px tall with width <= 600px. If maintaining a height of 60px would cause the width to exceed 600px, downscale the logo to exactly 600px wide and reduce the height accordingly below 60px to maintain the original aspect ratio.

I resized my site logo to under 60PX and all was well 🙂

 

If you are getting “A value for the image field is required” it means you need to upload a thumbnail to the blog post which can be found in the settings options of the Post

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , ,

 
0

Vmware Site Recovery Manager with NetApp Snapmirror

Posted by paris on Oct 28, 2016 in Random

When using Netapp Snap Mirror to clone Volumes to another site / netapp containing Datastores , you can back this up with Vmware’s Site Recovery Manager to be able to spin up the envrioment in a diaster. Using Netapp Mirroring has advantages such as cloning Physical and Virtual RDM’s as well as coping with DeDuplication.

You should already have a SnapMirror and SRM enabled , if not see this guide

http://vknowledge.net/2012/07/14/srm-tutorial-part-5-configure-netapp-snapmirror/

Now the important thing will be then to Create a Protection Group or Edit ) , and only add the Datastores to the Datastore Groups that are replicated above to the Protection Groups instead of adding the indvidual machines. This will then add all the VM’s on this protection group to SRM

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , ,

 
0

Adding new SC220 Enclosures to a SC8000 SAN in Daisy Chain Mode

Posted by paris on Oct 6, 2016 in Research

If I understand correctly, these are 4x SC220 enclosures for the SC8000 SAN. Although there is no IO interruption to the SAN, ideally this should be done during scheduled outage. Ensure that backup on current CML LUNs have been taken prior to this activity. The steps below need to be precisely followed to avoid outage and issues.

Required materials:

  • 4x SC220 enclosures with its spindles.
  • 4x additional minimum length of 2m mini-SAS HD to SAS cables.
  • 6x minimum length of 0.5m SAS to SAS cables.
  • 2x 4-port low-profile LSI SAS9206-16E SAS HBA.
  • 2x full-height 2-port iSCSI PCI bracket.
  • Velcro and label machine.

Here’s the plan and tasks:

  1. Verify current SAS cabling

Ensure that current SAS cabling is according to figure 1 below. 

  1. Install 2x additional SAS cards and re-arrange PCI cards on both SC8000 controllers in rolling fashion.

The 2x SAS cards and 2x full-height PCI brackets come with the SC8000 systems. Note that this will cause a split-second front-end IO disruption when the LUNs failover to the other controller. Monitoring system will generate alerts and there will be a call from Dell Pro Support. It is transparent to servers. Current CML SAN layout is attached 

Sequence:

  1. Shut SC8000 A down, all LUNs are served by SC8000 B.
  2. Install and re-arrange PCI cards on SC8000 A.
  3. Power SC8000 A back on, inventory and health check, do not re-balance.
  4. If health check on SC8000 A passed, shutdown SC8000 B.
  5. Install and re-arrange PCI cards on SC8000 B.
  6. Inventory and health check on SC8000 B. Re-balance if health check passed.

                After new SAS card installation and PCI cards re-arrangement, the cards layout should be:

  • Slot 1: 2-port low-profile QLogic QLE2662 16G FC HBA
  • Slot 2: 4-port low-profile LSI SAS9206-16E 6Gbps SAS HBA.
  • Slot 3: 4-port low-profile LSI SAS9206-16E 6Gbps SAS HBA.
  • Slot 4: 2-port full-height 1GbE QLogic QLE4062 iSCSI HBA.

Reference:

Figure 2: SC8000 rear port layout.

  1. Adding enclosures

Adding three enclosures are going to be done in two phases:

  1. Modify current setup from one SC220 enclosure single chain to two SC220 enclosures single chain.

Single chain two enclosures side A

  1. Ensure that the new second SC220 enclosure is powered off and mounted securely to the rack immediately next to the current SC220 labelled as ENCLOSURE 1 with nothing connected to it except power cords.
  2. Disconnect Chain 1: Side A cables (maroon lines) on both endpoints. Turn on the second SC220 enclosure. Wait until it finished booting up. The front status LED should be fully lit green and lit blue. Note that this cause a brief unnoticeable back-end IO disruption.

Figure 3: Removal of Chain 1: Side A SAS connections from current topology.

  • Connect enclosure 1 top EMM port B to enclosure 2 top EMM port A.
  1. ConnectSC8000 A slot 2 port 1 to enclosure 1 top EMM port A.
  2. Connect SC8000 B slot 2 port 3 to enclosure 2 top EMM port B.
  3. Label enclosure as ENCLOSURE 2.
  • Verify the new Chain 1: Side A connectivity (contact Hendrik). You will end up with this:

Figure 4: Chain 1: Side A new topology.

Single chain two enclosures side B

  • Disconnect Chain 1: Side B SAS connections indicates as orange lines in figure 4. Note that this cause a brief unnoticeable back-end IO disruption.
  1. Connect enclosure 1 bottom EMM port B to enclosure 2 bottom EMM port A.
  2. Connect SC8000 A slot 3 port 3 to enclosure 2 bottom EMM port B.
  3. Connect SC8000 B slot 3 port 1 to enclosure 1 bottom EMM port A.
  • Verify the new Chain 1: Side B connectivity (contact Hendrik). You will end up with this:

Figure 5: Chain 1: Side B new topology.

  1. Adding new chain with two new SC220 enclosures.
    1. Ensure that enclosure 3 is located immediate to enclosure 2.
    2. Ensure that enclosure 4 is located immediate to enclosure 3.
  • Ensure that enclosure 5 is located immediate to enclosure 4.
  1. Ensure that both enclosure 3, 4 and 5 are turned off. Label as ENCLOSURE 3, ENCLOSURE 4 and ENCLOSURE 5.
  2. Connect enclosure 3 top EMM port B to enclosure 4 top EMM port A.
  3. Connect enclosure 4 top EMM port B to enclosure 5 top EMM port A.
  • Connect enclosure 3 bottom EMM port B to enclosure 4 bottom EMM port A.
  • Connect enclosure 4 bottom EMM port B to enclosure 5 bottom EMM port A.
  1. Turn enclosure 3, 4 and 5 on and wait until it is finished to boot up. The front green and blue light must be fully lit.
  2. Connect SC8000 A slot 2 port 3 to enclosure 3 top EMM port A.
  3. Connect SC8000 A slot 3 port 1 to enclosure 5 bottom EMM port B.
  • Connect SC8000 B slot 2 port 1 to enclosure 5 top EMM port B.
  • Connect SC8000 B slot 3 port 3 to enclosure 3 bottom EMM port A.
  • You’ll end up with this. I’ll verify remotely once it is done..
  1. Once the verification is completed, remove the IPC connections: the LAN cable that goes from IPC LAN port on both controllers and the SAS cables that are connected to slot 3 port 2 and 4 on both controllers.

Figure 6: 2 controllers, 2 chains, 2 sides, 5 enclosures topology

You will be taking out and in excess of after completion:

  • 2x mini-SAS HD to mini-SAS HD cables from the SAS IPC connections.
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , ,

 
0

Migrate VDM’s from one SAN to Another

Posted by paris on Oct 6, 2016 in Research

 

rdm_basic1It might be worth checking if these still need to be RDM’s. This was previously used for older versions of VMDK’s could only use 2TB , now with esx 5.5 and Virtual Machine hardware 10 this is upped to 62TB

Changed Pysical RDM to Virtaul RDM to VMDK’s

Use the webclient for this

1) Shutdown the server
2) Upgrade the Virtual Hardware to 10
3) Remove the Physical RDM Lun
4) Re-Add the Lun as Virtual
5) Power on server
6) Storage VMotion to New SAN

 

FYI Virtual RDM’s cannot be resized without shutting down the machine unlike Physical 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , , ,

 
0

Juniper Exam Revision Notes

Posted by paris on Oct 6, 2016 in Research

 

Deploy vSRX – VMware Workstation

RE – Routing Engine

— Manages the PFE

— Maintins Routing Tables

— Manages the Packet Forwarding Engine


PFE – Packet Forward Engine

— Is incharge of Policing , Stateless Firewall Filtering and CoS implemented by forwarding plane

— Forarding Plane Central Procesing contains the PFE

They are seperated in Juniper ( Control and Forwarding Planes ) to benifit speed and reduce bottlenecks -> https://www.juniper.net/techpubs/en_US/junos9.3/topics/concept/psd-control-and-forwarding-plane-in-separate-chassis.html

– Forwarding table is stored on both

-Routing Table ( stored on Control Plane ) Populate Forwarding Table

–Import Policys filter items doing to Routing Table

Routing Policy

Must have a then doesn’t need a from

Juniper also split software processes in Modules

Same base source code for all Boxes

Ctrl-A = Left All

Ctrl-U = Delete All

Ctrl-W = Backspace

Default Location for Configs are in /home/user

Default Location for logs /var/logs/

WIP Config = Canidate Configurations

Active Config = After Commit

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags:

Copyright © 2016 Welcome to Pariswells.com All rights reserved. Theme by Laptop Geek. Privacy Policy