Archive for September, 2015

Distributed switches in vCenter 5.5

Posted: September 28, 2015 in VMWare

Distributed switches provides centralized location for setup,provisioning, administration, and monitoring the virtual network for the entire infrastructure.Imagine that we have 10 ESXi hosts and that we have been given task to implement same kernel network on all 10 hosts,instead of repeating tedious and error prone procedure on every of 10 ESXi hosts,we can set up management network on only one host and that changes will propagate to remaining 9.That’s all possible with distributed switches

Creating distributed switch

Right click on datacenter (where ESXi hosts are located) and select New Distributed Switch:

Untitled

Give switch name or leave default one and click next

Untitled

Choose compatibility

Untitled2

Choose number of ports available on this switch (define number of NIC’s for this switch),create Port group and name it.

Port group specifies port configuration options for each member port

Untitled3

After Distributed switch (dswitch in further discussion), is created,add ESXi hosts to newly created dswitch.Right click switch and choose Add and manage hosts

Untitled4

Untitled5

In this example,i have 2 hosts

Untitled7

Select check box to apply changes to all added ESXI hosts (template mode)

Untitled8

Choose ESXi host from which changes will be applied to other ESXi servers

Untitled9

We will add ESXi’s NIC to kernel network

Untitled10

Select desired NIC,click Assign uplink and then click Apply to all in order to assign same adapter to all ESXi host.

Note:it’s presumed that both ESXi servers have same number of NIC’s

Untitled11

Now click New Adapter to add previously selected NIC to VMKernel network:

Untitled11a

Click browse and select previously created port group

Untitled12

Select service which will be used on VMKernel network

Untitled13

Untitled14

Now go to network properties of both ESXi hosts and review setup,VMKernel network named iSCSI will be seen:

Untitled13

Untitled13

Advertisements

vMotion in vSphere 5.5

Posted: September 17, 2015 in VMWare

VMware vSphere live migration (vMotion) allows us  to move an entire running virtual machine from one physical server to another, without downtime. The virtual machine retains its network identity and connections, ensuring a seamless migration process. We can also move VM to another storage.This article is sequel of my previous article

In this one we will configure vSphere for seemless VM migration from one ESXi host to another.

Creating vSphere cluster

To create vCenter cluster right click on Datacenter-New Cluster

Untitled

While creating a cluster,we can enable high availability (HA)-detect failure and recover VMs

Untitled

VMware DRS (Distributed Resource Scheduling), balance VMs over hosts to ensure even resource usage between all hosts

Admission control configures constraints on resource usage and any action that would violate these constraints is not permitted.When you enable VM Monitoring, the VM Monitoring service (using VMware Tools) checks if each virtual machine in the cluster is running by checking for regular heartbeats and I/O activity from the VMware Tools process running inside the guest.You can specify how many host failures cluster can endure.

Untitled

Enhanced vMotion Compatibility (EVC) simplifies vMotion compatibility issues across CPU generations. EVC automatically configures VM processors based on ESXi’s CPU (AMD or Intel)

Virtual SAN (VSAN) is a software based distributed storage solution which is built directly in the hypervisor (ESXi layer)

Add hosts into cluster:

Untitled4

Untitled5

Creating SAN storage

A storage area network (SAN) is a network that provides access to consolidated, block level data storage

A SAN typically has its own network of storage devices,in this example we’ll be using ISCSi krenel network (192.168.20.0) from previous lab.

On FreeNas server,i added two 10GB’s HDD,and created mirror volume (NAS),i already covered creating volumes in prevoius lab,so i won’t go through it again.

After creating volume,we need to share it,click Share-Unix-Add Unix share

Untitled11

Add descriptive name,network from which can be accessed to NFS,and choose Maproot user (root)

  -maproot=user The credential of the specified user is used for remote access by root.

Untitled12

And enable NFS service

Untitled10

Adding NFS storage to Cluster

Now,when we have NFS storage,add it to Cluster,Right click on Cluster and choose New Datastore

Untitled6

Untitled7

Enter the datastore Name,FreeNAS IP address and volume path

Untitled8

Give access to NFS share to both ESXi hosts

Untitled9

Now,when cluster is created,configure vSphere to uses datastores for heartbeating.One ESXi host is declared as master.The following algorithm is used for  selecting the master:

– The host with access to the greatest number of datastores wins.

– In a tie, the host with the lexically highest moid is chosen.

A Managed Object Reference ID also known just as MoRef ID is a unique value that is generated by the vCenter Server and is guaranteed to be unique for a given entity in a single vCenter instance,for more info visit http://www.doublecloud.org/2011/06/managedobjectreference-vs-managedobject/

The master/slave concept is used for monitoring vSphere HA clusters,and it uses an election process to determine which host is to be the master. This election process occurs any time the existing master fails, is shut down, or is placed into maintenance mode.When the master host in a vSphere HA cluster can not communicate with a slave host over the management network, the master host uses datastore heartbeating to determine whether the slave host has failed.If the slave host has stopped datastore heartbeating, it is considered to have failed and its virtual machines are restarted elsewhere Datastore heartbeating allows vSphere HA to determine the difference between a failed host and a host that has just been split off from the others for example.

vCenter uses dastastores to determine VM state

We’ll add two datastores for heartbeating:NFS we created in this post,and another one (iSCSI) created in previous one.

Click on New Cluster-Setings-Edit-DataStoreHeartbeating and select both datastores

Untitled13

VM migration

I created Linux Puppy VM on 192.168.0.9 Datastore named Datastore and want to transfer it to 192.168.0.10.Before moving machine disconnect it’s DVD drive from it

Right click on VM and choose migrate

Untitled17

Click change host host selection within the cluster

Untitled19

Select ESXi host to which you want to migrate VM

Untitled20

Untitled21

Machine is migrated to 192.168.0.10

Untitled23

Untitled16

Migating VM to another storage

Puppy VM is on Datastore named datastore and I want to migrate it to NFS datastore

Again right click on VM and choose migrate and this time select change datastore

Untitled28

Untitled30

FreeNAS in VMWare vSphere 5.5 Lab

Posted: September 13, 2015 in VMWare

In this lab we’ll configure vMotion,SAN and Fault tolerance network between two ESXi hosts,and create shared storage on FreeNAS server.

All machines from diagrams are WMWare Workstation Virtual Machines

Untitled46

VMWare Workstation network settings

For all above network i created Virtual networks:

Untitled

Configuring vCenter Server Appliance

vCenter Server Appliance (vCSA) is preconfigured Linux virtual machine which enables administrators to manage vSphere insfrastucture,it can manage 100 hosts and 3000 Virtual Machines  http://www.vmwarearena.com/2014/02/difference-between-vcenter-server.html

vCSA is .ova file and  can bi imported through vSphere Client ot through VM.I imported it using VMWARE Workstation Virtual Machine,after importing and starting VM you need to configure it via WEB browser:

Type https://vCenter-IP-Address:5480

default username is root,password vmware

Untitled47

Accept EULA,on wizard windows click cancel

Untitled

Untitled2

Configure Host Name and networking (Network-Address)

Untitled3

Untitled4

Click summary and launch wizard:

Untitled5

Click configure with default settings and click next:

Untitled6

Untitled7

Configuring FreeNAS

For FreeNAS i used VM with 2 NIC (one for management network-192.168.0.12) and another for iSCSI network (192.168.20.12),and 2 HDD’s of 10GB (mirroring),VM0 is bridged with host adapater.

Untitled

Untitled

Creating Volume

From two hard disks i will create one mirrored volume in UFS file system (ZFS consumes much of RAM)

From menu choose Storage-Create Volume

Untitled11

Select both drives,chose UFS as file systems and select mirror (for redundancy) and click add volume

Untitled12

Adding initiators

We configured our NAS to servers any client (ALL),on the left menu choose ISCSI,target global configuration and,on the right,click Authorized initiator

Untitled13

Untitled14

Untitled15

Adding portal

A portal specifies the IP address (0.0.0.0) and port number (3260) to be used for iSCSI connections,

Untitled16

(0.0.0.0 means that FreeNAS will listen on any interface)

Untitled

Adding Target

An iSCSI target is a dedicated network-connected hard disk storage device,it refers to a storage resource located on an iSCSI server.A target combines a portal ID, allowed initiator ID, and an authentication method.

Untitled17

Choose from drop down menues initiator and portal we just created (1)

Untitled18

Adding extent

An extent is seen as the storage unit being shared,ie it’s virtualized representation of unformatted physical disk

Untitled19

We created extent named myextent from vol1 (2 mirrored 10-GB disks)

Untitled20

Adding extent to target

Click Associated Targets

Untitled21

and from drop-down menues choose target and extent we created earlier

Untitled23

Now,enable iSCSI service and we’re done with configuring FreeNAS

Untitled24

Adding ESXi hosts to vCenter Appliance

Each ESXi host has 5 NIC’s assigned,one for management network (192.168.0.0),2 for iSCSi network (192.168.20.0),

one for vMotion (192.168.30.0) and one for Fault Tolerance (192.168.40.)

Untitled

From Web Browser type https://vCenter-Appliance-IP-Address:9443

default username is root,password vmware

Creating Datacenter and adding ESXi hosts

Datacenter organizes object (ESXi hosts) in vCenter server,on getting stated click Create Datacenter,give it’s name and click ok

Untitled

Click Home icon,Dtacenters,select your Datacenter and

Untitled

Click marked icon to add ESXi host to the Datacentre

Untitled

Type IP adress or host name and ESXI password to add host

I added my 2 ESXi hosts (192.168.0.9,192.168.0.10)

Associating ESXi’s NIC’s to networks

All 4 NIC’s (exclusding management) need to ne associated with iSCSI,vMotion and Fault Tolerance networks

Untitled22

Choose one of the ESXi hosts from the Datacenter,click Networking-VMKernel Addapters-Add Host Networking (“globe” icon)

Untitled26

vmnic1-iSCI network (192.168.20.0)

vmnic2-vMotion network (192.168.30.0)

vmnic3-Fault Tolerance (192.168.40.0)

vmnic4 iSCSI network (192.168.20.0)-for multipathing

select VMKernel network adapter

Untitled27

New Standard Switch

Untitled28

Add adapters

Untitled29

add  vmnic1,change label and select Virtual SAN Traffic

Untitled31

Obtain address automatically (VMWare Workstation’s DHCP server will assign IP address)

Untitled32

The same stands for vmnic 4

Untitled35

For vmnic 2 select vMotionn Traffic

Untitled33

and for vmnic 3 Fault Tollerance logging

Untitled34

At the end should be like this:

Untitled25

The same steps applies to another ESXi host

Adding iSCSI storage adapter

For our hosts to comunicate with FreeNAS storage we need to add iSCSI adapters on both hosts

Select Storage Adapters-Storage-Add new storage adapter

Untitled36

Untitled37

Click on newly created storage adapte,click network port binding click on “+” to add iSCi and iSCSi kernel adapters

Untitled38

Untitled

Now click Targets-Dynamic Discovery-Add

Untitled39

Enter FreeNAS IP address

Untitled

Click Static Discovery,you should see FreeNAS extent

Untitled40\

Now Scan all storage adapters in order for NAS storage to be seen as storage device

Untitled41

Untitled42

Untitled43

Configure Round Robin multipathing (vCenter random chooses path to NAS storage)

Untitled44

Untitled45

In my previous article we performed database backup using Windows Backup,and in this one we’ll restore database to folder c:\b

Untitled9

Untitled9

Untitled9
Untitled9
Available backups are shown:
Untitled9

Because i backed up folders,not entire drive,i chose Files and folders
Untitled9

I selected mailboxdatabase folder

Untitled9

Untitled9

Click recover

Untitled9

Database and transaction log files are restored to same folder (c:\b)

Restoring to recovery database

A recovery database is a special  mailbox database that allows mounting and extracting data from a restored mailbox database.

Database we just has restored is in dirty shutdown state (there are transactions that are await to be committed to the database).

We’ll use eseutil utility which is part of Exchange to bring database to clear shutdown mode (database is correctly detached-so we can mount this database file to recovery database)

PS C:\b> eseutil /mh '.\bigfirm_db01,on_bigfirm.edb'

/m displays headers of database files and transaction log files

/h – dump database header

Untitled2

To get Clean Shutdown,we must perform soft database recovery (transaction logs are replayed into an offline file backup copy of a database)

PS C:\b> eseutil /R E00 /l .\ /d .\

/R replays transaction log files or rolls them forward to restore a database to internal consistency or to bring an older copy of a database up to date-https://technet.microsoft.com/en-us/library/aa998075(v=exchg.65).aspx

/l path to log files

/d path to database file

Both log and database files are in same folder-c:\b,(I cd into that folder,that’s why  .\ is used -current folder)

E00 logfile prefix (note that all log files start with E0)

Untitled9

Untitled

Check database status,it should be in clean shutdown mode now
Untitled3

Now we can mount edb file to recovery database

Creating recovery database

Recovery database is created as any other mailbox database except we need to specify -recovery switch,

edb path is fedb file to database we recovered using Windows Backup and log files are in c:\b folder (also restored from backup)

[PS] C:\Windows\system32>New-MailboxDatabase -Server dc -Name recoverydatabase -Recovery -EdbFilePath 'C:\b\bigfirm_db01,on_bigfirm.edb' -LogFolderPath 'c:\b'
[PS] C:\Windows\system32>Mount-Database recoverydatabase

Untitled4 

Performing restore from recovery database

In this example we will recover emails from deleteditems folder from recovery database

[PS] C:\Windows\system32>New-MailboxRestoreRequest -SourceDatabase recoverydatabase -SourceStoreMailbox "don hall" -TargetMailbox "don hall" -IncludeFolders delete items

Exchange Server 2013 backup

Posted: September 8, 2015 in Exchange

In this post we will backup Exchange Server using Windows backup as well as PowerShell and Batch script

-Backup should be created on remote share

-Full backup should be performed

-The backup should be performed locally on the server

-If we chose full VSS backup,log truncation will occur

Checking if Windows backup is installed:

PS C:\Users\Administrator>Get-WindowsFeature -Name *backup*

Display Name Name Install State
------------ ---- -------------
[ ] Windows Server Backup Windows-Server-Backup Available

Install it:

PS C:\Users\Administrator>Install-WindowsFeature windows-server-backup

Run GUI (windows server backup)

Untitled

We can perform one time or scheduled backup,in this example i used scheduled backup:

Untitled1

Select Custom (we will backup only Exchange server data)

Untitled2

Untitled3

I chose to backup logging and database folders

Untitled4

Untitled5

If you want to truncate log files choose Advanced settings and click VSS full backup,othervise,leave VSS copy backup

Untitled

Set the time at which you want the backup to be performed

Untitled6

Untitled8

Set backup destination

Untitled9

Untitled10

Untitled11

Because we selected VSS full backup,log files are erased

Untitled

Check backup status:

[PS] C:\Windows\system32>Get-MailboxDatabase -Status | select name,LastFullBackup

Name LastFullBackup
---- --------------
bigfirm_db01,on:bigfirm 07.09.2015. 21:57:56

PowerShell alternative:

Instead of GUI,we can use wbadmin utility,create a scheduled task and run it in predefined time

PS C:\Users\Administrator> wbadmin start backup -backuptarget:\\192.168.0.41\backup -user:gordon -password:1234 "-include:C:\Program Files\Microsoft\Exchange Server\V15\Logging,C:\Program Files\Microsoft\Exchange Server\V15\Mailbox\bigfirm_db01*" -vssfull -quiet > C:\Backup.txt

Backup.txt will be created at the end of backup procedure

Untitled12

CMD Batch:

C:\Users\Administrator> wbadmin start backup -backuptarget:\\192.168.0.41\backup -user:gordon -password:1234 -include:"C:\Program Files\Microsoft\Exchange Server\V15\Logging,C:\Program Files\Microsoft\Exchange Server\V15\Mailbox\bigfirm_db01*" -vssfull -quiet > C:\Backup.txt

Message Classifications allow users to assign a tag to a message, such as marking it confidential.These informations Exchange Server and Outlook treat in a special fashion.When a message is classified, the message contains specific metadata that describes the intended use or audience of the message.

Classifications can be created only through EMS:

[PS] C:\Windows\system32>New-MessageClassification -Name "my classification" -DisplayName "MC" -RecipientDescription "This message may containt confidental information" -SenderDescription "Handle with care"

-RecipientDescription specifies text visible on recipient side

-SenderDescription text visible on sender side

After creating,Classifications need to be exported to xml file.Scripts folder in Exchange install directory contains script Export-OutlookClassification.ps1 which exports classifications

[PS] C:\>cd "C:\Program Files\Microsoft\Exchange Server\V15\Scripts"
[PS] C:\>C:\Program Files\Microsoft\Exchange Server\V15\Scripts>.\Export-OutlookClassification.ps1 > C:\1.xml

Classifications needs to be imported to outlook on every workstations through registry keys.

I am suprised Microsoft didn’t find more elegant way for importing classifications.

[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Policy]  office 2007
"AdminClassificationPath"="C:\\Users\\Public\\MessageClassifications.xml"
"EnableClassifications"=dword:00000001
"TrustClassifications"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Policy]  office 2010
"AdminClassificationPath"="C:\\Users\\Public\\MessageClassifications.xml"
"EnableClassifications"=dword:00000001
"TrustClassifications"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Policy] office 2013
"AdminClassificationPath"="C:\\Users\\Public\\MessageClassifications.xml"
"EnableClassifications"=dword:00000001
"TrustClassifications"=dword:00000001

AdminClassificationPath Specifies the full path and filename of the exported XML

EnableClassifications  enables (1) or disables (0) classifications

TrustClassifications  Outlook trusts classifications on messages that are sent to users on legacy Exchange Server Mailbox servers (1) or not (0)

In case you must deploy classifications on many computers (outlook 2013),i created a little batch script which can be deployed via GPO or PSExec tool

REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Common\Policy /f /v AdminClassificationPath /t REG_SZ /d c:\\1.xml
REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Common\Policy /f /v EnableClassifications /t REG_DWORD /d 00000001
REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Common\Policy /f /v TrustClassifications /t REG_DWORD /d 00000001

Restart outlook,compose new message-options-permission (click little “triangle” and choose classification

Untitled

Sender’s perspective

Untitled

Receiver’s side:

Untitled

The Data Loss Prevention Policy allows users to define policies and policy rules for the organization to improve protection of information usually sent through email, including financial and personal data.DLP policies contain sets of conditions, which are made up of transport rules, actions, and exceptions.

In this example we’ll create policy which,in case someone in organization,send a mail with word “salary” in subject or body,report will be sent to administrator.

From ECP click compliance management,data loss prevention,’triangle” near + and choose New custom DLP policy:

Untitled

Select policy and edit it (pencil icon)

Untitled

Click rules,select “triangle” again 🙂 and select Notify sender when sensitive information is sent outside the organization

Untitled

Select “the sender is this person” (track messages sent by specific people-don hall)

Untitled

Select desired user,click add and click OK again

Untitled

We now need to add second condition-track specific word in subject or body (salary)

Untitled

Untitled

What to do when condition is met-add action (notify adminstrator)

Untitled

On first “select one” choose administrator

Untitled

Untitled

and the second select one choose “Include original mail”

Untitled

Untitled

When we click save,transport rule is automatically created (mail flow-rules)

Untitled

Testing and verifification:

From don.hall  i sent email to my hotmail account with subject salary and administrator got this email

Untitled