Distributed switches in vCenter 5.5

Distributed switches provides centralized location for setup,provisioning, administration, and monitoring the virtual network for the entire infrastructure.Imagine that we have 10 ESXi hosts and that we have been given task to implement same kernel network on all 10 hosts,instead of repeating tedious and error prone procedure on every of 10 ESXi hosts,we can set up management network on only one host and that changes will propagate to remaining 9.That’s all possible with distributed switches

Creating distributed switch

Right click on datacenter (where ESXi hosts are located) and select New Distributed Switch:

Give switch name or leave default one and click next

Choose compatibility

Choose number of ports available on this switch (define number of NIC’s for this switch),create Port group and name it.

Port group specifies port configuration options for each member port

After Distributed switch (dswitch in further discussion), is created,add ESXi hosts to newly created dswitch.Right click switch and choose Add and manage hosts

In this example,i have 2 hosts

Select check box to apply changes to all added ESXI hosts (template mode)

Choose ESXi host from which changes will be applied to other ESXi servers

We will add ESXi’s NIC to kernel network

Select desired NIC,click Assign uplink and then click Apply to all in order to assign same adapter to all ESXi host.

Note:it’s presumed that both ESXi servers have same number of NIC’s

Now click New Adapter to add previously selected NIC to VMKernel network:

Click browse and select previously created port group

Select service which will be used on VMKernel network

Now go to network properties of both ESXi hosts and review setup,VMKernel network named iSCSI will be seen:

vMotion in vSphere 5.5

VMware vSphere live migration (vMotion) allows us  to move an entire running virtual machine from one physical server to another, without downtime. The virtual machine retains its network identity and connections, ensuring a seamless migration process. We can also move VM to another storage.This article is sequel of my previous article

In this one we will configure vSphere for seemless VM migration from one ESXi host to another.

Creating vSphere cluster

To create vCenter cluster right click on Datacenter-New Cluster

While creating a cluster,we can enable high availability (HA)-detect failure and recover VMs

VMware DRS (Distributed Resource Scheduling), balance VMs over hosts to ensure even resource usage between all hosts

Admission control configures constraints on resource usage and any action that would violate these constraints is not permitted.When you enable VM Monitoring, the VM Monitoring service (using VMware Tools) checks if each virtual machine in the cluster is running by checking for regular heartbeats and I/O activity from the VMware Tools process running inside the guest.You can specify how many host failures cluster can endure.

Enhanced vMotion Compatibility (EVC) simplifies vMotion compatibility issues across CPU generations. EVC automatically configures VM processors based on ESXi’s CPU (AMD or Intel)

Virtual SAN (VSAN) is a software based distributed storage solution which is built directly in the hypervisor (ESXi layer)

Add hosts into cluster:

Creating SAN storage

A storage area network (SAN) is a network that provides access to consolidated, block level data storage

A SAN typically has its own network of storage devices,in this example we’ll be using ISCSi krenel network (192.168.20.0) from previous lab.

On FreeNas server,i added two 10GB’s HDD,and created mirror volume (NAS),i already covered creating volumes in prevoius lab,so i won’t go through it again.

After creating volume,we need to share it,click Share-Unix-Add Unix share

Add descriptive name,network from which can be accessed to NFS,and choose Maproot user (root)

  -maproot=user The credential of the specified user is used for remote access by root.

And enable NFS service

Adding NFS storage to Cluster

Now,when we have NFS storage,add it to Cluster,Right click on Cluster and choose New Datastore

Enter the datastore Name,FreeNAS IP address and volume path

Give access to NFS share to both ESXi hosts

Now,when cluster is created,configure vSphere to uses datastores for heartbeating.One ESXi host is declared as master.The following algorithm is used for  selecting the master:

– The host with access to the greatest number of datastores wins.

– In a tie, the host with the lexically highest moid is chosen.

A Managed Object Reference ID also known just as MoRef ID is a unique value that is generated by the vCenter Server and is guaranteed to be unique for a given entity in a single vCenter instance,for more info visit http://www.doublecloud.org/2011/06/managedobjectreference-vs-managedobject/

The master/slave concept is used for monitoring vSphere HA clusters,and it uses an election process to determine which host is to be the master. This election process occurs any time the existing master fails, is shut down, or is placed into maintenance mode.When the master host in a vSphere HA cluster can not communicate with a slave host over the management network, the master host uses datastore heartbeating to determine whether the slave host has failed.If the slave host has stopped datastore heartbeating, it is considered to have failed and its virtual machines are restarted elsewhere Datastore heartbeating allows vSphere HA to determine the difference between a failed host and a host that has just been split off from the others for example.

vCenter uses dastastores to determine VM state

We’ll add two datastores for heartbeating:NFS we created in this post,and another one (iSCSI) created in previous one.

Click on New Cluster-Setings-Edit-DataStoreHeartbeating and select both datastores

VM migration

I created Linux Puppy VM on 192.168.0.9 Datastore named Datastore and want to transfer it to 192.168.0.10.Before moving machine disconnect it’s DVD drive from it

Right click on VM and choose migrate

Click change host host selection within the cluster

Select ESXi host to which you want to migrate VM

Machine is migrated to 192.168.0.10

Migating VM to another storage

Puppy VM is on Datastore named datastore and I want to migrate it to NFS datastore

Again right click on VM and choose migrate and this time select change datastore

FreeNAS in VMWare vSphere 5.5 Lab

In this lab we’ll configure vMotion,SAN and Fault tolerance network between two ESXi hosts,and create shared storage on FreeNAS server.

All machines from diagrams are WMWare Workstation Virtual Machines

VMWare Workstation network settings

For all above network i created Virtual networks:

Configuring vCenter Server Appliance

vCenter Server Appliance (vCSA) is preconfigured Linux virtual machine which enables administrators to manage vSphere insfrastucture,it can manage 100 hosts and 3000 Virtual Machines  http://www.vmwarearena.com/2014/02/difference-between-vcenter-server.html

vCSA is .ova file and  can bi imported through vSphere Client ot through VM.I imported it using VMWARE Workstation Virtual Machine,after importing and starting VM you need to configure it via WEB browser:

Type https://vCenter-IP-Address:5480

default username is root,password vmware

Accept EULA,on wizard windows click cancel

Configure Host Name and networking (Network-Address)

Click summary and launch wizard:

Click configure with default settings and click next:

Configuring FreeNAS

For FreeNAS i used VM with 2 NIC (one for management network-192.168.0.12) and another for iSCSI network (192.168.20.12),and 2 HDD’s of 10GB (mirroring),VM0 is bridged with host adapater.

Creating Volume

From two hard disks i will create one mirrored volume in UFS file system (ZFS consumes much of RAM)

From menu choose Storage-Create Volume

Select both drives,chose UFS as file systems and select mirror (for redundancy) and click add volume

Adding initiators

We configured our NAS to servers any client (ALL),on the left menu choose ISCSI,target global configuration and,on the right,click Authorized initiator

Adding portal

A portal specifies the IP address (0.0.0.0) and port number (3260) to be used for iSCSI connections,

(0.0.0.0 means that FreeNAS will listen on any interface)

Adding Target

An iSCSI target is a dedicated network-connected hard disk storage device,it refers to a storage resource located on an iSCSI server.A target combines a portal ID, allowed initiator ID, and an authentication method.

Choose from drop down menues initiator and portal we just created (1)

Adding extent

An extent is seen as the storage unit being shared,ie it’s virtualized representation of unformatted physical disk

We created extent named myextent from vol1 (2 mirrored 10-GB disks)

Adding extent to target

Click Associated Targets

and from drop-down menues choose target and extent we created earlier

Now,enable iSCSI service and we’re done with configuring FreeNAS

Adding ESXi hosts to vCenter Appliance

Each ESXi host has 5 NIC’s assigned,one for management network (192.168.0.0),2 for iSCSi network (192.168.20.0),

one for vMotion (192.168.30.0) and one for Fault Tolerance (192.168.40.)

From Web Browser type https://vCenter-Appliance-IP-Address:9443

default username is root,password vmware

Creating Datacenter and adding ESXi hosts

Datacenter organizes object (ESXi hosts) in vCenter server,on getting stated click Create Datacenter,give it’s name and click ok

Click Home icon,Dtacenters,select your Datacenter and

Click marked icon to add ESXi host to the Datacentre

Type IP adress or host name and ESXI password to add host

I added my 2 ESXi hosts (192.168.0.9,192.168.0.10)

Associating ESXi’s NIC’s to networks

All 4 NIC’s (exclusding management) need to ne associated with iSCSI,vMotion and Fault Tolerance networks

Choose one of the ESXi hosts from the Datacenter,click Networking-VMKernel Addapters-Add Host Networking (“globe” icon)

vmnic1-iSCI network (192.168.20.0)

vmnic2-vMotion network (192.168.30.0)

vmnic3-Fault Tolerance (192.168.40.0)

vmnic4 iSCSI network (192.168.20.0)-for multipathing

select VMKernel network adapter

New Standard Switch

Add adapters

add  vmnic1,change label and select Virtual SAN Traffic

Obtain address automatically (VMWare Workstation’s DHCP server will assign IP address)

The same stands for vmnic 4

For vmnic 2 select vMotionn Traffic

and for vmnic 3 Fault Tollerance logging

At the end should be like this:

The same steps applies to another ESXi host

Adding iSCSI storage adapter

For our hosts to comunicate with FreeNAS storage we need to add iSCSI adapters on both hosts

Select Storage Adapters-Storage-Add new storage adapter

Click on newly created storage adapte,click network port binding click on “+” to add iSCi and iSCSi kernel adapters

Now click Targets-Dynamic Discovery-Add

Enter FreeNAS IP address

Click Static Discovery,you should see FreeNAS extent

\

Now Scan all storage adapters in order for NAS storage to be seen as storage device

Configure Round Robin multipathing (vCenter random chooses path to NAS storage)

Restoring Exchange Server 2013 to Recovery Database

In my previous article we performed database backup using Windows Backup,and in this one we’ll restore database to folder c:\b

Available backups are shown:

Because i backed up folders,not entire drive,i chose Files and folders

I selected mailboxdatabase folder

Click recover

Database and transaction log files are restored to same folder (c:\b)

Restoring to recovery database

A recovery database is a special  mailbox database that allows mounting and extracting data from a restored mailbox database.

Database we just has restored is in dirty shutdown state (there are transactions that are await to be committed to the database).

We’ll use eseutil utility which is part of Exchange to bring database to clear shutdown mode (database is correctly detached-so we can mount this database file to recovery database)

PS C:\b> eseutil /mh '.\bigfirm_db01,on_bigfirm.edb'

/m displays headers of database files and transaction log files

/h – dump database header

To get Clean Shutdown,we must perform soft database recovery (transaction logs are replayed into an offline file backup copy of a database)

PS C:\b> eseutil /R E00 /l .\ /d .\

/R replays transaction log files or rolls them forward to restore a database to internal consistency or to bring an older copy of a database up to date-https://technet.microsoft.com/en-us/library/aa998075(v=exchg.65).aspx

/l path to log files

/d path to database file

Both log and database files are in same folder-c:\b,(I cd into that folder,that’s why  .\ is used -current folder)

E00 logfile prefix (note that all log files start with E0)

Check database status,it should be in clean shutdown mode now

Now we can mount edb file to recovery database

Creating recovery database

Recovery database is created as any other mailbox database except we need to specify -recovery switch,

edb path is fedb file to database we recovered using Windows Backup and log files are in c:\b folder (also restored from backup)

[PS] C:\Windows\system32>New-MailboxDatabase -Server dc -Name recoverydatabase -Recovery -EdbFilePath 'C:\b\bigfirm_db01,on_bigfirm.edb' -LogFolderPath 'c:\b'
[PS] C:\Windows\system32>Mount-Database recoverydatabase

 

Performing restore from recovery database

In this example we will recover emails from deleteditems folder from recovery database

[PS] C:\Windows\system32>New-MailboxRestoreRequest -SourceDatabase recoverydatabase -SourceStoreMailbox "don hall" -TargetMailbox "don hall" -IncludeFolders delete items

Exchange Server 2013 backup

In this post we will backup Exchange Server using Windows backup as well as PowerShell and Batch script

-Backup should be created on remote share

-Full backup should be performed

-The backup should be performed locally on the server

-If we chose full VSS backup,log truncation will occur

Checking if Windows backup is installed:

PS C:\Users\Administrator>Get-WindowsFeature -Name *backup*

Display Name Name Install State
------------ ---- -------------
[ ] Windows Server Backup Windows-Server-Backup Available

Install it:

PS C:\Users\Administrator>Install-WindowsFeature windows-server-backup

Run GUI (windows server backup)

We can perform one time or scheduled backup,in this example i used scheduled backup:

Select Custom (we will backup only Exchange server data)

I chose to backup logging and database folders

If you want to truncate log files choose Advanced settings and click VSS full backup,othervise,leave VSS copy backup

Set the time at which you want the backup to be performed

Set backup destination

Because we selected VSS full backup,log files are erased

Check backup status:

[PS] C:\Windows\system32>Get-MailboxDatabase -Status | select name,LastFullBackup

Name LastFullBackup
---- --------------
bigfirm_db01,on:bigfirm 07.09.2015. 21:57:56

PowerShell alternative:

Instead of GUI,we can use wbadmin utility,create a scheduled task and run it in predefined time

PS C:\Users\Administrator> wbadmin start backup -backuptarget:\\192.168.0.41\backup -user:gordon -password:1234 "-include:C:\Program Files\Microsoft\Exchange Server\V15\Logging,C:\Program Files\Microsoft\Exchange Server\V15\Mailbox\bigfirm_db01*" -vssfull -quiet > C:\Backup.txt

Backup.txt will be created at the end of backup procedure

CMD Batch:

C:\Users\Administrator> wbadmin start backup -backuptarget:\\192.168.0.41\backup -user:gordon -password:1234 -include:"C:\Program Files\Microsoft\Exchange Server\V15\Logging,C:\Program Files\Microsoft\Exchange Server\V15\Mailbox\bigfirm_db01*" -vssfull -quiet > C:\Backup.txt

Message Classifications in Exchange 2013

Message Classifications allow users to assign a tag to a message, such as marking it confidential.These informations Exchange Server and Outlook treat in a special fashion.When a message is classified, the message contains specific metadata that describes the intended use or audience of the message.

Classifications can be created only through EMS:

[PS] C:\Windows\system32>New-MessageClassification -Name "my classification" -DisplayName "MC" -RecipientDescription "This message may containt confidental information" -SenderDescription "Handle with care"

-RecipientDescription specifies text visible on recipient side

-SenderDescription text visible on sender side

After creating,Classifications need to be exported to xml file.Scripts folder in Exchange install directory contains script Export-OutlookClassification.ps1 which exports classifications

[PS] C:\>cd "C:\Program Files\Microsoft\Exchange Server\V15\Scripts"
[PS] C:\>C:\Program Files\Microsoft\Exchange Server\V15\Scripts>.\Export-OutlookClassification.ps1 > C:\1.xml

Classifications needs to be imported to outlook on every workstations through registry keys.

I am suprised Microsoft didn’t find more elegant way for importing classifications.

[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Policy]  office 2007
"AdminClassificationPath"="C:\\Users\\Public\\MessageClassifications.xml"
"EnableClassifications"=dword:00000001
"TrustClassifications"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Policy]  office 2010
"AdminClassificationPath"="C:\\Users\\Public\\MessageClassifications.xml"
"EnableClassifications"=dword:00000001
"TrustClassifications"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Policy] office 2013
"AdminClassificationPath"="C:\\Users\\Public\\MessageClassifications.xml"
"EnableClassifications"=dword:00000001
"TrustClassifications"=dword:00000001

AdminClassificationPath Specifies the full path and filename of the exported XML

EnableClassifications  enables (1) or disables (0) classifications

TrustClassifications  Outlook trusts classifications on messages that are sent to users on legacy Exchange Server Mailbox servers (1) or not (0)

In case you must deploy classifications on many computers (outlook 2013),i created a little batch script which can be deployed via GPO or PSExec tool

REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Common\Policy /f /v AdminClassificationPath /t REG_SZ /d c:\\1.xml
REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Common\Policy /f /v EnableClassifications /t REG_DWORD /d 00000001
REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Common\Policy /f /v TrustClassifications /t REG_DWORD /d 00000001

Restart outlook,compose new message-options-permission (click little “triangle” and choose classification

Sender’s perspective

Receiver’s side:

Data Loss Prevention (DLP) Policies in Exchange 2013

The Data Loss Prevention Policy allows users to define policies and policy rules for the organization to improve protection of information usually sent through email, including financial and personal data.DLP policies contain sets of conditions, which are made up of transport rules, actions, and exceptions.

In this example we’ll create policy which,in case someone in organization,send a mail with word “salary” in subject or body,report will be sent to administrator.

From ECP click compliance management,data loss prevention,’triangle” near + and choose New custom DLP policy:

Select policy and edit it (pencil icon)

Click rules,select “triangle” again 🙂 and select Notify sender when sensitive information is sent outside the organization

Select “the sender is this person” (track messages sent by specific people-don hall)

Select desired user,click add and click OK again

We now need to add second condition-track specific word in subject or body (salary)

What to do when condition is met-add action (notify adminstrator)

On first “select one” choose administrator

and the second select one choose “Include original mail”

When we click save,transport rule is automatically created (mail flow-rules)

Testing and verifification:

From don.hall  i sent email to my hotmail account with subject salary and administrator got this email