Roggy: March 2010

Wednesday, 31 March 2010

Managed Service Provider using Vyatta (OpenVPN Client Specific Subnets) and PRTG to monitor Customers

Possibly my longest title ever?
As the intro says this is a bit of roleplay for us, we are setting up the lab as a Managed Service Provider (MSP) who wishes to have a way to tunnel in (or in this case have the client tunnel out) to HQ where we can monitor all the goodies that PRTG can monitor remotely.

Heres the diagram:

Intro Video and lab setup:

Managed Service Provider using Vyatta (OpenVPN) and PRTG to monitor Customers - Part 1 from Richard Vimeo on Vimeo.

Part 2
Setup of connectivity
Setup OpenVPN Server with client specific info
Setup OpenVPN Client
Using Easy-RSA to generate certificates and keys
Securing interfaces with Firewall
Securing vtun0 interface with firewall

Managed Service Provider using Vyatta (OpenVPN) and PRTG to monitor Customers - Part 2 from Richard Vimeo on Vimeo.

Enjoy!

Wednesday, 24 March 2010

Network Monitoring/Sniffing using vSphere and PRTG Redux

Hi,

As ever I try and bring you guys (and girls?) something a little different :)
After completing this video here and being in contact directly with PRTG it came to my attention that the version I was using "PRTG Traffic Grapher V6" was EOL and the new version "PRTG Network Monitor" is the successor.
Network Monitor does have alot of cool new features including an iPhone app (cant wait for a droid version) and the best bit...they were kind enough to provide me with a copy of PRTG Network Monitor V7 for this video.

Part1
A cool tour of some of the features of PRTG Network Monitor V7 and how we use our virtual machine to monitor our voice network

Network Monitoring/Sniffing using vSphere and PRTG Ver 2 - Part 1 from Richard Vimeo on Vimeo.

Part2
This video actually shows you how we set the whole thing up!

Network Monitoring/Sniffing using vSphere and PRTG Ver 2 - Part 2 from Richard Vimeo on Vimeo.

Monday, 22 March 2010

Windows 2003 Clustering with EMC Celerra VM

So its almost coming up for a year since I really gave this blogging thing ago, it reminded me of my first videos, back when I was using VMware's built in tools to record video (which actually are not that bad!) however on my travels I bumped into this article here

And in most of previous labs that required clustered storage Ive used Openfiler, which is great, however when I try and do lab I like to do an Open and a Closed Source version like here
Testing Vyatta with QoS and Asterisk(Elastix)
where I used an Opensource router and PBX
then here a closed version
Testing QoS with Cisco Call Manager and SIP,RTP

So in that vain here we go:

Windows 2003 Clustering with EMC Celerra VM -Intro
A tour of a Windows 2003 cluster with clustered File Share using EMC Celerra as the iSCSI target.

Windows 2003 Clustering with EMC Celerra VM -Intro from Richard Vimeo on Vimeo.

Windows 2003 Clustering with EMC Celerra VM -Part1
In this video we do the majority of the setting up from domain controller to iSCSI LUN masking, its all here!


Some Commands you might find handy:
Change hostname /etc/host - new ip address hostname
/etc/sysconfig/network - domainname=cookie.local
   
hostname=cel1
service network restart


export NAS_DB=/nas
(root - ssl trust)
/nas/sbin/rootnas_cel -list
/nas/sbin/rootnas_cel -update id=0
/nas/sbin/nas_config -ssl
/nas/sbin/js_fresh_restart
nas_license -init

/opt/blackbird/tools init_storageID

Windows 2003 Clustering with EMC Celerra VM -Part1 from Richard Vimeo on Vimeo.

Windows 2003 Clustering with EMC Celerra VM -Part2
Using "cluster administrator" to create our new cluster and add a new node..

Windows 2003 Clustering with EMC Celerra VM -Part2 from Richard Vimeo on Vimeo.

Windows 2003 Clustering with EMC Celerra VM -Part3
Testing!

Windows 2003 Clustering with EMC Celerra VM -Part3 from Richard Vimeo on Vimeo.

Sources:
http://virtualgeek.typepad.com/virtual_geek/2008/08/celerra-virtual.html

Thursday, 11 March 2010

Network Monitoring/Sniffing using vSphere and PRTG

Hopefully this is an interesting video, as it combines using a vSphere infrastructure to get visibility of both your virtual and non-virtual networks.

Part 1
Quick tour of the Network Monitoring setup

Network Monitoring/Sniffing using vSphere and PRTG - Part 1 from Richard Vimeo on Vimeo.

Part 2
Setup VM
Setup Switch
Setup Vlan trunk (switch,port group,vSwitch)
Installing PRTG

Network Monitoring/Sniffing using vSphere and PRTG - Part 2 from Richard Vimeo on Vimeo.

Tuesday, 9 March 2010

Samba Cluster with GFS 2, Centos 5, iSCSI and Openfiler

Another awesome lab/demo for you today ;)

But seriously, after finding the general documentation to be a bit lacking regarding clustering (especially with regards to the extra quorum vote)

Heres hoping that this lab will allow you to work out how clusters work and implement it within your company.

A diagram for your viewing pleasure:

Part1
VMware Lab Setup
Node Setup
iSCSI setup
Quorum Setup
Helpful Commands:


system-config-network
edit /etc/hosts
service network restart
yum groupinstall "Clustering"
yum groupinstall "Cluster Storage"
yum groupinstall "Windows File Server"
chkconfig --del smb
yum install iscsi-initiator-utils
service iscsi start
iscsiadm -m discovery -t sendtargets -p 192.168.1.3
service iscsi restart
fdisk -l
mkqdisk -c /dev/sdb -l quorum
luci_admin init

Samba Cluster with GFS 2, Centos 5, iSCSI and Openfiler - Part 1 from Richard Vimeo on Vimeo.

Part2
GFS2 Setup
Configuring using Luci
Quorum setup cont
Helpful Commands:


mkfs.gfs2 -p lock_dlm -t cluster1:sanvol1 -j 4 /dev/sdc
mkdir /san
mkdir /san/sanvol1
service ricci restart
service qdiskd restart
chkconfig luci on
chkconfig qdiskd on
(do node2)

use luci to create cluster


Quorum parameters:
interval=1
votes=1
tko=10
min score=1
heuristics=ping -c2 -t1 192.168.1.3

mount /dev/sdc /san/sanvol1
gfs2_tool  list
gfs2_tool df 
umount /san/sanvol1

cman_tool status

Samba Cluster with GFS 2, Centos 5, iSCSI and Openfiler - Part 2 from Richard Vimeo on Vimeo.

Part 3
Configuring Fencing, Failover Domain, Resources
and Services.
Helpful Commands:


Configure Resources:
IP
GFS
Samba

Configure failover Domains

Configure Shared Fencing Device (then nodes)

Add Services

workgroup = cookie
        server string = Samba Server Version %v
        bind interfaces only = yes
        interfaces = 10.0.1.100
        netbios name = cluster1
        local master = no
 domain master = no
 preferred master = no
 password server = None
 guest ok = yes
 guest account = root
 security = SHARE
 dns proxy = no




[sanvol]
        comment = High Availability Samba Service
        browsable = yes
        writable = yes
        public = yes
        path = /san/sanvol1
        guest ok=yes
        create mask=0777

smbpasswd -a root

scp /etc/samba/smb.conf.cluster1 node2:/etc/samba/

restart smb

redo services - ip-GFS-samba

soft reboot

Samba Cluster with GFS 2, Centos 5, iSCSI and Openfiler - Part 3 from Richard Vimeo on Vimeo.

Part 4
Testing!

Samba Cluster with GFS 2, Centos 5, iSCSI and Openfiler - Part 4 from Richard Vimeo on Vimeo.

Enjoy!

Wednesday, 3 March 2010

Wired 802.1x Port Authentication with Certificate Auto Enrolment

As we all know compliance is one of the biggest issues facing companies at the moment leading some IT departments to take a look at 802.1x as a way of controlling and securing access to their wired networks.

The main reason for this post is there are a few articles out there that have mis-truths and incorrect facts within them, often due to them having not implemented the technologies themselves.

Here is the lab: