Net App filer in Vmware

May 10th, 2009

For a project I have to learn some of the specialty of an iScsi NAS. To be precise it was Net App FAS 2500 Filer. These things are very nice but a little too expensive for my personal use. But Net App offers a nice simulator of their product and the simulator is free. You just need to create an account on the Net App web site and search for the word ”simulator” or just follow this link. (http://now.netapp.com/NOW/cgi-bin/simulator). Some bloody side note: the website doesn’t work fine with safari. Just use Firefox and all works well in this case.

The other prerequirement you need is a Linux OS. I don’t want install some bloody Linux on my iMac, so I use VMware Fusion and the problem is solved. I use in this tutorial the Ubuntu 8.04 LTS Server. You might be considering now why I choose Ubuntu, the simple answer is I don’t known. Normally I use Open SUSE from Novell, but in this case I really don’t know. Strange things happen some times. Another side note I will guide you trough the installation so don’t panic if you are not an unix geek. But actually as non console junkie you should consider not to buy an EMC / IBM / … NAS ☺

Create a VMware with the normal settings 1 CPU, 10 GB HD,  Nat NIC and 512MB Ram. Attach the OS iso and boot the whole batch job. Using the default settings is a nice strategy for not so experienced user. I only changed the keyboard layout to “swiss german (mac)” and check in the screen “install additional software” “ssh server” file transfer will be easy. Create an user called “geek” Then after next, next, …., next, next. The server has finished the miraculous installation. As a windows administrator the first thing I have done is enter in the console

Sudo reboot

After the restart I want to log in as root user, but the install wizard doesn’t accept the root password. After some time I decided to log in as user “geek”. Because it is only a testing environment I decided to enable root login in the console

sudo passwd root

After setting the password i started a console session on my mac shell and connected with ssh. You don’t need to do this but with an ssh session you are able to use Copy and Past with the host OS. For the poor windows user putty is a nice ssh tool. The Mac and Linux user just need to enter the following commands in the console

ssh <ip of the VM> -i root

the next thing you need to do is copying the download from the net app side “7.3.1-tarfile-v22.tar” to the VM server. I use “Cyberduck”. For windows users a nice program is winscp. The Linux guys should use the mighty shell console. By the way I createt a folder named “/netapp”. So let us open the tar file

tar xvf /netapp/7.3.1-tarfile-v22.tgz

In the readme form net app gives us a hint that the simulator uses perl. To install perl on your machine use “apt-get install perl”, actually pearl was installed so you don’t need to do it. Okay now we are ready to start installing the simulator. The strangest thing on this point was I didn’t have to deal with any problems, all worked just fine. This is a bad sign.

cd /netapp/simulator
./setup.sh

and the installation starts. Some logs from the console behind

Script version 22 (18/Sep/2007)
Where to install to? [/sim]:
Would you like to install as a cluster? [no]:
Would you like full HTML/PDF FilerView documentation to be installed [yes]:
Continue with installation? [no]: yes
Creating /sim
Unpacking sim.tgz to /sim
Configured the simulators mac address to be [00:50:56:0:6c:5]
Please ensure the simulator is not running.
Your simulator has 3 disk(s). How many more would you like to add? [0]: 10

The following disk types are available in MB:
        Real (Usable)
  a -   43   ( 14)
  b -   62   ( 30)
  c -   78   ( 45)
  d -  129   ( 90)
  e -  535   (450)
  f – 1024   (900)

If you are unsure choose the default option a
What disk size would you like to use? [a]:
Disk adapter to put disks on? [0]:
Use DHCP on first boot? [yes]:
Ask for floppy boot? [no]:
Checking the default route…
You have a single network interface called eth0 (default route) . You will not be able to access the simulator from this Linux host. If this interface is marked DOWN in ifconfig then your simulator will crash.
Which network interface should the simulator use? [default]:
Your system has 455MB of free memory. The smallest simulator memory you should choose is 110MB. The maximum simulator memory is 415MB.
The recommended memory is 512MB.
Your original default appears to be too high. Seriously consider adjusting to below the maximum amount of 415MB.
How much memory would you like the simulator to use? [512]:
Create a new log for each session? [no]:
Overwrite the single log each time? [yes]:
Adding 10 additional disk(s).
Complete. Run /sim/runsim.sh to start the simulator.

Wow this was very easy. Nice Job Net App. In the last row there is the hint how to start the simulator so lets go.

/sim/runsim.sh

Peng, Klaap, kabumm, doing and an error appears on the console “Error ./maytag.L: No such file or directory”. F.. after some time, maybe 4 hours reading logs, traying these and that, and drinking some coffee I figured out that I need to install some libraries for AMD 64. This sounds funny but it solved my problem. This was the penalty for the easy setup.

apt-get install ia32-libs


and again try to startup. I deleted some info rows from the console log. But all questions should be present in the log below.

root@netapp:/netapp/simulator# /sim/runsim.sh
runsim.sh script version Script version 22 (18/Sep/2007)
This session is logged in /sim/sessionlogs/log

NetApp Release 7.3.1: Thu Jan  8 00:10:49 PST 2009
Copyright (c) 1992-2008 NetApp.
….
….
….
Do you want to enable IPv6? [n]: n
Do you want to configure virtual network interfaces? [n]:
Please enter the IP address for Network Interface ns0 [172.16.111.136]:
Please enter the netmask for Network Interface ns0 [255.255.255.0]:
Please enter media type for ns0 {100tx-fd, auto} [auto]:
Please enter the IP address for Network Interface ns1 []:
Would you like to continue setup through the web interface? [n]:
Please enter the name or IP address of the IPv4 default gateway [172.16.111.2]:
    The administration host is given root access to the filer’s
    /etc files for system administration.  To allow /etc root access
    to all NFS clients enter RETURN below.
Please enter the name or IP address of the administration host:
Please enter timezone [GMT]:
Where is the filer located? []:
What language will be used for multi-protocol files (Type ? for list)?:
language not set
Do you want to run DNS resolver? [n]:
Do you want to run NIS client? [n]: Setting the administrative (root) password for mynetapp …

New password:
Retype new password:
Mon May  4 20:31:11 GMT [passwd.changed:info]: passwd for user ‘root’ changed.
….
….
….
This process will enable CIFS access to the filer from a Windows(R) system.
Use "?" for help at any prompt and Ctrl-C to exit without committing changes.

        Your filer is currently visible to all systems using WINS. The WINS
        name server currently configured is: [ 172.16.111.2 ].

(1) Keep the current WINS configuration
(2) Change the current WINS name server address(es)
(3) Disable WINS

Selection (1-3)? [1]:
        A filer can be configured for multiprotocol access, or as an NTFS-only
        filer. Since multiple protocols are currently licensed on this filer,
        we recommend that you configure this filer as a multiprotocol filer

(1) Multiprotocol filer
(2) NTFS-only filer

Selection (1-2)? [1]:
        CIFS requires local /etc/passwd and /etc/group files and default files
        will be created.  The default passwd file contains entries for ‘root’,
        ‘pcuser’, and ‘nobody’.
Enter the password for the root user []:
Retype the password:
        The default name for this CIFS server is ‘MYNETAPP’.
Would you like to change this name? [n]:
        Data ONTAP CIFS services support four styles of user authentication.
        Choose the one from the list below that best suits your situation.

(1) Active Directory domain authentication (Active Directory domains only)
(2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)
(3) Windows Workgroup authentication using the filer’s local user accounts
(4) /etc/passwd and/or NIS/LDAP authentication

Selection (1-4)? [1]: 4
What is the name of the Workgroup? [WORKGROUP]:
CIFS – Starting SMB protocol…
Welcome to the WORKGROUP Windows(R) workgroup

CIFS local server is running.

Password:
mynetapp> Mon May  4 20:32:25 GMT [console_login_mgr:info]: root logged in from console
Mon May  4 20:32:31 GMT [nbt.nbns.registrationComplete:info]: NBT: All CIFS name registrations have completed for the local server.

mynetapp>

SO this was not so hard. Now enjoy the world class filer in your VMware

 

netapp

Tags: , , , , ,
Posted in Uncategorized | No Comments »

Remote Support software for free

April 13th, 2009

Remote software for free

Normally I’m not a big promoter of software. But this tool is amazing. Every, and I mean every IT Professional are having the same problem. Everybody in the world looks at you and sees the free helpdesk. Ok I must admit most of the time this is not a problem because helping is caring friendship. Helping over the phone is good because you don’t have to travel. But this is not easy for each occasion. There are a lot of good remote software programs for companies. But the use in private environments is not so as easy as it should be because you need port forwarding, special firewall rules etc. Looking around in the Internet I found a very exciting tool for remote support. It’s called TeamViewer.

http://www.teamviewer.com

The benefits of TeamViewer are:

•    It’s free for personal use.
•    No installation needed.
•    No firewall changes are required because remote clients create an outgoing connection to the team server.
•    It works on PC and Mac, even cross-platform, connect from Mac to windows is no problem.
•    It’s Fast and
•    It’s free for noncommercial use.

At least it’s the Holy Grail of remote software

Regards Konrad

Tags: , , ,
Posted in EDV & Admin Stuff, GBI | 1 Comment »

Cisco’s basic konw-how part 1

March 29th, 2009

This week a nice opportunity knocked on the door. As windows server administrator in large companies you cannot configure every day switches and routers from the basic. Normally some network guy will do the configuration of the cool Cisco staff for you. The configuration of Cisco is very easy when you know something about networks. The only problem is to know the commands. This week and in the next post we’ll do an easy basic configuration together. The lab is created in an old version of the boson NetSim. Witch is a Cisco IOS and a Cat OS Simulator. It is not the best tool, but it will do the job.

The lab hardware is composed of two personal workstations and two 3500 Cisco switches. The Cisco’s are connected together with two Gigabit Ethernet links. Each of the switches has  a PC attached to it.

So let’s start with the basic configuration.

I prefer putty for serial telnet and ssh connection to my network devices. But hyper term will also do a good job.
After the login the switch welcomes us with the shell prompt

Switch>

First thing we are entering is the enable mode, which gives us the opportunity to make basic configurations.

Switch>enable

the shell prompt now enters into the enable mode and the “Switch>” changes to “Switch#” first we are going to change the time of the switch.

Switch# clock set 20:09:01 3 Apr 2006

To test the settings “show clock” will show us the actual time. In the next step we are going to the configure terminal. This allows us to change network and settings on the device.

Switch#configure Terminal

The notice “enter configuration commands, one per Line. End with CNTL/Z and the shell prompt shows “Switch(config)#” to change the DNS Hostname of the switch the command is simple hostname. Just enter it.

Switch(config)#hostname MySwitch1

now the shell prompt changes to “MySwitch1(config)#” and we are able to continue with the setting of a password for the enable mode by entering

MySwitch1(config)#enable secret TopSecretPassword

After setting the password for the enable mode it would be wise to set an password for the Virtual Terminal (Telnet & SSH Access). We need 2 lines to do this, the first line is for setting the password and the second for the rights of the remote console. Some Admin’s think “vty 0 15” is to much rights for a remote console. I think “vty 0 15” is ok if the switch is on a remote location.

MySwitch1 (config)# password MySecretTerminalPassword
MySwitch1 (config)# line vty 0 15

The last thing we need to do is setting up a managed port. This port is only for the management. The port should not be used for clients. In most companies the port is set in the management vlan but we don’t do this in this post. This will be done by entering an Interface, disabling the switching on this port, setting the port state up, setting the IP and subnet mask and leaving the interface config.

MySwitch1(config)#interface fastethernet 1/1
MySwitch1(config-if)#no switchport
MySwitch1(config-if)#no shutdown
MySwitch1(config-if)#ip address 192.168.1.3 255.255.255.0
MySwitch1(config-if)#exit

One nice thing left do at the end of the basic configuration is setting a login banner. The banner is written to the console after the login. If the company has hundreds of devices it helps to keep the overview. And I like asci art.

MySwitch1(config)#banner motd ^
#########################################
#  if you cant make it good, at least make it look good!!!    #
#                                                             #
#            Name:              MySwitch1                     #
#            Location:          HQ, Lucerne                   #
#            Model:             Cisco 3500                    #
#                                                             #
# WARNING, unauthorized access to this network is prohibited. #
#                                                             #
# Unauthorized access will lead to prosecution according to   #
# the law                                                     #
#########################################

Now the basic configuration of the running configuration is done. The last thing we do is copy the running configuration to the startup configuration by entering

MySwitch1#write

In a second Post we will create the uplink using port channel and vlans. If you are now hot to hack a little bit around. I found an free trial of a simulator on
http://www.certexams.com/buy.htm. It is very limited but it a good starting point.

Cheers Konrad

Tags: ,
Posted in EDV & Admin Stuff | No Comments »

Fine grained password policy

March 8th, 2009

Today we take a closer look at the Microsoft Active Directory in the 2008 native mode. One of the problems that windows administrators often face in the daily business is the setting of password policies for the whole company. Under Windows Server 2003 it was not possible to set more than one policy for the accounts. So from the domain administrator to the user every body needed the same complex password. Under active directory in version 2008 there is a new object type in the schema which is called PSO (password settings object). The only way to create the PSO is in ADSI edit. Click on start and enter “adsiedit.msc”.

 

In ADSI edit Connect to the “Default naming context” and browse to the CN= Password adsiedtSettings Container,CN=System,DC=YourDomain,DC=YourDomain. With the right click you are able to create a new PSO with a wizard (I am not 100 % sure but it is a wise idea to do this with the newest version of adsiedit.msc on the server).

The wizard shows up and your are able to set the PSO settings:
•    Password settings precedence
•    Password reversible encryption status for user accounts
•    Password history length for user accounts
•    Password complexity status for user accounts
•    Minimum password length for user accounts
•    Minimum password age for user accounts
•    Maximum password age for user accounts
•    Lockout threshold for lockout of user accounts
•    Observation window for lockout of user accounts
•    Lockout duration for locked out user accounts
•    Links to objects that this password settings object applies to (forward link).

ldap
The last setting is very nice. The policy are now bound to an active directory global, universal or domain local group. The PSO does not outweigh the older GPO based managed policy. If a user has a policy both through PSO and GPO the GPO policy is enforced.

To use the PSO a PDC Emulator FSMO Role must be configured on the Windows 2008 Server. The domain and forest function level must be at least Windows Server 2008. The PSO works on Windows XP, Vista, 2003 and 2008 Servers.

Enjoy the simplified but even though smarter password policy
Cheers Konrad

Tags: , ,
Posted in Uncategorized | No Comments »

« Older Entries
Newer Entries »