Posts Tagged ‘3rd Party Apps’

Blog maintenance

November 12th, 2008

A few housecleaning and upgrade tasks in the past 24 hours:

  1. Banned several IP addresses for brute force attacking the FTP server.  This should increase available bandwidth and response time.  This is a problem I’ve been dealing with since I brought the server online many years ago.  It’s a game of cat and mouse.  New attacks will continue to occur almost daily which is to say on a daily basis I could be banning new IP addresses.  I’m not sure I have that kind of time but I’ll check sporadically.
  2. Banned two .MPG cataloging sites for referring boatloads of traffic my way for the sole purpose of downloading model railroad .MPG clips probably in the hopes that the .MPG clips are something other than model railroading related.  Their intentions seem clear to me.  This should increase available bandwidth and response time.
  3. Removed all model railroad .MPG cilps from the web server.  This should increase available bandwidth and response time.
  4. Upgraded GD Star Rating from version 1.0.1 to 1.0.2.  Bug fixes and new features.  I’m still seeing one bug with the product and have provided feedback to the author.  Ratings are bells, whistles, and clutter and I’m half tempted to just get rid of them.
  5. Installed WP Super Cache.  This should increase available bandwidth and response time.

Please let me know if you see any funk that may be caused by serving static/cached pages instead of dynamically rendered PHP WordPress pages.

Rob Bergin leaves VKernel

November 10th, 2008

Rob Bergin, who maintained the titles of Director of Systems Engineering, Director of Product Marketing, and Systems Engineer, has parted ways with the New Hampshire startup company VKernel. During Rob’s nine month tenure at VKernel, his responsibilities included development of the product roadmap strategy, documentation and creation of new features, and management of timely product release cycles.

VKernel provides 3rd party management applications for VMware Virtual Infrastructure. Their product lineup includes:

  • Capacity Analyzer
  • Chargeback
  • Modeler (announced 9/9/08)
  • and the recently announced SearchMyVM product which, strangely, is difficult to find any information for on VKernel’s website – a SearchMyVM press release links to their Modeler product

I wish Rob the best of luck in his new role of Director of Enterprise Infrastructure at CrunchTime! Information Systems.

Rob, if you get that lab hardware website up and running, let me know.

Hyper9 – All admins are worth saving (even the bad ones)

November 6th, 2008

hyper9saves

It looks like @gabvirtualworld can keep his job. He’s been using the beta version of Hyper9 which intuitively discovered that he had three VM snapshots open for nearly a year. Hey, anyone can forget. To forget is human. Forgetting about snapshots doesn’t make you a bad admin, but Hyper9 can make you a better one.

See what Hyper9 is all about and grab one of the few remaining beta program invites today!

SSL integration with VirtualCenter

November 4th, 2008

ssl1

Are you tired of seeing the Security Warning splash screen when launching the Virtual Infrastructure Client to connect to VirtualCenter?  Do you feel a sense of guilt clicking the Ignore button or checking the “Do not display any security warnings for…” box?  Are you flirting with real world dangers or risking termination for fostering a less secure virtual infrastructure?  Would you like to correct the situation the right way by integrating SSL certificates and securing VIC/VirtualCenter communication at the same time?  Here are the step by step instructions (originally created by VMTN forum member astrolab and refined by myself).

In this exercise, I’ll be using a Microsoft Active Directory integrated enterprise certificate authority (CA) to generate a certificate for the VirtualCenter host which resides in the same AD domain.  We’ll begin with the assumption that the enterprise CA has already been built as well as the VirtualCenter Management Server (VCMS).  We will also assume that the enterprise CA is listed as a Trusted Root Certification Authority on the client that will be connecting to the VCMS via the VIC.  To validate this in Internet Explorer, choose Tools|Internet Options|Content|Certificates|TRCA tab

  1. Download and install Win32 OpenSSL Light onto the VCMS http://www.slproweb.com/products/win32openssl.html
  2. Back up the existing RUI.CRT, RUI.KEY, and RUI.PFX files located in C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL\
  3. Generate an RSA private key and a certificate-signing request (the openssl binary comes from the installation of Win32 OpenSSL Light in step 1 above)
    1. From a command prompt, change to the C:\openssl\bin\ directory and issue the command openssl genrsa 1024 > rui.key
    2. From a command prompt, change to the C:\openssl\bin\ directory and issue the command openssl req -new -key rui.key > rui.csr
      1. Provide the appropriate information.  Your Name/Common Name is the FQDN of your VCMS (ie. servername.domain.com)
  4. Request a certificate from the Microsoft enterprise CA
    1. In an IE browser, browse to http://enterprise_ca_domain_controller/certsrv/
    2. Click Request a certificate
    3. Click advanced certificate request
    4. Click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file
    5. Open the rui.csr file with MS wordpad and copy the entire contents (including the BEGIN and END lines) into the “Saved Requst” field of the certificate request in the web browser.  Alternatively, you can click the “Browse to insert” link to simply attach the rui.csr file
    6. Change the Certificate Template to Web Server
    7. Click the Submit button
    8. On the next screen, choose “Base 64 encoded” and click the “Download certificate” link
    9. When prompted, save the certificate to C:\openssl\bin\  with the file name rui.crt
  5. Create a .pfx (personal individual exchange) file for rui.crt on the VCMS
    1. From a command prompt, change to the C:\openssl\bin\ directory and issue the command openssl pkcs12 -export -in rui.crt -inkey rui.key -name VCMSFQDN.domain.com -out rui.pfx
  6. Move rui.cft, rui.key, and rui.pfx from C:\openssl\bin\ to C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL\
  7. Disconnect all ESX hosts from the VCMS (you can safely leave the guest VMs running or whatever state they are in).  This step needs to be done because after the VCMS loads the new certificates, it will not be possible to gracefully shut down the VMs from the VIC, though it could still be done through RDP or COS.  It’s best to perform this step to avoid future headaches.
  8. Stop the VMware VirtualCenter Server service
  9. From a command prompt, change to the C:\Program Files\VMware\Infrastructure\VirtualCenter Server\ directory and issue the following command to re-encrypt the VCMS database password):  vpxd -p (when prompted, type the password used for the VCMS database)
  10. Start the VMware VirtualCenter Server service
  11. Reconnect all ESX hosts
  12. The steps are complete, but there is one important note going forward that deals with the inherent behavior of certificates and our certificate request outlined above:  Use the Virtual Infrastructure Client to connect to the VirtualCenter Management Server using the FQDN (ie. server.domain.com).  You can connect to the short NetBIOS name of the VCMS but at that point your connection won’t be covered by your certificate and you’ll once again receive the Security Warning dialogue box shown at the beginning of this article.

Hyper9 beta invitations available

November 3rd, 2008

Hyper9 feels the pain of the virtual administration world, and is building a product that will change the way things are done forever. Currently in beta testing, the new Hyper9 product addresses all of the challenges above and then some, and is receiving rave reviews from those who have already put it to work. In short, those who’ve seen it agree – Hyper9 is about to rock the world of virtualization administration.”

The Hyper9 beta program is currently full, however, I’ve been extended the opportunity to offer exclusive beta invitations to a limited number of people. If you are interested in joining the beta program, please contact me.

There are a few guidelines and requirements to becoming full members of the Beta experience, and I hope you are able to meet these.

Beta Participant Minimum Environment Requirements

  • VMwareä ESX 3.0+
  • (1) VMware VirtualCenter Instance
  • (2) VMware ESX Host Servers

· (20) Virtual Machines

Additional Requirements

  • If selected, you must download and install the software within five (5) days of receiving the beta software. Can you do this?
  • When you have completed the installation process of Hyper9’s software, we ask that you notify us that this action has been completed. Can you do this?
  • Users from competitor companies are not eligible for participation.
  • Users will have to provide Hyper9 with their company’s name and Web site information.
  • Users will have to provide Hyper9 with their company email address for verification.