Joe's Lab: May 2013

Thursday, May 30, 2013

Windows Diagnostic tools

Most of these tools can be easily launched if you know their names — just open your Start menu or Start screen, search for the name of the program, and press Enter. On Windows 8, you may have to select the Settings category on the search screen first. There are a few more, but these are the most common.

Windows Memory Diagnostic

Windows includes a Memory Diagnostic tool that can restart your computer and test your memory for defects, like the popular MemTest86 application. If you want to check your computer’s memory for errors, you don’t need a third-party tool — just open the Windows Memory Diagnostic tool.

Resource Monitor

The Resource Monitor application offers a detailed look at your computer’s resource usage. You can view computer-wide CPU, disk, network, and memory graphics, or drill down and view per-process statistics for each type of resource.

This means that you can see which processes are using your disk or network heavily, view which processes are communicating with which Internet addresses, and more. The Resource Monitor provides much more detailed resource statistics than the Task Manager does.

You can launch the Resource Monitor by opening the Task Manager, clicking the Performance tab, and selecting Resource Monitor. It can also be accessed by searching for Resource Monitor at the Start menu or Start screen.

Performance Monitor

The Performance Monitor application allows you to collect performance reports and view them. It can be used to log performance data over time, including determining how system changes affect performance, or to monitor the performance of a remote computer in real-time.

Computer Management and Administrative Tools

The Performance Monitor is actually one of many Microsoft Management Console (MMC) tools. Many of these can be found in the Administrative Tools folder, but they can be opened in a single window by opening the Computer Management application. Among other things, this window contains the following tools:

Task Scheduler: A tool that allows you to view and customize the scheduled tasks on your computer, in addition to creating your own custom scheduled tasks.
Event Viewer: A log viewer that allows you to view and filter system events — everything from software installation to application crashes and blue screens of death.
Shared Folders: An interface that displays the folders shared over the network on your computer, useful for viewing what folders are being shared at a glance.
Device Manager: The classic Windows Device Manager that allows you to view the devices connected to your computer, disable them, and configure their drivers.
Disk Management: A built-in partition manager you can use without downloading any third-party tools.
Services: An interface that allows you to view and control the background services running in Windows.

The Administrative Tools folder also contains other useful utilities, such as the Windows Firewall with Advanced Security application that allows you to create advanced firewall rules.

Advanced User Accounts Tool

Windows contains a hidden User Accounts utility that provides some options not present in the standard interface. To open it, press WinKey+R to open the Run dialog, type eithernetplwiz or control userpasswords2, and press Enter.

This window also contains a shortcut to launch the Local Users and Groups tool, which offers more user management tasks, but can’t be used on Home or standard versions of Windows.

Disk Cleanup

Windows’ Disk Cleanup utility isn’t quite as hidden as some of the other utilities here, but not enough people know about it. It will scan your computer for files that can be deleted, from temporary files and memory dumps to old system restore points and leftover files from Windows upgrades. It does the same job a PC cleaning utility does, but it’s free and doesn’t try to extract any money from you. Advanced users may prefer CCleaner, but Disk Cleanup does a decent job.

Access it by searching for Disk Cleanup at your Start screen or Start menu.

Group Policy Editor

The Group Policy Editor is only available on Professional or Ultimate editions of Windows, not the standard or Home editions. It provides a wide variety of settings that are designed for use by system administrators to customize and lock down PCs on their networks, but the local group policy editor also contains some settings that average users might be interested in. For example, on Windows 8, the group policy editor can be used to disable the lock screen and skip directly to the log-in screen.

To open it, type gpedit.msc at the Start menu or Start screen and press Enter.

Registry Editor

Sure, everyone knows about the registry editor — but it’s still hidden, with Microsoft not even providing a Start menu shortcut to it. It must be launched by typing regedit into the Start menu or Start screen and pressing Enter.

Many tweaks that can be made in the Group Policy Editor have equivalent tweaks that can be made in the registry editor. For example, on Windows 8, users with the standard edition of Windows 8 can’t disable the lock screen via the Group Policy Editor — but they can disable the lock screen with a registry hack.

MSConfig

The System Configuration window is another classic tool that many people know about. Prior to Windows 8, which features a startup-program manager built into its Task Manager, this tool was the only included way of controlling startup programs on Windows. It also allows you to customize your boot loader, which is particularly useful if you have multiple versions of Windows installed.

Launch it by typing msconfig into the Start menu or Start screen and pressing Enter.

System Information

The System Information utility allows you to view information about the current computer — everything from the model number of its CD-ROM drive to its attached peripherals, configured environment variables, and startup programs. It doesn’t provide the slickest interface, nor does it provide all the information a third-party system information tool like Speccy does, but it will display a lot of system information without forcing you to install another program.

Open it by searching for System Information at your Start menu or Start screen.

Once you know these utilities exist, you can do more with the tools built into Windows. These tools are available on any Windows computer, so you can always use them without downloading and installing software.

Wednesday, May 22, 2013

Add a New Virtual Machine to Inventory from a Datastore

By Joe Piggee

If you present new storage to vSphere that already has VM’s stored on it, you can add them to inventory so you can power them on, manage them etc by following these steps.

Open the vSphere/VMware Infrastructure (VI) Client and log in with appropriate credentials.
If connecting to vCenter Server, click on the desired host.
Click the Configuration tab.
Click Storage.
Right-click on the appropriate datastore and click Browse Datastore.
Navigate to the folder named after the virtual machine, and locate the <virtual machine>.vmx file.
Right-click the .vmx file and click Add to inventory. The Add to Inventory wizard opens.
continue to follow the wizard to add the virtual machine.

If the device is something like an external USB drive, prior to completing the steps above complete the following:

If you have some shared storage, install vCenter 5.1, then connect the External hard drive to the PC you are working from(the one you have the vSphere client installed on) browse to the appropriate datastore, and upload the VM's to the shared storage, or to the local datastore that the ESXi host has. Then complete the steps needed to import the discovered VM's listed above.

What Is vShield?

by Joe Piggee

vShield is a group of networking and security products for virtualized IT infrastructures.

vShield is comprised of vShield Manager, vShield Edge, vShield Zones, vShield App, vShield Data Security and vShield Endpoint. Products in the vShield Suite operate under the centralized management of vShield Manager.

VShield Zones - provides basic virtual networking security and firewalls to vSphere.

VShield App - adds a firewall for applications in the virtual data center.

VShield Edge - operates on the network edge, securing isolated virtual machines (VMs) and virtualized networks and providing their gateway services.

VShield Data Security - protects sensitive data in the virtual and cloud infrastructure, tracking any violations.

VShield Endpoint - supports agentless antivirus protection for guest OSes, in a secure virtual appliance.

Wednesday, May 15, 2013

Verify ESXi Licensed Featured

By Joe Piggee

Sometimes you’ll see errors, even though everything is configured correctly. I can’t tell you how many times I’ve gone to a clients site and performed troubleshooting tasks, just to findout they aren’t licensed for a particular function. So Verify first before getting to deep.

To verify which features are licensed, make sure that the vSphere Client/VMware Infrastructure is connected to vCenter Server/VirtualCenter.

Select the ESX/ESXi host from the inventory in vCenter Server.
Click the Configuration tab.
Click the Licensed Features link.

Ensure that the feature appears on the list and that there are enough CPU licenses. If the feature is not listed, click Edit and enable the feature

vSphere 5.x Firewalls

By Joe Piggee

By default, when ESXi is installed, the firewall is enabled. The default configuration is to permit only the required operational traffic and to deny all others. As a note, the command esxcfg-firewall was retired and replaced by esxcli network firewall in vSphere 5.

To enable the firewall:

esxcli network firewall set –enabled true

To disable the firewall

esxcli network firewall set –enabled false

Enable/Disable pre-configured services

List the services and record the proper ruleset ID for your service

esxcli network firewall ruleset list

To enable:

esxcli network firewall ruleset –enabled true –ruleset-id rulesetName

To disable:

esxcli network firewall ruleset –enabled false –ruleset-id rulesetName

Configure service behavior automation

Login to vSphere client
Enter the Hosts and Clusters View (Ctrl + Shift + H)
Select a host
Click the Configuration tab
Under the Software view, select Security Profile
Under Security Profile > Services, click Properties
Highlight a service
Click Options
The service operational controls are listed

Start automatically if any ports are open, and stop when all ports are closed
Start and stop with host
Start and stop manually (Select this to effectively disable the service)

Open/Close ports in the firewall

Login to vSphere client
Enter the Hosts and Clusters View (Ctrl + Shift + H)
Select a host
Click the Configuration tab
Under the Software view, select Security Profile
Under Security Profile > Firewall, click Properties
Highlight a service
To enable a firewall rule, check the check box next to the traffic label
Click Options to set the service start automation settings as described above
Click the firewall button to define what connections can be made to the services. All connections may be allowed or it can be restricted to a single IPv4 or IPv6 addresses and/or IPv4 or IPv6 networks.

Alternatively, to define the allowed IP addresses, you may configure this from the command line:
esxcli network firewall ruleset allowedip add –ruleset-id RulesetName –ip-address IPAddress/Network
esxcli network firewall ruleset allowedip add –ruleset-id RulesetName –ip-address IPAddress
esxcli network firewall ruleset allowedip remove –ruleset-id RulesetName –ip-address IPAddress/Network
esxcli network firewall ruleset allowedip remove –ruleset-id RulesetName –ip-address IPAddress
esxcli network firewall ruleset allowedip list –ruleset-id RulesetName

Note that you may edit the /etc/vmware/firewall/services.xml file for the pre-configured services. After you update any port numbers, remember to refresh the firewall:
esxcli network firewall refresh

ESXCLI Firewall Commands

By Joe Piggee

esxcli firewall commands

Command	Description
esxcli network firewall get	Returns the enabled or disabled status of the firewall and lists default actions
esxcli network firewall set –defaultaction	Update default actions
esxcli network firewall set –enabled	Set to true to enable the firewall, set to false to disable the firewall
esxcli network firewall load	Load the firewall module and rule set configuration
esxcli network firewall refresh	Refresh the firewall configuration by reading the rule set files if the firewall module is loaded
esxcli network firewall unload	Destroy filters and unload the firewall module
esxcli network firewall ruleset list	Set the allowedall flag
esxcli network firewall ruleset set –allowedall	Enable or disable the specified rule set
esxcli network firewall ruleset set –enabled	Enable or disable the specified rule set
esxcli network firewall ruleset allowedip list	List the allowed IP addresses of the specified rule set.
esxcli network firewall ruleset allowedip add	Allow access to the rule set from the specified IP address or range of IP addresses
esxcli network firewall ruleset allowedip remove	Remove access to the rule set from the specified IP address or range of IP addresses.

Configuring VLANs on UCS and VMware

By Joe Piggee

These are the steps required to add VLANs to both UCS and VMware. In UCS each VLAN is identified by a unique ID. The VLAN ID is a number that represents that particular VLAN. The name that you assign to a VLAN ID adds a layer of abstraction that allows you to globally update all servers associated with service profiles that use the named VLAN. You can also create more than one named VLANs with the same VLAN ID. Note that the name of a VLAN is known only within the UCS environment, and outside of the UCS the VLAN is represented by the unique ID.

VLAN Configuration on the UCS

Depending on how the UCS infrastructure is configured, VLAN availability for physical hosts may have to be configured on either a port group or individual host basis. The same applies in the VMWare environment.

Follow the steps to configure VLAN on UCS:

a) Open UCS manager. In the Navigation pane on the left of the application, select the LAN tab.

b) Expand the navigation tree so that the VLANs branch is visible. Right click on the VLANs branch and select Create VLAN(s).

c) Provide a meaningful name for the VLAN, this name cannot be changed once saved. For most situations the Common/Global radio button should be selected to ensure the same configuration is applied to both Fabrics. Enter the VLAN ID(s), then press the Check Overlap button to ensure there is no conflict with existing configuration and if unique, press OK.

d) Check that the newly created VLAN appears in the list of configured VLANs in the navigation pane.

e) If the platform is using vNIC templates then the next step is to add the created VLAN to the required templates. Expand the vNIC Templates branch of the navigation pane (LAN -> Policies -> root -> vNIC Templates) and select the template which should have the VLAN available.

f) On the General tab for each Template click Modify VLANs.

g) In the window that opens add the new VLAN.

Repeat this for each Template.

h) Switch to the servers tab in the Navigation Pane and expand the Service Profiles and the root node, the service profiles for each Chassis/Blade should be visible.

i) Expand each service profile in turn so that the vNIC for the Chassis/Blade is visible. If the vNIC is bound to one of the templates modified earlier then the VLAN will be listed under the vNIC.

j) If the VLAN is not listed then select the vNIC and in the main panel click the Modify VLANs link. For vNICs bound to templates, this link will be greyed out.

k) In the window that opens select the new VLAN.

Repeat this process for each vNIC that is not bound to a template.

Once all the vNICs have the VLAN available to them, exit UCS Manager.

VLAN Configuration on VMware

Follow these steps to add VLAN on VMware:

a) Open vSphere Client and connect to the VCENTER server. Navigate to the blade that the VLAN is required on (Home -> Inventory -> Hosts and Clusters). Expand the Navigation tree, to locate the server name and then select the Configuration tab in the main window. From within the Configuration window, select Networking.

b) Click on the Properties link for the Virtual Switch, then in the opened window click on the Add button.

c) In the next window select Virtual Machine in the Connection Types and click next.

d) Under Port Group Properties enter a Network Label and the VLAN ID, then click Next

e) Now the new VLAN should show under Host networking vSwitch, click Finish.

f) To add a virtual machine to the VLAN, edit the machine configuration, select the Network Adapter and from the Network Connection drop down list select the new VLAN.

That’s it. You should be all set.