P2V the VMware way

26 01 2012

VMware converter standalone is a free download:

http://www.vmware.com/products/converter/

Got Yas:
Insufficient permissions to connect to xxxxxxx ADMIN$ for Windows XP machine you are trying to convert

run gpedit.msc

– Computer Configuration

 – Windows Settings

  – Security Settings

   – Local Policies

    – Security Option

     – Network access: Sharing and security model for local accounts

 

By default XP has the Sharing and security model for local accounts set to “Guest only – local users authenticate as Guest” – this needs to be changed to “Classic – local users authenticate as themselves”

This way you can access the machine remotely with the admin account & do the conversion.





Disable Windows 7 IPv6 random temporary addresses

4 08 2011

One of the added security features with IPv6 addressing is “Temporary address interface identifiers”

https://isc.sans.edu/diary.html?storyid=10966

Many operating systems use the EUI-64 algorithm to generate IPv6 addresses. This algorithm derives the last 64 bits of the IPv6 address using the MAC address. Many see this as a privacy problem. The last half of your IP address will never change, and with MAC addresses being somewhat unique, the interface ID becomes close to a unique “cookie” identifying your system.

As a result, RFC3041 introduces “privacy enhanced” addresses which will change and are created by hashing the MAC address.

*NOTE: Default behaviour of Windows XP & Server 2003 does not use the randomization*

What this means from an administration perspective is that after every reboot, the IPv6 address that is presented to the network changes ….. which makes things like DNS / FW rules etc a nightmare to manage in a corporate / enterprise scenario where you really need to be able to have a stable addressing scheme.

I have a /52 IPv6 subnet through a tunnel broker. My border firewall terminates the tunnel & advertises the subnet on the inside interface for autoconfiguration (without having to configure DHCP)

So, lets break it down.

I get a /52 subnet, which is advertised to my internal machines.

aaaa:bbbb:cccc:dddd::/56

In normal configuration, by default in Windows 7 – it generates a randomized Link-local address (not based on the MAC)

Autoconfiguration Enabled . . . . : Yes
Physical Address. . . . . . . . . : 00-0C-29-88-9F-2A
Link-local IPv6 Address . . . . . : fe80::d95:67db:fba2:7dad%11(Preferred)

Using stateless autoconfiguration I get an IPv6 address from my FW, based on the Link-local address

IPv6 Address. . . . . . . . . . . : aaaa:bbbb:cccc:dddd:d95:67db:fba2:7dad(Preferred)

Excellent – we have a global / routable IPv6 address based on the host’s link local address which I can now use.

However, Windows isnt done yet, it also assigns a Temporary IPv6 address – which is used when accessing network resources. This Temporary address is only kept for a set period, and changes when the machine reboots – and here is the problem. How can I configure a firewall rule for this host to reach an external resource ?

Here is the result of several reboots:

Temporary IPv6 Address. . . . . . : aaaa:bbbb:cccc:dddd:a5cb:b012:16f0:6fa9
Temporary IPv6 Address. . . . . . : aaaa:bbbb:cccc:dddd:ec65:b6ca:abd6:1349
Temporary IPv6 Address. . . . . . : aaaa:bbbb:cccc:dddd:752b:87c:f84:a4d6
Temporary IPv6 Address. . . . . . : aaaa:bbbb:cccc:dddd:1031:46fd:cfd7:d88c
Temporary IPv6 Address. . . . . . : aaaa:bbbb:cccc:dddd:5883:7ef2:9c64:6eab
Temporary IPv6 Address. . . . . . : aaaa:bbbb:cccc:dddd:a400:251a:59:1cd6:bf0f

You can disable this & just use the interface based EUI-64 address by running the following commands.

Bring up a command prompt in administrator mode (Start -> All Programs -> Accessories -> Right click on Command Prompt, run as Administrator)

Then run these commands (should get OK response)

netsh interface ipv6 set privacy state=disabled store=active
netsh interface ipv6 set privacy state=disabled store=persistent
netsh interface ipv6 set global randomizeidentifiers=disabled store=active
netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent

Restart your machine

Your machine should now get a stable IPv6 address based on the MAC address. You can now use this MAC address for DNS entries, FW rules etc & it’s access will remain consistent across reboots.

Autoconfiguration Enabled . . . . : Yes
Physical Address. . . . . . . . . : 00-0C-29-88-9F-2A
IPv6 Address. . . . . . . . . . . : aaaa:bbbb:cccc:dddd:20c:29ff:fe88:9f2a(Preferred)
Link-local IPv6 Address . . . . . : fe80::20c:29ff:fe88:9f2a%10(Preferred)

Excellent – we have a global / routable IPv6 address based on the host’s link local address which I can now use.

A note on the addressing – In this addressing mode, the 64-bit interface identifier is derived from its 48-bit MAC address. A MAC address 00:1D:BA:06:37:64 is turned into a 64-bit EUI-64 by inserting FF:FE in the middle: 00:1D:BA:FF:FE:06:37:64. As I “only” have a /52 assigned to me the whole MAC is not used, but the address is based on the last 5 octets.





bigger, better, faster, more VMware

19 07 2011

No, before we even start, this is not a blog post about the 4 Non Blondes album.

This is a documentation of my mind numbing, soul destroying search for the best performing configuration with the hardware I have in my lab.

I have spent countless hours / days / weeks building, breaking & rebuilding my VM Lab (thankfully I have an understanding wife & daughter).

Hardware primarily consists of:

2x HP Proliant N36L Microservers (Athlon II Neo Dual Core 1.3) (8GB RAM in one box / 2GB in the other).
2x HP DC7100 Desktops (P4 2.8 / 2GB RAM)
1x Dell Precision 370 (P4 3.0 / 4GB RAM)
Cisco 2950 (24×10/100 + 2×1000)

Add to this an assortment of older F5’s / dual P3 pizza boxes & other no name kit – and I have a playground full of toys.

I have been using unRAID for the past few years on various hardware platforms. This has been mainly for storing media, ISO’s & providing a backup target for the various laptops & workstations around the house.

Recently I picked up the two HP N36L Microservers, the 8GB one is my primary VMware ESXi 4.1 host and the 2GB server is running unRAID. Just having the second box sitting there running unRAID seems a little under-utilised to me, the disks are in standby most of the time (thanks to netflix) – and it just hasnt been getting the workout I think it deserves.

So – enter the newest project – whats the best solution for storing media / ISO’s / Backups / VMs etc – I want to be able to use either iSCSI or NFS to play with vMotion of VMs when I finish building my VMware test lab to finish my VCP – I want it fast, but I want it protected in case a disk fails.

I have tested & played with the following in my quest:

Storage Systems:
FreeNAS 7 & 8 (Physical & Virtual)
Openfiler (Physical & Virtual)
Nexenta (Physical & Virtual)
unRAID Physical (Virtual not supported due to USB GUID licensing)

Presentation to Client Machines:
Local storage in the ESXi host presented to Windows 7 VM
iSCSI Raw Device Mappings presented to Windows 7 VM
iSCSI Presented to ESXi -> VMFS-3 filesystem -> VMDK presented to Windows 7 VM
iSCSI Presented to Physical Windows 7 Client
NFS Presented to ESXi -> VMDK presented to Windows 7 VM
CIFS/SMB Presented to Physical Windows 7 Client

I have been using a single test scenario on each config – using Iometer – with the file & results formatted from http://vmktree.org/iometer/

First I want to benchtest them for performance, then to setup the best solution that is a mix of performance & redundancy.

Sounds impossible – im gonna try.

For the performance benchtesting – I decided to go with a 2 spindle ZFS striped config, tested from Windows 7 Clients
Physical Client: HP DC7100
Physical FreeNAS: HP N36L(2GBRAM / 1TB WD Green / 2TB WD Green )

I have mismatched sizes as thats the hardware I have free at the moment. If I find a compelling reason why this wont work, then I may get a second 2TB disk to match. I am using WD Green disks for their low power / cooler running – comodity hardware.

Scenario 1 – Physical FreeNAS 7 with iSCSI
Physical Client -> iSCSI on Physical NAS
Virtual Client -> VMDK on ESXi -> iSCSI Physical NAS

Scenario 2 – Physical FreeNAS 7 with NFS & CIFS/SMB
Physical Client -> CIFS/SMB on Physical NAS (Usual windows sharing type scenario)
Virtual Client -> VMDK on ESXi -> NFS Physical NAS

Scenario 3 – Virtualised FreeNAS 7 with iSCSI
* Physical Disks formatted with VMFS-3, with VMDK presented to FreeNAS VM
Physical Client -> iSCSI on Virtual NAS
Virtual Client -> VMDK on ESXi -> iSCSI Virtual NAS

Scenario 4 – Virtualised FreeNAS 7 with NFS & CIFS/SMB
* Physical Disks formatted with VMFS-3, with VMDK presented to FreeNAS VM
Physical Client -> CIFS/SMB on Virtual NAS
Virtual Client -> VMDK on ESXi -> iSCSI Virtual NAS

Scenario 5 – Virtualised FreeNAS 7 with iSCSI
* Physical Disks presented via Physical RDM passthrough to FreeNAS VM
* RDM Config thanks to http://www.vm-help.com/esx40i/SATA_RDMs.php
* RDM passthrough used to enable SMART monitoring from the FreeNAS VM – very cool
Physical Client -> iSCSI on Virtual NAS
Virtual Client -> VMDK on ESXi -> iSCSI Virtual NAS

Scenario 6 – Virtualised FreeNAS 7 with NFS & CIFS/SMB
* Physical Disks presented via Physical RDM passthrough to FreeNAS VM
* RDM Config thanks to http://www.vm-help.com/esx40i/SATA_RDMs.php
* RDM passthrough used to enable SMART monitoring from the FreeNAS VM – very cool
Physical Client -> CIFS/SMB on Virtual NAS
Virtual Client -> VMDK on ESXi -> iSCSI Virtual NAS

I will be adding follow up posts with the performance results, the PRO’s & CON’s (in my view) with each of these scenarios. Feel free to add comments & kick off discussions about this project.





airport utility on Windows 7

11 03 2011

Following on from my last post about the vSphere client, it turns out that the Apple Airport utility also has issues running under Windows 7.

This is a problem for me, as I run 3 of them ……

As you can see, when I try to manage one of them I get a dreaded 10057 error. The Airport utility finds all 3 of my airports, but I cannot manage them.

Suggestions seem to range from disabling IPv6 to turning off the windows firewall – to power cycling the whole environment … it seemed about as endless as it was fruitless …. until

The simple solution appears to be simple clicking on the File menu, selecting Configure Other (Ctrl+Shift+O) and entering the IP address & password of the Airport – that is displayed in the App.

Viola, I can now manage my Apple Airports again …. under Windows 7.





vsphere client on Windows 7

9 03 2011

So as it always seems to happen, the few apps you really want to work …. dont.

I loaded up the vSphere client under Windows 7 & it failed to connect to my ESXi host, nor would it connect to my Virtual Centre server.

It just fell in a heap with the following errors ……

“Error parsing the server “server name” clients.xml” file.”

and

“The type initializer for ‘VirtualInfrastructure.Utils.HttpWebRequestProxy’ threw an exception.”

After much Google trawling later, I came across the solution.

  • Create lib folder under the Launcher folder

C:\Program Files\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\lib

  • Copy system.dll into the lib folder, or if you prefer to grab your own dll from the %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\ directory of a Windows XP machine with .NET v3.5 SP1 installed.

C:\Program Files\VMware\Infrastructure\Virtual Infrastructure Client\Launcher

The only change in the config file is the addition of the following lines:

<runtime>
<developmentMode developerInstallation=”true”/>
</runtime>

before the last </configuration> close tag.

  • Create a new system variable

DEVPATH=C:\Program Files\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\lib

  • Change the VpxClient.exe app to run as an administrator:

If all things went well – you should now just be able to launch the vSphere client & admin your machines as you did before.