First I did an fdisk, created a primary partition that took up the whole disk. It was type "fb"
Command (m for help): p
Disk /dev/sdb: 640.1 GB, 640136773632 bytes 255 heads, 63 sectors/track, 77825 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/sdb1 1 77825 625129281 fb Unknown Command (m for help): q
Then to put VMFS3 on it,
vmkfstools -C vmfs3 -S local vmhba1:0:0:1
Friday, January 30, 2009
Asus DSBV-DX mobo, Raid & ESX
Trying to use some local storage (3 x 750GB Seagate's in a Raid 5, and another random 80gb drive for the OS) on an ESX box, I decided to use the onboard raid for the Asus DSBV-DX. I had two problems, and I can thank some newsgroup posters for solving my issue(s).
Problem #1
Using the Default LSI controller build into the mobo (there are 6 Raid ports, they can be controlled by either the LSI or the Intel Storage Matrix) I could not create a raid 5 out of my disks, I tried everything, but in the LSI bios, it allowed me to choose Raid 5, but then gave the error of "Invalid Operation. Pls check the RAID key", so after my friend google found me this article http://vip.asus.com/forum/view.aspx?board_id=5&model=DSBV-DX&id=20080601052918421&page=1&SLanguage=en-us I realized that I had to use the Intel controller to leverage Raid 5, since the LSI doesn't support it.
Problem #2
Now that I have swapped the jumper over to Intel, and sucessfully configured a Raid 5 out of my drives, The ESX 3.5 Up3 install tells me that I have 3 individual drives, not the Raid 5 Single Drive it should see. Again Mr Google found me this http://vip.asus.com/forum/view.aspx?board_id=5&model=DSEB-DG&id=20080601004357890&page=1&SLanguage=en-us . So I grabbed a PCI-X ESX supported Raid controller, and now my ESX server is working again with local storage just like I wanted it.
another 20 minute job that took 6 hours...I love technology
Problem #1
Using the Default LSI controller build into the mobo (there are 6 Raid ports, they can be controlled by either the LSI or the Intel Storage Matrix) I could not create a raid 5 out of my disks, I tried everything, but in the LSI bios, it allowed me to choose Raid 5, but then gave the error of "Invalid Operation. Pls check the RAID key", so after my friend google found me this article http://vip.asus.com/forum/view.aspx?board_id=5&model=DSBV-DX&id=20080601052918421&page=1&SLanguage=en-us I realized that I had to use the Intel controller to leverage Raid 5, since the LSI doesn't support it.
Problem #2
Now that I have swapped the jumper over to Intel, and sucessfully configured a Raid 5 out of my drives, The ESX 3.5 Up3 install tells me that I have 3 individual drives, not the Raid 5 Single Drive it should see. Again Mr Google found me this http://vip.asus.com/forum/view.aspx?board_id=5&model=DSEB-DG&id=20080601004357890&page=1&SLanguage=en-us . So I grabbed a PCI-X ESX supported Raid controller, and now my ESX server is working again with local storage just like I wanted it.
another 20 minute job that took 6 hours...I love technology
Thursday, January 15, 2009
8 minimum Windows Security Best Practices
Inside of your "Domain security policy", "Local Policies", "Security Options"
Network Security: (enable these)
1) LAN Manager authentication level: "Send NTLMv2 response only, Refuse LM"
2) LDAP client signing requirements :"Negotiate Signing"
3) Do not allow anonymous enumeration of SAM accounts (and shares)
4) Do not store LAN Manager has value on next password change
Microsoft Network client
5) Digitally sign communications (always + if server agrees) = Enabled
6) Send
Microsoft Network server
7) Digitally sign communications (always + if server agrees) = Enabled
Domain Member:
8) Digitally encrypt and sign whenever possible.
Network Security: (enable these)
1) LAN Manager authentication level: "Send NTLMv2 response only, Refuse LM"
2) LDAP client signing requirements :"Negotiate Signing"
3) Do not allow anonymous enumeration of SAM accounts (and shares)
4) Do not store LAN Manager has value on next password change
Microsoft Network client
5) Digitally sign communications (always + if server agrees) = Enabled
6) Send
Microsoft Network server
7) Digitally sign communications (always + if server agrees) = Enabled
Domain Member:
8) Digitally encrypt and sign whenever possible.
Thursday, January 8, 2009
Windows 7 Beta1
So far so good. Only found a few bugs, I like the Install, boot times, most software seems compatible (Vista software that is). I like a lot of the windows live functions, I'm using Windows Live Writer to publish this post, so far, so good. Antivirus seems a bit touchy, The latest Symantec EP doesn’t work, but AVG does. Our systems management products are having some trouble gathering data, but I'm not surprised since its beta 1
Friday, December 19, 2008
IT Security Top 10 Tips for 2009
#10 Wifi: As you travel are you will frequently see “Free Public Wifi” in your list of available wireless networks. This is almost always a VIRUS on someone’s computer trying to get you to connect so it can infect you also. Think of this as the “free public used gum” stuck under your desk. DO NOT ‘connect’ to it for any reason. Never connect to any Wi-Fi you do not fully trust; unless of course you like hackers using your identity or credit cards…
#9 Fake News Emails: Never click on any links in an email from CNN or MSNBC, or any other "news alerts" that you have never subscribed to. No matter how realistic it looks. Usually they start with a very absurd or weird story such as "Britney Spears killed in a car accident or Bigfoot found in new jersey, etc.." Even if you have subscribed to news alerts it is best to be cautious when following links.
#8 Fake “tracking number” Emails: If you get a "UPS tracking " attachment never ever open these attachments, they are virus's. They also appear to come from FedEx, USPS, etc… A valid tracking email will never have an attachment.
#7 Fake “Greeting Cards”: Never open a email postcard (Hallmark e-card is the most popular) unless it’s your birthday and it’s from someone you expect it from. This is the main delivery mechanism of most of our virus’s today. Also, an e-card will never have an attachment with a .exe extension.
#6 Lock your Desktop when not in use and have a screensaver password. Also lock your mobile devices (phone) with a password. If you don’t lock the doors then it does not make much sense to bar the windows. Don’t make it easy for hackers or others who would want to cause damage.
#5 Fake Instant Messages: Many people here use IM to communicate. It is a great tool but you need to be suspicious of hyperlinks; even if the link appears to be from your friends or coworkers. When a computer gets infected by a virus it is not uncommon for it to steal the address book and email/IM all of that persons contacts with the same virus. Best rule of thumb: Don’t follow hyperlinks
#4 Don’t put every CD you get mailed or USB key you find lying in the parking lot into your PC, they can “auto-install” a virus onto your PC or do many other nasty things. You didn’t just win a free prize, this is like the “free used gum”; besides it is a very well known technique for hackers and pen-testers alike. Again, don’t make it easy for the bad guys.
#3 Make sure you have Antivirus Installed and make sure that it has recent definitions, if you AV software is not updating, it is almost as good as not having it at all. In today’s day and age antivirus is a must…. well maybe not if you don’t have an internet connection…
#2 Keep your software up to date. Do your Microsoft Updates and software updates for all the products that you use. This includes software like Adobe, VMware and whatever else you use. We try our best to reach every machine with ECM but we can’t reach every machine due to a variety of issue and we don’t patch your home machines. Also we can’t patch your work machines unless you keep them powered on and put them in the WP domain. As the famous ex-hacker Kevin Mitnick suggests “Update your OS religiously and be vigilant in applying all security patches released by the software manufacturer.”
And the #1 thing Everyone should do in 2009 is:
#1 Backup everything you use. Make sure you have it somewhere else, on an external hard drive, a file share, somewhere. Don’t assume that anyone else (even IT) is backing that data up. If you have a question if a file share is being backed up please contact the IT Department, otherwise assume it is not. One Worm or Trojan or drive crash can wipe out 100% of your data forever, don’t let it happen to you.
#9 Fake News Emails: Never click on any links in an email from CNN or MSNBC, or any other "news alerts" that you have never subscribed to. No matter how realistic it looks. Usually they start with a very absurd or weird story such as "Britney Spears killed in a car accident or Bigfoot found in new jersey, etc.." Even if you have subscribed to news alerts it is best to be cautious when following links.
#8 Fake “tracking number” Emails: If you get a "UPS tracking " attachment never ever open these attachments, they are virus's. They also appear to come from FedEx, USPS, etc… A valid tracking email will never have an attachment.
#7 Fake “Greeting Cards”: Never open a email postcard (Hallmark e-card is the most popular) unless it’s your birthday and it’s from someone you expect it from. This is the main delivery mechanism of most of our virus’s today. Also, an e-card will never have an attachment with a .exe extension.
#6 Lock your Desktop when not in use and have a screensaver password. Also lock your mobile devices (phone) with a password. If you don’t lock the doors then it does not make much sense to bar the windows. Don’t make it easy for hackers or others who would want to cause damage.
#5 Fake Instant Messages: Many people here use IM to communicate. It is a great tool but you need to be suspicious of hyperlinks; even if the link appears to be from your friends or coworkers. When a computer gets infected by a virus it is not uncommon for it to steal the address book and email/IM all of that persons contacts with the same virus. Best rule of thumb: Don’t follow hyperlinks
#4 Don’t put every CD you get mailed or USB key you find lying in the parking lot into your PC, they can “auto-install” a virus onto your PC or do many other nasty things. You didn’t just win a free prize, this is like the “free used gum”; besides it is a very well known technique for hackers and pen-testers alike. Again, don’t make it easy for the bad guys.
#3 Make sure you have Antivirus Installed and make sure that it has recent definitions, if you AV software is not updating, it is almost as good as not having it at all. In today’s day and age antivirus is a must…. well maybe not if you don’t have an internet connection…
#2 Keep your software up to date. Do your Microsoft Updates and software updates for all the products that you use. This includes software like Adobe, VMware and whatever else you use. We try our best to reach every machine with ECM but we can’t reach every machine due to a variety of issue and we don’t patch your home machines. Also we can’t patch your work machines unless you keep them powered on and put them in the WP domain. As the famous ex-hacker Kevin Mitnick suggests “Update your OS religiously and be vigilant in applying all security patches released by the software manufacturer.”
And the #1 thing Everyone should do in 2009 is:
#1 Backup everything you use. Make sure you have it somewhere else, on an external hard drive, a file share, somewhere. Don’t assume that anyone else (even IT) is backing that data up. If you have a question if a file share is being backed up please contact the IT Department, otherwise assume it is not. One Worm or Trojan or drive crash can wipe out 100% of your data forever, don’t let it happen to you.
Tuesday, December 9, 2008
ESX 3.5 Default & Suggested Partition Sizes
Partition - Default - Brian Suggested
/boot - 100mb - 200mb EXT3
Reason : Possible future boot size needs
/ (root) - 5gb - 20-25gb EXT3
Reason: 3rd Party apps goes here..
Swap - 544mb - 1600mb
Reason: Should be 2x console Ram (272 is default, 800 is max, go high)
/var/log - 2gb - 10-15gb EXT3
Reason: move mount to /var instead of /var/log, log files go here, logging is good
VMKCORE go with default
Reason: this is the crash dump area
VMFS3 whatever you have, use iSCSI or fcSAN if possible.
/boot - 100mb - 200mb EXT3
Reason : Possible future boot size needs
/ (root) - 5gb - 20-25gb EXT3
Reason: 3rd Party apps goes here..
Swap - 544mb - 1600mb
Reason: Should be 2x console Ram (272 is default, 800 is max, go high)
/var/log - 2gb - 10-15gb EXT3
Reason: move mount to /var instead of /var/log, log files go here, logging is good
VMKCORE go with default
Reason: this is the crash dump area
VMFS3 whatever you have, use iSCSI or fcSAN if possible.
Subscribe to:
Posts (Atom)