#vDM30in30 Day1 - Tech Resources / Reference Material

Over the next 30 days, I'll be blogging about a number of topics related to virtualization, certification, storage, and pretty much anything else that crosses my mind in an attempt to push myself through the #vDM30in30 challenge.  Getting me there will be a number of my favorite go-to resources for learning. 

Resource One - Conventions / Conference Sessions

I can't attend every major tech conference, so I really appreciate the conferences that place content online.  Even when I attend, there's so much going on, that I may not be able to sit in on every session.  Moreover, I might just want to revisit a session I attended.

Cisco Live - https://ciscolive.com/online/connect/search.ww

NetApp Insight - http://www.netapp-insight.com/page/Videos

RedHat Summit - http://www.redhat.com/en/about/videos/red-hat-summit-2015-recap

Microsoft Ignite - https://myignite.microsoft.com/#/videos

Resource 2 - PluaralSight

One of the coolest perks for being a Cisco Champion is a PluralSight subscription.  I viewed a few courses back when they were Train Signal.  Lots of cool content and the instructors are many times people well known in their respective communities.  There are other training programs like it, but I don't have any personal experience with them.

https://preview.pluralsight.com/

Resource 3 - Blogs + Podcasts

There are too many to list.  I also wish to avoid offending anyone by not mentioning them.  What I promise to do is to include a link to any blog or podcast I use as inspiration for an article.

 

vDM30in30 - I'm In!

So I decided to join the vDM30in30 Challenge!  30 blog posts in 30 days.  No lie - it's intimidating.  I haven't written as frequently as I had planned.  The cool part, though, is that I won't be alone.  Many others who I read and respect are doing it too.  While I'm following their lead, I don't dare fool myself into believing I'm their equal.

I'm hoping to learn a few things.  This field, this occupation means you can never stay still, yet writing about a topic can really drive the lesson home.  I'm firm believer that teaching a topic is a great way to learn.  Worst case, I'll have a pretty cool set of reference material for myself.

Big thanks to the founder of this challenge,  @vmiss33.  For more info about vDM30in30 including it's history, check out this post here: #vDM30in30

 

Notes from the Field - Decommissioning a UCS Blade

Consider this a UCS 101 type of tip.  Removing a server from a UCS Chassis is simple process, but it's one that may need a refresher for most people depending upon how often it's done.  Whenever a blade is removed from a chassis, it's best to issue a decommission command.  While easy to do, the option is buried under a sub menu called, "Server Maintenance."  The words come from Cisco, I just provided a few pics to supplement the text.

Removing a Server from a Chassis

Procedure

Step 1 In the Navigation pane, click the Equipment tab.

Step 2 On the Equipment tab, expand Equipment ➤ Chassis ➤ Chassis Number ➤ Servers.

Step 3 Choose the server that you want to remove from the chassis.

Step 4 In the Work pane, click the General tab.

Step 5 In the Actions area, click Server Maintenance.

Step 6 In the Maintenance dialog box, do the following:

a) Click Decommission.

b) Click OK.

The server is removed from the Cisco UCS configuration.

Step 7 Go to the physical location of the chassis and remove the server hardware from the slot.

For instructions on how to remove the server hardware, see the Cisco UCS Hardware Installation Guide for your chassis.


What to Do Next If you physically re-install the server, you must re-acknowledge the slot to have Cisco UCS Manager rediscover the server.






Microsoft Announces Critical Security Flaw in Hyper-V

When Microsoft announced the latest round of security fixes, one very important flaw was announced.  The flaw exists in Hyper-V and is rated as critical.  In Microsoft's words, "The vulnerabilities could allow remote code execution in a host context if a specially crafted application is run by an authenticated and privileged user on a guest virtual machine hosted by Hyper-V. "  Worse, to exploit the vulnerability, "An attacker must have valid logon credentials for a guest virtual machine to exploit this vulnerability."  At the time of Microsoft's announcement, no known mitigating factors existed and no known workarounds were published.  There is a patch available that requires a reboot.  The vulnerability is in Windows Server 2008, Windows Server 2008 R2, Windows 8 and Windows Server 2012, and Windows 8.1 and Windows Server 2012 R2.

So let's look at that for a moment.  A host OS could be compromised by a guest.  This is definitely worst case scenario territory for anyone who hosts a virtual infrastructure.  If you run Hyper-V, you should look to patch immediately as that seems to be the only way to correct the issue.

What surprises, and disappoints me, is the lack of press this flaw has received.   It's possible that this flaw could cause a lot of disruption.  In IT, we often talk about our ability to host Coke and Pepsi on the same server because the hypervisor is a protective layer.  This vulnerability strikes at the heart of that belief.  If the hypervisor can be hacked by a compromised guest virtual machine, then the whole idea of hosting multiple virtual machines where each is insulated from the other takes  a credibility hit.

To their credit, Microsoft has acted quickly and released a fix.  Again, I urge anyone with the product to deploy the patch quickly.  No product is perfect and every hypervisor vendor has issued security alerts.

Microsoft's official post is at this link https://technet.microsoft.com/library/security/MS15-068

Applicable CVE numbers are CVE-2015-2361, and CVE-2015-2362

Notes From the Field - Install NetApp OnCommand System Manager 3.1.2 to use w/ Java 8

I recently received a replacement laptop.  The PC was clean except for Windows 8.1 and Office.  Also installed was the latest 64 bit release of Java.  I needed to install NetApp OnCommand System Manager to perform admin duties on some FAS controllers running 7-mode.  The older versions of OnCommand I'd downloaded previously all produced errors related to Java being required.  I thought about installing an older version, but that can be a pain as well as security risk.

I then went to the Netapp support website on the off chance a newer release was available.  And there it was, OnCommand for Windows 3.1.2.  The overview section said exactly what I needed to read:

New Features in System Manager 3.1.2

  • Support for 32-bit or 64-bit Oracle® Java Runtime Environment (JRE) 8
  • Support for Internet Explorer® 11

So there it is, if you're looking to run Java 8, there's a version of OnCommand System Manager ready for you.

Notes from the Field - Newer Versions of NetApp OnCommand Require TLS

Depending on when you installed your NetApp storage running ONTAP, certain connectivity parameters might prevent web based managent with newer version of OnCommand Manager.

There are several errors that could be displayed including "500 Connection refused."

The web based onCommand management suite worked fine, until TLS was required. Previously, only HTTPS was enabled on the NetApp.  TLS is a much more secure protocol and is the preferred method of connectivity.

TLS can be enabled via the command line with the following command:

options tls.enable on

The setting can be verified by running the options command.

The list will display the status of every option in the system.  The TLS.Enable option is the one of concern.

acp.domain                   43200
acp.enabled                  on
acp.netmask                  16580607
acp.port                     e0P
auditlog.enable              on         (value might be overwritten in takeover)
auditlog.max_file_size       10000000   (value might be overwritten in takeover)
auditlog.readonly_api.enable off        (value might be overwritten in takeover)
autologout.console.enable    on         (value might be overwritten in takeover)
autologout.console.timeout   60         (value might be overwritten in takeover)

...

timed.sched                  hourly     (same value in local+partner recommended)
timed.window                 0s         (same value in local+partner recommended)
tls.enable                   on         (same value required in local+partner)
trusted.hosts                *          (same value required in local+partner)
vfiler.vol_clone_zapi_allow  off
vol.copy.throttle            10         (value might be overwritten in takeover)
vol.move.cutover.cpu.busy.limit 100
vol.move.cutover.disk.busy.limit 100

 

Apply this command to all filers in a failover cluster.

The settings and commands were tested on DataOntap running in 7 mode.

Installation of Cisco UCS Platform Emulator on VMware Fusion - Mac OS X

The Cisco UCS Platform emulator allows a person to simulate a complex Cisco UCS environment.  The emulator is a great way to familiarize yourself with UCS Manager.  Several examples of UCS PE installs exist online, but I found very few for Mac OS X users with VMware Fusion.  These videos aim to rectify that.

Note - The videos are a little long as they are real time.  The video is cut only in a few places for the sake of time.

Part 1

https://www.youtube.com/watch?v=XSSxHLmxHpQ

The latest versions of the UCS Platform Emulator can be found on the Cisco Community webiste

https://communities.cisco.com/docs/DOC-37827

 

 

 

Started a Little Blog ...

Here's the first entry in what will hopefully be a long lasting effort.  I've been on the fence for a little while about starting a blog, but finally decided to do it.  This Blog will be a place to discuss IT ideas, products, tech, and just general info related to this industry.  The goal is to foster a dialogue and do something engaging.  One way data flow very rarely leads to the type of growth that's possible when both sides participate.

I won't begin to claim to be an expert at blogging, building a brand, and all the stuff that goes along with it.  I'm lucky to have some help with the site.  Mr. Vernon Reid has agreed to partner with me to build this into something cool.  It's difficult for any one person to keep enough content flowing, but between the two of us, we'll keep presenting interesting content.

With any luck, this should be an interesting journey.