Saturday, 28 January 2012

NetApp Data ONTAP 8.1 Enabling SFTP Access to /etc

Continuing from a fresh setup of the Data ONTAP 8.1 Simulator ; the following post goes through the steps to enable SFTP Access to /etc without having NFS or CIFS licensed nor enabled. And here we will use WinSCP to connect to /vol/vol0 and browse the /etc folder.

1) Connect to the CLI using the root login
2) From the CLI run the following 5 commands:

options sftp.enable on
options sftp.auth_style unix
options security.admin.authentication nsswitch
wrfile -a /etc/passwd sftpuser:_J9..IMv76dJgB/sqpf.:0:1::/:
wrfile -a /etc/group daemon:*:1:

The 5 lines above –
i: Enables sftp
ii: Sets the sftp authentication style to unix
iii: Sets the security admin authentication to nsswitch
iv: Creates the passwd file with a user sftpuser with password cifs*123 (the string "_J9..IMv76dJgB/sqpf." is generated using the cifs passwd cifs*123 command – see Appendix below.)
v: Creates the group file
*Note that wrfile -a actually appends to a file; if there is no file to append to it will create the file

3) Use WinSCP to connect with the following details:

Host name: {DNS Name or IP Address of your filer}
User name: sftpuser
Password: cifs*123

Fig. 1: WinSCP Login
And we are in!

Fig. 2: /vol/vol0 folder
Appendix: Notes on cifs passwd

The cifs passwd command – used to obtain a correctly formatted password – must be run with CIFS enabled. To temporarily license CIFS, enable CIFS, obtain the correctly formatted password, then disable CIFS and delete the license; run through the following commands:

FILER> license add DZDACHD #cifs
*The above license code works with the 8.1 SIM (for more 8.1 vsim licenses see: http://now.netapp.com/NOW/download/tools/simulator/ontap/8.1/vsim_licenses_810.txt )
FILER> cifs setup
Do you want to make the system visible via WINS? [n]: n
Selection (1-2)? [1]: 2 for Multiprotocol filer
Would you like to change this name? [n]: n
Selection (1-4)? [1]: 4 for /etc/passwd and/or NIS/LDAP authentication
What is the name of the Workgroup? [WORKGROUP]: WORKGROUP
FILER> cifs passwd cifs*123
*Record the output from here and feel free to change the cifs*123 password!
FILER> cifs terminate
FILER> license delete cifs


SEO: The contents of this article may help if you are getting the following error(s) –
[sftp.connection.request.failed:error]: SFTP (SSH File Transfer Protocol) connection request from client system failed because the user is not permitted to do SFTP (SSH File Transfer Protocol) operations
[sshd_2:error]: error: Disconnecting: SFTP connection creation failed

Installing the NetApp Virtual Storage Console (VSC) for VMware vSphere and Using it to Optimize NFS Settings

As a continuation from the previous post – NetApp Basic NFS Configuration Walkthrough with VMware – the following article provides a walkthrough installation of the NetApp VSC, and then using the VSC to optimize NFS settings on a VMware vSphere host.

Part 1: Obtain and Install the VSC

i) Download the Virtual Storage Console for VMware vSphere from https://now.netapp.com/eservice/Download.jsp

*This walkthrough uses the VSC-2.1.2-win64.exe, and installing here onto a VMware vSphere 4.1U1 vCenter. There is also a 32-bit version, and version 2.1.2 supports vSphere 5.

ii) On the vCenter Server, run the VSC Setup Launcher
Fig 1: VSC-2.1.2-win64 Setup Launcher
iii) Run through the InstallShield Wizard:

Next >
Accept the terms in the license agreement : Next >
Select Capabilities : Next >

*The capabilities include: Monitoring and Host Configuration (default,) Provisioning and Cloning, and Backup and Recovery (with license.) To use the VSC to optimize NFS only needs the default selection ticked; here though we might as well tick all selections to see the full feature set.

Fig 2: Virtual Storage Console – Select Capabilities
Choose Destination Folder : Next >
Install >
Finish

iv) Register the plugin with vCenter at https://localhost:8143/Register.html and complete the vSphere Plugin Registration.

Plugin service information
IP Address: {e.g. IP Address of vCenter}

vCenter Server information
Host name or IP Address: ???
Port: 443
User name: ???
User password: ???

Click 'Register' and if successful then the following appears "The registration process has completed successfully!"
Close the internet browser.

Part 2: Authenticating Storage Controllers in the VSC

Open up a vSphere Client connection to the vCenter server >
Select the Datacenter object (or cluster, or host object – does not really matter here) and select the 'NetApp' tab >
Accept the Security Alert >
Click on the 'Update' button in the top right corner >

Fig 3: NetApp VSC Plug-in with -'unknown-' Storage Controller
When the update has completed, right-click on the '-unknown-' controller and select 'Modify Credentials' >
Enter the credentials and click OK >
Wait for the Controller to display correctly under 'Storage Controllers' (click Update to speed up the process)

Fig 4: NetApp VSC Plug-in with an authenticated Storage Controller
Part 3: Optimizing NFS Settings on an ESX Host

From the 'NetApp' tab within the vSphere client, under 'ESX Hosts', right-click the ESX host and choose 'Set Recommended Values...' >

Fig 5&6: NetApp VSC Plug-in ESX Hosts and 'NetApp Recommended Settings'
Leave all boxes checked (only really need 'NFS Settings' box checked in this instance - will not hurt to update 'HBA/CNA Adapter Settings', and 'MPIO Settings' at the same time) and click OK >
Finally reboot the ESX(i) host server to apply the changed settings!

Fig 7 : NetApp VSC Plug-in ESX Hosts – host with recommended settings

Friday, 27 January 2012

NetApp Basic NFS Configuration Walkthrough with VMware

Continuing from a fresh setup of the Data ONTAP 8.1 Simulator ; this brief walkthrough illustrates using the CLI to setup a couple of NFS exports, and then using the vSphere client to mount these NFS exports to a VMware ESXi 4.1 host server

Beginnings - The 8.1 simulator starts off with:

28 disks (2 shelves with 14 disks each)
pool 0 with 14 assigned disks (leaving 14 unowned disks)
aggr0, containing plex0, and rg0 (RAID group) with 3 disks in a RAID-DP configuration (1 data disk)
vol0 in aggr0 – thick provisioned 851.48MB in size

Part A: Using Data ONTAP 8.1 CLI to create a couple of NFS exports
*This part could also be done using the NetApp OnCommand System Manager

The lines in the script below (in bold,) will do the following 10 things:

1) Assign all unowned disks to pool 0 (by default Data ONTAP without syncmirror license will keep all disks in pool0 (default))
2) Add 9 x 1 GB disks to aggr0 (so we have a RAID-DP is across 12 x 1 GB disks)
3) Create aggr1 as a 64-bit aggregate, with 14 x 1 GB disks in a RAID-DP
*Leaves 2 spare disks across the 28 disk pool
4) Create vol1 as thin (none) provisioned, in aggr0, and 7 GB in size
5) Create vol2 as thin (none) provisioned, in aggr1, and 11 GB in size
*Might find thick (volume) provisioned volume creation is slow in the simulator
6) Install NFS license
*Installing the NFS license enables NFS
7) Unexport /vol/vol2 (which gets automatically exported)
8) Export /vol/vol1 for NFS readwrite & root access for servers on the 192.168.168.0/24 network
9) Export /vol/vol2 for NFS readwrite & root access for servers on the 192.168.168.0/24 network
10) Enable deduplication (ASIS) on /vol/vol2

Copy and paste these 10 lines into your SSH client (like PuTTY) to run, or run each line in turn:

disk assign all
aggr add aggr0 9@1G
aggr create aggr1 -B 64 -r 14 -t raid_dp 14@1G
vol create vol1 -s none aggr0 7G
vol create vol2 -s none aggr1 11G
license add BQOEAZL #nfs
exportfs -z /vol/vol2
exportfs -p rw=192.168.168.0/24,root=192.168.168.0/24 /vol/vol1
exportfs -p rw=192.168.168.0/24,root=192.168.168.0/24 /vol/vol2
sis on /vol/vol2

*It is okay to run up to 15 lines via the PuTTY SSH client on Windows, any more and need to be careful; an SSH client in Linux will allow more lines to be safely run in one go (this can be explained in terms of command buffer size.)

Part B: Using the vSphere Client (connected to either a host or vCenter) to mount NFS folder

Select the host
-> 'Configuration' Tab
-> 'Add Storage...'
-> Network File System : Next
-> Provide NetApp Appliance DNS name / IP address, folder name /vol/vol1 and 'Datastore Name' : Next
-> Finish

And repeat for /vol/vol2!

Fig 1: vSphere Client - Select Storage Type
Fig 2: vSphere Client - Locate Network File System
Fig 3: vSphere Client - Mounted NFS Datastores
Appendix A: Some Useful Commands for Information Gathering

aggr status = shows state, RAID, aggr 32/64-bit
disk show -v = shows all disks – owned and not owned
exportfs = check currently exported NFS shares
rdfile /etc/exports = read the NFS exports file (these NFS exports load on boot)
storage show = will show disks are not assigned to shelves
sysconfig = shows current system configuration – NetApp release, system ID, serial number, processors, memory, ...
vol status = shows state, RAID, flex 32/64-bit

Appendix B: Some Useful Links

Friday, 20 January 2012

Formulas to Calculate Dimensionless Hard Disk Size, and a Real World Application to Extending a UFS Partition

The dimensionless hard disk size is a quantity that gives a measure of hard disk size without any associated physical dimension (i.e. not measured in bytes, kilobytes, ... - just a number.) This quantity manifests itself in many places, such as: in the VMware vmdk disk descriptor file, and when sizing partitions.

Part 1: Formulas to calculate R (The Dimensionless Hard Disk Size) from Cylinders, Heads, and Sectors; Cylinder Groups, Heads, and Sectors; and Volume Capacity, and Sector Size
In the below; * is used for multiply, and / for divide

1.1 Variables Used

R = The Dimensionless Hard Disk Size
C = Cylinders
H = Heads
T = Tracks (and T = C * H)
Cyl = Cylinder Groups (used with Unix File System (UFS))
S = Sectors per Track
B = Sector Size in bytes
V = Volume Size in bytes (i.e. disk max capacity; volume, or partition size)

1.2 Formulas for R

R = C * H * S
R = (SUM of Cylinders in all Cylinder Groups) * H * S
R = V / B

1.3 Formulas for V (obtained from the above)

V = C * H * S * B
V = R * B

Important notes:
1) R is always a positive integer, as are all the other variables used
2) Real world values given for disk capacity may need to be converted into the integer value that best satisfies the requirement for the other variables to be integers

Part 2: Real World Application to Extending a UFS Partition
The following "real world" application of the formulas, is inspired by following blog post by Julian Wood - Installing & Maximising the NetApp ONTAP 8.1 Simulator

2.1 The problem

We expand a 48 GB VMware vmdk hard disk to 244 GB. The hard disk in question is already partitioned into 4 partitions, and we need to find the new size value for the 4th partition, to make it use up all the extra usable space that is now available.

2.2 Calculations and Explanation

Booting into the FreeBSD_LiveFS ISO media, and in fixit mode; the fdisk ad0 command is run to view the partitions on the disk in question (ad0.)


The output of the fdisk ad0 command provides the following bits of information:

B = 512 bytes (Sector size)
H = 15 (Heads – numbered from 0 to 14)
S = 63 (Sectors per Track – numbered from 1 to 63)
PartitionStartValue = 4191264

And from the real world disk capacity of the hard disk (Vreal = 244GB) in bytes, we get Rreal:

Rreal = int( Vreal / B )
= int( 244*1024*1024*1024 / 512 )
= 511705088

Note:
int( x ) is a function that returns the integer value of x. The int function is included in Windows Calculator on the Scientific view. If you do not have this function then just lose everything after the decimal point.

The disk is split into cylinders (value unknown), heads (15), and sectors (63.) We cannot find out the number of cylinders (would need to know the amount of cylinders in each cylinder group, and there will be quite a few cylinder groups.) But we know that the max value of R (Rmax) must be an integer divisible by heads (15) multiplied by sectors (63.)

Rmax = 15*63 * int( Rreal / (15*63) )
= 511704270

Finally, to find the new size of partition 4 (Rsize):

Rsize = Rmax – PartitionStartValue
= 507513006

When we run the fdisk -u ad0 command to extend partition 4; when prompted for the value for the new "size," the above figure – 507513006 – is supplied!

2.3 Summary

Rsize = H * S * int{ int( Vreal / B ) / ( H * S ) } - PartitionStartValue

Part 3: Appendix – Further Reading



Monday, 16 January 2012

Citrix NetScaler VPX Cloud Bridge: Install Walkthrough Part 2/2: Configuring Cloud Bridge and Testing

1: Configuring the CloudBridge

1) Log in to the GUIs for NSVPXA ( http://10.10.10.5 ) and NSVPXB ( http://10.10.20.5 )
*The per NetScaler configuration so far, consists of a name and couple of configured IPs as in the images below


2) To setup WAN side addresses and routing across the router

i:
From the root folder > expand the 'Network' folder > Right-click on 'IPs' and select Add.
On NSVPXA, create a Mapped IP with these details
IP Address = 192.168.30.15
Netmask = 255.255.255.0
On NSVPXB, create a Mapped IP with these details
IP Address = 192.168.40.15
Netmask = 255.255.255.0

ii:
From the root folder > expand the 'Network' folder > Right-click on 'Routes' and select Add.
On NSVPXA, create the route with these details:
Network = 192.168.40.0
Netmask = 255.255.255.0
Gateway = 192.168.30.1
On NSVPXB, create the route with these details:
Network = 192.168.30.0
Netmask = 255.255.255.0
Gateway = 192.168.40.1

iii:
On both NSVXPA and NSVPXB: 'Save' the configuration and run a 'Refresh All'
*To check everything is all setup and working okay at this stage; try a ping test from the NetScaler's CLI across the router to the remote Netscaler's WAN side IP – this should be successful!

3) To configure the Cloud Bridge, do the following on NSVPXA and NSVPXB
*At this stage start a ping test running from your endpoints!

i: From the root folder > click on the 'Cloud Bridge' folder and click on 'Configure Cloud Bridge'

ii: Complete the Configure Cloud Bridge window

NSVPXA
Name: CloudBridge
Local IP: 192.168.30.5
Remote IP: 192.168.40.5
Pre-Shared Key: cloudtest
And click 'Create'

NSVPXB
Name: CloudBridge
Local IP: 192.168.40.5
Remote IP: 192.168.30.5
Pre-Shared Key: cloudtest
And click 'Create'

Image below taken from NSVPXA's configuration:

iii: On both NSVXPA and NSVPXB: 'Save' the configuration and run a 'Refresh All'

4) At the point of completing both Cloud Bridge configurations, we should have a succesful Cloud Bridge up and running!

Ping from 10.10.10.10 to 10.10.10.20
Ping from 10.10.10.20 to 10.10.10.10

5) To make certain that this is a successful test of a the CloudBridge:
From either one of the NetScalers:
From the root folder > expand the 'Cloud Bridge' folder > click on 'Network Bridge' > right-click on the newly created CloudBridge and select Open.
Simply un-ticking the 'Active' box and clicking OK, should stop the flow across the Cloud Bridge.

2: Final Comment

Some readers may question why I have not had to configure the VLANs or IP Subnets tabs for the Cloud Bridge in this lab (on neither NetScaler was the Default VLAN 1 enabled as Active, nor were any IP Subnets added into the configuration.) The answer (probably) lies in the existence of SNIPs for the 10.10.10.X network at either end. This lab is only intended as a Walkthrough guide to demonstrate getting Cloud Bridge up and running, and from a working model we can tinker around further to see what effect different options/configurations have on the Cloud Bridge.

Citrix NetScaler VPX Cloud Bridge: Install Walkthrough Part 1/2: Setting Up the Demo Lab

The following lab is going to run through the steps to build a working NetScaler Cloud Bridge demo setup from scratch. The lab aims to demonstrate that a guest machine in Site A on Site A's subnet, can successfully communicate with a machine on Site B's network but with an IP address from Site A's subnet, and vice versa.

1: Prerequisites

i: NetScaler VPX appliance
Presently, the NetScaler VPX Platinum Evaluation is available at http://www.citrix.com/NetScaler and registering for the trial will provide access to downloads for NetScaler VPX on XenServer, VMware, and Hyper-V; and a license code for a 90 day evaluation.
*The following lab used the NetScaler VPX on VMware version 9.3-52.3

ii: 2x NetScaler Platinum Edition License Codes
Applying for the NetScaler VPX Platinum Evaluation twice will provide the two required Platinum Edition License Codes.
*The license keys will be obtained later after obtaining the MAC addresses of the NetScaler VPX appliances.
*Source www.citrix.com : Cloud Bridge is also included as part of the larger NetScaler Platinum Edition on either-NetScaler SDX™, MPX™ or VPX™ appliance platforms.

iii: A login for Citrx.com
It is free to register for an account which will later allow for download of license keys for the NetScaler VPX appliances.

iv: A suitable hypervisor
This can be either Citrix XenServer, VMware ESX(i), VMware Workstation 8, or Hyper-V.
The NetScaler VPX Appliances come pre-configured with 2GB, 2 processors, and 20GB disk (about 350MB with thin-provisioning,) and would recommend the hypervisor has at least 6 GB free memory to play with, and 6 GHz available processing power.
*This lab uses VMware Workstation 8 which can open OVF templates (Workstation 7 could not open OVF templates,) and this was running on top of a Windows 7 Workstation with 6 GB memory and an AMD Phenom 9950 Quad-Core 2.6GHz Processor.

iv: 4x Network Segments
More detail in Section B.

v: A router to simulate traversing the internet
*This lab uses a virtual Windows Server 2003 system running Routing and Remote Access.
*To demonstate the Cloud Bridge in action, using a point-to-point type link is not totally sufficient since two NetScalers connected across a point-to-point type link can work as a capable standard bridge without needing Cloud Bridge; hence a router is introduced into this lab setup.

vi: 2x Suitable Endpoints to Test the CloudBridge
Essentially, just something to ping with and reply to ping packets; may be useful to have an internet browser too.
*The following lab uses Windows XP virtual machines

2: The Lab Setup

i: The Networks

Site A (LAN): VMnet1 with Subnet IP 10.10.10.0, Subnet Mask 255.255.255.0, Gateway 10.10.10.2
Site B (LAN): VMnet2 with Subnet IP 10.10.20.0, Subnet Mask 255.255.255.0, Gateway 10.10.20.2
Site A (WAN Side): VMnet3 with Subnet IP 192.168.30.0, Subnet Mask 255.255.255.0
Site B (WAN Side): VMnet4 with Subnet IP 192.168.40.0, Subnet Mask 255.255.255.0
CloudBridged Network: Subnet IP 10.10.10.0 (or Site A's LAN)
*Note that the VMnet1 and VMnet 2 networks, are configured as "Host-only" networks, and that the "Connect a host virtual adapter to this network" option is ticked for VMnet1 and VMnet2 (this allows the host workstation – which takes an X.X.X.1 IP address – access to the NetScalers' GUI for configuration purposes, and later we can uncheck this option to prove no traffic is travelling via the host.)

ii: The Virtual Machines
Site A:

WXPWSA
(Windows XP Workstation A)
NIC1 on VMnet1
> IP 10.10.10.10

NSVPXA
(NetScaler VPX A)
NIC1 on VMnet1 for
> NSIP 10.10.10.5
> SNIP 10.10.10.15
NIC2 on VMnet3 for
> MIP 192.168.30.15
> IP 192.168.30.5 (for the Cloud Bridge)

The "Internet":

ROUTER
(Windows 2003 Server running Routing and Remote Access)
NIC1 on VMnet3 for
> IP 192.168.30.1
NIC2 on VMnet4 for
> IP 192.168.40.1

Site B:

WXPWSB
(Windows XP Workstation B)
NIC1 on VMnet2
> IP 10.10.10.20

NSVPXB
(NetScaler VPX B)
NIC1 on VMnet2 for
> NSIP 10.10.20.5
> SNIP 10.10.10.25
NIC2 on VMnet4 for
> MIP 192.168.40.15
> IP 192.168.40.5 (for the Cloud Bridge)

Additional Notes:
*NSIP = NetScaler Management IP
*SNIP = Subnet IP
*MIP = Mapped IP
*The 192.168.30.5 & 192.168.40.5 addresses are not specifically assigned/configured on NIC2; the NetScaler is intelligent enough to link the routers IP address in its ARP table as being available via NIC2, and – with the addition of a route to traverse the router – knows to send remote 192.168.30/40.X traffic down NIC2 to the router

3: Basic Configuration of the NetScalers
*This section continues from having imported two NetScaler VPX appliances into whatever hypervisor environment is being used; and having configured the networks, endpoints, and router, similarly to the above.

3.1: Basic Configuration
1) Power on NSVPXA
2) Via the console, complete the prompts to configure IPv4 address of 10.10.10.5, Netmask of 255.255.255.0, and Gateway of 10.10.10.2; and then select option 4 and press enter to save the changes.
*To re-run the basic IP setup configuration from CLI, at the > prompt type config ns
3) Using an internet browser; log in to the NetScaler GUI on http://10.10.10.5 using the default credentials (User Name = nsroot, Password = nsroot)
Run through the setup wizard > provide the Host Name of NSVPXA, provide the SNIP Address of 10.10.10.15 with Netmask of 255.255.255.0 : Next > Next > Finish > Exit
*The Setup Wizard can be re-initiated at any time via the NetScaler GUI

3.2: Licensing
1) Log in via the console or using SSH (PuTTY), with the default credentials of:
login = nsroot
Password = nsroot
2) At the > prompt type: shell
3) At the root@NSVPXA# prompt type: lmutil lmhostid -ether
- and record the host ID (MAC address) from the output
root@NSVXPA# lmutil lmhostid -ether
lmutil - Copyright (c) 1989-2007 Macrovision Europe Ltd. and/or Macrovision Corporation. All Rights Reserved.
The FLEXnet host ID of this machine is "000c29c00fe5"
root@NSVPXA#
4) Go to www.citrix.com and log in choosing the destination "Licensing Management," and obtain the license file (Allocate -> Don't see your product? > Enter license code : Continue > Host Name Warning : Continue > Enter Host ID : Continue > Confirm > OK to download the .lic file)
5) Use WinSCP or similar to copy the .lic file to the NetScaler's /nsconfig/license folder
6) At the root@NSVPXA# prompt, type: exit
*to get back to the > prompt
7) At the > prompt type: save ns config
8) At the > prompt type: shutdown -r now
- and type Y at the prompt for "Are you sure ... ?", then press enter
9) After the restart, log in via the console or using SSH
10) At the > prompt type: enable ns feature CloudBridge
11) At the > prompt type: enable ns mode l2
12) At the > prompt type: save ns config

3.3: NSVPXB

Monday, 9 January 2012

Walkthrough Setup Guide for Implementing Citrix Profile Management 4.0 (User Profile Manager) for a Windows 7 VDI Environment

Prerequisites
1) AD forest functional and domain functional levels of Windows 2003 native mode and above
2) A Windows 7 “Gold” image.
For complete System Requirements see http://support.citrix.com/proddocs + Technologies + Profile Management.
*The lab set-up used to illustrate this walk-through guide uses Windows 7 32-bit, Profile management 4.0, and a Windows 2008 R2 domain controller

Part A: Download and Install Profile Management on the Windows 7 “Gold” Image

1) Download Profile Management 4.0 from www.citrix.com
2) Log on to the Windows 7 “Gold” image with an administrative account, copy the downloaded PM4.0.zip to the desktop, and extract the contents
3) Double-click either profilemgt4.0.0_x86.msi and run through the Setup Wizard to install:
Next >
Accept License Agreement: Next >
Choose where to Install Citrix Profile management (default location = C:\Program File\Citrix\User Profile Manager\) : Next >
Install >
Finish >
Yes to restart the system

Part B: Create a Server Share

Create a share on the fileserver (for example: \\fileserver\profileManager$ )

The below is from Microsoft's 'Security Recommendations for Roaming User Profiles Shared Folders':

Minimum Required NTFS Permissions for Roaming Profile Parent Folder
Create Owner: Full Control – Subfolders and Files Only
Administrator: None
Security group of users needing to put data on share: List Folder/Read Data, Create Folders/Append Data – This Folder Only
Everyone: No permissions
Local System: Full Control – This Folder, Subfolders and Files

Minimum Required Share level (SMB) Permissions for Roaming Profile Share
Everyone: No permissions
Security group of users needing to put data on share: Full Control

Minimum Required NTFS Permissions for Each User's Roaming Profile Folder
*If not already created, the user's Profile Management folder will automatically be created with the correct permissions
%Username%: Full Control, Owner of Folder
Local System: Full Control
Administrators: No Permissions
Everyone: No Permissions

Part C: Install Citrix Policies

1) Log on to a suitable domain controller with an account that has permission to create and edit GPOs
2) Copy PM4.0.zip to the desktop and and extract the contents
3) Open up the Group Policy Management console (gpmc.msc,) right-click the OU containing the Windows 7 VDI computer accounts, and select 'Create a GPO in this domain, and Link it here...'
*The GPO applies to the Computer Configuration so only needs to be linked to the OU containing the computer accounts of the VDIs
4) Give the GPO a name like say 'Citrix Profile Management' and click OK
5) Right-click the newly created GPO and choose 'Edit'
6) Expand 'Computer Configuration' > Expand 'Policies' > Right-click 'Administrative Templates' > Choose 'Add/Remove Templates...'
7)
i: From the 'Add/Remove Templates' window, remove any pre-existing Policy Templates, then click 'Add..'
ii: Browse to the location of the extracted PM4.0.zip
iii: Navigate – via ADM_Templates – to the folder for the language of your choice (e.g en for English)
iv: Select ctxprofile4.0.0.adm, and click Open
v: Close the 'Add/Remove Templates' window
8) Still in the 'Group Policy Management Editor' for the 'Citrix Profile Management' GPO:
Expand 'Computer Configuration' > Expand 'Policies' > Expand 'Administrative Templates' > Expand 'Classic Administrative Templates (ADM)' > Expand 'Citrix' > Expand 'Profile Management'
*Citrix > Profile Management : is under Classic Administrative Templates (ADM) here, due to being installed into a Windows 2008 environment.

9) The configuration of the 'Profile Management' Policy Settings will vary from customer to customer; the below is sufficient for a working starter set-up:

Profile Management
Enable Profile management: Enabled
Processed groups: Disabled (all user groups are processed)
Process logons of local administrators: Enabled (members of local administrators group are processed by Profile Management)
Path to user store: Enabled and provide path (for example: \\fileserver\profileManager$\%username% )
Active write back: Enabled (allows settings to trickle back and forth whilst logged in)

Profile Management > Profile handling
Delete locally cached profiles on logoff: Enabled

Profile Management > Registry
Exclusion list: {Typically used to exclude registry keys if encounter problems when using Profile Management across different Windows platforms. For a 100% Windows 7 VDI deployment, we can leave this 'Not configured'}

Profile Management > Streamed user profiles
Profile streaming: Enabled
Streamed user profile groups: Disabled (all user groups are processed)

Part D: Test

1) Create a VDI from the Windows 7 “Gold” image.
*If testing carrying on from using the same Windows 7 system as used in Part A  –  give the system an additional restart to fully apply the computer configuration policies from the 'Citrix Profile Management' GPO, before proceeding with the test
2) Log on to the VDI with a user account that is to be processed by profile Management and check that the server share is generated.
3) Make a few changes to the profile as desired (for example – place a file on the desktop)
4) Log off
5) Log on to another VDI (or if using non-persistent VDIs then just log back on to the VDI) to see Profile Management in action.

THE END!

Appendix: Further reading & Credits

David Fiske's video -”How to install Citrix User Profile Manager”
*This post is very much based on David's excellent video. I came, I watched, and I understood!

Profile Management 4.0: Install and setup

How to Implement and Configure the Profile Management Group Policy Settings Using the .ADM Template (and other links)

Security Recommendations for Roaming User Profiles Shared Folders

Environment with Multiple Platforms – What Types of Profiles Should I Create?

Saturday, 7 January 2012

Problem: High iSCSI NIC Utilization on Windows 2008R2 Hyper-V Host

Scenario:
Poor performance is reported on a business application not long after a virtualization initiative has been implemented, and it is noticed that – on one of the hosts that is part of a Hyper-V failover cluster – the utilization on an iSCSI NIC is very high.

Initial Diagnosis:
The cause of the excessive iSCSI traffic is traced to the business application's backend SQL Server, and – initially – the proverbial finger is pointed at a recent VMware Capacity Planning report pointing out that the SQL Server System was not a recommended candidate for virtualization. The Capacity Planning report – under 'System Exceptions' – flagged the SQL server as generating excessive disk I/O of 102.92 MBps. Now, a 1 Gbps NIC has maximum throughput of 128 MBps (1024 Mbps / 8 bits per byte,) so this fits closely with the indicated excessive disk I/O being likely to cause a near maxed out 1 Gbps NIC.

Solution:
It turned out that the SQL server had never been running with an optimal configuration, and just happened that the excessive disk I/O had not been noticed as a problem in its physical incarnation (running on a RAID 5 across 4 x Ultra320 (320 MBps) SCSI disks.) Using SQL Server Management Studio, and checking the Server Properties -> Memory page, displayed the Maximum server memory for the SQL server was only set to 1000 MB, and upping this to 3000 MB (the underlying OS was Windows Server 2003 Standard 32-bit, and the virtual machine was configured with the OS's maximum memory of 4 GB) caused the iSCSI NIC utilization to drop from near 100% to below 5%. The excessive disk I/O had been caused by the SQL server not having enough memory and having to page excessively to disk.


SQL Server Revisited:
Revisiting the SQL Server a short time later; in Windows Task Manager, the 'Mem Usage' of the sqlservr.exe is running at 2'739'252 KB (or ~2675 MB,) which is under the 3000 MB Maximum server memory allocated to SQL Server, hence SQL Server has no need to page to disk, and iSCSI utilization is aok.

Note: My involvement was only on the fringes in this particular scenario, and can take no credit for the solution. An interesting problem though and worthy of a write up.

Problem: Websense WSLOGDB70 Files Causing High Disk Space Utilization

Scenario:
A customer's web proxy server running 'Websense Web Security / Web Filter', is running low on free disk space, and the WSLOGDB70 files in C:\Program Files\Websense are identified as the major culprit of excessive disk consumption.

Solution:
Note: This applies to an installation of Websense installed with the bundled MSDE 2000 (Microsoft SQL Server 2000 Desktop Engine,) which had a built in database rollover feature to avoid hitting the 2GB single database size limit of MSDE 2000.

To correct way to delete wslogdb70_X.mdf and wslogdb70_X_log.ldf files {where X is a positive integer} is:

1) Log onto the Websense Manager WebUI at https://IPADDRESSofWEBPROXY:9443/mng with a Websense administrative account
2) Navigate to Settings -> Reporting -> Log Database
3) Browse down to 'Available partitions'
4.1) Click Delete to the right of the partition to be deleted (assuming reporting is no longer required for the date range contained in the partition,)
4.2) Click OK to the message 'Are you sure you want to delete partition WSLOGDB70_X? This is irrevocable!'
5) Repeat 4 for as many of the partitions as you want to delete
6) Click 'Save Now'
7) The WSLOGDB70 files will not be deleted straight away, but will be deleted next time the maintenance schedule runs. The 'Maintenance start time' can be checked in the 'Maintenance Configuration' section. If necessary, temporarily adjust the 'Maintenance start time' to purge the deleted database partions sooner.

THE END

Question: Can I delete wslogdb70 files?
Answer: Yes, but it should not be done manually via Windows explorer, remove via WebsenseManager WebUI.

Wednesday, 4 January 2012

How to Configure iSCSI Multipathing (MPIO) in VMware vSphere 5 using ESXCLI

UPDATE: If you want just one iSCSI Switch with multiple iSCSI VMkernels in, please see How to Configure iSCSI Multipathing (MPIO) in VMware vSphere 5 using ESXCLI (UPDATE)

The script below will enable the iSCSI Software Adapter, create two standard switches each with one active network adapter, configure each switch with a configured VMkernel port, bind the iSCSI VMkernels to the iSCSI Software Adapter vmhba, add a send target portal, set the multi-pathing to default to round-robin, and then perform a rescan for storage devices and new volumes. Testing in the lab had a complete VMware Host iSCSI and MPIO configuration applied in less that 20 seconds!
The easiest way to run this script is to establish an SSH connection to the ESXi 5 host to be configured using Putty or similar (first start the SSH service on the host using a vSphere Client connection.) Then simply copy the script and right-click to paste into the Putty window - the script will run.

Notes:

1: In practice you will probably want to run part 1 separately to enable the iSCSI Software Adapter, so can provide the iSCSI Initiator name to input into the SAN management software to allow access to volumes, and also to check the vmhbaXX number.
2: Substitute the following values as per requirements: vmnic4, vmnic5192.168.0.111, 255.255.255.0, 192.168.0.121, 255.255.255.0, vmhba33, 192.168.0.100:3260
3: The line in Part 6 works for HP LeftHand/P4000 iSCSI SANs. If you want the multi-pathing to default to round-robin for devices not detected as VMW_SATP_DEFAULT_AA, then this line will need to be modified.
4: It is not currently possible with ESXCLI to create just one Standard Switch for iSCSI and add multiple VMkernels in, as there is no command to set an adapter as unused (only active and standby can be configured using ESXCLI.)
5: See http://pubs.vmware.com/vsphere-50/index.jsp for the full vSphere Command-Line Interface Reference.
6: The lines beginning with 'echo' are just there for cosmetic reasons to explain what the line underneath does
7: It is pretty straightforward to modify the script for more than 2-way MPIO (vSphere 5 supports up to 8-way MPIO.)

The Script:

echo # START COPYING ON THIS LINE!
echo #########################
echo # PART 1: Enable iSCSI Software Adapter
esxcli iscsi software set -e on
echo #########################
echo # PART 2: Create 1st iSCSI vSwitch and iSCSI VMkernel
echo ## 2.1 Add a new Standard Switch called iSCSIVMk1
esxcli network vswitch standard add -v iSCSIVMk1
echo ## 2.2 Add vmnic4 to the iSCSIVMk1 Standard Switch
esxcli network vswitch standard uplink add -u vmnic4 -v iSCSIVMk1
echo ## 2.3 set vmnic4 as active adapter for the iSCSIVMk1 Standard Switch iSCSIVMk1
esxcli network vswitch standard policy failover set -a vmnic4 -v iSCSIVMk1
echo ## 2.4 Add a portgroup called iSCSIVMk1 to the iSCSIVMk1 Standard Switch
esxcli network vswitch standard portgroup add -p iSCSIVMkernel1 -v iSCSIVMk1
echo ## 2.5 Add a VMkernel interface called vmk11 to the iSCSIVMk1 portgroup
esxcli network ip interface add -i vmk11 -p iSCSIVMkernel1
echo ## 2.6 configure vmk11 with IP Address and Subnet Mask
esxcli network ip interface ipv4 set -i vmk11 -I 192.168.0.111 -N 255.255.255.0 -t static
echo #########################
echo # PART 3: Create 2nd iSCSI vSwitch and iSCSI VMkernel
echo ## 3.1 Add a new Standard Switch called iSCSIVMk2
esxcli network vswitch standard add -v iSCSIVMk2
echo ## 3.2 Add vmnic5 to the iSCSIVMk2 Standard Switch
esxcli network vswitch standard uplink add -u vmnic5 -v iSCSIVMk2
echo ## 3.3 set vmnic5 as active adapter for the iSCSIVMk2 Standard Switch iSCSIVMk2
esxcli network vswitch standard policy failover set -a vmnic5 -v iSCSIVMk2
echo ## 3.4 Add a portgroup called iSCSIVMk2 to the iSCSIVMk2 Standard Switch
esxcli network vswitch standard portgroup add -p iSCSIVMkernel2 -v iSCSIVMk2
echo ## 3.5 Add a VMkernel interface called vmk12 to the iSCSIVMk2 portgroup
esxcli network ip interface add -i vmk12 -p iSCSIVMkernel2
echo ## 3.6 configure vmk12 with IP Address and Subnet Mask
esxcli network ip interface ipv4 set -i vmk12 -I 192.168.0.121 -N 255.255.255.0 -t static
echo #########################
echo # PART 4: Bind the iSCSI VMkernels to the iSCSI Software Adapter vmhba33
esxcli iscsi networkportal add -A vmhba33 -n vmk11
esxcli iscsi networkportal add -A vmhba33 -n vmk12
echo #########################
echo # PART 5: Add send target portal for iSCSI SAN with IP address 192.168.0.100
esxcli iscsi adapter discovery sendtarget add -A vmhba33 -a 192.168.0.100:3260
echo #########################
echo # PART 6: Set the multi-pathing to default to round-robin
esxcli storage nmp satp set -P VMW_PSP_RR -s VMW_SATP_DEFAULT_AA
echo #########################
echo # PART 7: Perform a rescan for storage devices and new volumes
esxcli storage core adapter rescan -a
esxcli storage filesystem rescan
echo # FINISH COPYING ON THIS LINE!

Monday, 2 January 2012

A List of aaS-es (Alternative Title: Members of the "as a Service" (aaS) Family)

On this 2nd day of 2012, I just happened to be thinking about the evolution of "as a Service" offerings going forward over the next year; which led me to question "how many aaS-es can I find?" (Apologies if that sounds a bit rude.) A quick Google, and low and behold, nothing specific came up under the search phrases used in this post's title. So, what follows is an attempt to make a list of the members of the aaS family.

The List

AaaS = Applications as a Service
BaaS = Backup as a Service
DaaS = Data as a Service
DaaS = Database as a Service
DaaS = Desktop as a Service
DRaaS = Disaster Recovery as a Service
EaaS = Email as a Service
EaaS = Everything as a Service
HaaS = Hardware as a Service
IaaS = Infrastructure as a Service
ITaaS = IT as a Service
ITaaS = Information Technology as a Service
PaaS = Platform as a Service
SaaS = Security as a Service
SaaS = Software as a Service
VaaS = Voice as a Service

Note: If the time and inclination permits, I may come back to this post and add more descriptive information for each aaS – in effect, this list is a kind-of work in progress.