Sunday, 23 June 2019

Tech Roundup – 23 June 2019

Stuff collated/new since Tech Roundup – 9th May 2019 with headings:
FlexPod, Industry News, Microsoft, NetApp, NetApp StorageGRID and SSL Certificates, NetApp TRs, Security, Veeam (skipping NetApp.io and TechONTAP Podcast this month)

FlexPod

FlexPod Datacenter CVD with ONTAP 9.5 and vSphere 6.7U1

FlexPod Datacenter for AI/ML with Cisco UCS C480 ML for Deep Learning Design Guide

Industry News

How @DigitalOcean just killed our company @raisupcom. A long thread for a very sad story.

Red Hat storage shifts focus to OpenShift, hybrid cloud, HCI

Microsoft

What’s NEW in Windows Server 2019

NetApp

NetApp Revolutionizes Data Fabric to Dominate Hybrid Multicloud

Bringing Data Fabric to Life with Support for Hybrid Multicloud and DevOps

Simplify Data Management Across Public or Private Clouds with NetApp Cloud Volumes

Creating Simple & Powerful Hybrid Clouds

Work Less, Do More with NetApp Fabric Orchestrator

Cloud Volumes Service for Google Cloud – bringing high-performance file storage as a service to you

Automatically Tier Your Data to Amazon S3 Glacier with NetApp StorageGRID

Build a Data-Driven Culture

NetApp Democratizes Cloud Storage With New All-Flash Solution

NVIDIA and NetApp Partner to Create a Data-Driven AI Future for Customers

Azure NAS: Why and How to Use NAS Storage in Azure

Azure Backup: 5 Things to Think About Before You Backup on Azure

Enterprise Apps in Google Cloud Platform

Cloud Tiering: Lift and DON’T shift!

How Cloud Tiering works

New NetApp platform for ONTAP 9.6 (Part 3) AFF C190

IT Operational Support with a SaaS-First Cloud Strategy

Application Lifecycle Management for Kubernetes

How to Use NetApp Cloud Manager with Trident for Provisioning Persistent Volumes in Kubernetes Deployments

Move to Google Cloud 10X Faster

TDP SnapMirror deprecated in ONTAP 9.6

Introducing NetApp SANtricity Cloud Connector 4.0!
SANtricity Cloud Connector is a host-based Linux application that performs full-block and file-based backups and restores of E-Series volumes with your existing Amazon Simple Storage Service (S3) or NetApp StorageGRID account.

Artificial Intelligence in the Automotive Industry

NetApp IT Perspective: StorageGRID F5 Load Balancer Design Considerations

Azure NetApp Files is now generally available

ONTAP AI – NVIDIA DGX-2 POD with NetApp AFF A800: NVA Design

MAX Data Software Evaluation

The Evolution of VDI

Announcing NetApp Private Cloud for HCI with Red Hat and OpenShift

Image: NetApp HCI for Private Cloud with Red Hat

Kick-Starting Hybrid Multi-Cloud Management with NetApp Cloud Insights

Image: Cloud Insights Dashboard

Why Is Private Cloud a Key Strategy for NetApp Partners?

Your 5 Biggest FlexPod Questions Answered

ONTAP 9.6 MetroCluster Docs:
MetroCluster IP Installation and Configuration Guide
Fabric-attached MetroCluster® Installation and Configuration Guide
Release notes for ONTAP 9.6
ONTAP 9.6rc1 product / download page

NetApp StorageGRID and SSL Certificates

StorageGRID Load Balancer Options:
*Especially check out the SSL Termination section.

SSL Certificate Configuration for StorageGRID:

Configuring certificates:

Configuring StorageGRID certificates for ONTAP clients using FabricPool:

OpenSSL examples:

NetApp TRs


TR-4785: AI Deployment with NetApp E-Series and BeeGFS

TR-4784: FlexPod for Epic Performance Testing

TR-4782: BeeGFS with NetApp E-Series: Reference Architecture

TR-4780: Oracle on Azure Deployment Best Practice Guide: Using Azure NetApp Files

TR-4779: Building Storage as a Service with ServiceNow and NetApp Service Level Manager

TR-4778: NetApp HCI and Splunk Enterprise Solution with Arrow

TR-4777: Veeam Cloud Tier with StorageGRID Object Storage
Security

Critical Microsoft NTLM vulnerabilities allow remote code execution on any Windows machine

There is no released Docker version with a fix for this issue at the time of writing...

Windows 10 zero-day exploit code released online

CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability

Side Channel Vulnerability Microarchitectural Data Sampling

Veeam

VeeamON 2019

Integrated RMAN Backup

7 expert tips for multi-Cloud Data Management

Why we chose WireGuard® for Veeam PN v2

Quiesced snapshots failing after latest Windows 2016 Update

Saturday, 22 June 2019

Cisco IOS Command List (Notes from ICND1 Scenario Specific Examples)


After a Cisco ICND1 refresher course (I did my CCNA back in 2005), a refresher of Cisco IOS commands.

Implementing the Initial Switch Configuration

enableenters privileged EXEC mode.
configure terminalenters global configuration mode.
hostname nameconfigures a hostname to the device.
interface interface slot/numberenters interface configuration mode for the specified interface.
ip address ip_address subnet_maskconfigures an IP address with the specified subnet mask.
description name-stringan interface configuration command to describe or name an interface.
no shutdownbrings up the interface. Uses this command in interface configuration mode. To shutdown the interface, use this command without the no in front.
ip default-gateway ip_addressset the default gateway of the switch.
show running-configa privileged EXEC command to display the list of configuration commands that modify the default configuration of the system.
show interface statusdisplays the interface line status

Implementing the Initial Router Configuration

enableenters privileged EXEC mode.
configure terminalenters global configuration mode.
hostname nameconfigures a hostname to the device.
interface interface slot/numberenters interface configuration mode for the specified interface.
ip address ip_address subnet_maskconfigures an IP address with the specified subnet mask.
description name-stringan interface configuration command to describe or name an interface.
no shutdownbrings up the interface. Uses this command in interface configuration mode. To shutdown the interface, use this command without the no in front.
show running-config interface interface slot/numberprivileged EXEC command to display the running configuration for a specific interface.
show interface statusdisplays the interface line status
show ip interface [type number]displays the usability status of interfaces that are configured for IP.

Implementing Static Routing

enableenters privileged EXEC mode.
configure terminalenters global configuration mode.
interface interface slot/numberenters interface configuration mode for the specified interface.
ip address ip_address subnet_maskconfigures an IP address with the specified subnet mask.
no shutdownbrings up the interface. Uses this command in interface configuration mode. To shutdown the interface, use this command without the no in front.
ip route network-number network-mask {ip-address | interface}sets as static route in the IP routing table.

Implementing Basic Numbered and Named ACLs

ip access-list {standard|extended} {access-list-name|access-list-number}used in global configuration mode to define an IP access list by name or number.
permit source [source-wildcard]used in ACL configuration mode to set conditions to allow a packed to pass a named IP ACL. To remove a permit condition from an ACL, use the no form of this command.
deny source [source-wildcard]used in ACL configuration mode to set conditions in a named IP ACL that will deny packets. To remove a deny condition from an ACL, use the no form of this command.
ping {hostname|system-address} [source source-address]used in privileged EXEC mode to diagnose basic network connectivity.

Implementing PAT

ip address dhcpused in interface configuration mode to acquire an IP address on an interface via DHCP
ip access-list {standard|extended} {access-list-name|access-list-number}used in global configuration mode to define an IP access list by name or number.
permit source [source-wildcard]used in ACL configuration mode to set conditions to allow a packed to pass a named IP ACL. To remove a permit condition from an ACL, use the no form of this command.
ip nat [inside|outside]used in interface configuration mode to designate that traffic originating from or destined for the interface is subject to NAT.
ip nat inside source {list {access-list-number|access-list-name}} interface type number [overload]used in global configuration mode to establish dynamic source translation. Use of the list keyword enables you to use an ACL to identify the traffic that will be subject to NAT. The overload option enables the route to use one global address for many local addresses.
ip nat inside source static local-ip global-ipused in global configuration mode to establish a static translation between an inside local address and an inside global address.

Troubleshooting VLANs and Trunks

vlancreates VLAN and enters VLAN configuration mode for further definitions.
nameassigns a name to the VLAN. The length of the name can be from 1 to 32 characters.
switchport access vlansets the VLAN that the interface belongs to.
switchport trunk encapsulation dot1qspecifies 802.1Q encapsulation on the trunk link.
switchport mode trunkputs the interface into permanent trunking mode and negotiates to convert the link into a trunk link.
switchport accessassigns this port to a VLAN.
show vlandisplays VLAN information.
show vlan briefdisplays VLAN information in brief.
show interfaces trunkdisplays the trunk information on the switch.
pingto diagnose basic network connectivity.

Implement Multiple VLANs and Basic Routing Between the VLANs

enableenters privileged EXEC mode.
configure terminalenters global configuration mode.
interface interface slot/numberenters interface configuration mode for the specified interface.
ip address ip_address subnet_maskconfigures an IP address with the specified subnet mask.
vlancreates VLAN and enters VLAN configuration mode for further definitions.
switchport mode {access|trunk}configures the VLAN membership of a port. The access port is set to access unconditionally and operates as a nontrunking, single VLAN interface that sends and receives nonencapsulated (nontagged) frames. An access port can be assigned to only one VLAN. The trunk port sends and receives encapsulated (tagged) frames that identify the VLAN of origination. A trunk is a point-to-point link between two switches or between a switch and a router.
switchport trunk {encapsulation {dot1q}}the command sets the trunk characteristics when the interface is in trunking mode. Sets the encapsulation format on the trunk port to IEEE 802.1Q. With this format, the switch supports simultaneous tagged and untagged traffic on a port.
encapsulation dot1q vlan-idto define the matching criteria to map 802.1Q frames ingress on an interface to the appropriate service instance, uses the encapsulation dot1q command in interface configuration mode.
show vlandisplays VLAN information.

Implementing a DHCP Server in a Cisco IOS Device

ip dhcp pool nameused in global configuration mode to configure a DHCP address pool on a DHCP server and enter DHCP pool configuration mode.
domain-name domainused in DHCP pool configuration mode to specify the domain name for a DHCP client.
network network-number [mask]used in DHCP pool configuration mode to configure the network number and mask for a DHCP address pool primary or secondary subnet on a Cisco IOS DHCP server.
ip dhcp excluded-address ip-address [last-ip-address]used in global configuration mode to specify IP addresses that a DHCP server should not assign to DHCP clients.
ip helper-address addressused in interface configuration mode to enable forwarding of UDP broadcasts, including BOOTP, that are received on an interface.
default-router address [address2 ... address8]used in DHCP pool configuration mode to specify the default router list for a DHCP client.

Implementing RIPv2

ip route prefix maskuses the ip route command in global configuration mode to configure static routes. Prefix denotes IP route prefix for the destination and mask denotes prefix mask for the destination.
router ripenables a RIP routing process which places you in router configuration mode.
network ip-addressassociates a network with a RIP routing process.
version 2configures the software to receive and send only RIPv2 packets.
no auto-summarydisables automatic summarization.
default-information originategenerates a default route into RIP and uses the default-information originate command in router configuration mode.
passive-interface interfacespecifying an interface name sets only this interface to passive RIP mode. In passive mode, RIP routing updates are accepted by, but not sent out of the specified interface.
show ip rip databasedisplays the contents of the RIP routing database.

Securing Device Administrative Access

line console 0changes the context to console configuration mode.
line vty 1st-vty 2nd-vtychanges the context to vty configuration mode for the range of vty lines listed in the command.
loginenables console and vty configuration mode; tells Cisco IOS Software to prompt for a password.
login localenables console and vty configuration mode; tells Cisco IOS Software to prompt for a username and password to be changed against locally configured username global configuration commands on this switch or router.
password pass-valueenables console and vty configuration mode; lists the password that is required if the login command (with no other parameters) is configured.
username name password pass-valueenables the global command; defines one of possible multiple usernames and associated passwords that are used for user authentication. It is used when the login local line configuration command has been used.
enablea user in user mode can gain access to enable mode by using the enable command.
enable password actual-passwordif the enable password actual-password global configuration command is used, it defines the password that is required when using the enable EXEC command.
enable secret pass-valueenables the global command, sets the switch password that is required for any user to reach enable mode.
service password-encryptionthe service password-encryption global configuration command directs Cisco IOS Software to encrypt the passwords, CHAP secrets, and similar data that are saved in its configuration file.
ip domain-name nameconfigures a DNS domain name with the ip domain-name name global configuration command.
crypto key generate rsa – enables the global command; creates and stores (in a hidden location in flash memory) the keys that are required by SSH.
transport input {telnet|ssh}used in vty line configuration mode; defines whether telnet or SSH access, or both, is allowed into this switch. Both values can be configured on one command to allow both Telnet and SSH access (the default.)
access-list access-list-number {deny|permit} source [source-wildcard]to define a standard IP access list, uses the standard version of the access-list command in global configuration mode.
access-classrestricts incoming and outgoing connections between a particular vty (into a Cisco device) and the address in an access list.

Implementing Device Hardening

ntp server ip-addressused in global configuration mode to allow the software clock to be synchronized by an NTP time server.
ntp peer ip-addressused in global configuration mode to configure the software clock to synchronize a peer or to be synchronized by a peer.
interface type numberused in global configuration mode to enter configuration mode for an interface.
shutdown used in interface configuration mode to shut down the interface.
vlan {vlan-id|vlan-range}used in global configuration mode to add a VLAN and enter configuration mode for the VLAN.
name name used in VLAN configuration mode to name a VLAN.
switchport access vlan vlan-idused in interface configuration mode to assign the interface to a VLAN.
switchport port-securityused in interface configuration mode to enable port security on the interface.
switchport port-security maximum maximumused in interface configuration mode to set the maximum number of secure MAC addresses on the port.
switchport port-security mac-address {mac-addr|{sticky [mac-addr]}}used in interface configuration mode to add a MAC address to the list of secure MAC addresses. The sticky option configures the MAC addresses as sticky on the interface.
switchport port-security violation {shutdown|restrict|protect}used in interface configuration mode to set the action to be taken when a security violation is detected.

Configuring System Message Logging

logging ip addressconfigures the IP address of the host that will receive the system logging (syslog) messages.
logging trap levelto limit messages that are logged to the syslog servers based on severity, use the logging trap command in global configuration mode. The number or name of the desired severity level is which messages should be logged.
show loggingdisplays the state of system logging (syslog) and the contents of the standard system logging buffer. Use the show logging command in privileged EXEC mode.

Implement IPv6 Static Routing

ipv6 unicast-routingused in global configuration mode to enable the forwarding of IPv6 unicast datagrams.
ipv6 address {ipv6-address/prefix-length | prefix-name sub-bits/prefix-length}used in interface configuration mode to configure an IPv6 address based on an IPv6 general prefix and to enable IPv6 processing on an interface.
show ipv6 routeused in user EXEC or privileged EXEC mode to display the current contents of the IPv6 routing table.
ipv6 route ipv6-prefix/prefix-length ipv6-addressused in global configuration mode to create static IPv6 routes. To remove a previously configured static route, use the no form of this command.
ipv6 address autoconfig [default]used in interface configuration mode to enable automatic configuration of IPv6 addresses using stateless autoconfiguration on an interface and to enable IPv6 processing on the interface. To remove the address from the interface, use the no form of this command.

Tuesday, 21 May 2019

Bash (Linux) and Powershell (Windows) Scripts to Test File Access to Multiple Locations

Linux


Here’s the bash script with 2 example targets:


#!/bin/bash
while true
do
([ -e /mnt/test1/test1.txt ] && date >> /mnt/LOG/log1.txt || echo "FAILURE")
([ -e /mnt/test2/test2.txt ] && date >> /mnt/LOG/log2.txt || echo "FAILURE")
sleep 1
done


Save as say fileaccess.sh and run in bash as sh fileacess.sh

In the above example we’re testing access to 2 files, each in a different mount point. Time stamp is log for successes. Failure is echoed to the screen for failure. There’s a wait of 1 second.

It’s possible to do it as a one line to from the bash shell:


while true ; do ([ -e /mnt/test1/test1.txt ] && date >> /mnt/LOG/log1.txt || echo "FAILURE") ; ([ -e /mnt/test2/test2.txt ] && date >> /mnt/LOG/log2.txt || echo "FAILURE"); sleep 1 ; done


Powershell

Here’s the powershell script with 2 example targets:


"" > C:\LOG\log1.txt
"" > C:\LOG\log2.txt
while($TRUE){
If (test-path C:\mnt\test1\test1.txt){ [String](date) >> C:\LOG\log1.txt }
else { Write-Host "FAILURE" }
If (test-path C:\mnt\test2\test2.txt){ [String](date) >> C:\LOG\log2.txt }
else { Write-Host "FAILURE" }
sleep 1
}


Save as say filetester.ps1 and run in powershell .\filetester.ps1

Similarly, you could turn it into a one liner. Or you can just copy and paste it into powershell.

Intention

The idea is that you can set up a number of NFS mounts, and/or a number of CIFS shares, and test the availability of file access.