RSS

Category Archives: Computers

VMWare Woes Pt2

As readers of my blog may recall, I posted about issues I’ve been having with our new VMWare system running on an HP 3000 blade chassis.

As a quick reminder, the system had been set up by consultants who knew their way around VMware, but didn’t seem to have a clue about the networking side. Although the system was cabled correctly into two physical switches, failure of one switch caused the system to drop offline rather than use the second switch.

Political issues and various managers throwing their toys around meant the consultants were no longer willing to assist us, so the problem fell to me to resolve. My efforts were hampered by the fact that the IT Manager allowed people to start accessing the VM’s, which of course meant I couldn’t take the system offline during working hours.

As I’d correctly guessed, our issues were being caused by the fact that the failure of a physical switch was not being seen by the ESXi host connected to that switch (each ESXi host is connected to the C3000 interconnect switch, which connects to the physical switch).

Having tried (and failed) to use Beacon Probing to work around this, the solution would appear to be to enable Uplink Failure Detection on the C3000 interconnects. Thich allows us to tell the interconnect to kill the downlinks to an ESXi host when it detects a failure on a physical switch uplink. This has the effect of alerting the ESXi host to the network failure, which will then start utilising remaining network paths for outboun traffic.

Unfortunately, even that wasn’t straight forward, as UFD only works on uplinks that share the same VLAN configuration. Our consultants had set up multiple uplinks with each in a different VLAN. This week, I managed to recable the system so that the VLANs are all trunked over the same uplinks, allowing me to enable UFD. Four days later, the system is still up, there are no signs of the new configuration causing any issues and (I think) we now have a fully fault tolerant ESXi environment. Stay tuned for part 3 when I test my work and start pulling out various cables!

Oh, and the issue with one of the VM’s hanging at 95% when powered on was due to it having been automatically migrated to another ESXi host during the maintenance period. It was waiting for me to respond to a question asking if I had moved or copied the VM, but I hadn’t spotted this as the question is actually asked on a different tab; no indication of this is given on the main tab, it just looks like the VM has hung!

 
Leave a comment

Posted by on September 23, 2012 in Computers, Work

 

Bring Your Own Device. Shudder.

It had to happen. Maybe they saw us secretly playing with (sorry, I mean testing) iPads in the IT department. Perhaps they saw the headlines that David Cameron plays a “scary, crazy” amount of time playing Fruit Ninja on his iPad. Whatever the reason, I was told yesterday that our Executive Committee wants us to recommend to them that they need some form of wireless tablet that they can connect to the corporate network to help boost productivity.

I couldn’t help but groan when I heard this. While I certainly think proper, secure Wifi access is something we should be thinking about (currently our wifi’s allow access to the Internet only – no corporate LAN access), I just know the CEO and co will be thinking that this is as simple as 1. purchase device and 2. connect to network. Unfortunately this way of doing things quickly leads to 3. clean up the malware infestation and 4. watch your data walk out of the door.

While the request specify mentions this Exec Committee, I see this as part of a growing trend towards Bring Your Own Device (BYOD) policies. Many users already use their own laptops at work rather than the Windows 7 desktop PC’s we supply, choosing to copy data between laptop and desktop via USB sticks (or simply keeping their data on their own laptop). For that reason, I think that this is a good opportunity to put forward recommendations for personal device usage that encompasses the whole organisation.

For me, there are two areas of concern. Firstly, we must ensure that personal devices cannot compromise the security of the corporate network by introducing malware. Whilst we cannot take responsibility for the state of a personal device (eg does it have antivirus enabled and up to date? Is it fully patched?) we must be able to prevent devices that are at risk from connecting to the network.

Secondly, we must be able to control (or at least, audit) what happens to corporate data. If Joe Bloggs is fired, we must be confident that he doesn’t walk out of the door with our customer database on his laptop. Unfortunately, given that many users already choose to use their own laptops for storing work, we are already falling behind with this. Equally unfortunately, this is as much an HR/management issue as it is a technological one. And our management are notoriously bad for giving in to user demands (we once implemented an endpoint policy using Safend software, all approved by the Executive Committee, only for it to be scrapped within an hour of being enabled due to a handful of users complaining that their own USB devices were being rejected. Despite the fact that we’d made the relevant people aware that this would happen, and had supplied approved USB devices to be used instead).

So this weekend, I shall be putting on my creative thinking cap and doing some research into how other companies are dealing with this. My first thoughts are perhaps to continue separating corporate and personal devices on different networks, and implementing a Windows 2008 Remote Desktop Services system on the corporate LAN to publish remote applications that users can use to work on corporate data, perhaps combined with a network quarantine solution to ensure that devices meet a minimal approved specification before being approved on the network. The advantage (or perhaps the disadvantage!) to RDS is that it could potentially be made available to the outside world, allowing users the freedom to work from anywhere.

 
Leave a comment

Posted by on May 26, 2012 in Computers, Security, Work

 

Help, My Fingers Are Turning Green…

Who would have thought I would ever get pleasure from growing things in my garden? I certainly wouldn’t – I thought I was destined to spend all of time sat in front of multiple monitors, compiling code for the latest exploits and lurking in dubious IRC channels.

And here we are today, with me eagerly awaiting summer so I can start digging up the potatoes that my dad kindly gave me a few weeks ago. As you can see, they’re in a couple of potato bags and have been growing steadily over the past couple of weeks thanks to a mixture of rain and warm weather. The last compost top up was at the weekend, so now I just get to watch and wait.

Unfortunately my parents posted a pic of their potatoes recently which kind of put mine to shame (although they did plant theirs earlier). Still, baby steps 🙂

In other news (and to prove there’s still a geek in here somewhere), we finally got our HP Blade enclosure and SAN set up and working last week. This week is play time, before the serious work of getting the new Debian based genetics server rolled into production.

 
Leave a comment

Posted by on May 24, 2012 in Computers, Greenfingers

 

VMWare ESXi: Resizing C: Drive

I recently had to look at expanding the capacity of the C: drive on a virtual server running Windows 2003, as the existing C: drive had completely filled up, despite us having installed all applications etc on a second, dedicated virtual drive (perhaps I’m showing my age, in IT-years, but I remember fitting a complete installation of Windows onto 4Gb drives and still having room left over for applications and data. Ah, good times).

Anywho, there seem to be a number of articles documenting different ways to expand the C: drive using third party tools such as Partition Magic, so I thought I’d document the method I used this morning, using nothing more than the VSphere client and Windows 2003 diskpart tool. It took less than 5 minutes, and the server booted back up with not so much as a whiff of a blue screen of death (always a concern when you mess with the boot volume!)

Firstly, remove any snapshots that you have for the Virtual Machine.

Next, shut down the virtual machine and resize the affected hard drive using the VSphere client. In my case, I increased it from 20Gb to 40Gb. This increases the size of the virtual drive, but doesn’t change the size of the c: partition.

Now, you must attach the virtual hard drive to a second virtual machine. The reason for this is that Windows won’t let you extend the partition of the boot/system volume. Attaching it to a different VM as, for example, the E: drive gets around this restriction. In my case, I had to open the Disk Management tool and assign the virtual disk to E: as it wasn’t automatically given a drive letter.

Now, open a command prompt and run the diskpart tool. At the diskpart prompt, type “list volumes” to show all available volumes. Each will be assigned a number, mine was number 2.

Select the volume using the “select volume 2” command, and finally use “extend” to extend the partition to the full size of the drive. Extend does take option switches that let you control how far to extend but if you omit these, it’ll extend to the end of the virtual hard drive (40Gb in my case).

Now, shut down the second virtual machine and remove the virtual hard drive from it’s settings.

Boot up the original virtual machine. If all goes according to plan, the C: drive will be the new size, although you will probably have to reboot the server once more as Windows will give you with the “found new hardware” prompt.

I should point out I did this on ESXi 5 using Windows 2003 Standard with SP2. If you attempt this, make sure you have a good backup of the virtual hard drive in case it all goes pear shaped and you have to restore!

 
1 Comment

Posted by on February 12, 2012 in Computers, Work

 

Windows 7 Motherboard/Processor Upgrade

I recently purchased a new motherboard, processor and extra memory to upgrade my Windows 7 PC. While the PC generally runs ok, the processor seems to spike quite easily and I wanted to upgrade to a faster Athlon II quad core processor. As the processor fits an AM3 socket, this required a new motherboard since my old motherboard had an AM2 socket which was not compatible with the newer processor. This in turn required an upgrade to DDR3 RAM, so I took the opportunity to upgrade to 4Gb.

Even though both motherboards were from ASUS, having done plenty of motherboard upgrades in the past I was fully expecting to have to re-install Windows from scratch, or at the very least, spend hours doing repairs/installing drivers before giving up and fully installing Windows from scratch.

Imagine my surprise, then, when the Windows 7 installation on my old SATA hard drive not only booted up from the new motherboard, but did so without blue screening, proceeded to install all of the drivers automatically, and is now sitting humming to itself in the corner.

I am surprised (to say the least). Just when it seems that Windows 7 has shown me all of its party tricks, it pops another one out from up its sleeve. My Windows Experience index for processor and RAM has gone from 4.9 and 5.1 to 7.3 and 7.3 respectively. Unfortunately, my graphics card now lets the side down, so last night I put in my order for a 1Gb Sapphire Vapor-X HD5770 which, from the reviews I’ve read (and the pic below), looks quite impressive.

 
Leave a comment

Posted by on March 22, 2011 in Computers