iThinkVirtual™

vSphere…Synology…NFS v4.1

| 31/12/2017 | Tags: , , , ,

Welcome, and thanks for visiting my blog!

In this post, I am going to cover how to enable NFS v4.1 on a Synology device and then mount and NFS v4.1 datastore in VMware vSphere 6.5.  By default, Synology devices support NFS v4 natively, and although they can also support NFS v4.1, it is not enabled.  Well, not to worry because I am going to show you just how to enable the feature on your device.

NFS v4 and v4.1 have been around for quite a few years but it has not taken off then way NFS v3 did way back when.  There were some major flaws pointed out with NFSv4 so NFSv4.1 was created to rectify those flaws, and VMware was one of the first major companies to adopt and support the new Network File System.  But unless your storage device supported the newer NFS versions, you would be stuck mounting NFSv3 volumes by default.

In this demo, I will be using my new replacement Synology DiskStation DS415+ and my homelab “datacenter” running the latest version vSphere 6.5.  So let’s jump right in!

Using a terminal application like PuTTY, connect to your Synology device via SSH using an admin user account.  This can be the default “admin” account and any new user account with Administrator privileges.  Once connected enter the following command to change the directory:

cd /usr/syno/etc/rc.sysv

Once in this directory, run the following command (enter the account password if prompted):

sudo cat /proc/fs/nfsd/versions

This will show us the current NFS version currently enabled and supported by the Synology device. 

We can see that all versions prior to 4.1 have a “+” sign next to them and 4.1 has a “-” sign next to it.  Let’s change that!

In order to change this, we will need to edit a shell (S83nfsd.sh) file using “vi”.  Run the following command to open the file with VI Editor:

sudo vi S83nfsd.sh

This will open the shell file and will place the cursor at Line 1, Character 1 as depicted in the following screenshot.  

Navigate down to line 90 using the down arrow and you will see the following line of text.

This is where the magic happens!  To edit the file now, press the “I” key on your keyboard to initiate an “Insert” then add the following to the end of the text so the line looks like the following screenshot.

-V 4.1

To commit and save this change, first press the Esc key.  Next type the following command and hit “Enter” to write and then quit vi editor.

:wq

 

 

Next, we need to restart the NFS service.  To do so enter the following command:

sudo ./S83nfsd.sh restart

 

If we again run the following command, we will see that there is now a “+” sign next to 4.1.  Hooray!

sudo cat /proc/fs/nfsd/versions

 

Now that we have enabled NFSv4.1 functionality on your storage device, let’s go ahead and mount an NFS volume to our hosts in vSphere.

I have enabled NFS and NFS v4 support then created the following shares with assigned permissions on my device, and am going to mount the ISOs share first in this example by issuing a command via PowerCLI.  We can also see that I do not have any NFS mounts currently in my environment

I’ve launched PowerCLI and connected to my vCenter Server using the Connect-VIServer cmdlet then issued the following command:

Get-VMHost | New-Datastore -Nfs -FileSystemVersion '4.1' -Name SYN-NFS04-ISOs -Path "/volume3/NFS04-ISOs" -NfsHost DS415 -ReadOnly

*Note:* an important argument here in the “-FileSystemVersion”.  If I do not specify the version, it will assume version 3.0 by default.

If I go back and look at my datastores via the Web Client, I can see that my new NFS 4.1 datastore has been mounted to each one of my ESXi hosts. Nice!

*Bonus:* If I’d like to easily remove this datastore from all of my hosts, I can issue the following command via PowerCLI.

Get-VMHost | Remove-Datastore -Datastore SYN-NFS04-ISOs -Confirm:$false

Now I can see that the host has been removed successfully!

Well, that about wraps this one up.  I hope that this has been useful and informative for you and I’d like to thank you for reading!  Until next time!

-virtualex-

Homelab Makeover 2.0

Hello and first off, thank so much for visiting my blog!  If you have followed any part of my “Homelab” series, you will be familiar with the components that make up my home “Datacenter”.  If not, take some time to catch up on those posts!

In this post, I am quickly going to cover my lab makeover as I decided to get some new equipment and redo a bunch of my networking.  So without any further hesitation, let’s get to it!

Beginning with my networking equipment, I wanted to move my Cisco SG300-10 out of my home network enclosure cabinet and into my Navepoint rack enclosure.  But then I realized I would have to replace that switch with another to feed the rest of my homes connections.  Currently, I am using Ubiquiti’s UniFi equipment for my home networking and since I’m already running Ubiquiti gear, I figured I would purchase a few more of their 8-port switches to do the job so that I can manage those devices from a “single-pane-of-glass” via the controller.  So I went ahead and purchased 2 US-8 switches, in which 1 will feed the home networking and the other will extend to the lab primarily serving as a trunk for my VLANs to reach the labs Cisco switches.

So now, my UniFi network consists of:

On to the lab network…

The US-8-LAB switch connects to my SG300-10 which I’ve configured 2-ports as a LAG “Trunk” between the switches for VLAN traffic, 2-ports as another LAG “Trunk” connection to the SG300-52 switch, and the others as “Access” ports which connect to the IPMI interfaces of my servers.  The IPMI connections were previously on my SG300-52 switch.  On to the SG300-52 switch, I have configured all of my ESXi management ports, vMotion ports, iSCSI & NFS ports, VSAN ports, and data ports for my servers, along with a few LAG connections which connect to my storage devices, and a few which connect my UPS and ATS/PDU units.  I also configured an additional LAG “Trunk” which connects to a Netgear Prosafe GS108T that I had laying around.  I’ve dedicated that switch and it’sports for my ex-gaming PC turned “DEV” ESXi host.  Eventually, that host will be decommissioned when I add a new host to my rack enclosure.

So now, my lab network consists of:

Now for the storage devices.  Previously, I was running my lab VMs using a Synology DS415+ storage unit via NFS mounts.  This was all fine and dandy, except for the fact that it would randomly shut itself down for no apparent reason, leading to eventual corruption of my VMs.  I got tired of spending hours trying to recover my machines and eventually discovered that my device was plagued by the Intel ATOM C2000 CPU issue described here.  I then reached out to Synology and they quickly responded and issued an immediate RMA of the device.  Again this was fine, but where was I going to move my VMs and data too?  I didn’t have another storage device with an ample amount of free space to accommodate all my data, so I decided to bite the bullet and pick up a brand new Synology RS815+ which I could now mount in my rack enclosure.  I also scooped up some 1TB SSDs from their compatibility matrix to populate the drive bays.  The difference here is that with the new RackStation, I opted to configure my LUNs via iSCSI instead of NFS like I had previously done with the DiskStation.  Once set up and connected, I vMotion’d all of my machines to the new device, and disconnected the DS415+ while I waited for the replacement device to arrive.  That replacement unit eventually came, so I swapped my SSD’s from the old unit into the new unit and fired it back up.  I will eventually recreate some NFS mounts and reconnect them to the vSphere environment.

Now, my lab storage consists of:

Finally, the cabinet.  I became rather displeased with the amount of space I had with my Navepoint 9U 450mm enclosure.  The case itself was great, but I just needed some more room in the event I needed to un-rack a server or do anything else in there.  Also, I started to do some “forward-thinking” about eventual future expansion, and the current 9U enclosure was no longer going to suffice.  I decided to upgrade to a new Navepoint 18U 600mm enclosure, and now I have plenty of room for all of my equipment and future expansion.  After relocating my servers to the new rack enclosure, I now have the following equipment mounted in the rack and, still, have room for growth.

  • 2 x Cat6 keystone patch panels
  • 2 x Cisco SG300 switches
  • 4 x Supermicro servers
  • 1 x Synology storage unit
  • 1 x UPS
  • 1 x ATS/PDU
  • 1 x CyberPower Surge power strip (in the event I need to plug-in some other stuff)

Thanks for stopping by!  Please do leave some comments as feedback is always appreciated!  Until next time!

-virtualex-

Pingbacks: 

macOS 10.13 High Sierra on ESXi 6.5

**NOTE: This is completely for experimental purposes and is unsupported by both Apple and VMware**

Hello all!  This is just a quick follow up to my previous guide on running macOS 10.12 Sierra on ESXi 6.x, where I have now successfully updated the VM to macOS 10.13 High Sierra.

If you simply try to run the upgrade via a self-made ISO, or via the Mac App Store, the final image will fail to boot.  The reason being is because starting with macOS 10.13, Apple has converted the file system from Hierarchical File System Plus (HFS Plus orHFS+) to the new Apple File System (APFS).  During the upgrade process, the HFS+ will be converted to APFS, and the unlocker utility which allows us to even run a macOS VM on ESXi doesn’t support APFS.  In fact, support for ESXi, in general, is no longer available in the latest Unlocker 2.1.1 so I am still using the Unlocker 2.1.0 for ESXi, and Unlocker 2.1.1 for VMware Workstation 14.

For this quick tutorial, I am using the latest VMware ESXi 6.5 Update 1 Build 7388607 and I started by simply cloning my macOS 10.12 VM to a new virtual machine.

Once powered on, go to the Mac App Store and download the macOS High Sierra installation.  When the download is complete, DO NOT run the installer and quit it instead.  You will now have the installer application available in your Applications folder.

Now, open a Terminal session and enter the following command as one line.  Depending on the account you’re are logged in with, sudo may or may not be needed.

sudo /Applications/Install\ macOS\ High\ Sierra.app/Contents/Resources/startosinstall --converttoapfs NO --agreetolicense --nointeraction

The key argument here is the “–converttoapfs NO” which prevents the OS from converting the drives file system format from HFS+ to APFS.  Additionally, the “–nointeraction” argument is optional.

Now sit back, relax, and let the upgrade do its thing.  When the upgrade is complete, the VM should have successfully booted up and you will now be running macOS High Sierra.

-virtualex

Pingbacks:

Achievement Unlocked! VCP6-DCV!

| |

This is an extremely long overdue post, but I have had such a busy year that I really haven’t been able to find much time to write and publish material that I have been meaning to get out.  So, as I attempt to get back into the groove, I wanted to publish this quick post of my most recent accomplishment, obtaining the VCP6-DCV certification!

I actually completed and obtained this certification back on August 31st, 2017, just a few hours before heading out to take part in and witness the wedding of my beautiful sister.  Talk about a stressful day, not to mention the stressful weeks/ends/nights spent trying to cram in as much study to ensure I was well prepared for the exam. 

I felt very confident in my knowledge and that I would pass the exam on the first attempt and since I was already a VCP5 holder, I chose to take the delta (2V0-621D) exam which I completed in about 90 minutes.  I took my time, read every question and diagram thoroughly, and ended up with an impressive 447/500 score!  Not too bad if I don’t say so myself.

Anyhow, I have now renewed my VCP5, obtained my VCP6, and get to begin my journey’s toward VCP65 and VCAP6x!  Can’t wait!!!

I’d also like to take a moment to send out congratulations to anyone who has taken and passed a VMware certification this year and best of luck to anyone planning on taking an exam in 2018!

Fixing A Corrupt Domain Controller – Stop Code 0x00002e2

Yesterday morning I discovered that my Synology NAS had an unexpected shutdown in the middle of the night while my homelab VMs/workloads were still running.  This caused both of my Domain Controllers databases to become corrupt resulting in being unable to boot those machines.  When attempting to boot them, they would get stuck in a BSOD boot-loop and would display a Stop Error Code of 0x00002e2.

.

After some research I was able to figure out how to recover my VMs and get them to boot up again.  This had happened to me once before sometime earlier this year and luckily I remembered that I had taken some notes on how to fix it so I figured this time I would put together a formal “How To:” guide to have it documented for myself and hopefully to help others facing this issue as well.  So without further adieu…let’s get to it!

.

To start, you will need to power-on the machine and then keep pressing the F8 key to bring up the “Advanced Boot Options” boot menu.  Navigate down to Directory Services Repair Mode enter press Enter to boot you into Safe Mode.

When you reach the login screen, log in with the Local Administrator account since Active Directory Domain Services are obviously unavailable.

Once at the Desktop, open an elevated Command Prompt window.

As a best practice, I feel it is always wise and important to make a backup of the files before doing any modifications.  Since we will be backing up the NTDS directory, create a directory at your preferred location to store the backup files.  I chose to make a backup folder on the root of “C:\” and a sub-directory with the name/date of the directory I am backing up.

md C:\Backup\NTDS_11122017

Then copy everything from the “C:\Windows\NTDS” directory to this new location using xcopy.

xcopy C:\Windows\NTDS\* C:\Backup\NTDS_11122017 /E /Y /V /C /I

Once done, let’s rename any .log file extensions in the NTDS directory to .log.old

cd C:\Windows\NTDS

ren *.log *.log.old

Now, this is where we get to the good stuff!

First, run the following command to repair the database.

esentutl /p "C:\Windows\NTDS\ntds.dit"

This will display the following warning message, click “OK

Let it do its thing and you will see the following once complete.

Now we need to use the NTDS Utility (ntdsutil.exe) to activate the NTDS instance and compact the DB to a new file which will then be used to overwrite the original.  I will be compacting it to a new TEMP directory within the NTDS directory.  The command will automatically create the new directory if it’s not already present.  Enter the following commands.

ntdsutil

activate instance ntds

files

compact to C:\Windows\NTDS\TEMP

If successful, you will be presented with instructions to copy the newly compacted file to the NTDS directory, overwriting the original, and also to delete any .log files in the NTDS directory.  Before we can do that we need to exit out of the ntdsutil.  Type quit twice to exit.

quit

quit

Let’s follow those instructions and also delete the *.log.old files we renamed earlier.

copy "C:\Windows\NTDS\TEMP\ntds.dit" "C:\Windows\NTDS\ntds.dit"

Yes

Ensure you are still in the NTDS directory before entering the following delete commands.

del *.log

del *.log.old

The hard part is now over!  Let’s go ahead and reboot the machine normally.

If all goes well and as expected, your machine will boot successfully and you can log in again with an Active Directory Domain Admin account.

Awesome!  Well, I hope you’ve found this guide useful.  Please feel free to share this and provide me some feedback/comments below.  Thanks for reading!

 

-virtualex-

Upgrading VMware vSphere Data Protection (VDP)

Having a backup solution is imperative in any IT environment, whether it be Production or a simple Home Lab like I have.  There are many different brands and companies that offer backup solutions, such as Veeam or Nakivo, to name a few.  But I personally like to stick with the VMware product line so that I can build the necessary skills and knowledge of their software, required to successfully grow and advance my career.  My personal choice, and preferred backup solution, is VMware vSphere Data Protection (VDP) since it’s fairly simple to deploy, configure, and manage.  

VDP is a robust, simple-to-deploy, disk-based backup and recovery solution that delivers storage-efficient backups through patented variable-length deduplication, rapid recovery, and WAN-optimized replication for disaster recovery (DR).  Plus, it’s vSphere-integration and simple user interface makes it an easy and effective backup tool.  Additionally, it is now bundled with vSphere Standard, Enterprise Plus, and vSphere with Operations Management Enterprise Plus by default.

Since I have recently rebuilt by personal home-datacenter, I opted to deploy VDP 6.1.3 in my environment.  Version 6.1.3 was released back in November 2016, and just recently, version 6.1.4 was released on March 16, 2017.  Of course, as I always like to be on the latest and greatest versions of software, I just had to upgrade my appliance.  So before starting any upgrade, I always like to refer to the official documentation for upgrade procedures and best practices, but I wasn’t really able to find anything out there on the “inter-webs”.  So I figured, “what the heck, why not just give it a go and make my own documentation?”.  Not only will this be beneficial to me, but I hope that it will also help others in the community who’d like to update their appliances as well.  Let’s get to it!…

Prerequisites:

  • Snapshot of your current VDP appliance

If you do not take a snapshot, you will be prompted to do so before you’re even allowed to perform the upgrade.

As previously mentioned, I will be upgrading my appliance from 6.1.3 to 6.1.4.

Begin by taking a snapshot of your current appliance, then attach the VDP Upgrade .ISO media to the appliance.

Login to the application’s web UI and click on the Upgrade tab.  It should automatically detect the presence of the ISO and begin reading it for updates but if it does not, click the Check Upgrades button.  Allow up to 15 minutes or more for the scan to complete before you can proceed with the upgrade.

Once the appliance has detected the available upgrade, click on the upgrade version to select it, then click the Upgrade VDP button.

If you had not taken a snapshot prior to upgrading the appliance, you will be presented with the following, hence the reason I listed this step as a prerequisite.

The upgrade process will now begin by first preparing the package for installation, which can take about 15 minutes or so, so now would be a good time to grab a beer or some coffee!

Afterwards, the actual installation will begin and you shall see the following set of instructions.

From my experience, I did not see the progress bar complete to 100%.  Instead, it disconnected itself from the web UI.  I realized that this meant it was beginning to stop its services and shut itself down.  

Before having come to this realization, I tried to reload the web UI but would simply get a blank screen.

Eventually, I took a look at the VDP appliance console I had previously opened, and noticed the appliance was indeed powered off.   I confirmed by also checking the current status via the Web Client.  This is a good sign as the instructions stated the appliance will shut itself down after the upgrade has completed.

So now that the appliance was shutdown, the instructions explicitly stated to delete the snapshot before restarting the appliance.  Normally, I would wait until after to machine has booted up successfully before I delete a snapshot, just in case something went wrong, but in this case VMware stated this for a reason so I went ahead and deleted the snapshot.

It also stated to reconfigure the disk mode for any disks used by the VDP datastore to “Independent-Persistent”.  I went ahead and checked and saw that it was already set to that mode by default so I didn’t have to change anything there.

Finally, I booted up the appliance and to my delight, the appliance was now running version 6.1.4!  This turned out to be easier than expected!  

I’d like to thank you for reading, and hope that you’ve found this content to be useful.  Please rank this post, feel free to comment, and subscribe to my blog!

 

-virtualex

Deploying OpenVPN on ESXi

| 12/02/2017 | Tags:

Have you ever wondered to yourself, “What is OpenVPN and what is it used for?”  I know I have!  I currently leverage OpenDNS’s servers in my network, and when I saw that they offer an Open-Source VPN solution, I figured I had to give it a whirl!  While I have used VPN’s before for connecting to a company network from a remote location, or using a VPN service while travelling and connecting to numerous public hot-spots for the added security, I never thought to implement my own for personal use where I can connect to my home network and browse my devices or surf the net securely as if I was sitting at home in front of my computer from anywhere in the world.  Well…welcome OpenVPN!

As stated on their website… “OpenVPN Access Server is a full-featured secure network tunneling VPN software solution that integrates OpenVPN server capabilities, enterprise management capabilities, simplified OpenVPN Connect UI, and OpenVPN Client software packages that accommodate Windows, MAC, Linux, Android, and iOS environments. OpenVPN Access Server supports a wide range of configurations, including secure and granular remote access to internal network and/ or private cloud network resources and applications with fine-grained access control.”

OpenVPN offers a variety of different software installation packages and virtual appliance to suit your needs.  I opted for the VMware virtual appliance to deploy in my home network.  In this tutorial, I will show you just how to deploy an OpenVPN Access Server on ESXi 6.5.  For the purposes of this demonstration, I will be deploying said appliance on a virtual ESXi host running in my lab so without any further hesitation, let’s get started!

  • Head on over to the OpenVPN website and download the virtual appliance for VMware.  
    • At the time of this writing, the current version is 2.1.3 released back on 9/16/2016.  Installation instructions are also provided on this site.  Once you have obtained the virtual appliance, connect to your ESXi host via the ESXi Host UI or the vCenter Web Client.  
  • As I am just working on a single host without a vCenter, I will leverage the ESXi Host UI.  Follow along to deploy the appliance…

  • Now that the appliance has been deployed, go ahead and power it on then open a Remote Console session to the appliance.  I will be leveraging the VMware VMRC version 9.0.  Once the appliance has booted, you will be presented with the following screen.

 

  • Now, login to the appliance using the following default credentials.
    • Username – root
    • Password – openvpnas
  • We are now entering the configuration wizard.  Type “yes” to accept the license agreement and begin the wizard

  • From this point, a series of questions will be presented.  For the most part, we will be accepting the defaults so follow along to configure the appliance.
    • Will this be the primary Access Server node?
      • Explanation: If this is your initial Access Server node, press Enter to accept the default setting. Otherwise, if you are setting up your failover node, change this to say no.
    • Please specify the network interface and IP address to be used by the Admin Web UI:
      • Explanation: This will be the interface where OpenVPN Access Server will listen to Admin Web UI requests. Make sure you have access to the interface listed otherwise you will be unable to login to your server. If you are uncertain on what interface to use, select option 1 for all interfaces. Do note that if your network did not assign your appliance a DHCP lease or if you are planning to use a static IP for your server, you will need to specify all interfaces here and follow the instructions for assigning a Static IP in the later section of this article. This option may be changed any time after the completion of the wizard in the Web Admin UI.
    • Please specify the port number for the Admin Web UI.
      • Explanation: This is the port you will use to access the web-based administration area. It is usually safe to leave this at the default port unless customization is desired.
    • Please specify the TCP port number for the OpenVPN Daemon
      • Explanation: This is the port clients will use to connect to your VPN server. This port will have to be forwarded to the Internet if your server is behind a NAT-based router. By default, the web-based administration area also runs on this port for your convenience, although this setting can be disabled in the Admin Web UI interface.
    • Should client traffic be routed by default through the VPN?
      • Explanation: If you only have a small network you would like your remote users to connect over the VPN, select no. Otherwise, if you would like everything to go through the VPN while the user is connected (especially useful if you want to secure data communications over an insecure link), select yes for this option.
    • Should client DNS traffic be routed by default through the VPN?
      • Explanation: If you would like your VPN clients to able to resolve local domain names using an on-site DNS server, select yes for this option. Otherwise, select no. Do note that if you selected yes for the previous option, all traffic will be routed over the VPN regardless what you set for this setting here.
    • Use local authentication via internal DB?
      • Explanation: If you would like OpenVPN Access Server to keep an internal authentication database for authenticating your users, select yes for this option. When this option is turned on, you will be able to define and/or change username and passwords within the Admin Web UI. If you select no for this option, Linux PAM authentication will be used and you will need to add/change/delete users within the Linux operating system itself. If you would like to use LDAP or RADIUS as your authentication method, you will need to change this after you login to the Web Admin UI.
    • Should private subnets be accessible to clients by default?
      • Explanation: This option defines the default security setting of your OpenVPN Access Server. When Should client traffic be routed by default through the VPN? is set to no, it defines the list of subnets that your VPN clients is able to access. You are able to add more entries to this list once you log in to the Admin Web UI area. This option will have no effect if Should client traffic be routed by default through the VPN? is set to yes.
    • Do you wish to login to the Admin UI as “openvpn”?
      • Explanation: This defines the initial username in which you would use to login to the Access Server Admin UI area. This username will also serve as your “lock out” administrator username shall you ever lock yourself out of your own server. If you would like to specify your own username, select no. Otherwise, accept yes for the default.
    • Specify the username for an existing user or for the new user account:
      • Explanation: Enter the initial username you would like to use instead of the default ‘openvpn‘.
    • Type the password for the ‘user’ account: > Confirm the password for the ‘user’ account:
      • Explanation: Specify the password you would like to use for the account.
    • Please specify your OpenVPN-AS license key (or leave blank to specify later):
      • Explanation: If you have purchased a license key for your OpenVPN Access Server software, enter it here. Otherwise, leave it blank. OpenVPN Access Server includes two free licenses for testing purposes. After you complete the setup wizard, you can access the Admin Web UI area to configure other aspects of your VPN. The URL for the Admin Web UI area is displayed upon the completion of the setup wizard. As mentioned previously, you will be able to access the Admin Web UI on both the VPN port and the Admin port unless you disable this behavior in the Admin Web UI. Note: If you selected yes to the Do you wish to login to the Admin UI as “openvpn”? option in the setup wizard, you will need to define the password for this account by running: passwd openvpn and press Enter.
  • The only options I changed from the defaults are as follows…
    • Port used by the OpenVPN Daemon
      • I used “9443”
    • Use local authentication via internal DB
      • I said “yes”
    • Do you wish to login to the Admin UI as “openvpn”?
      • I said “no” and then specified a username and password.

  • There are also a few optional settings you can configure which are detailed on the instructions web page but I will not cover them here.
  • If an at point you mess up during the initial configuration, first complete it and then from the command prompt type
ovpn-init
  • This will prompt you to type “DELETE” to wipe the current config so you can start over.

  • Now that the appliance is deployed and configured, a port-forwarding rule is required to pass traffic to the appliance so it can be connected to from outside your network.  Head over to your router and configure the TCP port you defined during the initial configuration for the OpenVPN Daemon to forward to the IP of the appliance.  An additional UDP port-forward is needed for port 1194 to the appliance’s IP address.
TCP Port 9443 #this is the port that I defined in the configuration

UDP Port 1194

  • Once the port forwarding rules are in place, you can connect to the appliance via a web browser on your network as well as from an external network.  Let’s start by testing connectivity from within our network.  Open a web browser and navigate to the appliance admin login page
https://<appliance-IP>:<port>/admin
  • If successful, you should see the login page and can log in with the credentials set during configuration.  From here you can configure the appliance to your liking then download the OpenVPN Client for use on Windows, Mac, etc.  I will not cover the settings in this tutorial but feel free to poke around here and configure your appliance before logging out.

  • You can also connect to the appliance without the “/admin” in the URL so that you can download your client.  You can use either option from the drop-down menu. 
https://<appliance-IP>:<port>

  • If you choose the “Connect” option, you will see this screen which will prompt you to download the OpenVPN Client for your computer.

  • If you choose “Login” option, you will see this screen which provides various download links for other devices, as well as the option to download your custom profile to be used in the client so that you connect to your personal VPN environment.

  • To connect to your VPN network from an external network, you will need to obtain your external IP address by using “What’s My IP” or “IP Chicken” websites.  Then enter that IP address in your web browser with the TCP port you defined in your port-forward rule.
https://<external-WAN-IP>:<port>
  • I tested this from my phone and was successful.  Then you can download the profile and use a VPN client on your phone or computer to access your network via your OpenVPN appliance.

Well, I hope this helps shed some more light on the awesomeness of OpenVPN and that you’ve found this useful.  Thanks for reading and please comment and subscribe!

-virtualex-

Home Lab 2017 – Part 1 (Network and Lab Overhaul)

For the last 6+ months, I haven’t had much time to dedicate to my home lab and overall home network.  Between holidays, transitioning to a new employer/role, and everyday life getting in the way, I found that I had to put everything on the back burner for a bit…so I inevitably shutdown by home lab. Well now I am back and am looking forward to writing up some new material that I have been meaning to do for a while.  I will start this by saying this is a continuation of my Home Lab 2016 Series, now being dubbed as “Home Lab 2017“!

So first and foremost, I powered up my home lab once again and I intend to leave it up and running at 100% uptime.  While doing so, my Synology NAS decided to reboot itself for an auto-update, right in the middle of a VM’s (my domain controller to be exact) boot process.  This would eventually cause my VMDK file to become corrupted and I could no longer boot my DC and reconnect my home lab.  I also had not yet backed anything up since the environment was still fairly new so I figured why not take this opportunity to rebuild everything and get some new components.

I decided to add a few more (3 per host to be exact), extremely quiet, Noctua NF-A4x10 FLX 40mm  fans.  This will help to keep my ATOM CPU cool as well as exhaust any hot air from out of each case.  I had also been contemplating on doing a Network equipment overhaul.  Last year I upgraded my ASUS RT-AC68U SOHO Router with a Ubiquiti ERLite-3 EdgeRouter, and turned the ASUS into a wireless AP only.  I do not have a single complaint in the performance and overall stability of that setup.  But I recently began looking at the Ubiquiti UniFi gear, and noticed that it the Unified Security Gateway basically runs the same EdgeOS found in the ERLite-3, just with a different web-interface.  Realizing that we are in this new wave of cloud-managed networking, and seeing that the USG-3P was basically on-par with the ERLite-3, I bit the bullet and ordered my new Ubiquiti UniFi gear to replace my current setup.  The featureset in the EdgeRouter series of routers still has the edge over the UniFi’s features but it’s only a matter of time before they are equal, or UniFi surpasses the EdgeRouters.

I decided on the following products:

After getting everything connected, I will say that I was extremely impressed with the ease of setup, current feature set, and the presentation of the Web UI.  I am not going to go into the specifics of how to set it all up, etc. as this is not a UniFi tutorial, but I will say that the little quick start guides tell you everything you need to know.  One can also consult “Mr. Google” for more information.  

My only gripe with the current feature set of the USG-3P is that there is no support for Jumbo Frames…yet!…but hopefully that will come in a future firmware release.  The US-8-60W does indeed support Jumbo Frames so I enabled in on there at least for now.  Additionally, the VOIP LAN port on the USG-3P is there for a future release to add support for it.  I have also read some threads were feature requests have been submitted to allow said port to be used as a secondary LAN/WAN port instead of just for VOIP.  This is currently in beta, but once these settings are added, I feel it would bring the device closer to the capabilities of the ERLite-3 in terms of features. Only time will tell…

Now that I had my basic home network configured, LAN & WiFi-LAN, I powered on my Cisco lab switches and began migrating all of my VLANs over to the new USG-3P, thus removing the need for any static routing which I relied on with my previous setup.  Next, I powered on all of my hosts, and began upgrading them to ESXi 6.5.  Finally, I was finally on my way to getting up to the latest release of vSphere!  Once all of my hosts were upgraded, with the exception of my dev-host as the CPU is not supported in ESXi 6.5, I began spinning up a few new VMs.  I took this time to install Windows Server 2016 for my Domain Controllers, and decided to ditch the Windows-based vCenter server in favor of the vCenter Server Appliance (vCSA) since it now has vSphere Update Manager (vUM) integration and the appliance runs on VMware’s Photon OS.

Once my vSphere environment was minimally setup, I started to deploy some more VM’s with the vSphere Web Client, and I must say the speed and performance of the Web Client in 6.5 is “night-and-day” as compared to the Web Client in 6.0!  Nore more need for the Client Integration Plugin as the newer version for 6.5 runs as a service.  This is the way the web client should have been designed from the very beginning instead of making us all suffer because of how slow the Flash-based version previously was.  Although I always preferred to use the Web Client because of the features within it, I can see why so many users still used the C# “fat-client” instead.  Who wants to wait forever and a year just for the Hosts and Clusters view, or VM’s and Templates view to load?!?!?  I know that I dreaded the loading times.  Currently, my vSphere lab consists of the following machines…for now.

  • 2 – Domain Controllers (I’ve learned my lesson and the consequences of only having one DC…)
  • 1 – vCenter Server Appliance
  • 1 – vSphere Data Protection Appliance
  • 1 – Windows 10 Management Jumpbox
  • 1 – IP Address Management Server (phpIPAM)
  • 1 – Mail Server (hMailServer)
  • 1 – WSUS Server
  • 1 – SCCM Server ( I am currently teaching this to myself and may eventually leverage SUP, thus replacing/repurposing my current WSUS server)
  • 1 – vRealize Configuration Manager (vCM) Server ( I am also teaching this to myself as to become more familiar with the product and its capabilities)
  • 1 – OpenVPN Appliance

So now that my Home Lab has been upgraded and completely rebuilt, I look forward to spending more time tinkering with it and putting it to good use for exam studies and personal knowledge.  I am dedicating my Sundays as “Home Lab Fun-days”!  Thanks for stopping by and I hope you enjoyed the read! Please comment below and subscribe!

Create a macOS/OS X VM on VMware ESXi 6.5 & VMware Workstation 12.x

| | Tags: ,

Create a macOS/OS X VM on VMware ESXi 6.5 & VMware Workstation 12.5.2 Pro

 

**NOTE: This is completely for experimental purposes and is unsupported by both Apple and VMware**

Running a MacOS/ OS X virtual machine is not anything new and has been supported for quite some time, as long as you are running said VM on a supported hypervisor with Apple Hardware.  But many of the “Non-Apple” users in the world would not be able to take advantage of this without owning some type of Apple Computer.  Luckily, there is an alternative method for running a Mac-based VM on non-apple hardware-based VMware ESXi and/or VMware Workstation for Windows!  In this tutorial, I am going to show you just how to do so.  Please keep in mind that the methods described in this article are not supported nor endorsed by Apple or VMware in any way, so please use at your own risk.

Before we can begin, there are a few tools required to ensure this works flawlessly.

  • macOS Sierra installation media in .iso format (You can use an older OS as well but for this demo, I will be installing macOS Sierra 10.12.3)
    • This media will have to be created as the OS comes as a .app by default.
    • This link has a good tutorial for creating said media.
  • Unlocker Utility
    • Current Stable version 2.0.8 works up to OS X Yosemite on ESXi 6.0 and Workstation 11
    • Version 2.0.9 RC adds support for macOS Sierra on ESXi 6.5 and Workstation 12.x
  • Type 1 Hypervisor (ESXi) or a Type 2 Hypervisor (VMware Workstation)

 

Ready? Here we go!  I’ll start by showing you how to create a macOS Sierra VM on VMware Workstation 12.5.2 Pro…

VMware Workstation 12.5.2 Pro
  • Make sure that VMware Workstation is installed but not running.
  • Extract the contents on the Unlockler 2.0.9RC.
  • Open a command prompt and navigate to the extracted folder
  • Run win-install.cmd.  This will patch your VMware Workstation to unlock the capabilities to run a Mac OS.  It will also download the latest VMware Tools (darwin.iso) for macOS into the extracted directory.

 

  • Launch VMware Workstation and create the shell VM

  

  • When choosing the hardware compatibility, you can optionally change this to version 10 so that you do not need to manually edit the .vmx file after the shell has been created.

 

  • I am going to leave it at version 12 and manually edit the .vmx file afterwards.  Continue creating your shell by following along…

 

  • Now that we have the shell created, we still need to attach the ISO to the VM.  Click on the CD/DVD (SATA) option on the left side in the Devices pane.  Once in the settings, select the ISO image.

  • Next, navigate to the directory that houses the virtual machine’s files.  Edit the .vmx file with your preferred text editor.  I personally love using NotePad++.  Scroll to the bottom of the text and add the following line.  This will enable the VM to boot up.
    • If you opted to change the hardware version to version 10 in the earlier steps, disregard this and move on to the next step.
smc.version = "0"

  • At this point, the VM is ready to be powered on to install macOS Sierra.  I will cover the installation steps further down in this tutorial, but first, let me cover the procedures for enabling this on ESXi.  I will be showing how to do so on ESXi 6.5a (Build 48872370)

VMware ESXi 6.5a (Build 48872370)

  • For ESXi we first need to copy the unlocker utility to a local or shared datastore.  You can accomplish this by using vCenter, ESXi Host UI, or WinSCP.  For simplicity, I opted to use WinSCP and copied the folder into a newly created “Tools” folder on a local datastore.  You can also take this time to upload the .ISO to the local datastore for use later in this tutorial.

  • Now that the files have been copied, open an SSH connection to your ESXi host, and navigate to the unlocker directory.

  • We can then type “ls” to view the contents of the directory.

  • Next, we must make the installation script executable.  I also like to make the uninstallation script executable as well.  Do so by running the following commands.
chmod +x esxi-install.sh

chmod +x esxi-uninstall.sh

  • Typing “ls” again will now display the (2) scripts in green text, indicating that they are now executable.

  • Run the installer script by running the following command
./esxi-install.sh

  • The script will only take a brief moment to run, afterward, a reboot is required.  Once it has finished type
reboot

  • After the ESXi host has restarted, connect to the ESXi Host UI and begin building the shell VM by following along.

  • Now that the shell VM is created, we need to go back into the VM’s settings and attach the .ISO that you uploaded to the datastore in a previous step.

  • At this point, the VM is ready to be powered on to install macOS Sierra!  Unlike with the VMware Workstation instructions, there is no need to change the hardware version to version 10 or manually modify the .vmx file.

  • In the next section, I will cover the installation steps for MacOS Sierra.
Installing macOS Sierra

**The following instructions apply to both an ESXi and Workstation built macOS VM**

  • Start by powering on the virtual machine and opening the Remote Console view

  • Once the VM has booted the .ISO, you will be presented with this screen.  Click next and then go to the taskbar and open Disk Utility.  We need to create a partition to install macOS onto.

  • After the partition has been created, we can actually start the macOS installation.

  • After the VM has rebooted, we can continue the installation/configuration of macOS.

  • Finally, the macOS VM is ready to use!  For the finishing touches, it is recommended to install VMware Tools on this VM.  When we ran the installation script at the start of this procedure, it downloaded a “tools” folder inside of the unlocker tool folder and inside it contains the darwin.iso which is used to install VMware tools.  This should be the latest release of VMware Tools 10.1.0.  Optionally, you can always download the tools from VMware’s website.
  • In order to install the VMware Tools, we first need to eject the mounted install media.  Afterwards, connect the CD/DVD drive to the darwin.iso file.

  • Once the VMware Tools (darwin.iso) is mounted, double-click the “Install VMware Tools” package to begin the installation.  After it completes, reboot the VM for the changes to take effect.

 

Optional Tweaks
Adjusting Screen Resolution
  • By default, the macOS VM will only support (1) resolution natively, 1024 x 768.  

  • If you’d like to change this to support a higher resolution for say…a larger monitor, please download the following file on the macOS VM.  Once the file has been downloaded to the “Downloads” folder in the VM. Open the “Terminal” application and navigate to the folder.  We need to make the script executable, just as we did earlier with the unlocker scripts.
cd Downloads/VMware-Fix-resolution/

chmod +x vmware-resolutionSet

  • Now we can run the script and specify the desired resolution.  In this example, I am going to choose a 1440 x 900 resolution.  Do so by running the following
./vmware-resolutionSet 1440 900

  • On the ESXi-based VM, I did notice that it does not set a resolution higher than 1176 x 885 while in the Remote Console.  But, the VMware Workstation-based VM does indeed set the desired resolution.

 

Disable Beam Synchronization to Improve VM Performance
  • Download the following application and place it in the “Applications” folder.  Double-click it to launch the application.  Afterwards, add it to the user’s “Logon Option” so it runs every time at login.

I hope that you’ve found this information useful.  Please do leave comments below and subscribe to my blog!  Thanks for stopping by!

-virtualex-

Pingbacks:

Achievement Unlocked! vExpert 2017!

| 08/02/2017 | Tags:

Earlier today, I got the notification and I am honored that I’ve been awarded the VMware vExpert 2017 title!  The current vExpert count is 1,472 people and this marks my 2nd consecutive year (2016-2017) that I’ve been awarded with the title.  I could not be more grateful and humbled!  It takes effort, passion, and dedication to elevate your personal skillset and knowledge base and I am thankful that I have had a great experience in working with VMware’s product line.  I look forward to keeping this going for years to come!  Congratulations to all my fellow vExperts!!

And special thanks go to VMware, Corey Romero, and the entire VMTN Community for all their efforts into making the vExpert program such a success!

 

 

Links: