Search This Blog

Loading...

Saturday, April 12, 2014

HeartBleed Bug on Virtualization Platform

 

image

Heartbleed Bug is a serious vulnerability in the popular OpenSSL. This weakness allows stealing the information protected, under normal condition by the SSL / TLS encryption used to secure the internet. For more info, please click here.

Next question:

Does your virtualization infrastructure vulnerable on HeartBleed Bug ?

This is what I have found out during searching to check if my infrastructure is affected.

Vmware Platform

Yes. Vmware has confirmed the following products are affected:-

  • ESXi 5.5
  • NSX-MH 4.x
  • NSX-V 6.0.x
  • NVP 3.x
  • vCenter Server 5.5
  • vFabric Web Server 5.0.x – 5.3.x
  • VMware Fusion 6.0.x
  • VMware Horizon Mirage Edge Gateway 4.4.x
  • VMware Horizon View 5.2 Feature Pack 2
  • VMware Horizon View 5.3 Feature Pack 1
  • VMware Horizon View Client for Android 2.1.x, 2.2.x, 2.3.x
  • VMware Horizon View Client for iOS 2.1.x, 2.2.x, 2.3.x
  • VMware Horizon View Client for Windows 2.3.x
  • VMware Horizon Workspace 1.0
  • VMware Horizon Workspace 1.5
  • VMware Horizon Workspace 1.8
  • VMware Horizon Workspace Client for Macintosh 1.5.1
  • VMware Horizon Workspace Client for Macintosh 1.5.2
  • VMware Horizon Workspace Client for Windows 1.5.1
  • VMware Horizon Workspace Client for Windows 1.5.2
  • VMware Horizon Workspace for Macintosh 1.8
  • VMware Horizon Workspace for Windows 1.8
  • VMware OVF Tool 3.5.0
  • VMware vCloud Automation Center (vCAC) 5.1.x
  • VMware vCloud Automation Center (vCAC) 5.2.x
  • VMware vCloud Networking and Security (vCNS) 5.1.3
  • VMware vCloud Networking and Security (vCNS) 5.5.1

Vmware has published about it here. Most Vmware products which with OpenSSL 1.0.1 are affected

Citrix Platform

At this moment, “No” for Citrix XenCenter and XenServer. But affected

  • Citrix Access Gateway
  • Citrix Netscaler
  • Citrix XenApp
  • Citrix Web Interface

Citrix has published about it here.

Microsoft Hyper-V Platform

No. Microsoft Hyper-V Platform does not use open-source cryptographic library (Open SSL).

Meanwhile, Microsoft Account and Microsoft Azure, along with most Microsoft Services, were not impacted by the OpenSSL vulnerability. Windows’ implementation of SSL/TLS was also not impacted.

For more detail, please click here.

Summary

If you’re environment are running the above platform and under affected list, please act fast to protect it before too late.

More details:-

Defrag Cluster Shared Volume in Hyper-V Host

 

Fragmentation is the most common word that we heard. How do you know when fragmentation has occur in your virtualization infrastructure. This often happened when your virtual machine performance start to degraded and occurred when using dynamic disk in production environment.

For fixed disk deployment in production environment, you won’t likely have this issue as the disk has pre-allocated earlier during provisioning.

Last time, we used to use “Repair-ClusterSharedVolume” cmdlet to defrag CSV. But this cmdlet has deprecated. Now it is recommended to run using the command “defrag”

defrag (csv mount point name)
Example
defrag C:\ClusterStorage\Volume1

To check your disk fragmentation status, run

defrag C:\ClusterStorage\Volume1 /A /U /V

  • /A = Perform analysis
  • /U =print progress on the screen
  • /V = print verbose output

Below is the sample of two volumes that we are going to run defrag and check for fragmentation.

Volume 1

Displayed a result indicated that volume 1, do not require to defrag. So no fragmentation issue.

image

Volume 2

But volume 2 indicated that got fragmentation and we need to defrag the mount point.

image

To defrag the mount point we need to turn on redirect access first. Go to Powershell and execute command Suspend-ClusterResource.

About Suspend-ClusterResource Help:-

image

Suspend-ClusterResource (Cluster disk name) –RedirectedAccess

SNAGHTML199b0cc

Begin to solve fragmentation by run defrag command after set disk to redirect access mode
defrag C:\ClusterStorage\CSV2

image

This process will run for quite a long period depend on how much your fragmented disk . Just wait till it complete.

While performing this operation, your production virtual machine is still up and running. However we still recommend that you run during non peak period as it will slightly impact your VM performance and this is similar when you performing VM backup using DPM.

End result:- Total fragmented =0

image

Once the defrag process has completed, you need to turn off redirect access by using this command

Resume-ClusterResource (cluster disk name)
Result-ClusterResource CSV2

SNAGHTML1d9fd4f

Now your have solved your fragmentation issue, virtual machine should run in top condition.

Lastly before we sign off, do choose wisely on when to use dynamic disk and plan carefully your deployment to avoid fragmentation,

Wednesday, April 9, 2014

Starwinds News:- April 9, 2014

 

Some information sharing from our blog sponsor-Starwinds and free NFR to grab

News 1: – Shortlisted in DataCentre Solution Awards

StarWind iSCSI SAN&NAS and StarWind Native SAN for Hyper-V, have been shortlisted in the Datacentre Solutions Awards as the Datacentre ICT Storage Software of the Year.
Their Press Release is here: http://www.starwindsoftware.com/news/114

Vote now
If you believe we deserve to win these awards please vote for us!

Thank you for your time and support!
StarWind Team

News 2 :- Free NFR Key for Starwind SAN V8 is available for IT certified professional

If you do have the following certification,

image

You can get free license is necessary to register here:
http://www.starwindsoftware.com/free-nfr-license-v8?utm_source=blogs&utm_medium=textlink&utm_campaign=campaignId-358

Hurry ! Offer is valid till March 31 2014.

.

Sunday, April 6, 2014

Hybrid Cloud–Enable Distributed File System (DFS) in Microsoft Azure

 

DFS is an efficient multiple master replication engine that you can keep folder synchronized between servers across limited bandwidth network connections. It replaces the FRS as the replication engine and is the most common features that we always use when we would like to replicate file/ folder for multiple site location.

DFS Replication uses a compression algorithm known as remote differential compression (RDC). RDC detects changes to the data in a file and enables DFS Replication to replicate only the changed file blocks instead of the entire file.

With Microsoft Azure in the picture, we can use the infrastructure as the DR scenario and available to corporate environment when primary file server failed.

To setup, it is quite easy.

DFS

On premise environment

  • deploy at least a File Server and install the DFS roles

On Azure environment

  • Create a VM and install with DFS Roles as well. For high availability, we recommend to create another VM and configure as Availability Set. For more detail, please refer to here.

Virtual Network

  • Configure site to site vpn between on-premise environment and Microsoft Azure

Redundancy

  • Create an additional domain controller VM at Microsoft Azure. For more info, click here.

To enable roles, use Server Manager and add

  • DFS Namespaces
  • DFS Replication

image

Use DFS Management snap-in to create a domain namespace.

We have created Input Folder on premise and two target folder at Microsoft Azure.

  • \\RED-DC01 –> on premise
  • \\RED-FS01 –> on Azure (refer to AD Site)
  • \\RED-FS02 –> on Azure (refer to AD Site)

image

Configure DFS Replication

Right click the folder and select Replicate Folder

image

Define the Replication Group Name

image

On Replication Eligibility, will list as three DFS as replication member (1 FS on premise and 2 VM at Azure)

image

On Primary Member, select on premise DFS server. This will give this server as authoritative right when checking on duplicate data. It make more sense to set on premise server as primary since most of the time client machine access from on premise LAN and DFS will point client to nearest DFS server.

image

On Topology, we just select Full Mesh as we would like the data to be replicated to all members and to each others.

image

Replication Schedule:-

Set to always replicate and set bandwidth to 4Mbps. This will ensure data always on sync. You can choose another bandwidth according to preference.

image

Click Create to complete the replication settings.

image

Verification on settings.

Connection.

image

Schedule

image

Usage

By default, user will always pointed to on-premise DFS server as that it the nearest cost and data store to on-premise will replicate to Azure VM- DFS server.

To know more about DFS, please refer to:-