How-To

VMware vSphere 6.5 Nested Virtualization – Create and Install ESXi 6.5

With vSphere 6.5 and nested ESXi 6.5 hosts I enable myself to get hands on with vSphere advanced features with vCenter without having the physical hardware in my home lab. The advantages to this setup allows me to test out new VMware features or simulate issue that could happen in production.

The term “nested virtualization” is used to describe a hypervisor running under another hypervisor. In this case, I will be installing ESXi 6.5 inside a virtual machine hosted on a physical ESXi 6.5 host.

Requirements:

  • Physical ESXi Host (ESXi 6 – 6.5 – )
  • Physical hardware supporting either Intel EPT or AMD RVI

Steps to setup ESXi 6.5 virtual machine guest:

Log into vCenter or ESXi host with a user with admin credentials. In my case I am using the vSphere web client. *spoiler alert* no more C# (Thick) client for vCenter. However it still works with the ESXi 6.5 hosts.

Switch to the “VMs and Templates” view. Right click a folder and select New Virtual Machine > New Virtual Machine…

Choosing “Custom” configuration select type Other for OS family, doing the same for Guest OS version. *note* Ensure you are choosing 64-bit (Other 64-bit)

Once at the configuration hardware screen; Make a few modifications to the default values.

VM Guest Configuration Settings:

  • Define the CPU to a minimum of 2 or more. This includes cores.
  • Define memory to a minimum of 6GB RAM
  • Define Disk to 2 GB (Thin Disk)
  • Change network adapter type to VMXNET 3
  • Add an addition network adapter (also VMXNET 3)

Additional Configuration Step: Enabling support for 64-bit nested vms

Locate the and expand the CPU properties page and tick the check box next to “Expose hardware assisted virtualization to the guest OS”. This setting will allow you to 64-bit vms inside nested ESXi hosts. Read more about this feature here: https://en.wikipedia.org/wiki/Hardware-assisted_virtualization

Click next and exit configuration

At this point you are ready to install ESXi 6 – 6.5 as a Guest VM.

I leave you with this video of the full process. Thanks for visiting and I hope this helps any of you looking to do the same.

 

Originally posted on my LinkedIn Page:

https://www.linkedin.com/pulse/vmware-vsphere-65-nested-virtualization-create-install-jermal-smith

Installing vCenter Appliance 6.5

With the general availability (GA) release of vSphere 6.5 I decided to upgrade my home lab and learning environment to the latest and greatest of VMware’s product. Not only for learning, but for running the systems I use daily in my lab.

Preparation work:

  • Download and Install ESXi 6.5 to my new lab hardware – Configure ESXi 6.5
  • Download the VCSA 6.5 Installation media and start the install process – See below

I mounted the installation media (ISO) on my Windows notebook and started the installation by navigating to \vcsa-ui-installer\win32\ and starting the installer.exe application.

This will display the Center Server Appliance 6.5 Installer. Seeing how this install will be a new installation of vCenter I selected “Install”

Here you find a two step installation process. The first step will deploy a vCenter Server 6,5 appliance and the second step will be configuring this deployed appliance.

Accept the standard End User License Agreement (EULA) to move forward into the installation.

Next you select the type of installation you need for your environment needs. In my case I have chosen the embedded Platform Services Controller deployment.

Next, choose the ESXi host where you would like to have this vCenter appliance deployed and provide the root credentials of the host for authentication.

Then, provide a name for the vCenter appliance VM that is going to be deployed and set the root password for the appliance.

Based upon your environment size, select the sizing of the vCenter appliance. I went with Tiny as it fits the needs of my Lab environment. Note: It will configure the Virtual Appliance with 10GB of ram so be sure you can support this in yours.

Next, select the datastore where the vCenter appliance files need to reside.

Configure the networking of vCenter appliance. Please have a valid IP which can be resolved both forward / reverse prior to this to prevent any failures during installation.

Review and finish the deployment, and the progress for stage 1 begins. Upon completion, Continue to proceed to configure the appliance. This is stage 2.

The stage 2 wizard begins at this point. The first section is to configure Network Time Protocol (NTP) setting for the appliance and enable Shell access for the same.

Next configure an SSO domain name, the SSO password and the Site name for the appliance. Once the configuration wizard is completed you can login to the web client.

The following short video I made gives you an feel for the install process. Enjoy.

 

 

Fix for Checkpoint VPN tunneling Option being grayed out on Check Point Endpoint Security Client

I noticed that my Windows VPN client on my computer was forcing all traffic through the gateway of my VPN endpoint. Something that in most cases would be find however this limited my ability to access local network resources in addition to browsing the internet via my local internet provider (Split Tunneling).

What I soon noticed was that I could not remove the setting that encrypted all traffic, routing it to the gateway

To make these changes to the client the following needs to be done.

Step 1: Modify configuration allowing for trac.config to be edited as its obscured for security purpose.

  1. Exit the Check Point Endpoint Security Client
  2. Stop the “Check Point Endpoint Security” service
  3. Edit c:\program files (x86)\checkpoint\endpoint connect\trac.defaults

Change the top line from:

OBSCURE_FILE INT 1 GLOBAL 0

to

OBSCURE_FILE INT 0 GLOBAL 0

Step 2:

  1. Start the “Check Point Endpoint Security” service
  2. Start the Check Point Endpoint Security client
  3. Verify that the c:\program files (x86)\checkpoint\endpoint connect\trac.config file is de-obscured.
  4. Shutdown the Check Point Endpoint Security Client
  5. Stop the “Check Point Endpoint Security” service
  6. Edit c:\program files (x86)\checkpoint\endpoint connect\trac.config

Search and edit the following line:

From: <PARAM neo_route_all_traffic_through_gateway=”false”></PARAM>

To: <PARAM neo_route_all_traffic_through_gateway=”true”></PARAM>

Step 3:

  1. Delete c:\program files (x86)\checkpoint\endpoint connect\trac.config.bak
  2. Start the “Check Point Endpoint Security” service
  3. Start the Check Point Endpoint Security Client

Notes: Pros and Cons of Split VPN you should know about

Pros

If you are going to split tunnel, then you are going to reduce the overall bandwidth impact on your Internet circuit. Only the traffic that needs to come over the VPN will, so anything a user is doing that is not “work related” will not consume bandwidth. In addition, anything external to your network that is also latency sensitive will not suffer from the additional latency introduced by tunneling everything over the VPN to the corporate network. Users will get the best experience in terms of network performance, and the company will consume the least bandwidth.

Cons

If security is supposed to monitor all network traffic, and protect users from malware and other Internet threats by filtering traffic, users who are split tunneling will not get this protection and security will be unable to monitor traffic for threats or inappropriate activity. Traffic to websites that use HTTPS will still be protected, but other traffic will be vulnerable.

Ref: https://www.cpug.org/forums/archive/index.php/t-14545.html

Check Point 600 Appliance Software Blade Stuck in Updating status

Recently I had a chance to get my hands on this excellent Firewall by Checkpoint. And as you know not everything goes perfectly, and this is where you get a chance to learn how it works, while you fix.

I encountered an issue where one of the Threat Prevention Blades was stuck in updating mode for several hours. I had logged into the appliance via SSH to view to CPU utilization and observed nothing which would indicate an issue.

I started thinking about what events occurred which may have caused this. So I looked at the auto update schedule for the blades and noticed that all 3 blades where set to upgrade simultaneously.

I have observed that these updated can causes very high consumption of CPU and which that perhaps the blade with the issue became stuck in an upgrading status.

To address this situation, I issued the update command from the CLI :

  1. Log into the firewall via SSH
  2. Enter into expert mode by typing ‘expert’ in the CLI – You will be asked for your expert password. Once in export you will be in a standard Linux bash prompt.
  3. Run the following while in expert mode depending on which update you require:
  • Anti-Virus Blade: [Expert@jermsmit.com]# online_update_cmd -b AV -o update
  • IPS Blade: [Expert@jermsmit.com]# online_update_cmd -b IPS -o update
  • Application Control Blade: [Expert@jermsmit.com]# online_update_cmd -b APPI -o update

 

Now return and refresh your webUI and you should notice that the blade(s) that were once stuck in the upgrading status are now showing up to date.

Check Point 600 Appliance Initial Setup

The following is a quick video of the setup of a Checkpoint 600 Security Appliance

Notes right from the admin guide: http://downloads.checkpoint.com/dc/download.htm?ID=24000

Check Point 600 Appliance Overview
Check Point 600 Appliance delivers integrated unified threat management to protect your organization from
today’s emerging threats. Based on proven Check Point security technologies such as Stateful Inspection,
Application Intelligence, and SMART (Security Management Architecture), Check Point 600 Appliance
provides simplified deployment while delivering uncompromising levels of security.

 

Check Point 600 Appliance supports the Check Point Software Blade architecture that gives independent
and modular security building blocks. Software Blades can be quickly enabled and configured into your
solution based on specific security needs.

 

This video takes place, right after the Check Point 600 was connected to WAN, LAN, and Powered Up.

Capture PuTTY Session Logs

In the past week I have had my good share of working on remote systems where I needed to utilize the tool PuTTY to issue commands; not all of them documented. To assist me in documenting my steps I often use the session logs. However this normal has been a manual process in the heat of the moment and sometimes enabling logging is an afterthought.

To guarantee that this is done I have preformed the following steps to the default configuration of my PuTTY client and all saved sessions so that logs are saved and dated for future reference. I wish to record those here for any of you who would like to do the same.

[Press Start]

 

Open PuTTy

Under Category, choose Logging

Under Session Logging, choose the option “All session output”

Under file name: choose a directory and log filename

Using the PuTTY log parameters I configure my logs to consists of host, year, month, data and time for each session.

I also selected the option to “Always append to the end” of the session log which is currently open”

Finally, saving this new log settings to the Default Settings profile in putty making this the default logging option for all future connections and saved profiles.

Note: Profiles that existed before this change will need to be modified if you wish to also log the session output.

Log Parameters:

  • &H = hostname for the session
  • &Y = year
  • &M = month
  • &D = day
  • &T = time

Example Log’s:

Short Video on how to do this

Linux Commands, And More Commands

I have posted about commands in the past. I am now ‘rebooting’ that post adding additional commands that I find useful.

File Transfer:

$ scp somefile.txt server:/tmp Secure copies somefile.txt to remote host /tmp folder

$ scp sysadmin@server:/www/*.html /www/tmp Copies *.html files from remote host to current system /www/tmp folder

$ scp -r sysadmin@server:/www /www/tmp Copies all files and folders recursively from remote server to the current system /www/tmp folder

$ rsync -a /home/backup /backup/ Synchronizes source to destination

 

File and Folder Archive:

$ tar cf home.tar home Creates tar named home.tar containing home/

$ tar xf file.tar Extracts the files from file.tar

$ tar czf file.tar.gz files Creates a tar with gzip compression

$ gzip file Compresses the file and renames it to file.gz

 

Networking Stuff:

$ ifconfig -a Display all network ports and ip address

$ ifconfig eth0 Display specific ethernet port ip address and details

$ ip addr show Display all network interfaces and ip address(available in iproute2 package,powerful than ifconfig)

$ ip address add 10.0.0.1 dev eth0 Set ip address

$ ethtool eth0 Linux tool to show ethernet status

$ mii-tool eth0 Linux tool to show ethernet status

$ ping host Sends echo request to test connection

$ whois domain Get who is information for domain

$ dig domain Get DNS information for domain

$ dig -x host Reverse lookup host

$ host google.com Lookup DNS ip address for the name

$ hostname -i Lookup local ip address

$ wget file Download file

$ netstat -tupl Listing all active listening ports(tcp,udp,pid)

$ ssh user@host Connects to host as user

$ ssh -p port user@host Connects to host using specific port

$ telnet host Connects to the system using telnet port

 

Permissions:

$ chmod 777 /data/test.c Sets rwx permission for owner , rwx permission for group, rwx permission for world

$ chmod 755 /data/test.c Sets rwx permission for owner,rx for group and world

$ chown owner-user file Changes the owner of the file

$ chown owner-user:owner-group file-name Changes the owner and group owner of the file

$ chown owner-user:owner-group directory Changes the owner and group owner of the directory

 

Process Management:

$ ps Displays your currently active processes

$ ps aux | grep ‘telnet’ Finds all process id related to telnet process

$ pmap Memory map of process

$ top Display all running processes

$ kill pid Kill process with mentioned pid id

$ killall proc Kill all processes named proc

$ sleep 10 & Sleeps at the background

$ kill ‘JobNumber ‘ Terminates the job

$ jobs Display the jobs

$ pkill processname Send signal to a process with its name

$ bg Resumes suspended jobs without bringing them to foreground

$ fg Brings the most recent job to foreground

$ fg n Brings job n to the foreground

 

Useful File Commands:

$ cd .. To go up one level of the directory tree

$ cd Goes to $HOME directory

$ cd /test Changes to /test directory

$ ls gives the contents of a folder.

$ ls -a gives all the contents of a folder.

$ mkdir FolderName creates the folder FolderName.

$ cd Directory makes the Directory current directory

$ pwd prints the working directory

$ cp ~/Desktop/Berk/backups/science.txt . copy science.txt to the current directory

$ mv backups/science.txt /Desktop/Emi moves science.txt to folder Emi

$ rm temp.txt removes the temp.txt file

$ clear clear screen

$ cat science.txt Display contents of a file on the screen

$ less science.txt Displays on a different page ( type q to close the page)

$ less science.txt and then /name finds the occurences of name

$ head science.txt displays the first ten lines of the file

$ tail science.txt displays the last ten lines of the file

$ tail -20 science.txt displays the last 20 lines of the file

$ grep ‘searchedkeyword’ science.txt searches and finds the keyword in the file.(case sensitive)

$ grep -i SeaRchEdKeyWoRd science.txt case insensitive search

$ grep -i ‘SeaRched Sentence is this one’ science.txt case insensitive search

instead of i we can use;
-n precede each matching line with the line number
-v display those lines that do not match
-c print only the total count of matching lines

$ find -name “*.txt” -print finds the text files in the current directory

$ diff a.txt b.txt gives the different lines

$ wc -w science.txt gives the word count

$ wc -l science.txt gives the line count

$ cat > list1
pear
banana

ctrl+d

creates a list and we can print this list by using:

$ cat list1 command line.

$ cat biglist | grep p | sort gives sorted list elements which include p

$ sort < biglist > sortedlist sorts the biglist and writes it to the sortedlist

$ ls list* outputs the filenames starting with ‘list’

$ ls *list outputs the filenames ending with ‘list’

$ ls ?un outputs the filenames ending with ‘un’ but just one letter. (e.g. sun, gun, bun)

$ man ____ gives information about the command in the underlined section.

$ whatis ____ gives information about the command in the underlined section.

$ ls -l gives detailed information about the gfiles in the directory

u:user
g:group
o:other people
rwx: read write execute
rw: read write
r: read
x: execute

$ chmod u+x TheFile adds writing permission to the user(owner) of TheFile

$ chmod go-rwx biglist to remove read write and execute permissions on the file biglist for the group and others

$ chmod 754 TheFile 7, 5, 4 represents the individual permissions for user, group, other (7:rwx, 5:rx, 4:r)

4 – stands for “read”
2 – stands for “write”
1 – stands for “execute”
0 – no permissions

$ du -s * The du command outputs the number of kilobyes used by each subdirectory.

$ df . The df command reports on the space left on the file system.

$ gzip science.txt Compresses into a gzip file

$ gunzip science.txt.gz De-compresses into the original file

$ tar cvf New.tar addthisfileintotar Create a tar file called New and add this file.

$ tar xvf New.tar Extracts the tar file

$ zcat science.txt.gz reads zipped files without unzipping

$ file * Classifies the files in the current directory ( folder, text, gzip, etc.)

$ name=Berk
$ echo Hello $name Prints ‘Hello Berk’

$ sha1sum FileName | grep e509760917361307015 Compares the checksum of a downloaded file and the calculated one.

$ gpg -c file Encrypts file

$ gpg file.gpg Decrypts file

 

User Related:

$ id Shows the active user id with login and group

$ last Shows last logins on the system

$ who Shows who is logged on the system

$ groupadd admin Adds group “admin”

$ useradd -c “Jermal Smith” -g admin -m sam Creates user “sam” and adds to group “admin”

$ userdel sam Deletes user sam

$ adduser sam Adds user “sam”

$ usermod Modifies user information

 

System Statistics:

$ top Displays the top CPU processes (Ctrl+C to exit)

$ vmstat 2 Displays virtual memory statistics

$ sudo tcpdump -i eth0 Captures all packets flows on interface eth0

$ sudo tcpdump -i eth0 ‘port 80’ Monitors all traffic on port 80 ( HTTP )

$ lsof Lists all open files belonging to all active processes.

$ lsof -u myuser Lists files opened by specific user

$ watch df -h Shows changeable data continuously

 

System Info:

$ uname -a Displays Linux system information

$ uname -r Displays kernel release information

$ uptime Shows how long system running + load

$ hostname Shows system host name

$ hostname -i Displays the IP address of the host

$ last reboot Shows system reboot history

$ date Shows the current date and time

$ cal Shows this month calendar

$ whoami Shows who you are logged in as

 

Hardware Info:

$ dmesg Detected hardware and boot messages

$ cat /proc/meminfo Hardware memory information

$ cat /proc/cpuinfo CPU model information

$ cat /proc/interrupts Lists the number of interrupts per CPU per I/O device

$ sudo lshw Displays information on hardware configuration of the system

$ lsblk Displays block device related information in Linux (sudo yum install util-linux-ng)

$ free -m Displays used and free memory (-m for MB)

$ lsusb -tv Shows USB devices

$ dmidecode Shows hardware info from the BIOS

$ hdparm -i /dev/sda # Shows info about disk sda

$ hdparm -tT /dev/sda # Do a read speed test on disk sda

$ badblocks -s /dev/sda # Test for unreadable blocks on disk sda

 

How to Remove Users From the Office 365 Deleted Users

And… its time to purge those 365 deleted users. Although we can wait for the retention policy to do it for us. I wanted to do this “now”.

I had wrote the following steps in the past and thought I would share here.

[Press Start]

To delete the account for one or more users

Sign in to Office 365 with your work or school account.

Go to the Office 365 admin center.

Go to Users > Active Users.

Choose the names of the users that you want to delete, and then select DELETE Delete.

In the confirmation box, select Yes.

Done!

[Pause]

Well, not so fast. The deleted users is not fully gone yet. It takes 30 days after you have deleted the user for it to purge from Office 365. However there is a way to do this faster

[Press Start]

Connect to Exchange Online using the Windows Azure Powershell module.

To connect you enter the following cmdlet’s:

  1. Store your credetials (this is stored in memory): $msolcred = get-credential
  2. Connection to Office 365: connect-msolservice -credential $msolcred

Once connected you can issue the following command to list deleted users:

get-msoluser –returndeletedusers -maxresults 100

To remove a deleted user permanently:

remove-msoluser –userprincipalname UID@UPN.com -RemoveFromRecyclebin

If you had multiple users, the following cmdlet would work to remove all deleted users recycle bin:

get-msoluser –returndeletedusers -maxresults 100 | remove-msoluser -removefromrecyclebin -force

That’s it… Your done. Good Luck

Original Post of mine can be found here

Quick How To Share a Document with OneDrive for Business


You can share file(s): Documents and such with Onedrive for Business

1.      In the file list, right-click a document, or select a document and then select Share.

2.      Select Get a link.

3.      Choose who to share with, and if they can view or edit the file.

4.      To share with people inside your organization, choose:

5.      View link – account required – people inside your organization can view, copy, or download the document.

6.      Edit link – account required – people inside your organization can edit, copy, or download the document.

7.      To share with people outside your organization, choose:

8.      View link – no sign-in required – people outside your organization can view, copy, and download the document.

9.      Edit link – no sign-in required – people outside your organization can edit, copy, and download the document.

10.  For external links, select SET EXPIRATION, and choose when you want the link to expire.

11.  Click Copy and paste the link in an email or post it.

Note: Links created that don’t require a sign-in can be opened by anyone, so make sure the content can be shared publicly. Consult your Corporate Information Security Policy and IT if needed.

Note: Sharing of folders is not possible at this time.

In Place Upgrade Of Windows Server 2008 R2 Standard

If you have a need to upgrade a server running Windows Server 2008 R2 Standard to either the Enterprise, or Datacenter edition, it’s possible to do so online, without re-installing Windows. This not only a simple process, it saves you time.

Open an elevated command prompt and type DISM /Online /Get-CurrentEdition. This returns the current Windows version.

Type DISM /Online /Get-TargetEditions to list the Windows editions to which this server can be upgraded to.

Type DISM /Online /Set-Edition:ServerDataCenter /ProductKey:xxxxxx will upgrade the operating system. All that’s required to complete the upgrade is a reboot.

Done!

Ref Info:

DISM Windows Edition-Servicing Command-Line Options – https://technet.microsoft.com/en-us/library/hh825157.aspx

KMS Client Setup Keys – Link