Are you sure your file is legit?

You have probably seen them when downloading linux distributions or on official Vendor download sites. Hash’s. A Hash (informally called a checksum) is a signature for a file. This signature verifies integrity of said file. If you change the file in any manner, it’s checksum changes. Not many people use checksums for various reasons. You should use them when applicable. Let’s walk through checking a file downloaded from an official VMware site.

I will download VMware Horizon view 7.8. In the lower right corner of the download page is a list of checksums for the file. There are three different strengths. MD5, SHA1 and SHA256. There are several more but these are the most common. Getting into the details of each algorithm is beyond this article. You would get bored very quickly. Suffice to say you should use the highest algorithm provided. In this case it’s SHA256.

This is a closer look at the checksums.

s

Windows PowerShell 4.0 and higher contains a cmdlet that reads the checksum of a file. I downloaded the file Horizon 7.8 View Connection Server (64-bit) and ran this command against it.

PS:>Get-Filehash VMware-Horizon-Connection-Server-x86_64-7.8.0-12637483.exe

The Get-Filehash command defaults to SHA256. The checksum is identical. This only took seconds to verify and now I’m sure there were no bits dropped during the download. I could also verify the file I have on hand from a local source is valid.

From the Website: 4eb12fc88c6cc95a85e93d03f62109549704f01b2d2cc64c76210bb30db28917

Output of the PowerShell command.

This method works on any file. If you created a very tightly controlled version of Windows Server 2016, run the Get-filehash command and record the checksum. When you want to use the ISO for an installation 2 weeks later, simply check the Hash. No matter if someone changed the name of another ISO to the same name and the file size is the same, the checksums will not match. Go forth and HASH.

Advertisements

Powershell and PowerCLI

Have you ever wanted to work on your VMware environment and your Windows environment using one command line tool? Maybe write scripts for both with the same tool? Powershell with VMware PowerCLI cmdlets allow you to stay in PowerShell and manage both. Let’s start with some the basics. Ensure you can connect to the Powershell Gallery and find the VMware.PowerCLI Powershell module.
Run: Find-Module -Name VMware.PowerCLI

Install the VMware PowerCLI module
Run: Install-Module -Name VMware.PowerCLI

Check the number of cmdlets installed
Run: Get-Command -Module *vmware* | measure

Connect to a vCenter using connect-viserver – server <your vcenter> and try this simple command.
Run: Get-VMhost

Try some of the other commands. They will make your life easier. There are many more third party PowerShell modules. Visit the Powershell Gallery. At last count, there were over 31,000 packages.

An AWS S3 Bucket as a Website

Cloud Playground

If you are not on the Cloud train, buy a ticket and come aboard. Here’s a way to get up and running with Cloud Services quickly. Have you ever wanted to have access to unlimited internet storage? You have to do a little work but you can build your own internet storage system. AWS will give you 5GB free but you can increase the storage as much as you like. I do 50TB for $12 a month. This affords the flexibility Dropbox, Google Drive, and the others cant offer. I’m assuming you know the difference between Cloud Storage and other storage (CIFS, NAS, SCSI and such). Cloud Storage is remote and accessed by your browser (REST API). The files are actually sitting on storage owned by Amazon. Let’s build. First, you need to sign up for a free Amazon Web Services Account (AWS). They give you a certain amount of Cloud Service capability free for a year. Let’s concentrate on Simple Storage Services (S3). Log on to the AWS Management Console and follow along.


STEP1: Go to the S3 services section of the AWS Console.

STEP2: Create an S3 bucket. The name cannot exist anywhere in AWS so don’t try to use “mybucket” as the name. Use something like “mybucketbuzzlightyear001”. You can take all the defaults and click create in the lower left or review all defaults and click through each step.

STEP3: Upload some files into your new S3 Bucket. Whatever you want. You have officially created a Cloud Resource and placed data in the Cloud.

STEP4: Now we need to give the internet read-only access to your bucket. AWS by default tries it’s best NOT to let you open up access to the world and for good reason. How many headlines have you seen where someone left open millions of records to the internet because they did not pay attention to the security settings. We will be working on our test bucket with non-critical data. Click the permissions tab and uncheck the “Block all public access…” It will complain but we are only working on our test bucket. Type in “confirm” and click confirm. This is like a light switch. This function cuts off all access even if you try to open it with ACL’s and Bucket Policies.

STEP5: Go to the Permissions tab and choose “Bucket Policy”. We need to allow anyone to get a file from our bucket. Copy and paste this into the JSON policy creator. It basically allows anyone to read any file in your bucket. DISCLAIMER: DO NOT DO THIS IN A OPERATIONAL ENVIRONMENT. THERE ARE MANY WAYS TO SECURE YOUR BUCKET.

{
“Version”: “2019-4-29-Chet”,
“Statement”: [
{
“Sid”: “AddPerm”,
“Effect”: “Allow”,
“Principal”: “”, “Action”: “s3:GetObject”, “Resource”: “arn:aws:s3:::mybucketbuzzlightyear001/”
}
]
}

Remember to change the “arn” at the bottom to the name of your bucket. Save the policy.

Now we turn it into a Website. Goto the Properties Tab and chose Static Website Hosting. You must have an index.html file in the bucket. Create a file an insert this HTML text. Upload the file to your bucket. Be sure to name it index.html.

<html>

<head>

    <title>Bunch of files</title>

</head>

<body>

    <b>Hey out there!</b>

    This is my test S3 bucket!

</body>

</html>

Type index.html in the box. Don’t worry about the other choices. You can look them up later. Click Save.

 

Now, reopen the Static website hosting box. At the top, you will see the URL (hyperlink) for your S3 Bucket. Copy this URL and paste into a browser.

http://mybucketbuzzlightyear001.s3-website-us-east-1.amazonaws.com

This is what you should see!!!

If you want to see a file, tack it on to the end of the URL.

That’s it. Hope you enjoyed this article. Leave a comment if you like.

Rufus 3.5 -Boot Media Creation Tool

images

Rufus!!! A tool to make bootable flash drives. These days CD-ROM and DVD hardware are not installed in laptops or even desktops very often. You can buy an external DVD or Blue Ray but it’s basically a waste of money unless you enjoy ripping movies. If you have a need to load different Operating Systems or even re-load your Windows 10 system, you should use bootable flash drives.

Rufus is a free tool that has been used by 100 million plus users since its release in 2012. It’s only function is to help you create bootable flash drives. Pete Batard is the developer. He provides this software out of the goodness of his heart and does not ask for a dime. Thanks Pete!

Round up your Flash Drive and the Operating System (OS) ISO you want to boot. Everything from Windows to Free DOS to Linux can be used to create bootable media.  I‘ll review and demonstrate a new function in version 3.5. Downloading and creating boot media for any version of Windows 10.  Say you would like to get the latest version or possibly an older version of Windows 10.  Rufus will download the ISO and create the bootable media for you.

Insert your Flash Drive and start Rufus. When you first start Rufus, the ability to download a windows image is not available. You must first go to settings and set the check for updates function to something other than “disable”

1

I set mine to “Monthly”

S2ruf

Click “Close” then restart Rufus. This time you can see the dropdown function next to “Select”

S3ruf

Change the dropdown from “Select” to “Download”. Click on “Download”.

S4ruf

This is an interesting few steps. I won’t take screenshots of these. After you make each selection a “Continue” button will display. Just keep selecting the options you want and continue clicking “Continue”. Once you get to download, click “Download” and select a location on an internal drive that has enough space for the ISO.

S5ruf

Once the download completes, click Start. Remember, you must choose the correct boot method (UEFI/GPT-based or BIOS/MBR-based) or it may not boot. If you are not sure, go here and read up on the difference.

Get Rufus 3.5 here.

Free Network Monitoring Tools

Screen Shot 2013-10-10 at 4.57.13 PM

I need to let everyone know about the free tools offered by Solarwinds.  I wish I had access to these tools when I was trying to solve network issues back in the day. I sweated many a bullets trying to diagnose issues without the tools I needed. Netstat only goes so far.  Well, there is no excuse for any Network or System Admin not to use these free tools from Solarwinds. They are basically mini versions of the full featured tools.  They do not expire.  If you do not use any other tool they offer you must try IP Address Tracker.  This tool automatically tracks static IP address assignments and lets you know what IP’s are free. No more spreadsheets. Get your FREE tools Herrrre (tried to imitate the Sonic pretzel dog guy).

What is SNMP?

nocc monitoring

The Simple Network Management Protocol (SNMP) made simple.

All administrator and engineers should have a basic understanding of SNMP.  Not knowing what SNMP can do for you is like not understanding the fuel gage on your car. I’m driving and my car seems to be running fine. Why am I stopping? My car is not moving.  What does that E on that funny gage mean?

First, let’s talk about this handy little protocol. SNMP (Simple Network Management Protocol) allows systems management tools to collect information from network devices, servers, printers and other devices on an IP network. It is the most widely used management protocol in use today. Most all System management software use SNMP to allow administrators to remotely monitor the performance of their network devices.  For the purpose of this article, routers, switches, servers, power distribution units (PDU- fancy word for a power strip), KVM’s and any other device that is SNMP capable will be referenced as a network device. SNMP was developed in 1988 and the RFC was published in 1990. SNMP functions at the Application Layer (Layer 7) of the OSI model. This is the same layer where some other popular protocols function such as SMTP, FTP, Telnet, SSH, IMAP and POP.  I find that some Network Admins and Engineers are surprised by this fact. The communication method is port to port. SNMP listens on port 161. Port 162 is used for the TRAP service.

The SNMP communications process consists of a Manager and an Agent.  The Manager is an application running on a PC, Server or appliance that initiates the SNMP request to the managed network device. One of the most popular and exceptional Managers is SolarWinds Network Performance Monitor (NPM).  There are many others.

The Agent receives the request from the Manager and responds back to the port from which the Manager initiated the request.  Pretty simple.

whatissnmp1

Below is a WireShark packet capture of the SNMP traffic between the Manager and the managed network device.  As you can see, the request was initiated from port 62288 on the Manager to port 161 on the managed network device.  I’ve found that a good number of administrators and engineers think that SNMP traffic originates on port 161 of the Manager. This is incorrect. The Manager sends the GET request from a random high port to port 161 on the managed network device.

  • Traffic from the Manager to the network device.

whatissnmp2

  • The response from the managed network device to the Manager.

whatissnmp3

There are only three actions that SNMP employs.  Five if you want to include the two additional versions of GET.

GET – This request is the most common action.  The Manger asks the target device for information.

  • GetNext – This action is used with SNMP-Walk type programs. It just gets the next variable.
  • GetBulk – This action returns information using multiple GetNext requests.

SET – I don’t want to get ahead of myself but I must state the dangers of using SET. Don’t use this action for SNMP version 1 or 2. These versions are not secure.  The community string is sent in clear text and can be easily intercepted using a protocol sniffer.  See the WireShark traffic above.  I have the community string blacked out in the capture. SET will change network device configurations.  For this action to work the SNMP Agent running on the device will need a Read/Write (RW) community string.  Again, do not set a R/W community string on any device using SNMP v1 or v2. It can be used with SNMP v3 but I would still recommend against using it at all.  Use SSH or some other secure method to make changes to you network devices. And it goes without saying; do not allow SNMP access through a Public (Internet) facing interface.

Trap – This is an action performed by SNMP on the device. The Manager listens on port 162 for traps.

Now lets talk about SNMP versions.  SNMP version 1 and 2 are nearly the same. There were improvements from 1 to 2 and small changes to version 2c. Many network devices use version 2c. I do not want to get too far in the weeds. If you want the details of each version upgrade, review the RFC’s.   Version 1 and 2 are the easiest to configure.  There is nothing wrong with using version 2 if that is the only version your device supports. Version 3 is recommended if your network device supports this version.  At first you may think version 3 is too complicated to configure but it becomes easier once you have done it a couple of times on different devices. The security features provided by SNMP v3 are as follows:

  • Message integrity – Ensuring that a packet has not been tampered with in transit.
  • Authentication – Determining that the message is from a valid source.
  • Encryption – Scrambling the contents of a packet.

To simplify SNMP v3 remember these steps. I purposely left out the version 3 configuration commands. You need to research the commands needed to configure your particular network device.  Be sure and get some type of SNMP troubleshooting tool with detailed diagnostics capability to check SNMP connectivity to the managed network device.  You can make changes with the CLI or modify snmp.conf files till the cows come home but if the SNMP service is not available to the Manager, then the cows will never come home.

  • Create an access list to limit SNMP requests from authorized Management Servers.
  • Set the location and point of contact information.
  • Create a ”View”. This command determines what variables the SNMP Manager can query. Do not restrict access to the MIB tree. I’ve found that this level of restriction is hardly ever justified.  Include from MIB tree ISO down.
  • Create a Group that is authorized to use this view.
  • Create a user and add to this group.

Windows has not caught up with other network device manufacturers. Microsoft does not support SNMP version 3.  More than likely, this is due to Microsoft wanting you to use its WMI protocol.  I’ll address WMI in another article.

You have probably heard the term MIB or OID tossed around when engineers are discussing SNMP.

MIB stands for Management Information Base and is a collection of information organized hierarchically. You can compare a MIB to a DNS server.

OIDs or Object Identifiers uniquely identify managed objects in a MIB hierarchy. This is depicted as a tree. The levels in the tree are assigned by different organizations. Top-level MIB OIDs belong to different standard organizations. Vendors define private branches. This is where they set their own unique objects for their products however they do use the top level OID’s when possible. Why recreate a CPU performance variable OID when one already exists at the top level.  But a printer manufacture may want an OID variable to indicate ink levels in a color printer for their own management software.  This variable OID is published by the printer manufacture and you can use it to build custom SNMP graphs or alerts. Just remember this….a Management device looks up the OID in the MIB and uses the OID to query the target device for a variable.  It’s that simple.

SolarWinds publishes updates to their MIB monthly. The most critical part of any Manager is the number of standard and proprietary MIBs it supports. Without the correct MIBs, the data collected from a remote device is difficult to interpret and use. SolarWinds MIB Browser is shipped with over 250,000 precompiled unique OIDs from hundreds of standard and vendor MIBs – the largest collection in the industry. SolarWinds engineers continually update the MIB database with the latest MIBs.

This is a screenshot of the MIB tree using SolarWinds MIB Browser.  I simply pointed it at a Cisco device and the tool connected with the Read Only (RO) community string.  Now all I need to do is expand the tree down to the branch that interests me.  Issue a GET command and the device returns the variable I requested.  In this case I issued a few GETNext commands. Following the tree in the left pane we see that Cisco is using the standard OID for the six variables in the right pane. The lower left pane displays information about the OID. The OID for System Up Time is 1.3.6.1.2.1.1.3.

whatissnmp4

 

As I mentioned before, vendors create and publish their own MIB’s.  The SolarWinds MIB has incorporated more than a 1000 Cisco specific MIBs.

whatissnmp5

This concludes our computer-side chat about SNMP.  SNMP can help you manage your network no matter how big or small. Remember these points.

  • Use SNMP version 3 whenever possible.
  • The Manager does not initiate the SNMP request from port 161.
  • An MIB is a database used to manage network devices. It contains OIDs.
  • Check for additional vendor MIBs.
  • Stay away from network management tools that use the SET command but do not support SNMP version 3.

Article References:

Cisco MIB/OID on-line application.

SolarWinds MIB Browser tool

SNMP RFC 1157

 

Want to spruce up your SolarWinds Network Atlas Maps?

Solarwinds includes an application called Network Atlas. This application creates maps for use with Network Performance Monitor (NPM) and Enterprise Operations Console (EOC). This tool creates maps that are stored inside the Solarwinds Database. They are not files stored on the hard drive. All configuration data is stored in the database.  This allows you to recover the Solarwinds installation by just restoring the database but I’ll save that for another post.

Back to Maps. The graphics included in Network Atlas are not bad. You can create a decent looking map using the built in graphics. However, if you want to use vendor specific graphics or your own graphics they must be imported.  I’m not referring to the background image function provided by Network Atlas.  Background images cannot be connected to objects in the Solarwinds database. They simply provide something other than a plain white background.

Changing the graphics that represent database objects is an easy way to develop maps that relate to your environment and just plain look good. Lets face it, if you build a map with nothing but round LED’s that represent objects, It would not be very useful or interesting to the end user. You need to convey to the user how and why the service they are monitoring is important.  A good way to do this is to use graphics that represent your environment.

There are two ways to get custom graphics into the database. You can use the copy and paste method or create multiple images with different color back grounds to represent different operational states. I prefer the copy and paste method. Visio has some great looking graphics that can represent objects in the database. Nearly every major IT manufacturer and application developer provides free Visio stencils.  Just search for “Visio Stencils” with your favorite search engine. So, the first thing you do is find an interesting graphic. I’ll use a Dell Server 910 graphic I imported from a set of Dell stencils.  Simply right-click on the stencil and choose “copy”.

visio

 

Switch to Network Atlas, right-click on on the map and click “Paste”.  An input box will appear and give you two choices. “Paste the image from the Clipboard as a new object” or “Use the image from the Clipboard as a new map background”. Choose “Paste the image from the clipboard as a new object”, enter a name for the new image and click “OK”.

import

The new graphic is now part of the map and has been placed in the C:\Users\<logged on User>\AppData\Roaming\SolarWinds\NetworkAtlas\Maps\Orion\localhost\NetObjects\Imported. Once it is added to a map, it becomes part of the database and is available to all users that view the map with the Solarwinds Web interface. To delete the graphic from the database simply delete it from the location specified above.

The next step is to apply a object indicator style and add the graphic.  I am kinda partial to the “Pad Underneath” style.

graphic

After selecting the style, click the “Select Graphic” and choose the graphic you just imported to augment the style.

import1

Now your object indicator looks like this…..

import2

Not only can you now use the object graphic to represent an object in Solarwinds, you can drop other indicators on the image and use it like a background.

SNMP version 3 configuration for Cisco router or switch

snmp SNMP v1 and v2 are not really worthy of a post. You can configure v1 or v2 with one command and are not secure.
There are only a few commands required to configure SNMP v3. It’s no that difficult but, as with everything Cisco, it’s sometimes difficult for non-CCIE’s to read their documentation.
Connect to you router with your favorite SSH client. I think nearly everyone uses Putty. Log in and make your way to the enable prompt. The first thing I would do is check for existing snmp-server lines in the current config file. Someone may have already tried to configure your router.
This command displays any line in the config file that contains snmp and should result in no output. If it did you may want to clean up your router before getting started.

Router#show run | include snmp

You also need to check for any SNMP v3 users or groups that may have been created. Should produce no output.

Router#show snmp user
Router#show snmp group

Ok. Lets get started. First let’s limit SNMP queries from one particular IP. In my previous post concerning SNMP (highlight)this would be the Manager. Make your way to the config prompt and create an access list that matches your network.

Example:
Router(config)#access-list 10 permit (IP of your Manager) log
Next we need to add point of contact information.

Example:
Router(config)#snmp-server contact Google Glasses Jr.
Router(config)#snmp-server location Secret Floating Google Datacenter
Router(config)#snmp-server chassis-id (serial number)

You do not need to create what is called a VIEW. A VIEW is simply a way to limit what MIB trees the SNMP user account can access. By default the top level down is included. Let’s move on to creating a Group.
Example: We are creating a group called npm that uses authpriv and users in this group must make requests from IP’s listed in access list 10.

Router(config)#snmp-server group npm v3 priv access 10

Now lets create a user.

Example: We are creating a user called orion, adding him/her to the npm group, setting SHA authentication, and AES128 encryption.

Router(config)#snmp-server user orion npm v3 auth sha (password) priv aes 128 (password)

And that’s it. It’s not difficult. Here is the output of the above actions:

smmp1

snmp2

snmp3

Happy monitoring.

Having performance issues running SQL in a virtual machine?

Screen Shot 2013-09-18 at 4.06.40 PM

Solarwinds Orion’s interaction with the SQL server is extremely disk write intensive and requires a fast storage sub-system on the supporting SQL server.  RAID 10 is the fastest disk configuration with redundancy. Having a fast controller with write cache also increases performance. I use a tool called SQLIO.exe to test the write speed of the SQL storage system hosting the log files and tempDB. It can be downloaded from Microsoft.com.  This tool performs controlled disk read/write operations and is used to gauge the storage system IO performance.  The higher the number, the better the performance. There are dozens of options for SQLIO.  I run general write performance tests on the SQL log file drive. A score of 800 or higher will do for most installations. I’ve seen throughput as high as 7000 IOP’s on solid-state drives.  There is no reason you cannot install SQL on a virtual machine using a SAN as long as you can get acceptable IOP performance. Click the image to the right. This is the new AppInsight application monitor contained in Solarwinds Server and Application Monitor (SAM) 6.0.

Refer to this Solarwinds White paper for SQL tuning guidance  PDF – Managing Orion Performance

 

Solarwinds Network Performance Manager (NPM) Groups

Screen Shot 2013-09-20 at 12.49.33 PM

NPM provides the ability to create groups of objects contained in the Solarwinds database. You are able to create groups of interfaces, nodes, volumes, applications, hardware categories, player locations, components, groups (yes, you can create Groups of Groups), hardware sensors, ports, transactions, transaction steps and volumes.  A group function that is not obvious is the ability to create a group of different items. You can have a group consisting of any number of the above listed items.  This is handy when you are creating a group to represent a complete system. A system would consist of a number of components that must all be operational for the system to function. An email system would not be functional if the DNS server is off line or the SMTP relay service is down.

Another great feature of groups is the ability to create dynamic queries to populate the groups automatically. You can create a group of like items based of a custom property or characters contained within the node name.

But wait, there’s more.  There are three status roll-up modes for groups.

  • Show Best Status – as long as one item in the group is green, the group LED will remain green.
  • Mixed Status shows warning – If one item in the group is red then the group LED will turn yellow.
  • Show Worst Status – If one item in the group is red then the group LED will turn red.

Screen Shot 2013-09-20 at 12.44.14 PM

I find it very useful to create maps with the SolarWinds Network Atlas tool and use groups to populate the map. Clicking on a group will display a page listing all items contained in that group and you can drill down from there.

Don’t get stuck on the old ways of monitoring.  Listing a bunch of nodes and watching for node Up/Down. Design your Network Management system to support complete systems that provide a service to the end user.