House Purchase

Today my wife Michelle and I started the process of purchasing a house.

Details at our family blog.

ESXi monitoring, for free!

A few months ago I transitioned us from VMware Server to VMware ESXi, booting off of a USB flash drive. If you don't know about server virtualization, VMware ESXi is a great way to get your feet wet, and it's a stable, production-ready (IMO) product.

However, one of the things that eluded me (in both the "Server" flavor and the "ESXi" flavor) was proper monitoring. Sure, I could setup data on each guest VM, but that didn't give me any info on the host.

Fast forward to yesterday, and I hear through the grapevine that Veeam is offering a free ESXi monitoring tool. Go get it here.

I'm just downloading it today, but if it does what the "Features and Benefits" page says, then this will be a new must-have in my toolkit. More updates to come (hopefully) as I try it out.

HELP: ACS TMS to Facility Scheduler Conversion

One of my current projects at Calvary is to work on moving us to the latest release of the ACS People Suite (10.1.1.2). Part of this process is getting all of our ACS The Ministry Scheduler data into ACS Facility Scheduler.

ACS Facility Scheduler is an "on demand" product. This means that all the actual data sits on ACS' servers, and they handle data integrity, backup, etc. for you. Months ago, we looked at converting to Facility Scheduler before ACS 10.0 came out. At the time, there were some issues we had (features missing). So, we waited until those features came out. When they arrived, I had other projects taking precedence, and consequently we rolled it all into the 10.x upgrade.

As part of our upgrade process, I found out that ACS has a great conversion tool to transfer your current ACS TMS data into Facility Scheduler. I first used this tool when we were testing the feature set. Before this 10.x upgrade, I got in touch with one of the ACS people about "resetting" our data so I could re-upload the current data. He kindly let me know that the latest version of the tool had this functionality built in!

However, if you take a look at the ACS Knowledge Base article or Facility Scheduler FAQ on the subject, you find that you can no longer download the conversion tool (and it doesn't show up in the previous "client downloads" section either).

 

Does anyone out there have the file "tmsconversion.exe" or "ACS_TMS_to_FS_Conversion.exe", the converter to move from The Ministry Scheduler to Facility Scheduler? If so, please shoot me an email: sross *at* calvaryonline.cc

Moving an Ubuntu virtual machine from VMware Server to ESXi (on a PE1950)

Wednesday I migrated my PE1950 from VMware Server (1.0.2!) to ESXi 3.5 Update 2. During the process I ran into some issues moving my Ubuntu 6.06 LTS VM to ESXi. Here's the play-by-play (including my hardware upgrade).

1. Copy the VM's off of the VMware Server.
2. Verify the copied VM's work ok, and that you have valid backups.
3. Shutdown the PE1950.
4. Update the BIOS on the PE1950. Without a BIOS update, ESXi will not run correctly.
   - Can you believe I was running 1.x, when we're now at 2.3.x! This box has been very, very reliable.
5. Unrack the PE1950, and replace the SAS 5/iR (no RAID) controller with a PERC 6/i controller.
   - ESXi needs a hardware RAID controller.
   - I was previously running software RAID-1 on the Ubuntu LTS host. We needed a reliable system, since this box had become mission-critical.
6. Install ESXi onto a USB flash drive (>=1GB).
7. Boot the PE1950, and setup the RAID array (2x300GB 7200RPM SATA in RAID-1).
8. After the array has initialized, reboot with the USB Flash drive plugged in (preferably to one of the rear USB ports).
9. Enter the BIOS (F2), and modify the boot order.
   - I set the USB Flash Drive's mode to "Hard disk"
   - Modify the boot order to include the USB flash drive as taking higher priority than the PERC array.
   - Save and exit the BIOS.
10. Setup ESXi.
    - ESXi will give you the IP you need for setting up the Virtual Infrastructure client, etc.
    - Your RAID-1 array will be setup as your primary datastore (datastore1).
11. Use VMware Converter to move the vm's to the new ESXi box.
12. Boot up the Ubuntu guest OS.

 

Upon boot, you'll notice that the Ubuntu machine has no network connectivity. Here's how you fix it (commands you need to type are in bold):

1. Install VMware tools on the guest os (it's probably outdated)
   • In the VMware Infrastructure Client, choose the VM, and then go to Inventory->Virtual Machine->Install/Upgrade VMware Tools
   • log into the ubuntu console
   • elevate your privileges to root level by running sudo su
   • mount the cd-rom drive: mount /media/cdrom0
   • change directories to the cdrom drive: cd /media/cdrom0
   • copy the vmware tools tar archive to your tmp directory (making sure you pay attention to the name of your archive, including case):
     cp VMwareTools-3.5.0-110271.tar.gz /tmp/
   • change to the tmp directory: cd /tmp
   • extract the tar file: tar -xvf VMwareTools-3.5.0-110271.tar.gz
   • change directories to the vmware-tools installer: cd vmware-tools-distrib
   • run the vmware tools installer script: ./vmware-install.pl
2. Restart your networking: /etc/init.d/networking restart
3. Check to see if your NIC is now working properly. You can check your interfaces using the following command: ifconfig -a
   If you are receiving an IP properly, you're probably OK. This didn't work for me.
   DO NOT complete the following steps unless you have no network connectivity
4. Shut down the VM: shutdown -h now (remember, we elevated our privileges earlier to root)
5. Remove any NIC's that are currently in the VM.
6. After removing any NIC's that are currently in the VM, add a new NIC.
7. Boot the VM
8. I now had a NIC that my system recognized, but I wasn't getting an IP. The issue was with my interfaces file.
   • Contents of /etc/network/interfaces:
     # The loopback network interface
     auto lo
     iface lo inet loopback
     
     # The primary network interface
     auto eth0
     iface eth0 inet dhcp
   • Notice how it lists "eth0" When I ran "ifconfig -a" earlier, I received eth1 as an interface, not eth0
9. Change eth0 to eth1 in my interfaces file: vi /etc/network/interfaces (replacing eth0 with eth1)
10. Restart networking: /etc/init.d/networking restart

At this point, everything was working well.

VMware ESXi (bootable) USB flash creation tip

Yesterday I went to install VMware ESXi on a Poweredge 1950. All along I wanted to get the system setup with a USB flash drive (and not use the onboard storage as my boot disk).

I did some research, and this blog post seemed to be the most complete posting on creating your own ESXi bootable flash drive.

So, I downloaded the ESXi installable ISO, opened up 7-Zip, and went for it.
I was very surprised that every time I tried to image the flash drive, I got an error in WinImage. Now, this was running on my Vista x64 box, so I went ahead and fired up a VM w/ XP Pro 32-bit. At that point, I attempted to re-image the USB flash drive, and things worked as planned

Moral of the story: Don't try and create a bootable USB flash drive using Winimage on Vista x64, it won't work! Use VMware (or another computer) to create the flash drive's ESXi install (apparently on a 32-bit OS).

AV Software Initial Thoughts: Sophos Endpoint Security

During my "find a new Security Software" dance, I've narrowed it down to 3 vendors/products:

- Sophos Endpoint Security
- Eset NOD32
- Sunbelt Vipre

 

I'm going to focus on Sophos Endpoint Security here. If you're interested in Sunbelt Vipre, check out my previous post.

• The setup is very easy on the server side. If you would like to install on an x64 Edition of Windows Server, you'll need to create the database ahead of time.
• The local "agents" on your computer are pretty slim. They aren't as lean/mean as the Sunbelt agents, but do have the option of adding NAC and a firewall. I tested without NAC or firewall enabled. Running with open file/copy file protection enabled really slows things down.
• Sophos is way ahead of our previous version of Symantec. It uses fewer resources, and actually catches malware (and removes it). Symantec at best reported Malware. Windows Defender did a better job than our version of Symantec.
• Deploying the software wasn't an issue. I didn't try a Vista rollout, but some people have had issues with Vista rollouts. I'm assuming any Vista issues are fixed at this point (Vista SP1 has been out for a while now).
• The Enterprise Console is very powerful and flexible. It is very busy, imo. I felt like I really needed to spend some time getting familiar with Sophos' admin philosophy before I was ready to go. This isn't a bad thing.
• I saw some of the reports. There seem to be enough. I didn't play with customizations.
• I was able to run the "Console" without any issues.
• Licensing was straight-forward.
• Sophos arguably has the most feature-rich product I've seen to date that doesn't eat your computer for lunch.

Sophos' pricing was extremely competitive. Their rep's were knowledgeable and courteous.

I really have no complaints about Sophos.

AV Software Initial Thoughts: Sunbelt VIPRE Enterprise

I'm currently in a cycle of reviewing some Antivirus/AntiMalware software for our next round of protection.

Here are my initial thoughts on Sunbelt's VIPRE Enterprise (remember, I'm just a normal, non-AV-specialist IT admin trying this out):

• The setup is very easy on the server side. Just make sure you have .NET framework installed (it will notify/install it for you).
• The local "agents" on your network computers use a ridiculously low amount of resources (my Vista x64 box uses just 52MB of RAM when I turn all of the protection on; XP Pro uses less). Running with "open file/copy file protection" can slow things down.
  
• Deploying the software to Vista machines is easy as pie. I've had some struggles with my XP boxes (haven't finished reading the proper way to do it yet).
• The Enterprise Console can be a little slow at times when doing intensive tasks (like loading all of the threats in the database as a list, or sorting them).
• A LOT of good reports come standard in the box.
• Run the "Console" on a computer with a lot of RAM. When making changes to policies, etc. you can eat a huge amount of RAM. I ate 500+MB when doing some large list/policy settings.
• Licensing is not complicated. I was very happy that it was straight-forward, and easy to understand

More updates to come! Up next is Sophos Endpoint Security.