My Personal IT Infrastructure Knowledge Base: July 2014

Friday, July 25, 2014

Compellent Serial Console over iDRAC

To get it working a few steps have to be taken on both Controllers:

1. Configure iDRAC

a. Go to Network->Serial

b. Set IPMI’s Baud Rate to 115.2 kbps (Compellent Serial Port Baud Rate)

c. Apply Settings

2. During boot enter the Controller’s BIOS

a. Go to “Serial Communication”

b. Switch from “Off” to “On without Redirection”

c. Switch Port Configuration from “Serial Device1=COM1;Serial Device2=COM2” to “Serial Device1=COM2;Serial Device2=COM1”

d. Save Settings and Reboot Controller

After these steps the Compellent’s serial console is available via iDRAC:

Login to iDRAC using SSH and type “connect” at the prompt. After that the SSH session shows the serial console as if directly connected to the system’s serial port.

Thursday, July 17, 2014

Force10 IOM VLT

Stack-unit 0 iom-mode vlt uplink-speed 40

Wednesday, July 16, 2014

EMC VNX SRM

Implementation Plan
http://www.cosonok.com/2012/11/implementing-vmware-site-recovery.html

Monday, July 14, 2014

vSphere Advanced Settings

ESX Host Advanced Settings

ESX Advanced parameter	Default value	Changed Value	Justification
Syslog.global.logHost	empty	Syslog servers See. Table 122 SYSLOG Servers	Centralized syslog for troubleshooting and security audits.
Syslog.global.logDirUnique	false	true	Creates unique subdirectories in shared datastore scratch location.
Syslog.global.logDir		[TEMPLATES-01] /scratch/log/	We use SD cards in ESX hosts where ramdisk is used for logs and core dumps. This setting instructs ESXi to use shared datastore instead local ramdisk for scratch location.
UserVars.ESXiShellInteractiveTimeOut	0	1800	ESXi Shell (SSH, concole) log out time-out value in seconds. Changed value 1800 seconds (30 min) increase security.
UserVars.SuppressShellWarning	0	1	Disables warning message that SSH is enabled.
Config.HostAgent.plugins.hostsvc.esxAdminsGroup	ESX Admins	PPOD-TEC-NG-Admins PPOD-TEC-CH-Admins	We have two AD groups of ESX Admins managing pPODs in different datacenters.
VMkernel.Boot.terminateVMOnPDL	no	yes	Terminates VMs in case LUN device is permanently lost.
Disk.AutoremoveOnPDL	enabled	disabled	Don't remove datastores in PDL automatically.

vSphere HA Advanced Settings

HA Cluster Advanced parameter	Default value	Changed Value	Justification
das.vmcpuminmhz	32MHz	570MHz	Defines the default CPU resource value assigned to a virtual machine if its CPU reservation is not specified or zero. This is used for the Host Failures Cluster Tolerates admission control policy. Default min reservation 570MHz per VM solves vCloud Director CPU Max OverBooking Ratio. Single ESX host can serve 29GHz. 50 * 570MHz = 28.5GHz
das.maskCleanShutdownEnabled	false	true	This is an accompanying configuration that helps vSphere HA distinguish between VMs that were once powered on and should be restarted versus VMs that were already powered off when a PDL occurred therefore these are VMs that don’t need to be and more importantly probably should not be restarted

ESX disk scheduler vDisk behavior

vDisk IOPS limit = 400 IOPS


IO Block Size	# of threads	vDisk IOPS limit	vDisk IOPS achieved
512B	1	400	400
512B	4	400	400
512B	8	400	400
512B	16	400	400
2kB	1	400	400
2kB	4	400	400
2kB	8	400	400
2kB	16	400	400
4kB	1	400	300
4kB	4	400	400
4kB	8	400	400
4kB	16	400	400
16kB	1	400	240
16kB	4	400	400
16kB	8	400	400
16kB	16	400	400
32kB	1	400	200
32kB	4	400	400
32kB	8	400	400
32kB	16	400	400
64kB	1	400	150
64kB	4	400	320
64kB	8	400	400
64kB	16	400	400
256kB	1	400	115
256kB	4	400	185
256kB	8	400	240
256kB	16	400	380
256kB	32	400	380
1MB	1	400	80
1MB	8	400	180
1MB	16	400	180
1MB	24	400	180
1MB	32	400	180

Sunday, July 6, 2014

Egress-Interface-Selection Feature F10

If you use the ooB Management Interface you configure an “ip management-route”.

For the IP Vlan Interfaces you use the normal Routing Table by adding routs with” ip route” command.

But if you make an SSH connection or an ICMP Ping to the ooB Management IP-Address the Switch will answer via an Interface that is closes to your Source by looking into both Routing Tables. Means, it could happen that you Ping the Switch on ooB IP and the Switch will Answer with an Vlan In terface as Source. That could cause Problems because of unsycrone Rounting, it will make Problems if IP ACLs are used to regulate Management Access or if an Firewall is in the Traffic Path,……

Egress Interface Selection (EIS)

EIS allows you to isolate the management and front-end port domains by preventing switch-initiated traffic routing between the two domains. This feature provides additional security by preventing flooding attacks on front-end ports. The following protocols support EIS: DNS, FTP, NTP, RADIUS, sFlow, SNMP, SSH, Syslog, TACACS, Telnet, and TFTP. This feature does not support sFlow on stacked units. When you enable this feature, all management routes (connected, static, and default) are copied to the management EIS routing table. Use the management route command to add new management routes to the default and EIS routing tables. Use the show ip management-eis-route command to view the EIS routes.

Important Points to Remember

· Deleting a management route removes the route from both the EIS routing table and the default routing table.

· If the management port is down or route lookup fails in the management EIS routing table, the outgoing interface is selected based on route lookup from the default routing table.

· If a route in the EIS table conflicts with a front-end port route, the front-end port route has precedence.

· Due to protocol, ARP packets received through the management port create two ARP entries (one for the lookup in the EIS table and one for the default routing table).

management egress-interface-selection

application dns

application ftp

application http

application icmp

application ntp

application radius

application sflow-collector

application snmp

application ssh

application syslog

application tacacs

application telnet

application tftp

Pages