Recovering a Locked Administrator Account in Storage Center OS v6.5

Tech Tip: Recovering a Locked Administrator Account in Compellent Storage Center OS v6.5
If all accounts are inaccessible because they have been disabled or locked‐out, use this procedure to reestablish a local Administrator account and reset passwords.

Prerequisites
This procedure requires a USB device that contains a partition table with one partition formatted with an MSDOS/FAT32 filesystem. USB devices vary by vendor as to whether they are formatted with or without partitions. Use Windows disk management or other third‐party tools to create a partition if the USB device does not have an MSDOS/FAT32 partition.

Steps
1 Create a text file containing the following line of text:
unlock <username>
where <username> is typically the Admin username. The Admin account is always on the system and it has the required Administrator privileges to reset passwords.

2 Save the file and name it:
unlock.phy

3 Copy the file to a MSDOS/FAT32 formatted USB drive.

4 Insert the USB drive into a port on the lead controller. When the media is recognized, System Manager allows the specified account to log on.

5 Log on to System Manager using the account specified on the USB drive. The password cannot be blank, but any text entered will be ignored.

6 Unlock locked accounts.

7 Reset passwords on accounts.

8 Remove the USB drive from the port.

Oracle licensing

Gerry is correct, Oracle *explicitly* does NOT support BIOS core disabling for the purposes of Oracle core licensing, since the cores can easily be re-enabled after initial installation config.  Likewise, core restriction via VMware/Hyper-V/KVM are also NOT recognized for licensing purposes, for the same reason.   There are some customers  who have struck one-off side-deals with their Oracle reps to recognize BIOS core disabling, but there is not an official lic. policy allowing this.  To avoid future audits = *extremely* expensive Oracle lic. "true-ups" I wouldn't even suggest this option for customers to pursue unless they can get that side deal in writing from their Oracle reps.

To restrict cores for Oracle lic. purposes, one must either:

* use fixed lower core count/higher clockspeed processor models e.g. E5-2637v3 4C@3.5GHz
* use OracleVM, ie. Oracle's Xen-based hypervisor.  OracleVM implements a feature called "core binding" aka "core pinning", which locks specific CPU core serial #'s to VMs, so one can create e.g. 2C VMs which cannot be modified, i.e. cannot add CPU's without destroying/recreating the VM from scratch, and therefore are recognized for Oracle lic. purposes.

From a market best practice perspective, many customers who've already standardized on VMware/Hyper-V etc. simply opt to pay the full core count cost for the system, then load as many Oracle workloads as possible onto the system/cluster, however for customers with smaller Oracle installs, OracleVM is a quite useful to control core costs, and has quite low compute perf overhead.

Peter Bailey
ET- Linux/Solaris/Oracle
512.800.9792
________________________________________
From: Gonzalez, Gerry
Sent: Friday, February 13, 2015 7:47 AM
To: Drunen, Marcel van; Sharma10, Ashish; Akkalyoncu, Serhat; Blades-Tech; BladeMasters
Subject: RE: Is it possible for Dell to disable cores?

Dell - Internal Use - Confidential
All,

From my experience within my set of US Global accounts, Oracle does NOT sanction disabling cores on X86 systems to forego licensing cores…Yes, once the cores are disabled they are electrically isolated and can NOT be seen by the OS until the next reboot but Oracle ONLY allows certain x86 systems that support hard partitioning  as well as RISC and SPARC systems leveraging LPARs to support disabling cores…

That said, I do have an account that worked a deal with their Oracle rep but that is on an account by account basis…Speaking from experience, I attempted to leverage this arrangement at another account and they were audited and were told they would have to entitle ALL cores in their Dell servers whether they were turned on or off…Moral of the story…Let your account take the fight to Oracle and NOT you…Dell will NOT officially support this due to our relationship with Oracle and they advise to move the customer to OVM and OEL to mitigate licensing costs…however, most customers will NOT want to stand up another virtualized environment to satisfy Oracle licensing…

Attached is the Oracle document explaining how Oracle defines core partitioning as Soft or Hard…Dell would fall under the ‘Soft’ definition according to Oracle although Intel would support that when cores are turned off in our systems, they are electrically isolated and cannot be used until they are turned back on in the bios on a subsequent reboot…

This is one of the reasons Intel continues to build and provide low core count processors, so your approach of using 4C procs is the way to go…

Don’t want to ramble here (as this brings up OLD scars) but if you would like more information just let me know…

Thanks…

Gerry Gonzalez
Enterprise Domain Specialist - Global - SouthEast
Dell Enterprise Products and Solutions
305-274-8982 Office
305-987-4395 Cell
305-274-0503 Fax


How am I doing? Please contact my manager, Richard Schultze at Richard_Schultze@Dell.com<mailto:Richard_Schultze@Dell.com> with any feedback.



From: Drunen, Marcel van
Sent: Friday, February 13, 2015 7:14 AM
To: Sharma10, Ashish; Akkalyoncu, Serhat; Blades-Tech; BladeMasters
Subject: RE: Is it possible for Dell to disable cores?


Dell - Internal Use - Confidential
Hi Ashish,

This is news to me. Can we get an official statement from Oracle about that?

Using one of the frequency optimized CPU’s will be a better choice most of the time because of the higher frequency. If disabling cores is not allowed, than the CPU’s with the lowest amount of cores are the E5-2637v3 (@3.5 GHz) and E5-2623v3 (@3.0 GHz). Both have four cores, so if the customer has a 8-core license these will be the CPU’s of choice in a dual socket Intel system.

Kind regards,

Marcel van Drunen
Senior Manager EMEA HPC
Dell ESG
+31-206744313

From: Sharma10, Ashish
Sent: Friday, February 13, 2015 12:26 PM
To: Akkalyoncu, Serhat; Blades-Tech; BladeMasters
Subject: RE: Is it possible for Dell to disable cores?

Hi Serhat,

You can go and disable the cores in the bios and OS will see only the enabled cores.

One of my customer had taken a letter from Oracle that their licensing will be only for active cores and he was able to leverage this feature.



Thanks & Regards

Ashish Sharma
Enterprise Technologist
Dell |Enterprise Solution Organisation
+919833630569
Ashish_sharma10@dell.com<mailto:Ashish_sharma10@dell.com>



From: Akkalyoncu, Serhat
Sent: Friday, February 13, 2015 4:30 PM
To: Blades-Tech; BladeMasters
Subject: Is it possible for Dell to disable cores?


Dell - Internal Use - Confidential
Hi,

I have a RFP and in one of the requirements it says “There should be a possibility to disable physical cores in server”. Is it possible? Our customer will use these systems in Oracle deployment and so because of the core licensing they want to disable cores.

Best Regards,

Serhat Akkalyoncu
CSE (Customer Sales Engineer)
Dell | EMEA Emerging Markets / Turkey
Office : +90 216 570 8700, mobile : +90 532 426 2386, faks : +90 216 570 8798
e-mail :  serhat_akkalyoncu@dell.com<mailto:serhat_akkalyoncu@dell.com>
adress:  Icerenkoy mah. Askent sok. no:3/A Atasehir / Istanbul PK:34752 Turkey

general port vs trunk port

On a Port in General Mode you can have more than one untagged Vlan. So it is used for 802.1x Ports or Mac based Vlan configuration.

If you want only one untagged Vlan use you can also use the Trunk Mode. With Switchport mode trunk the Switch tagges all vlans (exept the native) so it is not necessary to have a allow list like in general mode.

N Series

##############################################################################################################################################

• Access — The port belongs to a single untagged VLAN.

Configure a Vlan Untagged to a Port,  In the Example VLAN 23.

console(config)# interface gi1/0/8

console(config-if)# switchport mode access

console(config-if)# switchport access vlan 23

##############################################################################################################################################

Trunk vs. General Mode

·         In General Mode are egress more then one untagged Vlans possible

##############################################################################################################################################

• General — The port belongs to VLANs, and each VLAN is user-defined as tagged or untagged (full 802.1Q mode).

Several Vlans tagged and / or untagged configured on a port, eg Uplink (the Vlans 23, 25 are the tagged Vlans, Vlans 24, 27 are untagged, untagged packets that are received in the example will be switched on VLAN 24 (PVID).

The port configuration must be in respect of the tagged / untagged Vlans the same as its counterpart, switch, server can be established). If Only the Command console(config-if)# switchport mode general

is configured then the following Defaults are present:

General Mode PVID: 1 (default)                   -> Vlan 1 untagged

General Mode Ingress Filtering: Enabled

General Mode Acceptable Frame Type: Admit All

General Mode Dynamically Added VLANs:

General Mode Untagged VLANs: 1

General Mode Tagged VLANs:                     -> NO Vlan Tagged

General Mode Forbidden VLANs:

console(config)# interface gi1/0/11

console(config-if)# switchport mode general

console(config-if)# switchport general allowed vlan add 23,25 tagged

console(config-if)# switchport general allowed vlan add 24,27 untagged

console(config-if)# switchport general pvid 24

##############################################################################################################################################

• Trunk — The port belongs to VLANs on which all ports are tagged (except for one per port that can be untagged).

Several Vlans tagged  plus one untagged configured on a port, eg Uplink (the Vlans 23, 24, 25 are the tagged Vlans, Vlan 22 is untagged, untagged packets that are received in the example will be switched on VLAN 22.

The port configuration must be in respect of the tagged / untagged Vlans the same as its counterpart, switch, server can be established). If Only the Command console(config-if)# switchport mode trunk

is configured then the following Defaults are present:

Trunking Mode Native VLAN: 1 (default)    -> Vlan 1 untagged

Trunking Mode Native VLAN Tagging: Disabled

Trunking Mode VLANs Enabled: All            -> ALL Vlans Tagged, except Native Vlan 1

console(config)# interface gi1/0/9

console(config-if)# switchport mode trunk

console(config-if)# switchport mode trunk native vlan 22

console(config-if)# switchport mode trunk allowed vlan add 22-25

##############################################################################################################################################

FORCE 10

##############################################################################################################################################

By default, all interfaces are in Layer 3 mode and not belonging to any Vlan. So you could configure an IP address on the port concerned, as on a classical router.

RVL-S4810-1# show int ten 0/46 status

Port     Description  Status Speed     Duplex Vlan

Te 0/46               Down   Auto       Auto   --           -> member in none Vlan

##############################################################################################################################################

To configure the port in a Vlan, you  must make a change to Layer2 / switch port Mode. It also falls automatically to the default untagged Vlan. This is by default Vlan 1. It can be be changed if necessary RVL-S4810-1(conf)#default vlan-id xxx.

A Default VLAN IP address can not be given. To obtain an IP interface to Vlan 1 you must change the default Vlan to another Vlan first

RVL-S4810-1(conf-if-te-0/46)#switchport

RVL-S4810-1#show int ten 0/46 status

Port     Description  Status Speed     Duplex Vlan

Te 0/46               Down   Auto      Auto    1     -> untagged member in default Vlan

To change untagged Vlan:

RVL-S4810-1(conf)# int vlan 2

RVL-S4810-1(conf-if-vl-2)#untagged tengigabitethernet 0/46

RVL-S4810-1#show int ten 0/46 status

Port     Description  Status Speed     Duplex Vlan

Te 0/46               Down   Auto      Auto   2      -> now untagged member in Vlan 2

##############################################################################################################################################

To make the port to trunk port and to tag multiple Vlans without a untagged native VLAN.

RVL-S4810-1(conf-if-te-0/46)#switchport

RVL-S4810-1#show int ten 0/46 status

Port     Description  Status Speed     Duplex Vlan

Te 0/46               Down   Auto      Auto    1          -> untagged member in default Vlan (will be changed/removed when adding the first tagged Vlan)

To add tagged Vlans (here you can see, that the native vlan is removed and the the switch tag all Vlans):

RVL-S4810-1(conf-if-te-0/46)#int vlan 3

RVL-S4810-1(conf-if-vl-3)#tagged tengigabitethernet 0/46

RVL-S4810-1#show int ten 0/46 status

Port     Description  Status Speed     Duplex Vlan

Te 0/46               Down   Auto      Auto   3

RVL-S4810-1(conf-if-te-0/46)#int vlan 4

RVL-S4810-1(conf-if-vl-4)#tagged tengigabitethernet 0/46

RVL-S4810-1#show int ten 0/46 status

Port     Description  Status Speed     Duplex Vlan

Te 0/46               Down   Auto      Auto   3-4

With RVL-S4810-2# show vlan you can see which Ports are tagged and untagged Members on the Vlans:

RVL-S4810-2# show vlan

Codes: * - Default VLAN, G - GVRP VLANs, R - Remote Port Mirroring VLANs, P - Pimary, C - Community, I - Isolated

       O - Openflow

Q: U - Untagged, T - Tagged

   x - Dot1x untagged, X - Dot1x tagged

   o - OpenFlow untagged, O - OpenFlow tagged

   G - GVRP tagged, M - Vlan-stack, H - VSN tagged

   i - Internal untagged, I - Internal tagged, v - VLT untagged, V - VLT tagged

    NUM    Status    Description                     Q Ports

    1      Active                                             

    2      Active                                   

    3      Active                                    T Te 0/46             -> 0/46 now tagged member in Vlan 3

    4      Active                                    T Te 0/46             -> 0/46 now tagged member in Vlan 4

No untagged native VLAN !!! Port is not in hybride Mode !!

##############################################################################################################################################

To make the port to trunk port and to tag multiple Vlans or to make double tagging on it, it must be configured in the Port Mode Hybrid.

Is it not in the default mode (Layer 3, see above) you have to configure it in these default configure mode:

RVL-S4810-1(conf-if-te-0/46)#portmode hybrid

% Error: Port is in Layer-2 mode Te 0/46.

RVL-S4810-1(conf-if-te-0/46)#int vlan 2

RVL-S4810-1(conf-if-vl-2)#no untagged tengigabitethernet 0/46

RVL-S4810-1(conf-if-te-0/46)#no switchport

Now you can change the port mode:

RVL-S4810-1(conf-if-te-0/46)#portmode hybrid

RVL-S4810-1#show int tengigabitethernet 0/46 status

Port     Description  Status Speed     Duplex Vlan

Te 0/46               Down   Auto      Auto   --           -> member in none Vlan

Now you can add Vlans tagged and untagged to the Port:

RVL-S4810-1(conf-if-te-0/46)#switchport

RVL-S4810-1#show int ten 0/46 status

Port     Description  Status Speed     Duplex Vlan

Te 0/46               Down   Auto      Auto    1          -> untagged member in default Vlan

To change the untagged Vlan:

RVL-S4810-1(conf)# int vlan 2

RVL-S4810-1(conf-if-vl-2)#untagged tengigabitethernet 0/46

RVL-S4810-1#show int ten 0/46 status

Port     Description  Status Speed     Duplex Vlan

Te 0/46               Down   Auto      Auto   2           -> now untagged member in Vlan 2

To add additional tagged Vlans:

RVL-S4810-1(conf-if-te-0/46)#int vlan 3

RVL-S4810-1(conf-if-vl-3)#tagged tengigabitethernet 0/46

RVL-S4810-1#show int ten 0/46 status

Port     Description  Status Speed     Duplex Vlan

Te 0/46               Down   Auto      Auto   2-3

RVL-S4810-1(conf-if-te-0/46)#int vlan 4

RVL-S4810-1(conf-if-vl-4)#tagged tengigabitethernet 0/46

RVL-S4810-1#show int ten 0/46 status

Port     Description  Status Speed     Duplex Vlan

Te 0/46               Down   Auto      Auto   2-4

With RVL-S4810-2# show vlan you can see which Ports are tagged and untagged Members on the Vlans:

RVL-S4810-2# show vlan

Codes: * - Default VLAN, G - GVRP VLANs, R - Remote Port Mirroring VLANs, P - Pimary, C - Community, I - Isolated

       O - Openflow

Q: U - Untagged, T - Tagged

   x - Dot1x untagged, X - Dot1x tagged

   o - OpenFlow untagged, O - OpenFlow tagged

   G - GVRP tagged, M - Vlan-stack, H - VSN tagged

   i - Internal untagged, I - Internal tagged, v - VLT untagged, V - VLT tagged

    NUM    Status    Description                     Q Ports

    1      Active                                    U Te 0/1-45,47-48         

    2      Active                                    U Te 0/46            -> 0/46 now untagged member in Vlan 2

    3      Active                                    T Te 0/46            -> 0/46 now tagged member in Vlan 3

   4      Active                                    T Te 0/46             -> 0/46 now tagged member in Vlan 4

##############################################################################################################################################

vSphere Data Protection (VDP) Troubleshooting Commands

Source: http://www.virten.net/2015/02/vsphere-data-protection-vdp-troubleshooting-commands/ 

You have to connect to the VDP appliance with SSH as root (password was set during initial configuration)

status.dpn
Display VDP status information

dpnctl status
Display service status information

capacity.sh
Analyse space consumption from the last 30 backup jobs. Displays the amount of new data and how much space the garbage collection has recovered.

df -h
Display free partition space. This is not an equivalent to the free space displayed in the GUI but can reveal issues if partitions are full.

cplist
Display Checkpoint status

mccli server show-prop
Display VDP appliance properties. This is an equivalent to the information shown in the vSphere Web Client

mccli activity show
Display backup jobs information. Each activity is a backup job from a single virtual machine. If you have one daily backup job with 10 VMs configured in VDP, you will see 10 activities per day.

mccli activity get-log –id=<ID>
Get the activity log from a backup job. If a backup job failed, you might find useful information here. Produces lots of information, so it’s better to pipe it to a file.

mccli activity show –name=/<VCENTER>/VirtualMachines/<VM>
Display backup jobs information from a single Virtual Machine

Which SFP+ Modules, SFP Modules, and Cables Can I Use with the X520 Series?

Link for more information.

ESX claim disk as SSD

Configuration:

esxcli storage nmp satp rule add --satp VMW_SATP_LOCAL --device mpx.vmbha0:C0:T0:L0 --option=enable_ssd

Application:

esxcli storage core claiming reclaim -d  mpx.vmbha0:C0:T0:L0 

or just restart ESXi  

Verification:

esxcli storage core device list --device=mpx.vmbha0:C0:T0:L0