Pages

Wednesday, April 29, 2015

ESXi dell-configuration-vib for use with ImageBuilder

As of ESXi 6.0 release, we are now providing an offline bundle.zip containing our custom image.

http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=HJFY8

As for ESXi 5.5 and earlier, the only way to do this would be to utilize VMware’s Image Builder and create your own customized offline bundle.

Here’s a whitepaper that goes through the procedure:

http://en.community.dell.com/techcenter/extras/m/white_papers/20135932

Here’s a youtube video that goes through the process:

https://www.youtube.com/watch?v=AfjEyB2FTwc

Cheers,

Jim White
Senior ProSupport Engineer – Virtualization
Certifications: VCP 3 / 4 / 5, LPIC-3 Core, LPIC-3 Virtualization
Dell | Enterprise Solutions
Phone  1-800-945-3355  Option  1  Ext  723-8649
Office Hours | 8:30 am - 5:30 pm (CST) Monday - Friday

Customer feedback | How am I doing?  Please contact my manager: Scott_Stout@dell.com
Posted by at No comments:
Labels: , ,

OS Windows Security Hardening

The best practice is to avoid “manual by document OS hardening” at all cost, especially with the latest Windows 2012 and 2012 R2 OSs. From my experience each company usually creates its own hardening guidance/procedures in accordance with  Microsoft’s Baseline Server Hardening: https://technet.microsoft.com/en-us/library/cc526440.aspx. However, I personally do not recommend  manual Server hardening, because IT could follow to non-standard (and sometimes unsupported) settings which are picked from outdated hardening guides, and it can cause the server to misbehave, result into breakdown of various operating system related components and failure of critical applications. I always advice my customers to use these two tools (urls are below) for ‘hardening’ Windows Server 2012/2012-R2. Any other method to harden the server might result in unforeseen results.

The SCW tool has server roles templates, but some templates for some server roles would need to be downloaded and configured separately.
Example: By default, the SCW does not include support for the TMG 2010 role nor TMG Enterprise Management Server (EMS) role. To support these roles, download and install TMGRolesForSCW.exe included in the TMG 2010 Tools and Software Development Kit (SDK), available here.

Sincerely,
Andrei Vassiliev
Systems Integration Consultant – “Microsoft Infrastructure Services Team”
Dell | Consulting & Systems Integration
lync +1 512 723-8974
Customer feedback | How am I doing? Please contact my manager Tim_Alvey@Dell.com


Posted by at No comments:
Labels: , ,

Monday, April 27, 2015

MXL -- Can't ping management IP when MXL is installed in Fabric A

Thanks to all of you who responded to this problem I presented on Wednesday.  I’m not sure if anyone provided a solution that is consistent with the resolution we used, but here’s a brief summary that I shared with the customer.  You could very well encounter this problem in the future and you could spend hours working on the MXL when in its actually a problem with the CMC.  After spending several hours trouble-shooting with two different TAC engineers, they escalated to a Master Engineer who was quite confident he knew what the fix would be and sure enough it worked.  Note that we were trying to ping the management IP and the customer was using only a LOM for Fabric A.  No mezz cards were installed.

The problem is a known issue and the Master Engineer said they have not been able to debug the root cause, so the what was provided is really a preventative work around.  BTW, we also did a factory reset on the MXL and configured it from scratch while inserted in Fabric A but this didn’t work.  The only solution that worked was to use the rack rest command on the CMC.  Before executing the rack reset command, TAC collected several logs in an attempt to determine the root cause.


Summary for the Customer:
-------------------------------------
Re: Dell TAC Case 910245438 – Cannot access management IP of MXL when installed in Fabric Slots A1 or B1

The problem as reported to us yesterday has been resolved on the M1000e chassis in question, but I look forward to the customer confirming this at your earliest convenience by moving the MXLs back into Fabric slots A1 and A2.  Please also confirm that the CMC is configured as expected since we did an upgrade and a re-configuration.  I left the MXLs installed in the B1/B2 fabric slots and the B22s installed in the A1/A2 slots since this is how I found them when we started trouble shooting this morning (Thursday, April 23) and wasn’t sure if I would impact any ongoing traffic testing traversing Fabric A1/A2.  Before leaving this evening, I moved the MXLs from Slots C1 /C2 to B1/B2 to A1/A2 and was able to successfully ping the management IP addresses (10.26.17.240/241) with each move.  If there is any problem please contact me immediately.

Resolution:

The problem was resolved by running a rack reset command and then reconfiguring the CMC.  Our Dell support staff advises that this is a one-time event on a M1000e chassis and it can easily be prevented for any subsequent deployments of the M1000e chassis.

Additional notes:

The MXLs were upgraded from firmware Release 9.4 to 9.6.
The CMC was upgraded to 5.01.
These upgrades should have no effect on the capabilities of the CMC or the MXLs in context of the testing being performed by Robert and Tommy, but I recommend moving the MXLs to 9.7 in the not too distant future since OpenFlow 1.3 is supported on 9.7 while OpenFlow 1.0 is supported on 9.6.  Although 9.7 was released earlier this year, we would like to see a few more weeks of field exposure before recommending DirecTV move to this release.

Bill Tozer
Network Systems Engineer

Office: 805-498-2959
Mobile: 805-490-7409

Dell | Enterprise Solutions, Networking
Bill_Tozer@Dell.com


Description: Dell Logo


From: Tozer, Bill
Sent: Wednesday, April 22, 2015 4:59 PM
To: Cereijo, Manny; WW Networking Domain; Arrata, William
Subject: RE: MXL -- Can't ping management IP when MXL is installed in Fabric A

Thanks Manny,

I’ll try that when I’m on site tomorrow morning.

Bill

From: Cereijo, Manny
Sent: Wednesday, April 22, 2015 4:57 PM
To: Tozer, Bill; WW Networking Domain; Arrata, William
Subject: RE: MXL -- Can't ping management IP when MXL is installed in Fabric A

Dell - Internal Use - Confidential
Bill,

Is the MXL connecting to the same management network when in Fabric A, B and C?
Can they connect to the MXL via the CMC? Try to SSH or telnet to the CMC, then connect to the MXL with the connect switch-a1 command.

Manny

From: Tozer, Bill
Sent: Wednesday, April 22, 2015 7:48 PM
To: WW Networking Domain; Arrata, William
Subject: MXL -- Can't ping management IP when MXL is installed in Fabric A

Has anyone seen any issues with not being able to ping the management IP (or access via SSH) of an MXL when installed in Fabric A?  My customer has reported that everything works fine when the MXL is installed in Fabric B or C, but when the MXL is moved to Fabric A, they can no longer connect to it.

Midplane Version of the M1000e is 1.1
Release of the MXL is 9.4, but we will be upgrading it to Release 9.7 ASAP and opening a support case.

Bill Tozer
Network Systems Engineer

Office: 805-498-2959
Mobile: 805-490-7409

Dell | Enterprise Solutions, Networking
Bill_Tozer@Dell.com


Posted by at No comments:
Labels: ,

Monday, April 13, 2015

vSphere 3.5 to 6.0 Upgrade procedure

Basic Assumptions:
The customer does not necessarily need access to historical performance or event data and is willing to sacrifice that.
The customer is willing to accept minimal downtime so long as it is planned.
 
1.       Backup the entire environment, including the VMs and the supporting systems and databases. (!)
2.       Stand-up the new hosts with either 5.5 or 6.0
3.       Stand-up new datastore storage for your new 5.5 or 6.0 cluster.
4.       Designate one of your new hosts to be the transition host or ‘landing zone’
5.       Add an FC HBA to this landing zone host and have it zoned so that it can see the existing VMFS3 datastores.

DO NOT UPGRADE VMFS if prompted or offered!

6.       Select a number of non-essential virtual machines to serve as a proof-of-concept.
7.       Take note of which datastore(s) the identified virtual machines reside.
8.       Systematically schedule the shutdown of the identified virtual machines.
9.       Once the virtual machines are powered-off, right-click and remove from inventory.

DO NOT DELETE. Remove from inventory.
10.   On the landing zone or transition host, browse the datastore where the VM to be migrated resides, open the folder and find the configuration (.vmx) file. Right-click on that file and choose Add to Inventory.
11.   Once the VM shows up in the new cluster, attempt to power it on. Verify that the power-on works and the system is available on the customer’s network. Note that the network port-group labels and such may be different between the old cluster and new, so you might have it edit the VM’s settings to ensure the correct port-group(s) are selected.

DO NOT UPGRADE VIRTUAL HARDWARE OR VMWARE TOOLS AT THIS TIME.

12.   Repeat as necessary until all virtual machines are moved to the new cluster.
13.   Plan an upgrade of the VMware tools (requires a reboot) on each virtual machine.
14.   Plan an upgrade of the VM virtual hardware level (requires a second reboot) on each virtual machine.
15.   Utilize VMware’s Storage vMotion to move all of the VMs to the new datastores.
16.   Remove the legacy VMFS3 datastores.
17.   Shutdown and decommission the old hardware.
 
I have done this before with 5.5 and assume that it would operate the same way with 6.0, but that is another risk that would need to be identified with going right to 6.x. You could upgrade to 5.5 and then, once completed, upgrade to 6.0.
 
Note that if any VM has an RDM, that will need to be handled separately. You can use the same process, but before you are able to decommission the old storage you will need to either migrate the external RDM to a new virtual VMDK (create new VMDK, use guest OS tools to move the data) or another form of storage based on the new array’s capabilities.
Posted by at No comments:
Labels: ,

Wednesday, April 8, 2015

Use ATS for Heart Beat on VMFS?

To disable
esxcli system settings advanced set -o /VMFS3/UseATSForHBOnVMFS5 -i 0
To enable
esxcli system settings advanced set -o /VMFS3/UseATSForHBOnVMFS5 -i 1
Posted by at No comments:
Labels: , , , ,

Sunday, April 5, 2015

How To Install the Root Self-Signed Certificate from vCenter 6.0

Posted by at No comments:
Labels: , , ,

Friday, April 3, 2015

Tools for network monitoring

Smokeping - jitter monitoring

Observium - on top of NAGIOS

sFlowTrend - sFlow/netFlow monitoring
http://www.inmon.com/products/sFlowTrend.php
FlowMon - netFlow monitoring
https://www.invea.com/en/products/flowmon

 sFlow + LogStash
https://github.com/NETWAYS/sflow

 NetFlow Monitoring Tools
http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-netflow/networking_solutions_products_genericcontent0900aecd805ff728.html
Posted by at No comments:
Labels: , , ,

N-Series Poe

Did you open a case with tech-support
I’ve seen issues where devices did report as Class2 or 3 devices while they should be 0 or even high-power (POE+) and that it was just slightly over the limit and some ports seemed to be a little bit more stringent then others.

Consider indeed:
·         Setting the (lower) port on interface level as ‘power inline high-power’
·         On global or stack-unit level set ‘power inline management static’
·         Remove ‘legacy’ as dynamic method
·         Or set it indeed as ‘class based’ power

And else: open a case with tech-support to fully investigate and maybe use debug commands to find exact reason why it did go off.

The ‘work-around’ for removing ISDP is only applicable on Cisco devices that refuse to use industry standard methods if it thinks it is connected to a Cisco device – mainly Cisco multi-radio AP’s. Because they do receive ISDP info they do think they should also get POE info over CDP – but that part is ‘closed code’ and not open part of CDP (which is thus ISDP).
You can also work around that in another way then removing/disabling ISDP: you can tell the Cisco device it should accept POE negotiation form a specific device (MAC address of the switch/stack in question).  This last behavior is imho clearly a Cisco problem – it does NOT check if it is talking to a device that supports full CDP including Cisco proprietary POE negotiation over CDP: it just sees ‘something that looks like CDP’ and then refuses to use the industry standard unless specifically told to do so (via command on Cisco box like:  power inline negotiation injector <attached>  which will then be replaced by the switch MAC address in the Cisco startup-config).

Jan

Jan

From: Malone, Jim
Sent: Thursday, April 02, 2015 3:36 PM
To: Meister, Benjamin; WW Networking Domain
Subject: RE: N-Series Poe - Ahhhh . . .

Dell - Internal Use - Confidential
Well, I am out of guesses
The only other option is go to 6.2.0.5.
Nothing specific on Release Notes.

Jim Malone
Network Sales Engineer
Dell | Networking | VA, DC
571-232-0340
Jim_malone@dell.com

From: Meister, Benjamin
Sent: Thursday, April 02, 2015 10:22 AM
To: Malone, Jim; WW Networking Domain
Subject: RE: N-Series Poe - Ahhhh . . .

Dell - Internal Use - Confidential
6.1.2.4



~ Benjamin R. Meister
   Networking & Converged Infrastructure Sales
   Dell | Enterprise Solutions, Networking
   Office    + 1.646.409.1330 
   Mobile   + 1.646.489.2035

From: Malone, Jim
Sent: Thursday, April 02, 2015 10:19 AM
To: Meister, Benjamin; WW Networking Domain
Subject: RE: N-Series Poe - Ahhhh . . .

Dell - Internal Use - Confidential
What version of OS are you running?

Release 6.1.0.6 Summary
User Impact
Resolution
Affected Platforms
Issues powering up POE devices on certain switch port interfaces.
When dot13af and legacy mode is enabled and the first 12/24 switch ports are in error status, the last 12/24 ports are stay off.
Fixed high port powering issue by updating the PoE controller firmware version to 263_75.
Please wait for few minutes for PoE controller firmware update to complete on switch boot-up.
You will see the below log messages on switch boot-up after switch firmware upgrade.
<187> Jun 17 04:51:57 172.25.136.215-1 POE[144021428]: hpc_poe_pwrdsne.c(6733) 582
N2xxxP/N3xxxP


Jim Malone
Network Sales Engineer
Dell | Networking | VA, DC
571-232-0340
Jim_malone@dell.com

From: Meister, Benjamin
Sent: Thursday, April 02, 2015 10:06 AM
To: Malone, Jim; WW Networking Domain
Subject: RE: N-Series Poe - Ahhhh . . .

Dell - Internal Use - Confidential
According to the Show tech:

Power.......................................... On
Total Power.................................... 1800 Watts
Threshold Power................................ 1620 Watts
Consumed Power................................. 82 Watts
Usage Threshold................................ 90%
Power Management Mode.......................... Dynamic
Power Detection Mode........................... dot3af+legacy

Unit  Description    Status     Average     Current          Since
                                 Power       Power         Date/Time
                                (Watts)     (Watts)
----  -----------  -----------  ----------  --------  -------------------
1     System       OK            0.2        39.8
1     PS-1         OK           N/A         N/A       03/14/2015 06:40:57
1     PS-2         OK           N/A         N/A       03/14/2015 06:40:57

~ Benjamin R. Meister
   Networking & Converged Infrastructure Sales
   Dell | Enterprise Solutions, Networking
   Office    + 1.646.409.1330 
   Mobile   + 1.646.489.2035

From: Malone, Jim
Sent: Thursday, April 02, 2015 9:59 AM
To: Meister, Benjamin; WW Networking Domain
Subject: RE: N-Series Poe - Ahhhh . . .

Dell - Internal Use - Confidential
Question: do  you have the default 750watt power supply?
Question: is this the only powered device plugged in?

Something to check and work with.
Power Inline Priority – by default all ports are set the same and here is what that means to you.

Priority is always enabled for all ports. If all ports have equal priority in an
overload condition, the switch will shut down the lowest numbered ports
first.

To test this you could change the priority of a low numbered port and retest the phone.

It may be preferable, if not already done, to use the 1100 watt power supplies.

Hope this helps


Jim Malone
Network Sales Engineer
Dell | Networking | VA, DC
571-232-0340
Jim_malone@dell.com

From: Meister, Benjamin
Sent: Thursday, April 02, 2015 9:23 AM
To: WW Networking Domain
Subject: N-Series Poe - Ahhhh . . .

Dell - Internal Use - Confidential
Ok folks,

N-series 3048p: 

Customer has poe phones, no problems any port. 
Customer plus in a Polycom CP7937G phone [15.4w] into a lowered number port, gets ‘ethernet disconnect’ errors.  But when he switches from say port 1/0/1-14 to port 1/0/47 the phone comes up and stays up no problem.  Same configuration on all ports.
This is unique to 1 or 2 of his switches, the remaining switches work just fine (all stand alones)

Would this be an indication of a bad ASIC?  (which would be really weird since the lower ports also have PoE phones on them)

Point of fact:  we did try ‘no ISDP enable’ trick – no luck.

~ Ben

~ Benjamin R. Meister
   Networking & Converged Infrastructure Sales
   Dell | Enterprise Solutions, Networking
   Office    + 1.646.409.1330 

   Mobile   + 1.646.489.2035
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)