• List of iSCSI Mutual CHAP Posts by OS
  • Tools and Utilities for Windows
  • Unix and Linux Distros

slice2

slice2

Category Archives: VMware

HOWTO Secure iSCSI Luns Between VMware ESXi 5.1 and NetApp Storage with Bidirectional CHAP

29 Friday Nov 2013

Posted by Slice2 in iSCSI, Security, VMware

≈ Leave a comment

Tags

iSCSI, Security, VMware

This document demonstrates how to configure iSCSI bidirectional CHAP between ESXi 5.1 Update 1 and NetApp storage. There were to many screen captures for a regular post so I created the pdf below.

Versions in use for this document:
1) VMware vSphere vCenter 5.1 Update 1c Web Client
2) VMware ESXi 5.1 Update 1
a. Note: The ESXi software iSCSI initiator will be used for this document
3) NetApp Data ONTAP 7.3.7P3 (this also works with Data ONTAP version 8x)

The HOWTO is here: Bidirectional CHAP with vSphere 5.1u1c.pdf

When a VMware Tools Upgrade Goes Bad – Fixing NICs

27 Wednesday Nov 2013

Posted by Slice2 in VMware, Windows

≈ Leave a comment

Tags

VMware, Windows

Scenario: you upgrade VMware tools on one of your VMs and your IP address will not maintain a static configuration. It reverts back to a Microsoft APIPA address (169.254.0.1 – 169.254.255.254). It’s Sunday at 9:00 PM, the outage window is closing and now you are angry.

Solution: you have to clean out all references to current and previous NICs in the registry. This post tells you how to do this for Windows 2008R2 x64. Make sure you have a local administrator account and know the password before you start. You don’t want to lock yourself out of the VM should something go haywire.

Note: Make sure your VM hardware is set to a version compatible with your version of vSphere. For this post, I’m set to version 9 (for 5.1 U1c). You can run into issues related to buggy hardware mismatches.

1) Remove the NIC and reboot the VM.
a) Right-click the VM > Edit Settings > select the NIC and click Remove > OK.

2) Delete the Interfaces and Adapters from the Registry.
a) Click Start > Run and enter regedt32 and press enter.
b) Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces
c) Expand Interfaces and delete all entries (delete folders from the left pane).
d) Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Adapters
e) Expand Adapters and delete all entries (delete folders from the left pane).
f) Close the registry editor and reboot the VM.

3) Add the VMXNET3 NIC back to the VM.
a) Right-click the VM > Edit Settings > click Add > select Ethernet Adapter and click Next.
b) On the Network Connection page, select the VMXNET3 adapter type, select the network you want to connect to and most importantly, DESELECT connect at power on, and then click Next > Finish > OK.
c) Reboot the VM. Don’t skip this reboot.

4) Configure your IP address.
a) Login to the VM. Click Start > Control Panel > Network and Internet > Network and Sharing Center > Change Adapter Setting.
b) Right-click the NIC > Properties > select IPv4 and click Properties.
c) Enter your IP, mask, gateway, dns and click OK > OK.
d) Right-click the VM > Edit Settings > select the NIC and in the upper right, click both Connect at power on and Connected, then click OK.
e) The NIC will connect and you should have a clean network configuration.
f) Open a cmd prompt and enter ipconfig -all to verify. Ping other hosts to test.

Display the iSCSI Initiator Node Name or IQN from the command line.

01 Sunday Sep 2013

Posted by Slice2 in HP, iSCSI, Linux, NetApp, NetBSD, Solaris, VMware, Windows

≈ 1 Comment

Tags

iSCSI

At some point you will be asked by a Storage Engineer for your system’s iSCSI Initiator Node Name or your iqn. This list shows you how to get your local iSCSI initiator name or iqn from the command line. This assumes the iSCSI service is installed, enabled and running. If you have a different way or want to add an OS or platform to this list simply leave a comment and I’ll add it.

AIX:
> smitty iscsi
select > iSCSI Protocol Device
select > Change / Show Characteristics of an iSCSI Protocol Device

FreeBSD (v10 and newer. Thanks to Edward Tomasz Napierala for this update):
> iscsictl -v  (only after you have established a session with your array)

HP-UX:
> iscsiutil -l

Linux:
> cat /etc/iscsi/initiatorname.iscsi

NetApp Data ONTAP: (this is a target iqn not a host iqn)
7-Mode:
> iscsi nodename

Cluster Mode from the clustershell:
> vserver iscsi show

NetBSD: (please make this easier NetBSD developers! How about an iscsictl list_initiators command?)
> iscsictl add_send_target -a <hostname or IP of your target/storage)
Added Send Target 1
> iscsictl refresh_targets
OK
> iscsictl list_targets
1: iqn.1992-08.com.netapp:sn.84167939
2: 10.1.0.25:3260,1000
> iscsictl login -P 2
Created Session 2, Connection 1
> iscsictl list_sessions
Session 2: Target iqn.1992-08.com.netapp:sn.84167939

On the NetApp filer find the initiator:
netapp01> iscsi initiator show
Initiators connected:
TSIH  TPGroup  Initiator/ISID/IGroup
4    1000   nbsd611.lab.slice2.com (iqn.1994-04.org.netbsd:iscsi.nbsd611.lab.slice2.com:0 / 40:00:01:37:00:00 / )

Solaris 11:
> iscsiadm list initiator-node

VMware ESXi 5.1:
ESXi console:
Get the devices first:
> esxcfg-scsidevs -a | grep iSCSI
Then get the iqn (in this case vmhba33 is the iSCSI device)
> vmkiscsi-tool -I -l vmhba33

esxcli:
> esxcli -s <esxihostname or ip> -u root iscsi adapter get -A vmhba33

Windows:
c:\iscsicli.exe

DISA STIGs released for vSphere 5

21 Wednesday Aug 2013

Posted by Slice2 in Security, VMware

≈ Leave a comment

Tags

Security, VMware

Secure your virtual infrastructure by using the following guidelines.

1) The DISA STIGs for vSphere 5 have been released:

http://iase.disa.mil/stigs/os/virtualization/esx.html

2) The VMware vSphere Hardening Guide is here:

http://blogs.vmware.com/vsphere/2013/04/vsphere-5-1-hardening-guide-official-release.html

 

Microsoft employee takes a polygraph

06 Thursday Jun 2013

Posted by Slice2 in VMware

≈ Leave a comment

Tags

VMware

Free VMware Class – Security Principles in Virtualized Data Centers

09 Thursday May 2013

Posted by Slice2 in Security, VMware

≈ Leave a comment

Tags

Security, VMware

Overview:
In this free eLearning course you will review security requirements and learn how to secure the virtualized datacenter environment as well as explain cloud security features and concepts.
Outline:

•  In the first module, Security in a Virtualized Data Center, we will describe security principles and identify unique security considerations in virtualized data center environments.
•  In the Platform Hardening module we will describe VMware vSphere® security and present some vSphere hardening examples.
•  In the Security Compliance and Governance module we will describe compliance, common standards, common compliance controls, VMware compliance example with PCI, and examine VMware compliance solutions.
•  In the Security Use Cases in Virtualized Data Centers module we will explain how to protect business-critical applications in virtualized environments and how to secure VMware View virtual desktop infrastructure deployments.
•  In the Private Cloud Security module we will define cloud computing, examine private cloud architecture, and examine security considerations in private clouds.
•  In the last module, the Ecosystem Enablement and APIs, we will describe the vCloud Ecosystem Framework, introduce the relevant APIs, along with the VMware Ready program that Technology Alliance Partners use to access the APIs. Finally, we will show some examples of partner integrations.

Register here:
http://mylearn.vmware.com/mgrReg/courses.cfm?ui=www_edu&a=det&id_course=172855

The Official vSphere 5.1 Hardening Guide has been released

22 Monday Apr 2013

Posted by Slice2 in Security, VMware

≈ Leave a comment

Tags

Security, VMware

The official release of the vSphere 5.1 Hardening Guide offers guidance on securely deploying VMware vSphere 5.1.

http://communities.vmware.com/docs/DOC-22981

Adding a new local disk to ESXi and formatting with VMFS

20 Wednesday Mar 2013

Posted by Slice2 in ESXi, VMware

≈ 1 Comment

Tags

ESXi, VMware

Need to add a disk to an ESXi 5x server and format as VMFS? Here is how you do it from the ESXi CLI. Enable ssh on the ESXi host in vCenter and login as root via xterm or putty. This was done on an HP DL360.

1) Find your disks.

> ls /vmfs/devices/disks/
-or
> esxcfg-scsidevs -c

The new disk is: mpx.vmhba1:C0:T1:L0

2) Create a partition.

> fdisk /vmfs/devices/disks/mpx.vmhba1:C0:T1:L0
Select: m
Select: l
Command (m for help): n
Command action
e   extended
p   primary partition (1-4)
Select: p
Partition number (1-4): 1
First cylinder (1-8920, default 1): Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-8920, default 8920): Using default value 8920

Command (m for help): p

Disk /vmfs/devices/disks/mpx.vmhba1:C0:T1:L0: 73.3 GB, 73372631040 bytes
255 heads, 63 sectors/track, 8920 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot      Start         End      Blocks  Id System
/vmfs/devices/disks/mpx.vmhba1:C0:T1:L0p1             1      8920  71649868+  83  Linux

Command (m for help): w
The partition table has been altered!

Command (m for help): t
Selected partition 1
Hex code (type L to list codes): l

0 Empty                             1c Hidden W95 FAT32 (LBA)     a5 FreeBSD
1 FAT12                              1e Hidden W95 FAT16 (LBA)     a6 OpenBSD
4 FAT16 <32M                 3c Part.Magic recovery                 a8 Darwin UFS
5 Extended                        41 PPC PReP Boot                         a9 NetBSD
6 FAT16                              42 SFS                                             ab Darwin boot
7 HPFS/NTFS                   63 GNU HURD or SysV               b7 BSDI fs
a OS/2 Boot Manager      80 Old Minix                                 b8 BSDI swap
b Win95 FAT32                 81 Minix / old Linux                    be Solaris boot
c Win95 FAT32 (LBA)      82 Linux swap                              eb BeOS fs
e Win95 FAT16 (LBA)      83 Linux                                         ee EFI GPT
f Win95 Ext’d (LBA)         84 OS/2 hidden C: drive             ef EFI (FAT-12/16/32)
11 Hidden FAT12                85 Linux extended                        f0 Linux/PA-RISC boot
12 Compaq diagnostics      86 NTFS volume set                    f2 DOS secondary
14 Hidden FAT16 <32M    87 NTFS volume set                    fd Linux raid autodetect
16 Hidden FAT16                8e Linux LVM                               fb VMFS
17 Hidden HPFS/NTFS     9f BSD/OS                                     fc VMKcore
1b Hidden Win95 FAT32   a0 Thinkpad hibernation

Hex code (type L to list codes): fb
Changed system type of partition 1 to fb (VMFS)

Command (m for help): w
The partition table has been altered!

3) Create the filesystem.

> vmkfstools -C vmfs5 -b 1m -S <new datastore name here> /vmfs/devices/disks/mpx.vmhba1:C0:T1:L0:1

VMFS5 file system creation is deprecated on a BIOS/MBR partition on device ‘mpx.vmhba1:C0:T1:L0:1’
Checking if remote hosts are using this device as a valid file system. This may take a few seconds…
Creating vmfs5 file system on “mpx.vmhba1:C0:T1:L0:1” with blockSize 1048576 and volume label “Datastore name”.
Successfully created new volume: 512bee4b-d5bd5128-568e-0015174b0172

4) Done.

Using Virtual Ethernet Adapters in Promiscuous Mode on Linux

20 Wednesday Mar 2013

Posted by Slice2 in Linux, Security, VMware

≈ Leave a comment

Tags

Linux, Security, VMware

VMware does not allow the virtual Ethernet adapter to go into promiscuous mode unless the user has permission to make that setting change. This follows the standard Linux practice that only root can put a network interface into promiscuous mode. See this VMware KB for details.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=287

Newer posts →

Follow Blog via Email

Enter your email address to follow this blog and receive notifications of new posts by email.

Recent Posts

  • Patch Alma Linux 8.7 on an Offline or Air-Gapped System
  • HOWTO Remove /home logical volume and add that space to the root partition
  • Patch Rocky Linux 8.6 on an Offline or Air-Gapped System
  • HOWTO Install the Splunk Universal Forwarder on FreeBSD
  • HOWTO install a Splunk Universal Forwarder on Solaris 11 SPARC and x64 Using pkg(p5p) and tar
  • HOWTO install a Splunk Universal Forwarder on Solaris 10 SPARC and x64 Using pkgadd and tar
  • Recover Files from a Windows NTFS partition using Linux based SystemRescue
  • Sysmon Event ID 1 Process Creation rules for Splunk Universal Forwarder and McAfee All Access
  • Upgrading CentOS 7.2003 to 7.2009 on an Offline or Air-Gapped System
  • HOWTO Easily Resize the Default LVM Volume on Ubuntu 18.04
  • Create a Docker Container for your Cisco ESA, SMA or WSA Offline Content Updates
  • Apply the Mozilla Firefox STIG to Firefox on Ubuntu Linux 18.04
  • Dynamically Resize Those Tiny BlackArch Linux Terminals and Add a Scrollbar
  • Kali Linux OVA for Air-Gapped Use Build Process
  • HOWTO install the XFCE 4 Desktop on NetBSD 8.1
  • Build a Kali Linux ISO with the latest OS patches and packages
  • HOWTO quickly STIG Firefox 59.01
  • HOWTO mount a Synology NAS SMB share on Linux with SMBv1 disabled
  • Howto safely delete the WSUS WID on Windows 2012R2
  • HOWTO quickly STIG Firefox 45.0.1
  • Completing the vSphere vCenter Appliance Hardening Process
  • HOWTO install the XFCE 4.12 Desktop on NetBSD 7
  • Enabling TLS 1.2 on the Splunk 6.2x Console and Forwarders using Openssl and self signed certs.
  • HOWTO enable SSH on a Cisco ASA running 9.1.x
  • Apply a Windows 2012 R2 Domain GPO to a standalone Windows 2012 R2 server
  • Enable legacy SSL and Java SSL support in your browser for those old, crusty websites
  • HOWTO update FreeBSD 10.1 to the latest 11-current release
  • HOWTO Secure iSCSI Luns Between FreeBSD 10.1 and NetApp Storage with Mutual CHAP
  • HOWTO install the XFCE 4 Desktop on NetBSD 6.1.5
  • HOWTO Secure iSCSI Luns Between Ubuntu Server 14.10 and NetApp Storage with Mutual CHAP

Categories

  • Cisco (2)
  • ESXi (4)
  • FreeBSD (2)
  • HP (5)
  • iSCSI (12)
  • Linux (31)
  • Nessus (3)
  • NetApp (31)
  • NetBSD (10)
  • Oracle (9)
  • Security (48)
  • Solaris (9)
  • Splunk (5)
  • VMware (19)
  • Windows (20)
  • Wireshark (4)
  • XFCE (3)

Archives

  • February 2023
  • August 2022
  • July 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • November 2021
  • January 2021
  • December 2020
  • November 2020
  • August 2020
  • May 2020
  • September 2019
  • August 2019
  • March 2018
  • November 2016
  • March 2016
  • January 2016
  • November 2015
  • July 2015
  • June 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013

Blogroll

  • Adobe Security Bulletins
  • CentOS Blog
  • Cisco Security Blog
  • CSO Magazine
  • DHS National Vulnerability Database
  • Eric Sloof's NTPRO
  • HT SSL Tests
  • Intel Corp Security Advisories
  • Internet Usage World Stats
  • Kali Linux Blog
  • Linux Mint Blog
  • Meltdown and Spectre
  • Microsoft Security Blog
  • Microsoft Security Intelligence Report
  • Microsoft Security Research & Defense
  • Microsoft Security Response Center
  • MITRE CVE Site
  • NetApp Blogs
  • NetBSD Blog
  • Oracle OTN Security
  • Oracle Security Blog
  • PacketStorm
  • Redhat Security Blog
  • SC Magazine
  • Shodan Search Engine
  • US-CERT Alerts
  • US-CERT Bulletins
  • US-CERT Vulnerability Notes KB
  • VMware Blogs
  • VMware Security Advisories

Category Cloud

Cisco ESXi FreeBSD HP iSCSI Linux Nessus NetApp NetBSD Oracle Security Solaris Splunk VMware Windows Wireshark XFCE

Follow Blog via Email

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 38 other subscribers

Powered by WordPress.com.

 

Loading Comments...