BGP

BGP is the protocol that binds the Internet together. It is what sends one packet across the globe in a few milliseconds and allows you to send email, . Typically, you will see Cisco routers that will handle this sort of heavy lifting and that is the IOS that we will review briefly.

ASN – Starting point
In order to have a BGP connection you will need to have an ASN(Autonomous System Number). You can get one of these through ARIN (American Registry for Internet Numbers). BGP uses ASN’s like VLAN id’s or a higher level view of subnetting. There are private ASN’s if you are planning on using BGP for internal purposes only. The private BPG range is AS64512 through to AS65535.

IOS – Configuration info
Here is the basic output of two connections to two different autonomous systems from one Cisco router.

router bgp 64512
no synchronization
bgp log-neighbor-changes
bgp dampening
network 3.3.3.0
neighbor 1.1.1.1 remote-as AS64513
neighbor 1.1.1.1 description Provider 1 >>Provider 1 Support Line<<
neighbor 1.1.1.1 password 7 09823490822093482F
neighbor 1.1.1.1 update-source Loopback1
neighbor 1.1.1.1 version 4
neighbor 1.1.1.1 route-map Provider1 out
neighbor 2.2.2.2 remote-as AS64514
neighbor 2.2.2.2 description Provider 2 >>Provider 2 Support Line<<
neighbor 2.2.2.2 password 7 09823490822093482F
neighbor 2.2.2.2 update-source Loopback2
neighbor 2.2.2.2 version 4
neighbor 2.2.2.2 weight 50
Let’s walk through the configuration a bit. Here are the same commands but with comments added in at various places

! This line is telling the BGP router which ASN it should advertise.
! A Cisco BGP router can only administer one ASN at a time.
router bgp 64512

! Log the changes when the neighbor goes up and down.
! This way you can see if the other BGP router that you are peering with is stable.
bgp log-neighbor-changes

! This is the network that you are advertising via BGP
network 3.3.3.0
! This is the ASN of your ISP or peered BGP network.
neighbor 1.1.1.1 remote-as AS64513
! While you don’t technically need this line it is important that you use it
! for your own clarification
neighbor 1.1.1.1 description Provider 1 >>Provider 1 Support Line<<
! Encrypted password for transferring your BGP data back and forth with your peer.
! Encrypting your BGP data will ensure that no one hijacks you routers.
neighbor 1.1.1.1 password 7 0934099082282F8234
! Using a loop back interface will ensure that the BGP peer always sees one
! interface that is in the network that you are advertising as being up.
! This will always keep the peering with your ISP up.
neighbor 1.1.1.1 update-source Loopback1
! The version of BGP that you are using. Version 4 is the most widely used and most recent.
neighbor 1.1.1.1 version 4
neighbor 1.1.1.1 route-map Provider1 out
As a final note, BGP is a powerful protocol with lots of features and options. However, most ISP’s don’t support the full suite of options that BGP provides so don’t expect to use all of them in order to shape your traffic.

iSCSI in VMWare ESX 3

iSCSI has become a very popular way of having shared storage among several physical or virtual computers. The benefits of shared storage are even greater when combined with the abilities of VMWare such as VMotion, High Availability and Distributed Resource Scheduler.

Below are the basic (and I do emphasize basic) to configuring iSCSI storage with VMWare 3.0. Like any shared storage infrastructure there are a number of possible methods and structures that could change the way that iSCSI is installed and used.

Step 1 - Add in extra Service Console and iSCSI VMKernal
The service console and VMKernal need to be on the same physical NIC on the ESX server. The IP’s for these services need to be on the same subnet as the iSCSI storage device. The pictures below outline the end-result if your iSCSI VLAN were to be 192.168.4.0/24. Note that the service console that you is shown below is the second and therefore additional service console. The original stays unchanged.

Sample Configuration Page

Sample End Result

Step 2 - Allow iSCSI traffic through the firewall
The Software iSCSI Client for ESX needs to be allowed through the firewall which is located under the security profile section. If you don’t do this then you will not be able to use the service. I found this interface “tricky” to use. Sometimes I would make changes and they wouldn’t take effect until the server was rebooted.

Step 3 - Enable Software Initiator Properties
The iSCSI storage adapter needs to be configured. Find the newly created iSCSI Software Adapter on the Storage Adapters tab you will need to:

1. Open the properties
2. Configure and subsequently enable the iSCSI Initiator
3. On the Dynamic Discovery tab you can add in the iSCSI server IP

Step 4 - Create iSCSI targert on iSCSI device
This will depend on your iSCSI hardware as to how you do this. Each manufacturer has their own way of doing this.

Step 5 - Add LUN to target

Links:
VMWare’s design guide for iSCSI – short but good: http://www.vmware.com/pdf/vi3_iscsi_cfg.pdf
Really good blog post by David Davis about VMWare and iSCSI:
http://www.petri.co.il/connect-vmware-esx-server-iscsi-san-openflier.htm

Download Windows XP Service Pack 3 Now!

It is available on public Windows Update Servers:http://download.windowsupdate.com/msdownload/update/software/svpk/2008/04/windowsxp-kb936929-sp3-x86-enu_c81472f7eeea2eca421e116cd4c03e2300ebfde4.exe

System center Virtual Machine Manager 2008 Beta

At the Management Summit in Vegas, Microsoft announced the beta of System Center Virtual Machine Manager 2008. This version can manage Hyper-V hosts!

It should be available on connect.

Microsoft has announced the formal name and beta availability of System Center Virtual Machine Manager 2008, a member of the System Center suite of server management products. The announcements came April 29 at the Microsoft Management Summit in Las Vegas, which showcased the beta of the System Center Virtual Machine Manager 2008 (VMM), managing both Hyper-V and VMware virtual infrastructure. Additional functionality new to this version of VMM includes Performance and Resource Optimization (Pro), which dynamically tunes virtual infrastructure, simplified virtual host cluster support, and other improvements and enhancements.

Configuring the Firewall on Server Core for Remote Management

On all Windows 2008 Editions, the firewall is on by default. This true in a Server Core as well. Many IT Pro loves a new Windows 2008 Server Core Edition, but friendly speaking manage it from a command line for many Administrators is not so easy. Yes, We can manage Windows 2008 Core remotely, but we have to configure Firewall on the Core box. There are then three scenarios for remote management via MMC:

1. Server Roles – when a server role is installed, the appropriate ports are opened to allow the role to function as well as to allow remote management, so no additional configuration is required. Using the Remote Server Administration Tools (RSAT) feature on a full server installation, we can install just the MMC snap-ins for a role and use them to remotely manage the role on Server Core.
2. Domain joined – Once domain joined, the firewall profile is changed to the domain profile which allows remote management. Again, no additional configuration is required.
3. Workgroup server – This is the scenario (is most popular when IT Pro demonstrates or tests a new Windows 2008) in which We may need to make firewall configuration changes to allow remote management. If we want all remote managements to work, we can use:

Netsh advfirewall firewall set rule group=“remote administration” new enable=yes

However, there may be situations where we only want to allow certain MMCs to connect for remote administration. Not every MMC snap-in has a firewall group, here are those that do:

On the Server Core box we can enable these by running:

Netsh advfirewall firewall set rule group=“<rule group>” new enable=yes

Where <rule group> is the name in the above table.

Not every MMC snap-in has a rule group to allow it access through the firewall.

MMC Snap-ins that Require Addition Configuration
In addition to allowing the MMC snap-ins through the firewall, the following MMC snap-ins require additional configuration:

• Device Manager
  To allow Device Manager to connect, you must first enable the “Allow remote access to the PnP interface” policy
  1. On a Windows Vista or full Server installation, start the Group Policy Object MMC snap-in
  2. Connect to the Server Core installation
  3. Navigate to Computer Configuration\Administrative Templates\Device Installation
  4. Enable “Allow remote access to the PnP interface”
  5. Restart the Server Core installation

• Disk Management
  You must first start the Virtual Disk Service (VDS) on the Server Core installation

• IPSec Mgmt
  On the Server Core installation you must first enable remote management of IPSec. This can be done using the scregedit.wsf script:

Cscript \windows\system32\scregedit.wsf /im 1/span>

What already installed on Windows 2008 Core

By running Oclist on Windows 2008 Server Core we can get full information what Installed and what Not installed on server.
The full list is very long and not comfortable for reading. If you don’t want to include all of the many “Not Installed” options in the output of Oclist, run:

Oclist | find “  Installed”

How to figure out what OS Edition is running on Server 2008?

We can do this via WMI.
The command line is:

wmic path win32_operatingsystem get OperatingSystemSKU / value
The value Should be converted to hex and then mapped to the list at:
http://msdn2.microsoft.com/en-us/library/ms724358. aspx

Running Windows 2008 Server core under VMware

One of the first software that I install on any OS under VMWARE is VMware Tools. The most important benefit is the VMware enhanced video and mouse drivers. On VMware ESX, VMWare tools must be installed to get the NIC working. The Installation process of VMware Tools on Windows 2008 Server Core edition is a bit tricky. As far as you remember, Server Core it is a command line only version of Windows Server 2008. VMWareTools is a GUI installation so this is not an option for Server Core. Today we have few workarounds …Solution 1

• Log into your Windows Server 2008 Server Core VM with an admin account
• From the VMware Workstation console, click the VM menu Install VMware Tools. This will mount the VMware Tools disk (Windows. iso file) in the virtual CD-Rom drive.
• Switch to drive D: (or whatever drive is your CD drive)
• Type Setup and press Enter
• Click Install to the VMware informational message. The VMware Tools will begin to setup.
• Click Next to install
• Click Next to perform a Typical setup
• Click Install to begin the installation
• When you see the status stall, open Task Manager (Ctrl-Alt-Ins Start Task Manager)
• Click the Applications tab, select the RUNDLL process and choose End Task
• Close Task Manager and click OK to any error messages. Setup will continue as normal.
• Click Finish and click Yes to restart the server
• When Windows Server 2008 Server Core starts up, it will be in 640×480 resolution. As a quick solution, read my “CoreConfigurator - Graphic Management Tool  for Windows Server 2008 Core” post to explain how to configure the resolution in Windows 2008 Server Core :).

Solution 2

• First step, On Server Core we need to mount the VMware Tools ISO by selecting the “Install VMware Tools” option:
• From a command line run the following command:

  msiexec / i “d:\VMware Tools. msi” / qn

Solution 3
This solution a specially for VMware ESX Server. The workaround is to transfer VMWareTools (contained in a file called windows.iso) from your ESX server to a local drive. Use Virtual Center to mount the windows.iso file as a CDROM drive in the Windows 2008 Server Core VM. The exact location of driver is: \ Program Files\VMWare\VMWare Tools\Drivers\VMXNet\w2k of the windows.iso file. The command used to install the drivers is:

C:\Windows\System32> pnputil - i -a vmxnet. inf

You should get the following message:

Microsoft PnP Utility
Processing inf : vmxnet. inf
Successfully installed the driver on a device on the system.
Driver package added successfully.
Published name : oem2. inf

The next step is to set “Hardware Acceleration” for the display adaptor to “Full”. Well, you have to use Registry.
Launch the Registry editor on the command prompt by typing “ regedit”. Then you navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{81E0A29D-B654-4848-9421-BEA1C8A6F938}000

The long number is a GUID and it will be different on your system. You should find Acceleration.Level key in the 0000 folder. To be sure that you’ve found a correct key check in the same location key “Device Description” with a value “VMware SVGA II“. You have to set the Acceleration.Level key value to 0.

Exit from registry and reboot your server.

The END :).

CoreConfigurator - Graphic Management Tool for Windows Server 2008 Core

The default management for Windows Server 2008 Core is the command line. Yes, the main powerful of Windows Server Core becomes available when using such an approach, but sometimes it’s not so user friendly. This is why I’ve been asking so many times if exist anything more graphic :). Yes, one of the first recommendations to work and manage Windows 2008 Server Core is to use MMC from a remote machine, but MMC cannot do everything. Of course to allow work with remote tools this tool should be allowed passage through the firewall packages Server Core. In addition, this is for many more difficult than editing the registry. Therefore, I would like to have a simple graphical tool for configuring local system. The task of developing such an interface is complicated by that the Server Core has a limited set of graphics API, this is a reason why so beautiful MMC doesn’t work on it.

So, if Microsoft has not established such utilities anybody else did this. Look at the utility CoreConfigurator developed by Guy Teverovsky, MVP from Israel.

This is what it can:

• Product Activation Product Activation
• Configuration of display resolution Configuration of display resolution
• Clock and time zone configuration Clock and time zone configuration
• Remote Desktop configuration Remote Desktop configuration
• Management of local user accounts (creation, deletion, group membership, passwords) Management of local user accounts (creation, deletion, group membership, passwords)
• Firewall configuration Firewall configuration
• WinRM configuration WinRM configuration
• IP configuration IP configuration
• Computer name and domain/workgroup membership Computer name and domain / workgroup membership
• Installation of Server Core features/roles Installation of Server Core features / roles

To setup this utility use MSI package and then run the CoreConfigurator. exe file. The following interface will appear.

Just in case, it’s not necessary to install CoreConfigurator, we can simply copy its files into the system. The result will be the same. The video settings look like this:

Setting “Show window content while dragging” may very markedly improve display window objects, if you work with the server via terminal connection. Please note that the setting affects only the current user. According to the picture, to change the time zone, the developer did not reinvent the wheel, and just call to standard timedate.cpl

Remote Desktop Options look like this:

All would be good, but in this version you still have to allow RDP connections in the firewall manually using netsh. Hopefully, in the next version this will be fixed. Management of local users and groups is done through the following windows.

Installation of Roles and Features became a more visual :

Instantly, functionality of firewall management is very limited, but at least he had already to incorporate all necessary rules for the remote control.

Configuring your network interfaces habitually looks fairly.

To set the activation key and Activate the OS is also very simple and all this done via GUI

In addition, let me show winrm interface, interface to rename computer and join it to domain:

It is understandable that CoreConfigurator is not officially supported by Microsoft. Many IT professionals probably have any doubts, whether to trust manufacturer of the software. As usual choice, set its server utility or not is up to you.

PowerShell - The Next Step for System Administrator

I’ve just come back from Seattle where I have been on Global MVP Summit 2008.
Microsoft spoke about new technologies, about new products, about plans and visions.

I have been on many sessions, and I’d like to say what I see as of the highest importance.

If you are Network or Systems Administrator and dealing with Windows environment, you SHOULD start to learn and using PowerShell (if you already not doing so :)). An absolutely every new program / system from Microsoft supports PowerShell, I remember just one exception, Windows 2008 Core. We cannot install and use PowerShell on Windows 2008 Core box, but we can manage and control Windows 2008 Core by using PowerShell on other Windows 2008, Vista or even Windows XP machines.

I’ll try to speak more about PowerShell and I’ll show how PowerShell can serve us in our daily stuff. If you want to do any script and consider about doing it in PowerShell, VB or simple Batch file, I suggest to do it in PowerShell. I’ll try to assist you as much as I could.