I have finished the initial configuration of a Dell EqualLogic SAN for a customer. This is my first time setting up an EqualLogic, but I have experience with other SAN technologies. Why EqualLogic? It was what the customer wanted and was not a budget buster. They didn't need massive speed like Pure Storage and didn't need a huge amount of space.
On the the un-boxing and configuration: Dell has done a nice job of packaging the system, It had all of the needed components and I was happy with how easy the rails are. Dell rails are much easier to install in the last few years across all products.
Required information you need before starting:
Array Name
IP Address for the Management Interface
Group Name (if joining other EqualLogic SAN) or New Group Name
IP Address for the Group (Array)
Network connection to eth0 (Otherwise the initial configuration will not complete).
Computer with a com port or USB to com adapter
HyperTerminal (or similar program) I use putty for as much as possible.
Make sure that the computer is hooked up to the com port in the rear controller that is active. Look at the back, the one with both green lights is active. The secondary has one green and one amber light.
Turn on the EqualLogic SAN
If the computer is hooked up properly you will see txt on the screen as the system boots.
When it is finished it will prompt to log in
User: grpadmin
PW: grpadmin
It should discover that it is not configured and prompt for the following
Enter the network configuration for the array.
Member name []: CustArray1
Network interface [eth0]:
IP address for network interface []: 192.168.10.10
Netmask [255.255.255.0]:
Default gateway [192.168.10.1]:
Initializing interface eth0. This may take a minute…
Enter the IP address and name of the group that the array will join.
Group name []: CustGroup1
Group IP address []: 192.168.10.11
Searching to see if the group exists. This may take a few minutes.
The group does not exist or currently cannot be reached. Make sure
you have entered the correct group IP address and group name.
Do you want to create a new group (yes | no) [yes]:
Group Configuration
Group Name: CustGroup1
Group IP address: 192.168.10.11
Do you want to use the group settings shown above (yes | no) [yes]:
Password for managing group membership:
Change the password
Once this was finished, I switched to the webgui using the IP address above.
Here is where I had the most problems. The Java Certificate was expired and I had to go into the java security configuration and put in an exception for the IP address. Otherwise I couldn't manage the site. (I mean to test this again after upgrading the EqualLogic firmware)
The gui is pretty straight forward to use, I configured my system as a single RAID-6 device. 23 drives and one spare.
I created 5 logical partitions each at a few TB in size to segregate the VMWare traffic
Tuesday, March 25, 2014
Saturday, March 15, 2014
8 – Best Practices for a Wireless Network in a Small/Mid Size Office
Wireless networks are becoming more and more prevalent in every
office. How does a company balance the different needs of employees,
suppliers, contractors and guests while maintaining some semblance of
security? Wireless security is an active process not something that can
be set and forgotten about. Below are eight of my recommendations for
keeping wireless networks secure. - Create a guest network. Have office guests, suppliers, contractors and employee owned devices attach to a guest network. The guest network should have no connection to the internal network, it should have intrusion prevention and anti-virus scanning enabled and monitored. If Internet bandwidth is shared with the internal network; the guest network should also have a cap put onto the maximum allowed speed to prevent interference with daily business operation.
- Hide the internal wireless network. Do not broadcast the SSID. It is hard to break into something that is not advertised. Don’t put the SSID name or password on prominent display in the office.
- Minimize the wireless foot print. Use a tool, (I like Wifi Analyzer by farproc on my android phone) to test how far the wireless network exists. Does it cover the entire parking lot in front of the office, does it cover 5 floors in a multi-tenant building? Reduce the antenna power to only cover the space the office occupies.
- Utilize edge security services on your wireless network. Enable Firewall, Intrusion Detection/Prevention, Anti-Virus, Anti-Spam. If the wireless device allows disable access to countries that you do not do business with. (SonicWall and Palo Alto firewalls have a Geo-location service that allows blocking of countries that you do not do business with)
- Automatically turn off your wireless networks during non business hours. Why risk someone sitting near the office spending hours trying to hack into the network? Having the wireless turned off prevents this issue.
- Review network security. Setup a schedule to review network security. It could be annual, semi-annual or even monthly. The point of reviewing the network is to stop and think about the current wireless configuration, new threats that may exist and adapt security practices to thwart them.
- Monitor wireless access logs. Proactively Monitor the logs for the wireless network to identify issues quickly. Look for things out of the ordinary. The log also serves as a forensic analysis tool if something does happen.
- Change the wireless password. Do this after an employee leaves and on a regular schedule. Consider more frequent changes for internal wireless networks or using two factor authentication.
Monday, March 10, 2014
How to add a Server to the compatibility list of Internet Explorer 10 or 11
A funny thing happened a few months ago, I opened up my Internet
explorer compatibility list and found that I could only put domains in
it and not specific web sites like I used to be able to. This presents a frustrating problem if there are more than a couple websites hosted at a
particular domain.
For example: I have one domain, cubedcorp.com with 3 web servers, Web Server1, Web Server2 and Web Server3.
Web Server1 is an IIS website that supports IE 7 only, it is old and
will be replaced when time and budget allow (12 months or so from now)
Web Server2 is running Linux and Apache and supports IE 7, 8 and 9.
Web Server3 is running IIS 8.0 that only supports IE 10 and 11.
The problem comes from the fact that in IE 10 and 11 you specify an entire domain in the compatibility settings. Using IE 7 it was possible to list out specific servers in the domain that needed compatibility settings.
I can now see either Server1 and Server2 normally or I can see
Server3 normally. I cannot see all three normally. I think this was/is
a design flaw in the current versions of IE, but it exists and hasn’t
been resolved.
Hos it this issue resolved? When using Windows Home versions I have not found an easy way to resolve this issue. There might be a way to hack the registry or use an unsupported group policy editor. I fix it on home editions by using Google Chrome or Firefox (sorry Microsoft…) Let me know in comments if anyone has found an officially supported way of fixing this.
If using Windows Pro or higher versions there is a Group policy setting that can be used to fix the issue.
First open group policy. From the Run box (or if you have Windows 8) search for gpedit.msc, then navigate to the following location. See the picture off to the right if needed.
Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Compatibility View. Select and open the “Use Policy List of Internet Explorer 7 sites” key.
Click Enabled, then click on the Show button to the right of List of sites.
In this list, put in the server names that need compatibility enabled. In my example I wanted both Web-Server1 and Web-Server2 in that list.
Click OK and Close Group Policy Editor.
Now, verify the removal of the cubedcorp.com from the IE 10/11 compatibility list.
After this step is performed, Web-Server3 will display properly in native mode. All three websites now display properly in Internet Explorer.
For example: I have one domain, cubedcorp.com with 3 web servers, Web Server1, Web Server2 and Web Server3.
IE 10 Compatibility Setting
Web Server2 is running Linux and Apache and supports IE 7, 8 and 9.
Web Server3 is running IIS 8.0 that only supports IE 10 and 11.
The problem comes from the fact that in IE 10 and 11 you specify an entire domain in the compatibility settings. Using IE 7 it was possible to list out specific servers in the domain that needed compatibility settings.
Compatibility View in IE 10 and IE 11
Hos it this issue resolved? When using Windows Home versions I have not found an easy way to resolve this issue. There might be a way to hack the registry or use an unsupported group policy editor. I fix it on home editions by using Google Chrome or Firefox (sorry Microsoft…) Let me know in comments if anyone has found an officially supported way of fixing this.
If using Windows Pro or higher versions there is a Group policy setting that can be used to fix the issue.
First open group policy. From the Run box (or if you have Windows 8) search for gpedit.msc, then navigate to the following location. See the picture off to the right if needed.
Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Compatibility View. Select and open the “Use Policy List of Internet Explorer 7 sites” key.
Click Enabled, then click on the Show button to the right of List of sites.
In this list, put in the server names that need compatibility enabled. In my example I wanted both Web-Server1 and Web-Server2 in that list.
Click OK and Close Group Policy Editor.
Now, verify the removal of the cubedcorp.com from the IE 10/11 compatibility list.
After this step is performed, Web-Server3 will display properly in native mode. All three websites now display properly in Internet Explorer.
Subscribe to:
Posts (Atom)