Monday, July 27, 2009

Using VMWare ESXi to create a sort of DMZ

Back on July 16 I wrote about how I used ESXi to create a totally safe and isolated test network. I used this principle when I wanted to create my web server.

I wanted it to be:
1. Virtual
2. Isolated from the rest of the network
3. Having only one static ip, I needed to Nat ports, some to my production, some to the web server which would be isolated in it's own LAN.
4. Behind my firewall
5. Accessible from the production LAN to administer.

The solution was to create my Web server in ESXi and again on a dual homed Box. Each Nic on it's own virtual switch on different LANs.

Between the firewall and my router lies another private lan. One Nic, the one for web server was on that LAN. On the other side of my router was the second LAN where the other NIC of ESXi was attached to through the other virtual switch.

In this scenario, I can have isolation, and also I can point different ports going from the one IP to different locations. Worked pretty good.

Friday, July 24, 2009

Useful Links that I used for VMWARE Installs

At the time of posting, all the links were active and working, but I make no promises. If the break, I will try to repost with my own instructions. Again, no promises ;=)

1. When trying to install Windows XP, you will get error that there is no disk. you need the the LSI driver. Here is the how to: Getting the LSI driver to work

2. ESXi, how do you SSH over to it, see this link, and this link.

3. How do you expand a VMWare Virtual disk. Quite useful if your disk is getting full. One thing I have done before, is to add a second virtual disk, boot with Bart's PE, and ghost one disk to another. Then I shut down the machine and switch the SCSI drive information in the properties of the VM Machine (careful with the SCSI numbers). I remove the original (but I don't delete it just in case, and I also make a copy of the whole thing and you can snapshot the whole thing also just to be sure). Then I boot into the new bigger drive. That has worked for me in the past. Here is a way to EXPAND IT without having to Clone it.

4. What files make a virtual machine? See this link.

5. How VMWARE creates Disk Files - follow this link.


Thursday, July 23, 2009

Gparted and VMWARE

Here is a situation that has come up now I think four times when I have been installing ESX or ESXi, the second drive I put in usually for the Guests and it is going to be formatted by ESX or ESXi, it cannot be seen until I reboot and use Gparted, then it seems like it is better to have it formatted in NTFS or FAT32 rather than Linux native extfs for some reason.

I keep Gparted with me all the time, not just because of VMWARE, I have used it successfully for getting disks that have been wiped by dban, or need to be repartitioned without losing data, and to just plain fix disks gone haywire.

Great free tool. If you don't have it, get it. Get it here.


Tuesday, July 21, 2009

Enabling Root Access for ESX Servers

The name of the blog is "Techbytes" which could be taken as a journal about technology in which I write about it, and hence "bytes" constitutes the data being posted, or it can mean that sometime technology "bi(y)tes us. Both are true.

I want to write today more about VMWare, and specifically about ESX server. If you ever talk to me about virtualizing servers, you will hear my praises for VMWare. I think they are hands down the best. No, this is not a forum for arguing about which is best. Sorry.

Here is a little bit of a byte. I have been using VMWare going way back to when it was Workstation 1.x/2.x or whatever. I went through the GSX server days using both products in production by the way, and successfully. Later I grew up to ESX, then added ESXi to my experience.

Enough of that. I love Veeam FastSCP. Why? One it is free. I have used it successfully with both ESX and ESXi now since version 3 supports both. The problem is that it will not work out of the box, you have to do some more work on both ESX and ESXi. In ESX you have to enable "root" access for SSH. This is not simple to do especially for maybe a newbie or maybe if you are just me ;=)

If you install Veeam FastSCP and you try to add ESX Server to it, it will fail when you put in the "root" user and the password with an error about not being able to elevate root.

Fortunately, the guys over at Veeam have another product called "Veeam RootAccess". Now, when you install that there is a license requirement, but you do not need it, just pick the "Enable Root Access" only product. It is free. In other words, when you download the install, it will give the option of either. Oh, and you have to create an account on their site. But that is OK.

Ok. So you have installed it. Here are some screen shots to show you what to do:

1. In Configurator: RootAccess, Click on Add Server

2. Used default or custom username, usually it is root. This is the root account and password you gave when installing ESX Server

3. After you click Next, if the process is successful, you will see your server added in.

4.Right Click your server and run the root access template

5.Read, and select Next

6. Select Next

7. Next

8. Here you will see a "RED X" on root access. It is not here because I already did it before. Select your server, and select Next

9. Next (If all goes well, you will have root access)

10. Now in Veeam FastSCP, Add Server

11. Enter IP and select Next

12. Enter info, and Next

13. Select Use Service Console, and Next

14. Voila

15. Your server

I guess the next question would be: Why would I want to do all of this? Well, I will blog on that if it is necessary. But with Veeam FastSCP you can now copy files to and from ESX/ESXi - this is specially useful in transferring iso files back and forth. It really has been a life saver for me.


Thursday, July 16, 2009

Using VMWare ESXi to create two networks, one on the edge and one on the LAN

At my last postion I needed to create a test network that was totally isolated from the production LAN, yet I still wanted to be able to manage it from the LAN, but the Test Network could not in any way send any traffic over to the production LAN. My solution was to use VMWare ESXi with three NICs. Two nics connected to the internal LAN switch, and one nic connected to a totally different LAN with it's own router and internet connection.

Internally, I configured the Guest OSes to only communicate within the virtual environment. I set up the domain controller up with two virtual nics. One nic on the virtual LAN communicating with the other Guest OSes and one virtual nic connected to the isolated LAN with it's own router. This gave the test lan access to the internet as the domain controller provided routing services.

This setup gave the following capabilities:
1. A totally isolated test network. No traffic can pass over to the Production LAN.
2. I had access to the whole thing because I could manage it with the VI Client.
3. The test network was for all purposes a fully working LAN with access to the Internet.

The only down side, or better said extra cost was that I needed a second Internet connection; but a cheap DSL worked just fine for this purpose. This was an extemely cost effective test LAN. What a change from the bad old days where Virtualization was not possible. So essentially with the cost of a medium cost high end pc with plenty of Storage (all SATA drives), and a cheap DSL connection, voila, job done.

Friday, July 10, 2009

Internet Explorer 8 Install

I have installed Internet Explorer 8 now multiple times through the automatic updates, and I just have been so irked about how it puts the window to accept the ULA behind other windows. I am usually doing something else while I am doing the updates, so I get bit because I think that it is running and forget that the darn thing is sitting there waiting behind the other screens. This is more problematic when you have a slew of updates because it might not be the only one, which in that case you are usually watching it.

I just think it is so dumb. I mean at least bring it to the forefront!!!!