Заметки сисадмина о интересных вещах из мира IT, личный опыт, инструкции и рецензии. Настраиваем Компьютеры/Сервера/1С/SIP-телефонию в Москве


Page 1 of 21212345...Last »

VCSA 6.5 Basic Commands for VMware Photon

2016-12-08 · Posted in VMWare

Enable SSH access for root

Configure Network
The network configuration is stored in /etc/systemd/network/10-dhcp-eth0.network. To configure a static IP address, disable DHCP configure static addresses:

Manage Services

Logfiles
Logfiles in Photon are managed by the journald daemon. To see the logs that the journald daemon has collected, use the journalctl command.

Docker Basics

How to reset the lost or forgotten root password in vCenter Server Appliance 6.5

2016-12-08 · Posted in VMWare

  1. Take a snapshot or backup of the vCenter Server Appliance 6.5 before proceeding. Do not skip this step.
  2. Reboot the vCenter Server Appliance 6.5.
  3. Iimmediately after the OS starts choose the option e key to enter the GNU GRUB Edit Menu.
  4. Locate the line that begins with the word linux
  5. Append these entries to the end of the line:

    rw init=/bin/bash

    The line should look like the following screenshot

  6. Press F10 to continue booting
  7. In the Command prompt, enter the command passwd and provide a new root password (twice for confirmation):
    passwd

  8. Unmount the filesystem by running this command:
    umount/

  9. Reboot the vCenter Server Appliance 6.5 by running this command:
    reboot -f

  10. Confirm that you can access the vCenter Server Appliance 6.5 using the new root password.
  11. Remove the snapshot taken in Step 1 if applicable.

Sophos UTM 9 on ESXI 5.5

Setting up Sophos UTM at home can be an awesome alternative to your ISP’s standard router. Offering more features and functionality than standard, and having many options that make setting up a secure home network easy and useful from hosting a blog at home, to allowing remote access to your network, all easily done through a good looking web interface on one machine. Today we will be looking at setting up Sophos UTM 9 on an ESXI 5.5 host, and some basic configuration. Later we will look at setting up a webserver on port 80, and allowing remote access using an SSL VPN, and possibly adding some security to the web interface.

We start off with installing Sophos onto an ESXI 5.5 host. This can be tricky, especially setting up the ESXI network. To setup the network, it is recommended to have 2 physical Ethernet ports, one for the WAN interface, and one for the LAN interface. It is possible to use VLAN’s, however, I will be sticking to the two physical ports option.

Once you have logged into the vSphere client, go to the Configuration tab, and select Networking. then select Add Networking.
ESXI Network and Add Network

Choose the option for Virtual Machine, and select one of the NICs from “Create a vSphere standard switch”.
Add Networking Page 2

Change the Network Label to whatever you prefer, leaving VLAN ID set to none.
Add Networking Page 3

Click next to review the summary, and click Finish to create the new vSwitch.
Add Networking Page 4

If you only have two ports, you can use the standard vSwitch0, which is by default a VM port group, and the management network for the LAN interface, and the second switch for the WAN interface. You will want all of your VMs to be on the LAN switch, and to move them, you need to edit their settings, delete the old network adapter, and add the new network adapter, which will be explain below. Note: best practice is to have 3 dedicated ports, one for the management network with a dedicated static IP, one for the LAN interface, going to a switch, and one for the WAN interface, going to the modem.

Once you have the network setup completed, it is time to download Sophos UTM 9.

To download and add the ISO of Sophos to your ESXI host; download Sophos from Sophos UTM 9 (Home Edition).  Once the download has completed, to add the ISO to your datastore on the host, navigate to the summary page, right click the data store, and select Browse Datastore, a new windows will open, click the image of stacked disks with the up arrow, navigate to the downloaded ISO on your computer, and click Open. The file will transfer, and you are ready to create your virtual Sophos UTM appliance.

Create a new VM with custom settings, name the VM to your liking, select the datastore, select the VM version (the newer the better, I use 8), select Linux, and chose SUSE Linux Enterprise 11 (64-bit), chose the number of cores, 1 is usually ok, chose the amount of RAM (I used 2GB), select 2 NICs to connect, and chose NIC 1 to be the WAN interface, and NIC 2 to be LAN, chose your adapter type, I used VMXNET 3 adapters, chose the default SCSI Controller, choose “Create a new virtual disk, select a size, 16GB is good, do not change the advanced options, and select “Edit the virtual machine settings before completion” option on the last page. Select “New CD/DVD”, choose “Datastore ISO File, and select your Sophos ISO from the menu. Make sure to select “Connect at power on” and click finish. Once the virtual machine has been created, start it, and open the console.

Press Enter to start the installation, it will start the installation, and detect hardware.
Detected Hardware (Sophos UTM on ESXI 5.5)

Then select your area, enter the date and time information.

Select the admin interface (this is usually the NIC that is going to be for the LAN connection).
Select Admin Interface (Sophos UTM on ESXI 5.5)

Configure the Administrative network interface (the internal IP address of the network, in this case I chose 192.168.2.100, and a netmask of 255.255.255.0 (default)).
Network Configuration (Sophos UTM on ESXI 5.5)

I installed with a 64-bit kernel, however, if you notice issues, a 32-bit install should work better.
Kernel Options (Sophos UTM on ESXI 5.5)

I installed the Enterprise Toolkit, I have not tried installing without the toolkit, so I am unsure how it works.
Enterprise Toolkit (Sophos UTM on ESXI 5.5)

For this install I got an info message about my vm running in V8 mode due to only using 512MB of RAM. If you are using 2GB of RAM, you should not see this screen.
Memory (Sophos UTM on ESXI 5.5)

Select Yes, you want to proceed, the disk will be setup for Sophos. Remove the vCD from the system, and select Reboot. Once the machine has rebooted, and everything is completed, open the web-interface with the IP and port number listed. (my url is https://192.168.2.100:4444).
Reboot (Sophos UTM on ESXI 5.5)

Finished Boot (Sophos UTM on ESXI 5.5)

Once you have the web-interface open, you can start the setup. Enter the Hostname as sophos.[yourdomain.com] OR sophos.local. Enter the company name, for home use, use Home, city as your city, country is your country, set the admin password, and add an email address. Then select the license agrement. The system is now being setup.
Admin Finish (Sophos UTM on ESXI 5.5)

Once the system is setup, login with user: admin, and the password you set. You will be shown a Setup Wizard. Click continue.
Setup Wizard Page 1 (Sophos UTM on ESXI 5.5)

Then select your license file (downloaded from an email), or start with a 30-day trial by clicking next.
Setup Wizard Page 2 (Sophos UTM on ESXI 5.5)

Setup the Internal LAN interface, the firewall IP is that of your Sophos vm, you can change it from the default (192.168.1.100) to any number (usually 192.168.1.100) and a netmask of /24. Select to enable a DHCP server, so that new clients can get IP addresses. Select the range, usually the default is ok.
Setup Wizard Page 3 (Sophos UTM on ESXI 5.5)

Select the other Ethernet port as the WAN interface, and select the uplink type needed (I chose Standard Ethernet Interface), and chose dynamic, for a dynamic external IP, or static, for a static IP.
Setup Wizard Page 4 (Sophos UTM on ESXI 5.5)

Choose services you want to allow (I chose all), and choose if the UTM responds to pings (this is useful for diagnostics, I chose to respond, and forward.).
Setup Wizard Page 5 (Sophos UTM on ESXI 5.5)

Choose if you want Advanced Threat Protection, I enabled both, for added security on my network.
Setup Wizard Page 6 (Sophos UTM on ESXI 5.5)

Choose webprotection settings, you can choose to block access to web pages that fall within the following categories, and if you want to scan for viruses.
Setup Wizard Page 7 (Sophos UTM on ESXI 5.5)

You can choose to scan email for viruses and spyware, however this requires advanced setup, see the Sophos website for more information.
Setup Wizard Page 8 (Sophos UTM on ESXI 5.5)

You will then find a summary page, where you can click Finish. Your UTM now has a basic installation.

I would recommend enabling some features on the UTM to make it secure. I will walk you through enabling Intrusion Prevention, Web filtering, for added security, if not hosting anything public, then you can enable country blocking.

Dashboard (Sophos UTM on ESXI 5.5)

Start by clicking on the item you want to enable to be brought to the menu.

Click on Intrusion Prevention, and enable it using the switch on the right side of the screen that comes up. Select the local network you want it to protect. Click the folder and Drag “Internal (Network)” to the box. Click Apply.
Intrusion Prevention (Page 1)

Go to the tab “Anti-DoS/Flood…” and click the boxes and hit Appply on all three sections, the defaults are ok to use.
Intrusion Prevention (Page 2 - Anti-DoS)

Go to tab “Anti-Portscan” and enable it, the defaults are ok, and click Apply.
Intrusion Prevention (Page 3 - Anti-Portscan)

Turn on webfiltering by clicking on it in the dashboard, and using the switch. The defaults sould be ok for most networks.
Web Filtering (Page 1)

Under HTTPS, choose either URL filtering only, or Decrypt and scan for more security. I choose Decrypt and scan.
Web Filtering (Page 2 - HTTPS)

Country Blocking is found under Network Protection >> Firewall and is a handy tool for preventing unathorized access to your network, or privately hosted (but accessable from the internet) services. Turn it on, and select the countries you want to block.
Firwall (Country Blocking)

You should also enable Advanced Threat Protection, found under Network Protection. Unless you want to add an exception, leave the box blank, and choose apply.
Advanced Threat Protection

This finishes the setup for an advanced, and secure network router. Your router is now configured for strong protection, and secure networking. Please follow the blog for tutorials on setting up websever protection (so you can host services on port 80/443 and keep them secure), as well as setting up a VPN to access your network securly from the outside.

Удачные модели оборудования

2016-11-18 · Posted in Железо

Монитор ЖК LG 24MP58VQ-P 23.8″, черный [24mp58vq-p.aruz]
ЖК монитор 23″ IIYAMA ProLite XU2390HS-B1 < Black > (LCD, Wide, 1920×1080, D-Sub, DVI, HDMI)
ЖК монитор 23.8″ PHILIPS 240V5QDAB / 00 / 01 (LCD, Wide, 1920×1080, D-Sub, DVI, HDMI)

Интернет-центр ZyXEL Keenetic Giga III (4UTP 10 / 100 / 1000Mbps, 1WAN, 2xUSB, 802.11ac / b / g / n, 2x5dBi)

Комплект HP 280 G2, Intel Core i3 6100, DDR4 4Гб, 500Гб, Intel HD Graphics 530, DVD-RW, Free DOS, черный [v7q86ea]

Коммутатор HP 1820-24G < J9980A > Управляемый коммутатор (24UTP 10 / 100 / 1000Mbps + 2SFP)

Моноблок Lenovo IdeaCentre AIO 300-20ISH < F0BV002RRK > i3 6100T / 4 / 500 / DVD-RW / WiFi / BT / DOS / 20″

сброс пароля хоста ESXi средствами vCenter

2016-11-18 · Posted in VMWare

ситуация — есть несколько ESXi-хостов, устанавливали их очень давно и пароли надёжно утеряны. все хосты подключены к vCenter Server (ну или vSphere Enterprise Plus) куда root-доступ у нас есть.

пароли на сами хосты иногда пригождаются (например для раздельного мониторинга). сменить эти проли можно используя профили хостов или Host Profile.

1. создаём профиль хоста с самого хоста:

create-host-vmware-esxi-resized-600

2. для удобства именуем профиль и пишем описание:

name-host-vmware-esxi-resized-600

3. сохраняем профиль (кнопка Finish)

4. теперь надо этот профиль отредактировать

4.1 меню работы с профилями:

vsphere-client-vmware-esxi-host-profile-resized-600

4.2 открываем профиль для редактирования:

vsphere-client-vmware-esxi-edit-profile-resized-600

4.3 задаём новый пароль в профиле:

vsphere-client-vmware-esxi-security-config-resized-600 (1)

4.4 и запрещаем все остальные изменения при применении профиля

vsphere-client-vmware-esxi-host-profile-enable-disable-resized-600

и

enable-disable-profile-config-vsphere-host-client-resized-600

5 осталось всё это дело применить

5.1 вводим хост в режим обслуживания. ВНИМАНИЕ!!! в этом режиме все машины на хосте будут выключены, если останавливать их нельзя — живая миграция.

vmware-esxi-host-maintenance-mode-resized-600

5.2 подключаем профиль к хосту:

vmware-esxi-host-manage-profile-resized-600

и

vmware-esxi-host-password-reset-resized-600

5.3 применяем профиль:

vmware-esxi-host-profile-apply-resized-600

5.4 получаем такое сообщение:

vmware-esxi-host-profile-apply-finish-resized-600

и завершаем весь процесс (кнопка Finish).

5.5 выводим хост из режима обслуживания и пользуемся новым паролем.

Page 1 of 21212345...Last »