Trending Topics

VMware on AWS - How to restore NSX DFW firewall rules to previous state

Image
Customers who uses NSX day-in, day-out would like to have a point-in time restore functionality of DFW firewall rules. Many customer have a large footprints in VMC and make changes to DFW quite often. This feature was missing for long time and we could see its included in recent versions . Let's see how DFW configuration roll back works  NSX DFW configuration has versioning, and it is stored in the NSX Manager.  Every time when someone update DFW configuration, NSX creates one more version but keep storing the previous ones. You can rollback for previous config but reapplying it once again.  You can find the options under Networking & Security tab , > Security > Distributed Firewall . In the right side we see an Actions drop down. Choose View to get to the below screen.  Let’s go through the use case:  1. Original state- default config with no custom rules:  a. There are no saved configurations during last 30 days: In my existing test setup, with the current setting

Connect ESXi to Windows Based NFS

Many people are looking for a low cost solution for external storage for their free ESXi server. In this article, I will describe how to use a Windows machine and Windows Services for UNIX (WSFU) version 3.5 to create an NFS share that can be mounted on an ESXi host for storage of Virtual Machines, ISOs, or backups. There are a lot of articles like this out there but none of them worked as advertised for me so I decided to write my own.
Because I’m thinking about using my NFS storage for backup purposes my NFS share is called esxi-backup. Call your share what you will.
There are 6 main steps in the process:
  1. Installing WSFU
  2. Enable SSH on the ESXi Server
  3. Obtaining copies of the ESXi Server passwd and group files to the WSFU server
  4. Configuring WSFU for accepting ESXi connections
  5. Sharing the Windows folder to NFS clients
  6. Creating an ESXi Datastore to mount the Window NFS Share.


1. Install WSFU
  • To install WSFU you must first download it from Microsoft. 
  • Install WSFU on the desired machine
  • Select Custom Install
  • Add NFS + Server for NFS and Authentication tools for NFS + user name mapping
  • After installation, open the windows services control panel applet and verify the service ‘User Name Mapping’ is setup to startup automatically and that the services is started.


Windows Services Screen

2. Enable SSH on the ESXi Server
  • Please note that enabling SSH on ESXi is not supported on production servers. 

3. Copy the ESXi Server passwd and group files to Windows
  • Using a program like WinSCP or Veem fastSCP you need to navigate to the /etc directory on your ESXi server and copy passwd and group files to the WSFU server.
  • I copied the files to c:\SFU\esxi-files, that way I won’t forget what the file is for.


Windows Services Screen

4. Configure WSFU to accept connections from the ESXi Server.
  • On the Windows platform where WSFU was installed Click Start, Programs, Windows Services for UNIX, Services for UNIX Administration
  • Select User Name Mappings on the left hand side then configuration on the right had side.
    • Windows Services For Unix User Screen
  • Select the Password and Group files radio button
  • Then select browse for both the password and group files that you copied from the ESXi server
  • Select apply
  • Now Select Maps
  • Once the Maps window opens, select “Show User Maps”
  • Under Windows domain name, Select the windows PC where the users are located and then select List Windows Users, then select list Unix users
  • Select a local administrator user from the Windows Users on the left.
  • Under the Unix users Select the root account
  • Select Add
  • Then click apply (upper right)

Windows Services For Unix Maps Screen

5. Sharing the Windows folder for NFS compatibility
  • Right click the local folder you wish to share via NFS (mine is c:\VMware esxi backup)
  • Select NFS sharing
  • Type in the name for the share
  • Make sure allow anonymous access is NOT selected.
    • Windows NFS Sharing
  • Select permissions
  • Change type of access to “Read+Write” then select allow root access.
    • Windows NFS Sharing Permissions

6. Configure the ESXi Server to mount the Window NFS Share as VMFS
  • Open the VI client and select your ESXi Server
  • In the Configure tab choose Storage
  • Add storage, Network File System
  • In the Server Field enter the NFS server IP address or hostname.
  • In the Folder field enter the share name you created above (mine is esxi-backup)
  • I used esxi-backup for the Datastore name.


VI Add NFS
6a. Alternate NFS Configuration
This is an advanced configuration that requires the NFS server is on a separate IP network. I would only suggest this is you know what a separate subnet is and have one configured.
  • Open the VI client and select your ESXi Server
  • In the Configure tab choose Networking
  • Select Add networking
  • A new window will open, select VMKernel then select a vSwitch, then give the VMkernel an IP that is accessible via the NFS host.
  • Now open the storage option for this host
  • Click add storage, Network File System
  • In the Server Field enter the NFS server IP address or hostname.
  • In the Folder field enter the share name you created above (mine is esxi-backup)
  • I used esxi-backup for the Datastore name.

Popular posts from this blog

HOW TO EDIT THE BCD REGISTRY FILE

Image
The BCD registry file controls which operating system installation starts and how long the boot manager waits before starting Windows. Basically, it’s like the Boot.ini file in earlier versions of Windows. If you need to edit it, the easiest way is to use the Startup And Recovery tool from within Vista. Just follow these steps: 1. Click Start. Right-click Computer, and then click Properties. 2. Click Advanced System Settings. 3. On the Advanced tab, under Startup and Recovery, click Settings. 4. Click the Default Operating System list, and edit other startup settings. Then, click OK. Same as Windows XP, right? But you’re probably not here because you couldn’t find that dialog box. You’re probably here because Windows Vista won’t start. In that case, you shouldn’t even worry about editing the BCD. Just run Startup Repair, and let the tool do what it’s supposed to. If you’re an advanced user, like an IT guy, you might want to edit the BCD file yourself. You can do this
Read more

DNS Scavenging.

                        DNS Scavenging is a great answer to a problem that has been nagging everyone since RFC 2136 came out way back in 1997.  Despite many clever methods of ensuring that clients and DHCP servers that perform dynamic updates clean up after themselves sometimes DNS can get messy.  Remember that old test server that you built two years ago that caught fire before it could be used?  Probably not.  DNS still remembers it though.  There are two big issues with DNS scavenging that seem to come up a lot: "I'm hitting this 'scavenge now' button like a snare drum and nothing is happening.  Why?" or "I woke up this morning, my DNS zones are nearly empty and Active Directory is sitting in a corner rocking back and forth crying.  What happened?" This post should help us figure out when the first issue will happen and completely avoid the second.  We'll go through how scavenging is setup then I'll give you my best practices.  Scavenging s
Read more

AD LDS – Syncronizing AD LDS with Active Directory

Image
First, we will install the AD LDS Instance: 1. Create and AD LDS instance by clicking Start -> Administrative Tools -> Active Directory Lightweight Directory Services Setup Wizard. The Setup Wizard appears. 2. Click Next . The Setup Options dialog box appears. For the sake of this guide, a unique instance will be the primary focus. I will have a separate post regarding AD LDS replication at some point in the near future. 3. Select A unique instance . 4. Click Next and the Instance Name dialog box appears. The instance name will help you identify and differentiate it from other instances that you may have installed on the same end point. The instance name will be listed in the data directory for the instance as well as in the Add or Remove Programs snap-in. 5. Enter a unique instance name, for example IDG. 6. Click Next to display the Ports configuration dialog box. 7. Leave ports at their default values unless you have conflicts with the default values. 8. Click N
Read more