Nov 062010
 

A few months ago I was certified for Cisco UCS Implementation. In our lab environment we are currently busy connecting and setting up our test UCS environment. However, just a few minutes ago I found a tool that is incredibly useful and I only wish I knew about it earlier.

I just found a Cisco UCS Emulator at the Cisco website. This could be really useful for development of course, however I’m more interested in the GUI to test things out. The download is about 224MB in size. The manual for this emulator can be found here.

After booting up the virtual machine, it is going to unpack and install the UCS Platform Emulator. Once it’s finished, the virtual machine is going to boot up the Cisco UCSPE (UCS Platform Emulator) & UCS Manager.

1 Booting Cisco UCS emulator

When done, you will see this screen:

2 UCS System booted

Above, you will find an URL containing an IP address configured for this virtual machine. When browsing to this URL using my web browser I’m presented the following window.

21 UCS manager webstart

When I hit the launch button, a JAVA client loads the UCS Manager. On my MacBook pro it took a little while before it was running, but hey I’m also running a Windows 7 VM 🙂

While loading you will see a screen that looks something like this:

3 Loading UCS manager

When it’s finished loading, you can login with the default UserID and Password.

3.1 Login Window UCS Manager

The default settings are:
UserID: config
Password: config

And, wow, I got a Cisco UCS Manager running on my system! Of course this is just an emulator but hey it’s less expensive then buying a UCS chassis!

4 UCS Manager

So if I want to try a new Service Profile, then it’s no problem at all.

5 Service Profile

So anyone who is currently studying for Cisco UCS, make sure you get this emulator. Also it’s very very useful while developing scripts or other applications to work with the Cisco UCS interface. It seems on the website it’s especially created for developers, but who’s going to stop you from using this for your studies?

I have to make a little note about the topic of development before I forget. For the developers amongst us, Cisco also created an UCS XML API Programmer’s Guide. I recommend that software engineers download this guide including the emulator if you are planning to use the UCS API’s.

Nov 032010
 

Today I heard something about Project Onyx from VMware. Although I just started playing with it today, I thought it was so interesting that I needed to write something about it.

First of all, Project Onyx is a little tool which can help you to automate certain processes without having a large amount of PowerCLI or SOAP knowledge. Of course, if you want to edit the script you need some knowledge about those things.

Anyhow, first things first. VMware Project Onyx can be found here. A second URL of Project Onyx can be found here. It’s a new tool from VMware which can generate code based on the mouse clicks you make in the VMware vSphere Client. At the URL I just provided you can also find the download link to the product. You don’t need to register or login to get it. Also there is no installation required for Project Onyx. Just download it, unzip it and start it up.

image

Once launched you will see the above window. Just enter your vCenter server name, your ESX hostname or IP address. Before pressing the start button, it’s handy to the tick the checkmark by “Launch a client after connected”.  If you do you can choose to start the VMware PowerCLI or the VMware VI Client.

When starting the VMware VI Client or as in my case the VMware vSphere client, you will get a warning message that you are connecting to the vCenter Server without encryption. However the traffic isn’t encrypted but tunneled trough the Onyx application which will be connected on SSL or port 443. One of the other things you will notice is that you are connecting to a different port of your vCenter Server. This is port number 1545.

Launching the vSphere Client:

image 

Warning message about the unencrypted traffic:

image 

Once the client is connected to vCenter server you can browse to one of your VM’s. Once you’re there switch back to the “black screen” of Onyx.

image 

The little play button on the top left starts the logging of your mouse clicks within the vSphere Client. The output mode is also interesting. Right now the output mode is PowerCLI.NET. This creates an output script in PowerCLI from your actions. However there are a couple of other possible actions including Raw SOAP Messages, C#.NET 2.0 and VCO JavaScript. Choose the language you need and press the little play button.

So what happens if I want to make sure that a VM boots into its BIOS at the next startup? This is a little and very handy option in the advanced properties of a VM, showed in the screenshot below.

image

If I enable the option: “The next time the Virtual Machine boots, force entry into the BIOS setup screen”, what is it that is actually happening? Well Check the screenshot below and this is how you could do it into PowerCLI:

image 

Doesn’t this look awesome? Ok what happens then if I change the memory settings from my UDA machine from 512 MB to 1 GB?

image

At the third line from above you see the newly allocated memory to my Virtual Machine. Ok, I have to admit, I’m not such a scripter anymore as I used to be. However I truly believe that scripting is important and in the future scripting will become even more important then it currently is. In the meanwhile, this awesome application can help me out by creating scripts. 🙂

I think this tool is really awesome and I recommend that you check it out yourself! So check out the website and the YouTube videos that they have posted on their pages.

Nov 032010
 

For me, the information below is something I was really looking forward too. Currently the books are only for sale at the O’Reilly Media website. The estimated page numbers for the books bothers me though. For TMG it’s estimated at 88 pages. Hopefully this information is incorrect. There is much more to tell about TMG than just 88 pages. 🙂

Maybe I’m a bit impatient since I’m eagerly waiting for the study material to do the exam. Oh well I don’t know. After my ISA (2004/2006) exams I might be ready for the next version, TMG. Also UAG is something which is really interesting me.

Anyhow, the books below are what I found on the http://blogs.msdn.com/Microsoft_Press webpage. Have fun with it 🙂

The new book “Deploying Microsoft Forefront Protection 2010 for Exchange Server” has been released by Microsoft Press.

648913.inddA quote from the blog website:

A new eBook from Yuri Diogenes and Dr. Thomas W. Shinder is now available. Deploying Microsoft Forefront Protection 2010 for Exchange Server (ISBN 9780735648913) presents useful best practices for deploying FPE. Yuri and Tom give a nice overview of what you can expect in the book’s introduction, which is reprinted here.

 

 

The new book “Deploying Microsoft Forefront Threat Management Gateway 2010” has been released by Microsoft Press.

imageA quote from the blog website:

A new eBook from Yuri Diogenes and Dr. Thomas W. Shinder is now available. One of three eBooks they have written about deploying Forefront, Deploying Microsoft Forefront Threat Management Gateway 2010 (ISBN 9780735648920) presents useful best practices for deploying TMG. Yuri and Tom give a nice overview of what you can expect in the book’s introduction, which is reprinted here.

 

The new book “Deploying Microsoft Forefront Unified Access Gateway 2010” has been released by Microsoft Press.

image

A quote from the blog website

A new eBook from Yuri Diogenes and Dr. Thomas W. Shinder is now available. One of three eBooks they have written about deploying Forefront, Deploying Microsoft Forefront Unified Access Gateway 2010 (ISBN 9780735648951) presents useful best practices for deploying UAG. Yuri and Tom give a nice overview of what you can expect in the book’s introduction, which is reprinted here.

Nov 012010
 

In our lab environment we are testing VMware Lab Manager to help us design new environments, simulate customer issues and other things as well. I had used XP during the initial tests, however I noticed something pretty annoying when I switched to Windows 7.

If I used Internet Explorer 8 to open a console to one of my virtual machines in VMWare Lab Manager, I would receive the following error message:

“A website wants to open web content using this program on your computer. this program does not have a valid digital signature that verifies its publisher. This program will open outside of Protected mode, putting your computer at risk. You should only run programs from publishers you trust.”

If you read it carefully, it states that I want to open an application outside of my protected mode.

image

When I click on the “Allow”, button I receive the error “Bad Handle 0xb90, Then handle is invalid.”

image

The next error that comes up states: “C:\Program Files\Internet Explorer\PLUGINS\vmware-remotemks.exe: this executable should not be invoked directly.”

image

The first error (the one about a bad handle) doesn’t tell you a lot. However, the second one does. It’s actually telling you that you are not allowed to start the VMware browser plug-in to get a console.

I noticed that the issue went away when I ran Internet Explorer as Administrator. I was fine with that at first, but I needed to find a easy solution for my coworkers. So after a while I thought,”Let’s add the URL to my trusted sites,” and guess it worked. 🙂

However, since I wasn’t satisfied yet, I made some additional tests. In the end, I noticed that “Enable Protected mode” was enabled for my internet zone. Disabling this setting is not a good idea, so I recommend to simply add the website to your trusted sites.

image

In summary, the problem I had lies in the security features of Internet Explorer 7 and up. Also since VMware didn’t sign the application, Internet Explorer is not able to verify the publisher as trusted. Please note: our lab domain is a different domain than the one our clients belong to. If you have already added *.domain.com to your trusted sites you might not get this error.

Aug 302010
 

While setting up a PKI environment in our lab (using LDAP as our first CRL and HTTP as our second CRL), we noticed some weird behavior. We are using HTTP as a second CRL since most (if not all) of our clients are not joined to our lab environment’s domain.

When everything was installed and the certificates where distributed we noticed a weird error when connecting with RDP to one of our domain controllers. The error was “A revocation check could not be performed for the certificate”. Ok, this error would indicate that the client is not able to contact the CRL list which is located in AD and on the HTTP server.

image

While testing we noticed that the HTTP server was accessible for anonymous traffic. So that wouldn’t be the problem. While searching the internet for some relevant information we found two links which seemed to be related with our case. The Microsoft TechNet threads “Revocation check using LDAP URL fails” and “Certificate revocation check from external network”. While doing some tests we also noticed that domain joined systems didn’t have any of the same issues. So for some reason the RDP client could not failover to the HTTP CRL URL. To me it looks like a bug, and it’s something I’m certainly going to test more in a “private” lab within VMware Lab manager. Hopefully a sniffer trace or something like that will shed some light on this.

In the end we decided to change our PKI environment because we are lacking the time to trace the problem deeply. Instead of using Active Directory (or LDAP) as the first CRL and HTTP as the second CRL we switched it around and are now using HTTP as the first CRL and LDAP as the second CRL. This is currently working just fine.