Piszki Lab | EN

My case study in the clouds…

2015/08/25
by Piotr Pisz
0 comments

Trend Micro Deep Security 9.6 – vSphere 6.0 and NSX 6.1.4

On 2015.08.13 premiered Trend Micro Deep Security 9.6 which is now fully compatible with vSphere 6.0 and 6.1.4 NSX. This version brings a lot of news and bug fixes, but if you are holders of vSphere 5.x exactly reads the ReadMe (before doing the upgrade). Trend Micro follows the VMware approach to the vShield Manager. In principle, the use of vShield Manager 5.x in vSphere 6.0 has no sense (in the case of vCloud Suite 6 license – this is not possible). A similar situation exists in the case of Trend Micro Deep Security 9.6. Support the configuration of vSphere 6.0 + vShield Manager 5.4 but this solution does not support … agentless VM protection! If we want our environment to migrate to the latest version and keep agentless security, we need to do to upgrade all components (including vShield -> NSX).

deep0

Continue Reading →

2015/08/07
by Piotr Pisz
0 comments

Trend Micro Deep Security 9.6 with support for Debian

Coming soon will be Trend Micro Deep Security 9.6 and will bring some news. In addition to full support for vSphere 6.0 and 6.1.4 NSX, new agents appear to support the new Linux distro:

Debian 6 i 7, Cloud Linux 7, Oracle Linux 7, SuSE Enterprise Linux 12

There will also support for Windows 2012 Server Core. I must admit that I personally most pleased that Debian support. This platform was our first choice (before we went on Ubuntu and CentOS), and still many systems are based on Debian. What is interesting, from an Trend Micro FTP server you can download the installation files for all the agents in version 9.6 (including those for Debian). You can safely install these agents (work with DSM 9.5 sp1).

deb1

As you can see, the Debian agent works without any problem. Readme file for DSM version 9.6 you can review here.

2015/08/01
by Piotr Pisz
2 Comments

EMC Data Domain – sysadmin lost password recovery

Disclaimer: This is not a secret procedure, all the information is available on EMC Powerlink. But remember, in a normal situation, this procedure performs the EMC support. You do it at your own risk.

This post is a synthesis of knowledge from the Internet. The entire procedure lasts one minute and is completely safe. However, it requires the input mode SE (system engineer) and later to the Data Domain Bash. The main requirement is to also have an active user, other than the sysadmin, with administrator privileges. If you do not have such user that you must turn for help to EMC Support (sorry).

DD image

Continue Reading →

2015/07/30
by Piotr Pisz
0 comments

Configure VMware VASA for IBM Storwize V7000 (and others).

The task of the Google search engine questions as in the post title (or its variations) does not return us satisfactory results. It is very difficult to find something in this matter, which step by step will lead us to our goal, which is to configure the IBM Storage Provider for VMware VASA (VMware API’s for Storage Awerness). When a person gets used to the storage profiles (like me) a lack of access to VASA is a discomfort. In the case of IBM Storwize, DS and XIV (updated to the latest firmware) we can use the new software, which is IBM Spectrum Control (Post applies to Base version 2.1.1 for Storwize). This software provides full integration of the IBM arrays with VMware vSphere (5.0 to 6.0), including a plugin for the vSphere Web Client. The whole is fairly simple to set up and run the VMware VASA takes a moment.

ibm11

Continue Reading →

2015/07/21
by Piotr Pisz
0 comments

ESXi 5.5 – Exhaustion of root disk inodes (There is no space left on device).

Today I met with a surprising message, he appeared in a production environment while trying to deploy a new virtual machine (OVF). The message sounded like this: Failed to open the /var/log/journal for write (There is no space left on device). It surprised me so much, that we keep logs on a drive other than root.

journal1

A quick check showed anything wrong:

journal2

The conclusion is simple, ran out of inodes, you can check this very quickly by this command (localcli system visorfs ramdisk list):

journal3

OK, the root disk exhausted the available inodes. Such errors are heavy in the diagnosis, i-nodes can be used by large numbers of small files or eg. The log file with a broken descriptor (we deleted a file to which the system is writing, we think that the file does not exist but it still grows). Fortunately, I managed to find a KB that covered my problem. To my incessant surprise, in /var/run/sfcb I found a lot of files:

journal4

The procedure of “cleaning” is simple, stop the watchdog, remove the files and start watchdog. Check inodes:

journal5

The number of busy inodes has fallen by half! How to defend in the future against this problem? Accordance with the KB redirect writing of those files to a RAM disk:

esxcli system visorfs ramdisk add –name sfcbtickets –min-size 0 –max-size 1024 –permissions 0755 –target /var/run/sfcb

journal6

2015/07/14
by Piotr Pisz
0 comments

Veeam Backup – Storage latency control.

Twitter is a fount of wisdom, you should watch the valuable account. Thanks to Chris Wahl one entry about storage letancy control, my life has improved considerably. With surprise because I discovered that despite the fact that I use quite a long time Veeam Backup and move through it with considerable skill. I never walked in the “options” of the program (because why)! We have a Enterprise version, is the backups be performed ok or not ok, I control from the vSphere Web Client and Veeam Backup Enterprise Manager (and sometimes I look directly into the program).

veeam2

Continue Reading →