The time I've wasted on technology...

Repurpose your old Netbook or Laptop in to the perfect VMware Horizon View VDI Client

Fedora, Linux, VMware, VMware Horizon View No Responses »

Aug 262018

One of the coolest things I love about running VMware Horizon View and VDI is that you can repurpose old computers, laptops, or even netbooks in to perfect VDI clients running Linux! This is extremely easy to do and gives life to old hardware you may have lying around (and we all know there’s nothing wrong with that).

I generally use Fedora and the VMware Horizon View Linux client to accomplish this. See below to see how I do it!

Quick Guide

Download the Fedora Workstation install or netboot ISO from here.
Burn it to a DVD/CD if you have DVD/CD drive, or you can write it to a USB stick using this method here.
Install Fedora on to your laptop/notebook/netbook using the workstation install.
Update your Fedora Linux install using the following command
```
dnf -y upgrade
```

Install the prerequisites for the VMware Horizon View Linux client using these commands

dnf -y install https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
dnf -y install gstreamer-plugins-ugly gstreamer-plugins-bad gstreamer-ffmpeg xine-lib-extras-freeworld xine-lib-extras-freeworld libssl* libcrypto* openssl-devel libpng12 systemd-devel libffi-devel

To fix an issue with package versions and dependancies, run the following commands

ln -s /usr/lib64/libudev.so.1 /usr/lib64/libudev.so.0
ln -s /usr/lib64/libffi.so.6 /usr/lib64/libffi.so.5

Download the VMware Horizon View Linux client from here
Make the VMware bundle executable and then run the installer using these commands (your file name may be different depending on build version number)
```
chmod 777 VMware-Horizon-Client-4.8.0-8518891.x64.bundle
sudo ./VMware-Horizon-Client-4.8.0-8518891.x64.bundle
```
Complete the installation wizard
You’re done!

To run the client, you can find it in the GUI applications list as “VMware Horizon Client”, or you can launch it by running “vmware-view”.

VMware Horizon View on Linux in action

Here is a VMware Horizon View Linux client running on HP Mini 220 Netbook

Additional Notes:

-If you’re comfortable, instead of the workstation install, you can install the Fedora LXQt Desktop spin, which is a lightweight desktop environment perfect for low performance hardware or netbooks. More information and the download link for Fedora LXQt Desktop Spin can be found here: https://spins.fedoraproject.org/en/lxqt/

-If you installed Fedora Workstation and would like to install the LXQt window manager afterwards, you can do so by running the following command (after installing, at login prompt, click on the gear to change window managers):

dnf install @lxqt-desktop-environment

-Some of the prerequisites above in the guide may not be required, however I have installed them anyways for compatibility.

Fedora Core 28 – Black screen with cursor after install or upgrade

Fedora 7 Responses »

Aug 252018

After doing a fresh install or upgrade of Fedora Core Linux (FC28 in my case), you may notice that when the system boots it gets stuck on a black screen with a white cursor. The cursor will not move and there will be no drive activity.

This issue occurs with GNOME on my old HP Mini 210 Netbook every time I do a fresh install of Fedora on it (or upgrade it).

Follow the process below to temporarily boot and then permanently fix it.

Temporary fix

To get the system to boot:

Power on the computer, and carefully wait for the GRUB bootloader to appear (the boot selection screen).
When the GRUB bootloader appears, press the “e” key to edit the highlighted (default) boot entry.
Scroll down until you get to the line starting with “linux16”, then use your right arrow key and scroll right until you get to the end of the kernel options (while scrolling right, you may scroll multiple lines down which is fine and expected). The line should finally end with “rhgb” and “quiet”.
Remove “rhgb” and “quiet”, and then add “nomodeset=0”
Press “CTRL+x” to boot the system.
The system should now boot.

FYI: “rhgb” is the kernel switch/option for redhat graphical boot, and “quiet” makes the system messages more quiet (who would have guessed).

Permanent Fix

To permanently resolve the issue:

Once the system has booted, log in.
Open a terminal window (Applications -> Terminal, or press the “Start” button and type terminal).
Use your favorite text editor and edit the file “/etc/default/grub” (I use nano which can be install by running “dnf install nano”):
```
nano /etc/default/grub
```
Locate the line with the variable “GRUB_CMDLINE_LINUX”, and add “nomodeset=0” to the variables. Feel free to remove “rhgb” and “quiet” if you’d like text boot. Here’s an example of my line after editing (yours will look different):
```
GRUB_CMDLINE_LINUX="resume=/dev/mapper/fedora_da--netbook01-swap rd.lvm.lv=fedora_da-netbook01/root rd.lvm.lv=fedora_da-netbook01/swap nomodeset=0"
```
Save the file and exit the text editor (CTRL+x to quit, the press “y” and enter to save)
At the bash prompt, execute the following command to regenerate the grub.conf file on the /boot partition from your new default file:
```
grub2-mkconfig -o /boot/grub2/grub.cfg
```
Restart your system, it should now boot!

Please Note: Always make sure you have a full system backup before modifying any system files!

Create Fedora or CentOS USB boot media with an ISO image file and dd on Linux

CentOS, Fedora, Linux 2 Responses »

Aug 252018

A fun fact that a lot of users still aren’t aware of, is that you can create Fedora and CentOS bootable media (a bootable USB stick) using the DVD/CD ISO image, and using the linux dd command.

So if you have an existing and running Linux install, you can use this method to quickly write an ISO file to a USB stick!

Here’s How!

Get your USB stick handy, make sure it’s big enough to store the ISO file you want to download.
Download your preferred ISO DVD or CD Image for Installation from CentOS or Fedora.
Connect your USB stick, open a terminal session and run the following command to identify the device name of the USB stick (mine was sdb for /dev/sdb):
```
[root@StephenW-X1 ~]# dmesg | grep removable
[  171.890670] sd 1:0:0:0: [sdb] Attached SCSI removable disk
```

Issue the following command to write the ISO image to the USB stick. Change the input filename, and output device name to reflect your own.

[root@StephenW-X1 Downloads]# dd if=Fedora-Workstation-netinst-x86_64-28-1.1.iso of=/dev/sdb
1193984+0 records in
1193984+0 records out
611319808 bytes (611 MB, 583 MiB) copied, 13.6777 s, 44.7 MB/s

Your done!

Please Note:

Choosing the wrong /dev/sd[x] device can case you to write the ISO file to your hard drive, or another hard drive in your system. Make sure you select the right device name. If you’re unsure, don’t run the command.
You can also use the “Fedora Media Writer for Windows” available here: https://getfedora.org/fmw/FedoraMediaWriter-win32-4.1.1.exe to write an ISO image to USB if you’re running Windows.

HPe Moonshot – The absolute definition of high-density, software defined infrastructure

Compute, HPe, Moonshot No Responses »

Aug 222018

HPe Moonshot

I had the pleasure of playing with a fully loaded HPe Moonshot 1500 Chassis, and an HPe Edgeline EL4000 Converged Edge System last month during my visit to HPe Headquarters in Toronto, Ontario. I like to think of this thing as the answer for high-density anything and everything!

HPe Moonshot 1500 Chassis

I’ve known about the HPe Moonshot portfolio for some time, however I didn’t understand how mammoth one of these chassis’ are until I saw it performing in real life.

HPe Moonshot 1500 Chassis with 45 Cartridges

The HPe Moonshot 1500 Chassis supports up to 45 cartridges, and up to 4 SoC (System on Chip) OS instances per cartridge for a total of 180 OS instances in a 4.3U (5U for 1 x 1500 Chassis or 13U for 3 x 1500 Chassis) sized footprint. The chassis also supports up to 2 switches and 2 uplink modules in addition to the 45 cartridges.

Prime uses for HPe Moonshot 1500 (remember, high-density everything):

VDI (Virtual Desktop Infrastructure via VMware or Microsoft)
HDI (Hosted Desktop Infrastructure via Citrix Provisioning Server)
Server consolidation and Virtualization
SDDC (Software Defined Data Center)
HPC (High Performance Computing, both Virtualized and Non-Virtualized workloads)
Energy Efficient Compute
EUC (End User Computing – Software defined end user desktops without virtualization)
Video Transcoding
Analytics and Interpritation
IoT and AI
Custom workloads

As you can see, you can virtually load up whatever you’d like on it that requires a CPU (HPe Moonshot can run both x86 and ARM architectures depending on which cartridges are utilized).

The chassis is monitored and managed via the HPe Moonshot 1500 Chassis Management module and the HPe Moonshot Provisioning Manager.

HPe Edgeline EL4000 Converged Edge System

The HPe Edgeline EL4000 was designed (you probably guessed it) for the edge. Whether it be the enterprise edge, media edge, or IoT edge, the EL4000 is a perfect fit.

HPe Edgeline EL4000 Converged Edge System

This bad boy supports up to 4 HPe Proliant Server Cartridge (m510 or m710x) compute nodes in a 1U package. It also supports up to 4 PCIe cards, or 4 PXIe modules assignable to any of the compute modules.

Prime uses for the HPe Edgeline EL4000:

Edge Computing (AI, IoT EDGE)
ROBO (Remote Office Branch Office)
Server Consolidation and Virtualization (ROBO)
VDI (Virtual Desktop Infrastructure)
HDI (Hosted Desktop Infrastructure)
Video Transcoding
Industrial applications (Machine monitoring, Condition Monitoring)
Edgeline data analytics
Industrial/Manufacturing Quality Control and Quality Assurance (Video Analytics and Interpretation)
SMB Applications

The El4000 has iLo (Integrated Lights Out) built in, and provides management and monitoring. This unit also supports GPU accelerator/compute cards such as the Nvidia P4 Graphics Accelerator (specifically an Nvidia Tesla P4 8GB Computational PCIe card).

HPe Moonshot Cartridges

With the flexibility of different cartridges, along with Moonshot being software defined, you can highly customize whatever workload you may be running.

HPe Proliant m800 Moonshot Cartridge Front View

HPe Proliant m800 Moonshot Cartridge Side View

The following cartridges are currently available for the HPe Moonshot platform:

HPe Proliant m710p – Server or Desktop Virtualization, includes Intel Iris Pro P6300 graphics for VDI deployments (supported by VMware vSphere for vDGA passthrough and vSGA) or video transcoding.
HPe Proliant m710x – Server or Desktop Virtualization, includes Intel Iris Pro P580 graphics for VDI deployments (supported by VMware vSphere for vDGA passthrough and vSGA) or video transcoding.
HPe Proliant m700p – Designed for high-performance Citrix Mobile Workspaces (high-density EUC) for 4 desktops per cartridge with AMD Radeon HD 8000 graphics.
HPe Proliant m510 – Features the Xeon D processor targeting high performance, AI, analytics, machine learning, and IoT workloads.

As you can see there is quite some flexibility as far as the cartridges you can roll out. I get really excited when I think of VDI with Moonshot just because of the fact that the Intel Iris Pro P580, and P6300 are fully supported on VMware’s HCL for vDGA and vSGA graphics for vSphere 6.5 and 6.7.

There are also retired/discontinued cartridges (such as the HPe Proliant m800) which are beyond the scope of this blog post.

HPe Moonshot Networking

On the HPe Moonshot 1500 Chassis, networking is handled inside of the chassis via 1 or 2 network switch modules and uplink modules. You’ll then connect the uplinks from the uplink modules to your real physical network. You can connect to your network via QSFP+ or SFP+ connections using DAC (direct attached cables) or fiber cables with transceivers at speeds of 40Gb or 10Gb.

The Moonshot 1500 chassis supports the following switch modules:

Moonshot-45Gc Switch – 1Gb Switch connectivity for m510, m510-16c, m710x cartridges and works with the Moonshot 6 x SFP+ Uplink Module
Moonshot-45XGc Switch – 1Gb or 10Gb Switch connectivity for m510, m510-16c, m710x cartridges and works with the Moonshot 16 x SFP+ Uplink Module or the 4 QSFP+ Uplink Module
Moonshot-180XGc Switch – 1Gb or 10Gb Switch connectivity for m510, m510-16c, m710x cartridges, and 1Gb Switch connectivity for m700p and works with the Moonshot 16 x SFP+ Uplink Module or the 4 QSFP+ Uplink Module

On the HPe Edgeline EL4000, networking is handled via 2 x 10Gb SFP+ switched version, or a 8 x 10Gb QSFP+ pass-thru version. The unit also has a dedicated 1Gb RJ45 port for HPe iLo connectivity.

HPe Moonshot Storage

Each cartridge can contain it’s own dedicated storage up to 2TB. This is perfect for a HPe StoreVirtual VSA deployment or even basic direct attached storage. You can also connect HPe Moonshot to an HPe 3PAR SAN or an HPe Apollo 4500 storage system via the 10Gb network Fabric.

There’s a few options as to how you can plan your storage deployment with Moonshot:

DAS – Direct Attached Storage (in cartridge)
HPe 3PAR SAN or HPe Apollo 4500 Storage System
iSCSI/NFS (May or may not be supported depending on your workload)
VMware vSAN (May or may not be supported/certified)

As you can see, there’s quite a few options and possibilities as far as your storage deployment goes.

HPe Moonshot Pictures

Here’s some additional photos of the unit.

HPe Moonshot at HPe Center of Excellence

HPe Moonshot 1500 Chassis opened and running

HPe Moonshot 1500 Chassis with Cartridges

And remember, if you’re interested in the HPe Moonshot product or any other products or solutions in HPe’s portfolio, please don’t hesitate to reach out to me or my company (Digitally Accurate Inc.) for more information as we are an HPe partner and design/configure/sell HPe solutions!

Windows Server 2012 R2 .NET Windows Updates fail with error 0x80092004

Microsoft, Windows Server 60 Responses »

Aug 212018

You may notice on Windows Server 2012 R2, when applying Windows Updates that one or more .NET updates may fail with error code 0x80092004. This issue may affect all, or only some of your Windows Server 2012 R2 servers.

When troubleshooting this, you may notice numerous specific errors such as “Couldn’t find the hash of component: NetFx4-PenIMC”, or errors with a CAB file. These errors will probably come from update KB4054566 and KB4340558.

The Fix

To resolve this, we are going to download the updates MSU files from the Microsoft Update Catalog, and fully uninstall, then re-install the problematic updates.

Please Note: Always make sure you have a full backup before making modifications to your servers.

Please follow the instructions below:

Create a folder called “updatefix” on the root of your C drive on the server
Navigate to the Windows Update catalog at: https://www.catalog.update.microsoft.com/
Search for KB4054566 and download the file for “Windows Server 2012 R2”, save it to the folder you created above called “updatefix” on the root of your C Drive. There should be one file in the download.
Search for KB4340558 and download the files for “Windows Server 2012 R2”, save it to the folder you created above called “updatefix” on the root of your C Drive. There should be a total of 3 files in this download.
Create a folder in the “updatefix” folder called “expanded”.

Open an elevated command prompt, and run the following commands to extract the updates CAB files:

expand -f:* "C:\updatefix\windows8.1-kb4338415-x64_cc34d1c48e0cc2a92f3c340ad9a0c927eb3ec2d1.msu" C:\updatefix\expanded\
expand -f:* "C:\updatefix\windows8.1-kb4338419-x64_4d257a38e38b6b8e3d9e4763dba2ae7506b2754d.msu" C:\updatefix\expanded\
expand -f:* "C:\updatefix\windows8.1-kb4338424-x64_e3d28f90c6b9dd7e80217b6fb0869e7b6dfe6738.msu" C:\updatefix\expanded\
expand -f:* "C:\updatefix\windows8.1-kb4054566-x64_e780e6efac612bd0fcaf9cccfe15d6d05c9cc419.msu" C:\updatefix\expanded\

Now let’s uninstall the problematic updates. Some of these commands may fail depending on which updates you have successfully installed. Run the following commands individually to remove the updates:

dism /online /remove-package /packagepath:C:\updatefix\expanded\Windows8.1-KB4338424-x64.cab
dism /online /remove-package /packagepath:C:\updatefix\expanded\Windows8.1-KB4338419-x64.cab
dism /online /remove-package /packagepath:C:\updatefix\expanded\Windows8.1-KB4338415-x64.cab
dism /online /remove-package /packagepath:C:\updatefix\expanded\Windows8.1-KB4054566-x64.cab

Now let’s cleanly install the updates. All of these commands should be successful when running. Run the following commands individually to install the updates:

dism /online /add-package /packagepath:C:\updatefix\expanded\Windows8.1-KB4054566-x64.cab
dism /online /add-package /packagepath:C:\updatefix\expanded\Windows8.1-KB4338415-x64.cab
dism /online /add-package /packagepath:C:\updatefix\expanded\Windows8.1-KB4338419-x64.cab
dism /online /add-package /packagepath:C:\updatefix\expanded\Windows8.1-KB4338424-x64.cab

You have now fixed the issue and all updates should now be cleanly installing via Windows Updates!

Leave a comment and let me know if this worked for you!

Long term review of the VMware Horizon View Mobile Client for Android

Android, VMware, VMware Horizon View No Responses »

Aug 212018

Well, after using the VMware Horizon Client mobile app (for Android) for a year, I finally decided to do a little write up and review. I use the android client regularly on my Samsung Tab E LTE tablet, and somewhat infrequently on my Samsung Galaxy S9+ mobile phone (due to the smaller screen).

Let’s start off by briefly explaining what VMware Horizon View is, what the client does, and finally the review. I’ll be including a couple screenshots as well to give an idea as to how the interface and resolution looks on the tablet itself.

The VMware Horizon Client mobile app for android is available at: https://play.google.com/store/apps/details?id=com.vmware.view.client.android

What is VMware Horizon View

VMware Hoirzon View is a product and solution that enables VDI technology for a business. VDI stands for Virtual Desktop Infrastructure. When a business uses VDI, they virtualize their desktops and use either thin clients, zero clients, or the view client to access these virtualized desktops. This allows the business to utilize all the awesome technologies that virtualization brings (DRS, High Availability, Backup/DR, high performance, reduced hardware costs) and provide rich computing environments to their users. The technology is also particularly interesting in the fact that it provides amazing remote access capabilities as one can access their desktop very easily with the VMware View Client.

When you tie this on to an advanced security technology such as Duo’s MFA product, you can’t go wrong!

In special case or large environments, enormous cost savings can be realized when implementing VDI.

What is the VMware Horizon View Mobile client for Android

As mentioned above, to access one’s virtualized desktop a client is needed. While a thin client or zero client can be used, this is beyond the scope of this post as here we are only discussing the VMware View client for Android.

You can download the VMware View client for Android from the App store (link here).

The VMware Horizon View Mobile client for Android allows you to connect to your VDI desktop remotely using your Android based phone or tablet. Below is a screenshot I took with my Samsung Tab E LTE tablet (with the side bar expanded):

VMware Horizon View Client on Android Tablet

VMware Horizon View Mobile Client for Android Experience

Please Note: There is more of the review below the screenshots. Scroll down for more!

The app appears to be very lightweight, with an easy interface. Configuration of View Connections Servers, or UAG’s (Unified Access Gateways) is very simple. The login process performs with RADIUS and/or MFA as the desktop client would. In the examples below, you’ll notice I use Duo’s MFA/2FA authentication solution in combination with AD logins.

VMware Horizon View Mobile Client Android Server List

The interface is almost identical to the desktop client with very little differences. The configuration options are also very similar and allow customization of the app, with options for connection quality as an example.

VMware Horizon View Mobile Client Android Server Login

VMware Horizon View Mobile Client Android Login Duo MFA

As you can see above, the RADIUS and Duo Security Login prompts are fully functional.

VMware Horizon View Mobile Client Android Server List

VMware Horizon View Mobile Client Android Windows 10 VDI Desktop

The resolution is perfect for the tablet, and is very usable. The touch interface works extremely well, and text input works as good as it can. While this wouldn’t be used as a replacement for the desktop client, or a thin/zero client, it is a valuable tool for the mobile power user.

With how lightweight and cheap tablets are now, you could almost leave your tablet in your vehicle (although I wouldn’t recommend it), so that in the event of an emergency where you need to access your desktop, you’d be able to using the app.

Pros:

Fluid interface
Windows 10 touch functionality works great
Resolution Support
Samsung Dex is fully supported
Webcam redirection works
Works on Airplanes using in flight WiFi

Cons:

Bandwidth usage
Saving credentials via Fingerprint Scanner would be nice (on the S8+ and S9+)

My Usage

Being in IT, I’ve had to use this many times to log in and manage my vSphere cluster, servers, HPe iLo, check temperatures, and log in to customer environments (I prefer to log in using my VDI desktop, instead of saving client information on the device I’m carrying with me). It’s perfect for these uses.

I also regularly use VDI over LTE. Using VDI over mobile LTE connections works fantastic, however you’ll want to make sure you have an adequate data plan as the H.264 video stream uses a lot of bandwidth. Using this regularly over LTE could cause you to go over your data limits and incur additional charges.

Additional Information

Samsung Dex

The VMware Horizon View Mobile Client for Android also supports Samsung Dex. This means that if you have a Dex dock or the Dex pad, you can use the mobile client to provide a full desktop experience to a monitor/keyboard/mouse using your Samsung Galaxy phone. I’ll be doing a write up later to demo this (it works great).

VMware Horizon Client for Chrome OS

VMware also has a client for Chrome OS, so that you can use your Chromebook to connect to your VDI desktop. You can download VMware Horizon Client for Chrome OS here: https://chrome.google.com/webstore/detail/vmware-horizon-client-for/ppkfnjlimknmjoaemnpidmdlfchhehel

Office 365 E-Mail delayed due to greylisting

E-Mail, Internet, Office 365 No Responses »

Aug 202018

An all too common problem is when users report e-mail delays ranging from 5 to 15 minutes. When troubleshing these types of issues, you’ll notice this commonly occurs when receiving e-mails from organizations that use Office 365. Specifically this occurs due to greylisting.

Why does this happen

You’re organization is using greylisting on your e-mail proxy/SMTP relay to reduce spam. Greylisting temporarily rejects the first send of an e-mail and waits for the sending server to re-transmit the message. This process usually takes around 5-15 minutes to complete. Greylisting is used because spammers won’t re-transmit the message, which leads to a massive reduction of spam messages coming through.

Once the sending server retransmits, the sending server IP address is added to your firewalls “safe senders” whitelist. From this point on the IP address (or server) will not be subject to greylisting (and any subsequent e-mails).

Office 365 has hundreds, if not thousands (possibly 10’s of thousands) of servers they use to transmit e-mail. The chance of multiple e-mails being sent from a single server is very slim, therefor greylisting is applied to every IP (server) that is sending e-mail because it’s different. Each e-mail from an Office 365 user can take 5-15 minutes, since a new server is used every time.

How to resolve

You’ll need to configure and add an exception to your e-mail proxy/SMTP relay/firewall. This exception can be based off domain, DNS name of sending server, or IP address ranges.

Scroll down for instructions on how to create an exception on a Sophos UTM.

Domain Exception

If you use domain based exceptions, you’ll need to configure these manually for each sending domain that you want your firewall to skip greylist checking. This is a very manual process, which requires lots of human intervention to continuously update your greylist exception.

DNS FQDN of MX Server

This method is the easiest, however most firewall or UTM’s will now allow these types of exceptions since a number of DNS queries will be needed everytime an e-mail comes in. One DNS query on the MX record, and then another DNS query on the DNS host contained in the MX record. If you can configure this type of exception, you’ll want to configure it as below:

*-com.mail.protection.outlook.com

IP Address Range

This is the best method. To create an IP address range exception, we’ll need a copy of all the IP address ranges or IP address spaces that Office 365 uses to send mail. This list can be found at: https://docs.microsoft.com/en-us/office365/SecurityCompliance/eop/exchange-online-protection-ip-addresses.

We’ll need to create an exception that skips greylist checking on the IP addresses outlined in the above link. This will stop any greylist checking on e-mails from Office 365 servers.

In my case, I use a Sophos UTM firewall, and to create an exception I had to do the following:

Log on to the Webmin interface.
Select “Email Protection”, then “STMP” on the left hand side, then “Exceptions” tab at the top.
Sophos UTM E-Mail and SMTP Exception List
Create a “New Exception List” and call it “Office 365 GreylistWhitelist”.
Check the “Greylisting” box under “Antispam”, and then check the “For these source hosts/networks”.
Sophos UTM SMTP Create Exception
Click the “+” button, and call the Network Definition “Exchange365-EOP-Group”. Change the type to “Network Group”.
Click the “+” button in the members section, and start adding the IP spaces. Repeat this for each IP space (in total I added 23). Each network name (IP address space) requires a unique name, I named mine “Exchange365-EOP1” through “Exchange365-EOP23”.
Sophos UTM SMTP Configure Exception
Click Save on the Network Group, and click Save on the exception.
Enable the Exception
Sophos UTM SMTP Exception Rule
Completed! You’ve now made the exception and delays should no longer occur.

Roof mounted Antenna for Wilson weBoost Home 4G Cell Booster Project

GSM, Rogers 1 Response »

Aug 192018

I finally got around to mounting my Wilson weBoost Home 4G Cell Phone Booster Antenna on the roof. Here’s some pictures of the completed install. I’ve had this booster for a while and it’s worked great, however some new cell towers went up in the area, and I wanted to stop using the window mount and re aim the antenna.

Wilson weBoost Home 4G Cell Phone Booster Roof Outdoor Antenna

For those of you wanting to read my original post on the Wilson weBoost Home 4G Cell Phone Booster Kit, installation, and a review, you can find it at https://www.stephenwagner.com/2017/06/01/cellmobile-phone-reception-issues-resolve-with-a-wilson-amplifier-cell-booster/.

The house that I live in, actually had a roof mounted satellite dish that was no longer in use (used before the provider ran coax in the area). The dish, roof mount, and coax were all in place, however the coax was cut so I couldn’t re-use it.

I was able to remove 2 of the bolts on the satelite dish to remove it from the pole mount, and proceeded to install the antenna on the pole using the outdoor mounting kit included with the cell booster. I was extremely pleased with the install.

See below for more pics:

Roof mounted Wilson weBoost Home 4G Cell Phone Booster Kit

Roof mounted Wilson weBoost Home 4G Cell Phone Booster Kit Cabling

Roof mounted Antenna pole mount

The cabling goes through the pole, down to the eavestrough where I have it zip-stripped (yet elevated) along the roof until I get to the house’s siding. I was able to tuck it in the corner siding down to the wiring access panel for the house, then into the house through the hole.

After mounting it, it took around 30 minutes to aim it with the assistance of the “LTE Discover” Android app (available at https://play.google.com/store/apps/details?id=net.simplyadvanced.ltediscovery). Remember, when aiming your antenna, it’s important to unplug your booster for 5-10 seconds for it to fully reset for it to function with the new antenna position.

Again, make sure you check out my original post and review at https://www.stephenwagner.com/2017/06/01/cellmobile-phone-reception-issues-resolve-with-a-wilson-amplifier-cell-booster/!

How to build your own traffic shaping device with CentOS and tc (traffic control)

CentOS, Linux, Networking No Responses »

Aug 182018

Let’s say that you’re hosting someone’s equipment and they start to abuse their connection speed. Let’s say that you’re limited in your bandwidth, and you want to control your own bandwidth to make sure you don’t max out your own internet connection. You can take care of both of these problems by building your own traffic shaping network control device using CentOS and using the “tc” linux command.

In this post I’m going to explain what traffic shaping is, why you’d want to use traffic shaping, and how to build a very basic traffic shaping device to control bandwidth on your network.

What is traffic shaping

Traffic shaping is when one attempts to control a connection in their network to prioritize, control, or shape traffic. This can be used to control either bandwidth or packets. In this example we are using it to control bandwidth such as upload and download speeds.

Why traffic shaping

For service providers, when hosting customer’s equipment, the customer may abuse their connection or even max it out legitimately. This can put a halt on the internet connection if you share it with them, or cause bigger issues if it’s shared with other customers. In this example, you would want to implement traffic shaping to allot only a certain amount of bandwidth so they wouldn’t bring the internet connection or network to a halt.

For normal people (or a single business), as fast as the internet is today, it’s still very easy to max your connection out. When this happens you can experience packet loss, slow speeds, and interruption of services. If you host your own servers this can cause even a bigger issue with interruption of those services as well. You may want to limit your own bandwidth to make sure that you don’t bring your internet to a halt, and save some for other devices and/or users.

Another reason is just to implement basic QoS (Quality of Service) across your network, to keep usage and services in harmony and eliminate any from hogging the network connections up.

How to build your own basic traffic shaping device with CentOS and tc

In this post we will build a very simple traffic shaping device that limits and throttles an internet connection to a defined upload and download speed that we set.

You can do this with a computer with multiple NICs (preferably one NIC for management, one NIC for internet, and one NIC for network and/or the hosts to be throttled). If you want to get creative, there are also a number of physical network/firewall appliances that are x86 based, that you can install Linux on. These are very handy as they come with many NICs.

When I set this up, I used an old decommissioned Sophos UTM 220 that I’ve had sitting around doing nothing for a couple years (pic below). The UTM 220 provides 8 NICs, and is very easy to install Linux on to.

Sophos UTM 220 Running CentOS Linux

Please Note: The Sophos UTM 220 is just a fancy computer in a 1U rack mounted case with 8 NICs. All I did was install CentOS on it like a normal computer.

Essentially, all we’ll be doing is installing CentOS Linux, installing “tc”, configuring the network adapters, and then configuring a startup script. In my example my ISP provides me 174Mbps download, and 15Mbps upload. My target is to throttle the connection to 70Mbps download, and 8Mbps upload. I will allow the connection to burst to 80Mbps down, and 10Mbps up.

To get started:

Install CentOS on the computer or device. The specifics of this are beyond the scope of this document, however you’ll want to perform a minimal install. This device is strictly acting as a network device, so no packages are required other than the minimal install option.
During the CentOS install, only configure your main management NIC. This is the NIC you will use to SSH to, control the device, and update the device. No other traffic will pass through this NIC.
After the install is complete, run the following command to enable ssh on boot:
```
chkconfig sshd on
```
Install “tc” by running the command:
```
yum install tc
```
Next, we’ll need to locate the NIC startup scripts for the 2 adapters that will perform the traffic shaping. These adapters are the internet NIC, and the NIC for the throttled network/hosts. Below is an example of one of the network startup scripts. You’re NIC device names will probably be different.
```
/etc/sysconfig/network-scripts/ifcfg-enp2s0
```

Now you’ll need to open the file using your favorite text editor and locate and set ONBOOT to no as shown below. You can ignore all the other variables. You’ll need to repeat this for the 2nd NIC as well.

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp2s0
UUID=xxxxxxxx-xxxx-xxx-xxxx-xxxxxxxxxxxx
DEVICE=enp2s0
ONBOOT=no

Now we can configure the linux startup script to configure a network bridge between the two NICs above, and then configure the traffic shaping rules with tc. Locate and open the following file for editing:
```
/etc/rc.d/rc.local
```

Append the following text to the rc.local file:

# Lets make that bridge
brctl addbr bridge0

# Lets add those NICs to the bridge
brctl addif bridge0 enp5s0
brctl addif bridge0 enp2s0

# Confirm no IP set to NICs that are shaping
ifconfig enp5s0 0.0.0.0
ifconfig enp2s0 0.0.0.0

# Bring the bridge online
ifconfig bridge0 up

# Clear out any existing tc policies
tc qdisc del dev enp2s0 root
tc qdisc del dev enp5s0 root

# Configure new traffic shaping policies on the NICs
# Set the upload to 8Mbps and burstable to 10mbps
tc qdisc add dev enp2s0 root tbf rate 8mbit burst 10mbit latency 50ms
# Set the download to 70Mbps and burstable to 80Mbps
tc qdisc add dev enp5s0 root tbf rate 70mbit burst 80mbit latency 50ms

Restart the linux box:
```
shutdown -r now
```
You now have a traffic shaping network device!

Final Thoughts

Please note that normally you would not place the script in the rc.local file, however we wanted something quick and simple. The script may not survive in the rc.local file when updates/upgrades are applied against on the Linux install, so keep this in mind. You’ll also need to test to make sure that you are throttling in the correct direction with the 2 NICs. Make sure you test this setup and allow time to confirm it’s working before putting it in a production network.

Monitor your VMware vSphere environment remotely with the vSphere Mobile Watchlist Android App

Android, ESXi, VMware, vSphere 2 Responses »

Aug 182018

Did you know that you can monitor and manage your VMware vSphere environment (ESXi hosts, cluster, and VMs) remotely with the “VMware vSphere Mobile Watchlist” app on your Android phone? Well, you can!

Download link: https://play.google.com/store/apps/details?id=com.vmware.beacon

The VMware vSphere Mobile Watchlist (VMware Watchlist) Android App

For some time now, I’ve been using this neat little app from VMware (available for download here) to monitor and manage my vSphere cluster remotely. You can use the app while directly on your LAN, or via VPN (I use it with OpenVPN to connect to my Sophos UTM). I’ve even used it while on airplanes using the on board in-flight WiFi.

The reason why I’m posting about this, is because I’ve never actually heard anyone talk about the app (which I find strange), so I’m assuming others aren’t aware of it’s existence as well.

The app runs extremely well on my Samsung S8+, Samsung S9+, and Samsung Tab E LTE tablet. I haven’t run in to any issues or app crashes.

Let’s take a look at the app

vSphere Mobile Watchlist Login Prompt

The above screen is where you initially log in. I use my Active Directory credentials (since I have my vCenter server integrated with AD).

vSphere Mobile Watchlist Hosts and VM list

vSphere Mobile Watchlist Hosts and VMs

In the default view (shown above), you can view a brief summary of your ESXi hosts, as well as a list of virtual machines running.

vSphere Mobile Watchlist Host Information

After selecting an ESXi host, you can view the hosts resources, details, related objects, as well as flip over to view host options.

vSphere Mobile Watchlist Host Options

Under host options, you can Enter Maintenance mode, reboot the host, shutdown the host, disconnect the host, or view the hosts’ sensor data.

vSphere Mobile Watchlist Host Sensor List and Fan Data

vSphere Mobile Watchlist Host Sensor Data (Fans)

Checking the HPe Proliant DL360p Gen8 fan sensor data with VMware Watchlist.

vSphere Mobile Watchlist Host Sensor Data (Temperature)

Checking the HPe Proliant DL360p Gen8 temperature sensor data with VMware Watchlist. While not shown above, you can select individual items to pull the actual temperature values. Please Note that the temperature values are missing a decimal (Example: 2100 = 21.00 Celsius).

vSphere Mobile Watchlist VM Information View

When selecting a VM (Virtual Machine) from the default view, you can view the VM’s Resources (CPU, Memory, and Storage), Details (IP Addresses, DNS hostnames, Guest OS, VMWare Tools Status), related objects, and a list of other VMs running on the same host.

vSphere Mobile Watchlist VM Options

Flipping over to the VM options, we have the ability to power off, suspend, reset, shutdown, or gracefully restart the VM. We also have some snapshot functionality to take a snapshot, or manage VM snapshots.

Additional Notes

In my environment I have two HPe DL360p Gen8 Servers and the sensor data is fully supported (I used the HPe custom ESXi install image which includes host drivers).

Older Entries Newer Entries