Month: May 2015

Storage Interview Questions

Posted on


What is LUN masking?

LUN (Logical Unit Number) Masking is an authorization process that makes a LUN available to some hosts and unavailable to other hosts.

LUN Masking is implemented primarily at the HBA (Host Bus Adapater) level. LUN Masking implemented at this level is vulnerable to any attack that compromises the HBA.

Some storage controllers also support LUN Masking.

LUN Masking is important because Windows based servers attempt to write volume labels to all available LUN’s. This can render the LUN’s unusable by other operating systems and can result in data loss.

 

What is SAN zoning?

SAN zoning is a method of arranging Fibre Channel devices into logical groups over the physical configuration of the fabric.

SAN zoning may be utilized to implement compartmentalization of data for security purposes.

Each device in a SAN may be placed into multiple zones.

 

What are hard and soft zoning?

Hard zoning is zoning which is implemented in hardware. Soft zoning is zoning which is implemented in software.

Hard zoning physically blocks access to a zone from any device outside of the zone.

Soft zoning uses filtering implemented in fibre channel switches to prevent ports from being seen from outside of their assigned zones. The security vulnerability in soft zoning is that the ports are still accessible if the user in another zone correctly guesses the fibre channel address.

 

What is port zoning?

Port zoning utilizes physical ports to define security zones. A users access to data is determined by what physical port he or she is connected to.

With port zoning, zone information must be updated every time a user changes switch ports. In addition, port zoning does not allow zones to overlap.

Port zoning is normally implemented using hard zoning, but could also be implemented using soft zoning.

 

What is WWN zoning?

WWN zoning uses name servers in the switches to either allow or block access to particular World Wide Names (WWNs) in the fabric.

A major advantage of WWN zoning is the ability to recable the fabric without having to redo the zone information.

WWN zoning is susceptible to unauthorized access, as the zone can be bypassed if an attacker is able to spoof the World Wide Name of an authorized HBA.

 

What is a World Wide Name (WWN)?

A World Wide Name, or WWN, is a 64-bit address used in fibre channel networks to uniquely identify each element in a Fibre Channel network.

Soft Zoning utilizes World Wide Names to assign security permissions.

The use of World Wide Names for security purposes is inherently insecure, because the World Wide Name of a device is a user-configurable parameter.

For example, to change the World Wide Name (WWN) of an Emulex HBA, the users simply needs to run the `elxcfg` command.

 

What are the classes of attacks against SANs?

  • Snooping: Mallory reads data Alice sent to Bob in private
    Allows access to data
  • Spoofing: Mallory fools Alice into thinking that he is Bob
    Allows access to or destruction of data
  • Denial of Service: Mallory crashes or floods Bob or Alice
    Reduces availability

 

What are some attacks against FCP?

  • Node Name / Port Name spoofing at Port Login time
  • Source Port ID spoofing on dataless FCP commands
  • Snooping and spoofing on FC-AL
  • Snooping and Spoofing after Fabric reconfiguration
  • Denial of Service attacks can be made in User mode

 

What is FCAP (Fibre Channel Authentication Protocol)?

FCAP is an optional authentication mechanism employed between any two devices or entities on a Fibre Channel network using certificates or optional keys.

 

What is FCPAP (Fibre Channel Password Authentication Protocol)?

FCPAP (Fibre Channel Password Authentication Protocol) is an optional password based authentication and key exchange protocol which is utilized in Fibre Channel networks.

FCPAP is used to mutually authenticate Fibre Channel ports to each other. This includes E_Port’s, N_Port’s, and Domain Controllers.

 

What is SLAP (Switch Link Authentication Protocol)?

SLAP is an authentication method for Fibre Channel switches which utilizes digital certificates to authenticate switch ports.

SLAP was designed to prevent the unauthorized addition of switches into a Fibre Channel network.

 

What is FC-SP (Fibre Channel – Security Protocol)?

Fibre Channel – Security Protocol (FC-SP) is a security protocol for Fibre Channel Protocol (FCP) and fiber connectivity (Ficon).

FC-SP is a project of Technical Committee T11 of the InterNational Committee for Information Technology Standards (INCITS).

FC-SP is a security framework which includes protocols to enhance Fibre Channel security in several areas, including authentication of Fibre Channel devices, cryptographically secure key exchange, and cryptographically secure communication between Fibre Channel devices.

FC-SP is focused on protecting data in transit throughout the Fibre Channel network. FC-SP does not address the security of data which is stored on the Fibre Channel network.

 

What is ESP over Fibre Channel?

ESP (Encapsulating Security Payload) is an Internet standard for the authentication and encryption of IP packets.

ESP is defined in RFC 2406: IP Encapsulating Security Payload (ESP).

ESP is widely deployed in IP networks and has been adapted for use in Fibre Channel networks. The IETF iSCSI proposal specifies ESP link authentication and optional encryption.

ESP over Fibre Channel is focused on protecting data in transit throughout the Fibre Channel network. ESP over Fibre Channel does not address the security of data which is stored on the Fibre Channel network.

 

What is DH-CHAP?

DH-CHAP (Diffie Hellman – Challenge Handshake Authentication Protocol) is a forthcoming Internet Standard for the authentication of devices connecting to a Fibre Channel switch.

DH-CHAP is a secure key-exchange authentication protocol that supports both switch-to-switch and host-to-switch authentication.

DH-CHAP supports MD-5 and SHA-1 algorithm-based authentication.

 

How are iSCSI, iFCP and FCIP secured over IP networks?

The IETF IP Storage (ips) Working Group is responsible for the definition of standards for the encapsulation and transport of Fibre Channel and SCSI protocols over IP networks.

The IPS Working Group’s charter includes responsibility for data security:

Security including authentication, keyed cryptographic data integrity and confidentiality, sufficient to defend against threats up to and including those that can be expected on a public network. Implementation of basic security functionality will be required, although usage may be optional.

The IPS Working Group has created RFC 3723: Securing Block Storage Protocols over IP.

RFC 3723 defines the use of the existing IPsec and IKE (Internet Key Exchange) protocols to secure block storage protocols over IP.

 

This entry was posted in Interview and tagged .

How to monitor the Disk Command Aborts on an ESXi host

Posted on Updated on


When storage is severely overloaded, commands are aborted because the storage subsystem is taking too long to respond to the commands. The storage subsystem has not responded within an acceptable amount of time, as defined by the guest operating system. Aborted commands are a sign that the storage hardware is overloaded and unable to handle the requests in line with the host’s expectations.

The number of aborted commands can be monitored by using either vsphere client or esxtop.

  1.  from vsphere client, monitor disk commands aborts

this one can be generated from host and clusters->Performance-> Advanced -> Switch to disk -> chart options-> commands aborted-> ok.

  1. from esxtop, monitor ABRTS/s

Open putty, login to the ESXi host, run esxtop, for the disk type u, type f to change the settings and type L to select Error stats. Press W to save it.

Once this is we can see the ABRTS/s field there which tracks the SCSI aborts, Aborts generally occur because the array takes long time to respond to commands.

Now if you are planning to deploy a monitoring tool to monitor this parameter, the threshold for ABRTS/s should be 1. This signifies number of SCSI commands aborted during the collection interval i.e. in 1 second.

DISK       ABRTS/s               1              Aborts issued by guest(VM) because storage is not responding. For Windows VMs this happens after 60 seconds by default. Can be caused for instance when paths failed or array is not accepting any IO for whatever reason.

However having said that the in ideal case the output of ABRTS/s should be 0, which may sometime not been observer during peak hours i.e. Backup may be running on the servers hosted on the ESXi host resulting in disk intensive workouts. This ABRTS/s will fluctuate 0 to 0.xx in real case scenario as the storage is always overloaded during these peak hours.

This entry was posted in VMware and tagged , .

How to install NIC Teaming Driver and configure NIC Teaming in a Cisco UCS B200-M3

Posted on


The Cisco NIC Teaming Driver is contained in the UCS-related Windows Utilities ISO. You can download it from http://www.cisco.com. Depending on your platform, choose either Cisco UCS B-Series Blade Server Software or Cisco UCS C-Series Rack-Mount UCS-Managed Server Software. Once you have installed Windows on the blade you can proceed to install the teaming software.

First let us see how to install the NIC teaming driver on the server.

Step 1 In Windows, open a command prompt with administrator privileges.
Step 2 At the command prompt, enter enictool -p “drivers_directory”The Cisco NIC Teaming Driver is installed using the .inf files located in the specified directory.Example:This example installs the teaming driver using the .inf files located in the temp directory:

C:\> enictool -p "c:\temp"

Once the driver is installed, you need to configure the teaming on the desired NICs.

Step 1 In Windows, open a command prompt with administrator privileges.
Step 2 To create a team, enter enictool -c “list of connections” -m modeThe mode options are as follows:

  • 1—Active Backup
  • 2—Active Backup with failback to active mode
  • 3—Active Active (transmit load balancing)
  • 4—802.3ad LACP

Example:This example creates a team of two NICs in Active Backup mode:

C:\> enictool -c "Local Area Connection" "Local Area Connection 2" -m 1
Step 3 To delete a team, enter enictool -d “list of connections” Example:This example deletes a team of two NICs:

C:\> enictool -d "Local Area Connection" "Local Area Connection 2"
Step 4 To view additional options and usage information, enter enictool /?Use the displayed command option information to configure load balancing method, load balancing hash method, and other options.

This entry was posted in Cisco UCS, Windows and tagged .

How to install and configure Multipathing I/O on a computer running Windows Server 2008

Posted on Updated on


To install Multipath I/O

  1. Open Server Manager.To open Server Manager, click Start, point to Administrative Tools, and then click Server Manager.
  2. In the Features area, click Add Features.
  3. On the Select Features page of the Add Features Wizard, select Multipath I/O, and then click Next.
  4. On the Confirm Installation Selections page, click Install.
  5. When installation has completed, click Close.

To install Multipath I/O on a computer by using the Server Manager command line, complete the following steps.

To install Multipath I/O by using a command line

  1. Open a Command Prompt window with elevated privileges.Right-click the Command Prompt object on the Start menu, and then click Run as administrator.
  2. Type the following, and press ENTER. ServerManagerCmd.exe -install Multipath-IO
  3. When installation has completed, you can verify that Multipath I/O has installed by entering the following command and reviewing the query results in the command window. Multipath I/O should show in the list of installed packages. ServerManagerCmd.exe -query

IC347745[1]

Removing Multipath I/O

To remove Multipath I/O, complete the following steps.

To remove Multipath I/O

  1. Open Server Manager.To open Server Manager, click Start, point to Administrative Tools, and then click Server Manager.
  2. In the Features area, click Remove Features.
  3. On the Select Features page of the Add Features Wizard, select Multipath I/O, and then click Next.
  4. On the Confirm Installation Selections page, click Install.
  5. When installation has completed, click Close.

To remove Multipath I/O by using the Server Manager command line, complete the following steps.

To remove Multipath I/O by using a command line

  1. Open a Command Prompt window with elevated privileges.Right-click the Command Prompt object on the Start menu, and then click Run as administrator.
  2. Type the following, and press ENTER. ServerManagerCmd.exe -remove Multipath-IO
  3. When removal has completed, you can verify that Multipath I/O was removed by entering the following command and reviewing the query results in the command window. Multipath I/O should not be in the list of installed packages. ServerManagerCmd.exe -query
To claim an iSCSI-attached device for use with MPIO

Open the MPIO control panel, and then click the Discover Multi-Paths tab.
  1. Select the Add support for iSCSI devices check box, and then click Add. When prompted to restart the computer, click Yes.
  2. When the computer restarts, the MPIO Devices tab lists the additional hardware ID “MSFT2005iSCSIBusType_0x9.” When this hardware ID is listed, all iSCSI bus attached devices will be claimed by the Microsoft DSM.

This entry was posted in Windows and tagged .

How to update Offline Windows Servers to the latest Patch Level using WSUS

Posted on Updated on


Update Offline Windows Servers to the latest Patch Level using WSUS      

WSUS (Windows Server Update Services) is a method to update windows servers that are offline.

The best way to achieve patch management like this is to set up a WSUS server. What I am going to discuss is the downloading of patches from one machine that is connected to the Internet and copying the patches to an offline machine using a memory stick or DVD. This is a good solution when you have to update the patch level once to a  few machines. It is not practical as a long term solution as every time Microsoft releases a patch you would have to manually update the off line servers.

First, download WSUS from http://download.wsusoffline.net/ Extract the file to a directory. Open the directory and run Update Generator.

Tick the box beside the OS you want to download updates for. In the image above Windows 7 / Windows Server 2008 R2 x64 is selected. If you want to select any other options, go ahead and then click, “Start”.

The updates will start to download. As a rough idea of the download time, the updates for Vista x64 was 2.5GB, Windows Server 2008R2 was 800MB.

Next step is to copy the WSUS folder to some sort of removable media, a memory stick, DVD, external hard disk etc. Insert it into the server you want to update.

Open the WSUS folder, open the folder, “client” and run the update executable.

This will update your system to the latest patch level.

This entry was posted in Windows and tagged , .

Not enough server storage is available to process this command

Posted on


Here is the offending registry value:

HKEY_LOCAL_MACHINE
\SYSTEM
\CurrentControlSet
\Services
\LanmanServer
\Parameters
IRPStackSize DWORD 0x0000000f (15)

Check for the presence of the value named IRPStackSize. If it doesn’t exist, create it as type DWORD and make sure you have the capitalization absolutely correct (5 upper case, 7 lower case characters), because the system strangely seems to depend on that.

With base set to decimal, enter the value 16 or higher. 15 is the default, so entering 15 should have the same effect as removing that value altogether.

This entry was posted in Windows and tagged .

The Performance Overview tab fails to display with the error: Navigation to the webpage was cancelled (1014454)

Posted on Updated on


There are several possible causes for this issue. Attempt each of the troubleshooting steps below in sequence, without skipping any.

  1. Confirm that the vCenter Web Management Service is running.

    To resolve this issue, connect to vCenter locally with a vSphere Client located on the vCenter Server and followStopping, starting, or restarting vCenter services (1003895).

  2. Ensure that the correct DNS settings and IP address are being used:
    1. On the vCenter Server, navigate toC:\Program Files\VMware\Infrastructure\VirtualCenter Server\extensions\com.vmware.vim.stats.report\.
    2. Openxml in a text editor.
    3. Edit the line<url>https://hostname:8443/statsreport/vicr.do</url> to use an IP address instead of an FQDN to rule out issues with DNS.
    4. Restart vCenter Web Management Service and the vCenter Server Service after making any changes to the.xml  For moreinformation, see Stopping, starting, or restarting vCenter services (1003895).
  3. Disable any third party web services that may be interfering with the vCenter Web Management Services.

    To confirm that a third party web service is the cause:

    1. Stop the vCenter Web Management Service. For more information, seeStopping, starting, or restarting vCenter services (1003895).
    2. Try to connect to port 8443 (the port on which the Web Management Service runs) by executing:

      telnet IP8443

    3. If the port responds when the vCenter Web Management Service is stopped, there might be another service that is using the port. In this case, if you want to continue running the conflicting third party service, you may have to change the port that Performance Overview uses. To change the port used by Performance Overview, seeThe Performance Overview tab within vCenter Server reports the HTTP Status 404 error (1016160).
  4. Check if vCenter Server is using custom SSL certificates as a result of a recent upgrade to vCenter Server 4.0 Update 1. For more information, seeVMware vCenter Server plugins fail after adding custom SSL certificates (1017577).

Note: Additionally, you can perform these steps:

  • Disable the proxy settings from the browser.

    To disable the settings:

  1. LaunchInternet
  2. Navigate toTools > Internet options.
  3. Click theConnections
  4. ClickLAN settings.
  5. Select theUse automatic configuration script
  • If you experience this issue on workstations external to the vCenter Server, try to connect to port 8443 (the port on which the Web Management Service runs) as per Step 3b. If you are unable to connect to the port, disable the Windows Firewall on the vCenter Server system. For more information, see the Microsoft TechNet article I Need to Disable Windows Firewall.

This entry was posted in VMware and tagged , , , .

What are the countries in LATAM?

Posted on Updated on


Latin America can be subdivided into several sub regions based on geography, politics, demographics and culture. If defined as all of the Americas south of the United States, the basic geographical subregions are North America, Central America, the Caribbean and South America;[20] the latter contains further politico-geographical subdivisions such as the Southern Cone, the Guianas and the Andean states. It may be subdivided on linguistic grounds into Hispanic America, Portuguese America and French America.

Name Area Population Capital Name(s) in official language(s)
(km²)
Argentina 2,780,400 41,660,417 Buenos Aires Argentina
Bolivia 1,098,581 10,461,053 Sucre and La Paz Bolivia
Brazil 8,515,767 201,032,714 Brasília Brasil
Chile 756,096 17,556,815 Santiago Chile
Colombia 1,141,748 47,387,109 Bogotá Colombia
Costa Rica 51,100 4,667,096 San José Costa Rica
Cuba 109,884 11,061,886 Havana Cuba
Dominican Republic 48,442 10,219,630 Santo Domingo República Dominicana
Ecuador 283,560 15,439,429 Quito Ecuador
El Salvador 21,040 6,108,590 San Salvador El Salvador
French Guiana* 83,534 250,109 Cayenne Guyane française
Guadeloupe* 1,628 405,739 Basse-Terre Guadeloupe
Guatemala 108,889 15,438,384 Guatemala City Guatemala
Haiti 27,750 9,996,731 Port-au-Prince Haïti, Ayiti
Honduras 112,492 8,555,072 Tegucigalpa Honduras
Martinique* 1,128 386,486 Fort-de-France Martinique
Mexico 1,972,550 118,395,054 Mexico City Estados Unidos Mexicanos
Nicaragua 130,375 5,788,531 Managua Nicaragua
Panama 75,517 3,661,868 Panama City Panamá
Paraguay 406,752 6,800,284 Asunción Paraguay
Peru 1,285,216 30,475,144 Lima Perú
Puerto Rico* 9,104 3,615,086 San Juan Puerto Rico
Saint Barthélemy* 53.2 36,286 Gustavia Saint-Barthélemy
Saint Martin* 25 9,035 Marigot Saint-Martin
Uruguay 176,215 3,324,460 Montevideo Uruguay
Venezuela 916,445 31,648,930 Caracas Venezuela

 

This entry was posted in Uncategorized and tagged .

Help and support service not running in Windows 2003

Posted on Updated on


To fix this:

  • Open a Command Prompt
  • Run the following commands
  • %SystemDrive%
  • CD %windir%\PCHealth\HelpCtr\Binaries
  • start /w helpsvc /svchost netsvcs /regserver /install

The service should install and start automatically.

This entry was posted in Windows and tagged .