DoubleF.Org
A little sanity for an insane world
VCP4 Brain Dump
Sep 2nd
Since taking the VMware Troubleshooting course 3 months ago, I have been diligently preparing for the VCP4 certification examination. If you haven’t already read it, check out my previous review on the VCP4 Troubleshooting course. Well, yesterday I finally took the VCP4 examination and thankfully passed, and I wanted to post some feedback while its fresh in my head.
I’m not going to divulge any secrets tips on how to pass the exam, but I will share the resources I used in preparation for the examination and my study methods. Also, I wanted to share the topics that should be focused on based on the questions I encountered during my exam, so that you can focus your study efforts and better manage your time.
Be Transparent with WCCP
Aug 13th
My organization recently implemented a new Web Filtering solution which required Internet bound web traffic to be redirected to a Content Gateway for inspection. If you haven’t already read my earlier review on the Websense Secuity solution, please check it out now. You have two choices when it comes to redirection; Explicit or Transparent.
Explicit redirection happens at the client layer. Using Microsoft Group Policies you can configure IE Proxy settings. However, this only addresses your managed Windows clients. If you have any Mac OSX clients, unmanaged Windows clients, or users that use any other browser besides Internet Explorer, then transparent redirection is probably a better idea. Only in the simplest of networks, would explicit redirection be feasible.
For enterprise organizations, transparent redirection is the way to go. Since it’s implemented at the network layer, transparent redirection is difficult to bypass, and requires zero user involvement. Any device with an IP address can be transparently redirected. Needless to say, I decided to use Web Cache Communication Protocol v2 (WCCP) to transparently redirect HTTP and HTTPS traffic from my perimeter Cisco ASA firewall to my Websense Content Gateway.
Websense Security Review-HTTPS Proxying
Aug 10th
Securing web communications is an essential part of a well-designed security architecture. No longer are stateful firewalls or IPS devices enough, organizations want to monitor and filter the websites employees are accessing, prevent data leakages and protect privacy, as well as have the ability to present pretty reports to upper-level management.
Analyzing HTTP traffic is easy, and there are many vendors out there that offer solutions. However, analyzing encrypted HTTPS traffic is much more difficult, and until recently wasn’t possible. Websense is one of a few companies that offer solutions available with the ability to inspect the payloads of encrypted HTTPS communications for malicious content and provide real-time content categorization.
Websense embedded Secure Content Inspection Proxy (SCIP), a technology developed by Microdasys to perform the HTTPS proxying and SSL certificate validation into their Content Gateway solutions.
GuestRPCSendTimedOut-VM Monitoring
Aug 6th
The last thing a VMware Administrator wants is VM’s rebooting unexpectedly. VM uptime is one of the most important metrics and business owners want nothing short of 99.999% uptime.
Occasionally, in the VMware datacenters that I manage I have had a few VM’s reboot unexpectedly, and it has been my personal quest to find the root cause for this most unwanted behavior.
So, first thing to check are your Windows Event logs, which in my case were clean, except of course for the dubious “the previous shutdown was unexpected” message.
VMware V4 Troubleshooting
Jun 1st
Last week I took the official VMware VSphere: Troubleshooting V4 class. I choose this course primarily because it satisfies VMware’s prerequisite for the VCP4 certification, but also because after 2 VMware Datacenter implementations I felt I would get more out of this course than from the Install, Configure, Manage (ICM) course. You spend most of your time working on the command-line, and equal amounts of time working with ESX and ESXi. Overall, I really enjoyed the course, learned alot of new things, and definitely left with sharper troubleshooting skills.
Cisco IPS-Global Correlation Update Failures
May 21st
I recently encountered a very strange issue with a Cisco IPS sensor, which had me baffled for a bit. My Cisco IPS Manager displayed a health warning for one of my ASA-SSM-10 sensors, apparently the Global Correlation databases were outdated, so I immediately jumped into action.
I started a SSH session to the sensor, and issued the show health command and the global-correlation status was Yellow. I issued the show statistics global-correlation command and confirmed that the last few update attempts had indeed failed and my databases were 1 day old.
VMware: The Dreaded All-Paths-Down (APD)
May 19th
If your using VMware ESX in your production datacenter, your inevitably using some form of shared storage. The really cool features like vMotion, High-Availability, DRS, Storage vMotion, and Fault Tolerance all require a shared storage architecture. The underlying transport protocol doesn’t matter, fiber-channel, iSCSI, or NFS will do the trick.
Hopefully, you will never encounter the dreaded All-Paths-Down (APD) message, but if you do you’ll probably want to understand what caused this condition, and how to recover from it. An All-Paths-Down condition is when all of the available paths to a storage target are unavailable or dead, resulting in the LUN being inaccessible to the ESX host. Any virtual machines unlucky enough to have their VMDK files reside in that LUN will unavailable.