Author: Davoud Teimouri

Hardening Guide 1

Server Virtualization / Security

VMware vSphere Hardening

Today, many companies have virtualized farms for their server infrastructure or desktop infrastructure and cloud services. The companies have critical information on their virtualized farms and keeping safe them is one of big concerns. Big companies or even small companies have security teams and the teams tries to keeping secure the environments in different layers. Most of the security products are working on physical layer or network and application layer but what about Hypervisor layer? vSphere Hardening VMware publishing a hardening guide for each vSphere version to help administrator to keep their environments more secure. vSphere hardening guides are available in the below link as Excel files: Download – Hardening Guides Previously, VMware had published an application to analyzing your vSphere environment and report you any security issue according to hardening guides. VMware Sphere Compliance Checker was available up to vSphere 5.5 and that’s not available for vSphere 6.x but you can use “VMware vRealize Configuration Manager” on this regard. Anyway, you can check and change security configurations accordion to hardening guides on your servers manually.

Network Ports in Horizon 7 0

Desktop Virtualization

Network Ports in Horizon 7

VMware has updated “Network Ports in Horizon 7” and you can download it as a PDF file. You can find all protocols, port numbers and Horizon 7 components connections in this diagram. It helps you to understand communications between components and design your network infrastructure when you want to deploy Horizon 7 in you environment.It’s available on this link: Download

Veeam Backup Replication Best Practices 9U2 1

Backup & Replication

Veeam Backup & Replication Best Practices

Veeam has published a guide for Veeam Backup & Replication past week. The guide contains best practices that it will help you to deploy your backup solution according to your environment with best performance. You can download the guide from: https://www.gitbook.com/book/poulpreben/veeam-backup-replication-best-practices/details Update: The book has been updated and it’s covering Veeam Backup & Replication 9 U2

VMware TrustPoint 0

Reviews

VMware TrustPoint

VMware TrustPoint empowers security and IT teams with 15-second1 visibility and control to secure and manage every endpoint across large global networks. Combining VMware’s time-tested management capabilities and Tanium’s leadingedge security platform, VMware TrustPoint provides complete endpoint visibility and control with next-generation threat detection and remediation at unparalleled speed and scalability. VMware TrustPoint helps security and IT operations teams realize new levels of cost efficiency and stay a step ahead of modern sophisticated attacks while setting the bar for security hygiene across the entire environment. Features Setting the Bar for Endpoint Security Hygiene Quickly find unmanaged assets within the enterprise across large global networks and allow security and IT teams to directly take actions necessary to review, secure and gain control of these assets. Migrate to the Most Secure Version of Windows A manual Windows 10 migration can often take between four and six hours per PC or POS device. With TrustPoint, a single technician can concurrently handle 100 or more migrations per day from the central management console, getting your users to a safer place on Windows 10. Discover Unmanaged Endpoints in Seconds TrustPoint detects hidden unmanaged assets across large distributed global networks. Unlike the extremely time-consuming approaches that...

Splunk Log Management 0

Reviews

Splunk Log Management

When an environment is growing-up because of growing-up its business, challenges and problem will be grow. Administrators needs some assistance tools for troubleshooting and finding root cause of issues or monitor their environments. Most of enterprise operating systems and applications can generate log files and submit any changes or modification on log files. You know, when any environment has more than one critical application, keeping log files on servers is very dangerous and it’s very difficult. Most of administrators uses “Syslog Server” or “Log Collector” for organizing their log files. Some of moderns “Syslog” servers be able to categorizing and analyzing received log files in addition of storing log files or taking backups from them. There is many companies and application such as SolarWinds Kiwi, VMware Syslog Collector and others. Splunk Log Management Splunk has log management suite that you can use it for storing your log files, histories and analyzing your logs. You can collect, store, index, search, correlate, visualize, analyze and report on any machine-generated data to identify and resolve operational and security issues in a faster, repeatable and more affordable way. It’s an enterprise ready, fully integrated solution for log management data collection, storage and visualization Ad...

PowerShell Linux Example 0

How To

Install OpenSource PowerShell on CentOS 7

Recently, Microsoft has announced PowerShell for Linux and OpenSource. We can use PowerShell abilities on other OSes such as enterprise Linux, Mac OSX and Ubuntu LTS (14.04 and 16.04). I want to explain installation process for CentOS 7 in this post. Installation PowerShell At first step, we should download the proper package for your OS, PowerShell package is available for the below OSes: Ubuntu 14.04 Ubuntu 16.04 CentOS 7 or RHEL 7 Mac OS Download it form the release page. After download, we can install RPM package on our Linux machine: rpm -i powershell-6.0.0_alpha.9-1.el7.centos.x86_64.rpm Done! Now, type “powershell” in terminal and you will be redirected to PowerShell console and you be able to run Powershell commands: Also there is no case sensitivity in this console! Unlike Linux commands! You can download other packages and install the packages on other supported Operating System. Please consider that the version is Alpha version and this is not final or stable version and there is some bugs and limitation. But I’m sure that new features will be added to the future versions.

Xen Nested 1 0

How To

Nested Virtualization – Oracle VM Server

Recently, we are working on Oracle virtualization (Oracle VM Server – Xen) solution on our lab and we have plan to deploy the solution on our Oracle (Sun) servers in production environment. At first step, we need to test the solution on our test servers and we don’t have enough resources to add additional servers to our farm just for the test. So we have to create some our server as virtual machines and test Oracle VM Server’s features such as DRS, DPM, Live Migration, Repository Migration and others. You know, you can deploy any hypervisor on your ESXi server by adding some parameters in the machine configuration file (VMX) but what is same solution for Oracle VM Server? Does it support nested virtualization? Oracle VM Server supports nested virtualization but I couldn’t find any solution on Oracle documentation center! But as you may know, Oracle uses Xen in its product as hypervisor, so I found my answer on this page: Nested Virtualization in Xen We should add some parameters to VM configuration file: hap=1 nestedhvm=1 There is some conditions: Xen 4.4 or later Intel CPU with EPT support You should read the wiki page for more information.

ESXi Reliable Memory Technology 0

Reviews / Server Virtualization

ESXi Reliable Memory Technology

VMware has introduced new feature for kernel protection against memory error in ESXi. VMware called the new feature: Reliable Memory Technology or RTM. The feature is one of new features in ESXi 5.5! ESXi use a zone of memory that it’s more reliable than other offsets of memory, so risk of PSOD will be reduced. Also when part of memory has error, ESXi will stop to using the part of memory. There is some other technique against memory corruption or memory health error such as memory mirroring but Reliable Memory Technology can help you on this regard without loosing half of your memory capacity. Because memory mirroring is just like to RAID 1 on hard disks. Dell has introduced another feature on its server by using Reliable Memory Technology and called the new feature: Fault Resilient Memory or FRM. Fault Resilient Memory will provide “Fault Resilient Zone” and ESXi will put its kernel to the zone. The features can protect ESXi kernel and VMs as well. So if you have critical service on a VM, you can force ESXi to keep its memory on RTM or FRM zone to avoid memory error and down time for the machine. You can configure...

ESXi Embedded Host Client 001 0

Reviews

VMware Fling – ESXi Embedded Host Client

Few years ago, you have to install vSphere Client on a Windows machine to manage your standalone ESXi server or connect to your server via SSH and run your commands to do something. VMware engineers are working on some unofficial projects and calling them “Fling”, most of them are favorite to me and you can do anything that you can’t do by using standard software or even third-party software. The engineers was working on a good, very good software and it has been released one year ago. ESXi Embedded Host Client is the software and it’s like vSphere Web Client but it doesn’t support vCenter. You can do any action which are available on vSphere Client for a ESXi such as creating new VMs, managing hardware, security, networks and etc. You can find this explanation on VMware Labs: The ESXi Embedded Host Client is a native HTML and JavaScript application and is served directly from your ESXi host! It should perform much better than any of the existing solutions. You can download it as a VIB file and install it easily, there is no need to any specific configuration. Also the software offers you a web based console for viewing...

ReactOS Desktop 0.4.2 0

Reviews

ReactOS

ReactOS is a free, community, open-source and compatible with Windows applications and you can run your Windows programs on this. ReactOS development began in 1996 as a Windows 95 clone project. Main goal of this project is : Provide an operating system which is binary compatible with Windows … such that people accustomed to the familiar user interface of Windows would find using ReactOS straightforward. The ultimate goal of ReactOS is to allow you to remove Windows and install ReactOS without the end user noticing the change. This OS has 18 years old and latest stable version is 0.4.2 that it was released at 16 August 2016. This OS is a good environment for testing purpose. Its installation is very simple and it’s like old Windows installation. You can download it from its web site: http://www.reactos.org/download ReactOS can be installed on virtual machine, if you want install it on VM, please read this Wiki: https://reactos.org/wiki/VMware Here is a video from installation process: Please note that you can’t install VMware Tools on it and you have to install drivers on it manually. If you select “Windows XP Professional” when you are creating machine, you can install drivers by VMware Tools but...

Windows Operating System Optimization Tool Guide 1

Reviews

Windows Operating System Optimization Tool Guide

OS optimization is very important when you want to use VMware Horizon and deliver virtual desktop machines to your user. As you may know, there is a fling (VMware OS Optimization Tool) that made by VMware engineers and you can use it to optimize your OS automatically. VMware has published a guide for this tool and you can download it fro this link: VMware Windows Operating System Optimization Tool Guide I suggest that read the above guide before do any action on your template and deploy machine from that.

Restrict FTP Users To Their Home Directory Without Using OpenSSH – Oracle Linux 0

How To

Restrict FTP Users To Their Home Directory Without Using OpenSSH – Oracle Linux

Sometimes, we want to grant access to some users for uploading and downloading (Transferring files) file via FTP server on your Linux machine. By default, any user has access to view his home directory and other directories on remote machine but we want to restrict all FTP users to their home directory and prevent uploading files from other users home directory. Also we want to disallow the user to make SSH connection and use SFTP. As the first step, you need to install “VSFTPD” as FTP server on your Linux machine and then configure some configuration files. Also we want to create a group and grant FTP permissions to the group. Here is the instructions and configurations: Step 1: Create group, users and change the users home directories: mkdir /FTP/ftpuser1 mkdir /FTP/ftpuser1/incoming mkdir /FTP/ftpuser1/outgoing groupadd ftpusers useradd -d /FTP/ftpuser1 -g ftpusers ftpuser1 passwd ftpuser1 chown root:root /FTP/ftpuser1 chmod 750 /FTP/ftpuser1 setfacl -m u:ftpuser1:rwx /FTP/ftpuser1/incoming setfacl -m u:ftpuser1:rwx /FTP/ftpuser1/outgoing Step 2: Deny the group access to SSH by editing ‘/etc/ssh/sshd_config”: Find and comment the below line: Subsystem sftp /usr/libexec/openssh/sftp-server Add the below line: Denygroup ftpusers Save and exit. Then restart “sshd” service. Step 3: Add the below lines to “/etc/vsftpd/vsftpd.conf” anonymous_enable=NO...

Collecting ESXi Logs By rsyslog 0

How To

Collecting ESXi Logs By rsyslog

You know that you can use VMware Syslog Collector for organizing your ESXi servers logs or vCenter logs and also you can user vRealize Log Insight for monitor and analyze your logs but what if you don’t want to use them and you want to use open-source solution or you have Syslog server and you want redirect your logs to that. I want to explain rsyslog configurations for collecting ESXi logs on a Linux machine in this post. As the first step, you need to install rsyslog on your Linux distribution. I’m using rsyslog 5.8 on RHEL 6.6. The configuration is so easy, you need to find the below lines and change them same as the below or add the below lines in “/etc/rsyslog.conf”: # Provides UDP syslog reception $ModLoad imudp $UDPServerRun 514 # Provides TCP syslog reception $ModLoad imtcp $InputTCPServerRun 514 Now, you need to create a configuration file in this path: “/etc/rsyslog.d/” For example: “/etc/rsyslog.d/esxi.conf” Then add the below lines to the configuration file: #Daily Template $template Daily,”/var/log/esxi/%fromhost-ip%/%$YEAR%-%$MONTH%-%$DAY%-message.log” #Rule :fromhost-ip, startswith, “x.x.x.x” -?Daily Replace “x” with your IP address range. Actually, we have created a template for log forwarding and formatting. The ESXi logs that they are forwarded...

VSFTPD 1 0

Reviews

VSFTPD Configuration – RedHat Enterprise 6.x

Past week, I had to research and learn about “VSFTPD” and implement SFTP server for one of our customers. I want to share the instructions and my experiences about that. May be, It will help you in future. What is “VSFTPD”? “VSFTPD”, (or very secure FTP daemon) is an FTP server for Unix-like systems, including Linux. It is licensed under the GNU General Public License. It supports IPv6 and SSL. “VSFTPD” supports explicit (since 2.0.0) and implicit (since 2.1.0) FTPS. “VSFTPD” is the default FTP server in the Ubuntu, CentOS, Fedora, NimbleX, Slackware and RHEL Linux distributions. What is scenario? We need to create an user for SFTP connection and restrict the user in the user’s home directory. The user can put files to “Outgoing” directory for upload and put files to “Incoming” directory for download. The directories are in “/home/the_user_folder/” and the user will be restricted and the user can’t create directory in home directory but can create directory in “Incoming” and “Outgoing” directories. Implementation First Step, Installation In order to implement VSFTPD server, we need to install two packages: OpenSSL VSFTPD You can install them by YUM or by RPM. Like this: rpm -i /media/RHEL-6.8\ Server.x86_64/Packages/openssl098e-0.9.8e-20.el6_7.1.x86_64.rpm rpm -i...

Teradici PCoIP Management Console 2.2 0

Reviews

Teradici PCoIP Management Console 2.2

Latest software release brings the following NEW capabilities: Inventory Reporting – Quickly gain insight into your device inventory with a generated report that can be imported into nearly any inventory management system. The report can be customized to match the devices and fields you want to see through the use of table columns and filters in PCoIP Management Console Enterprise Edition – allowing you to stay on top of your deployment. Microsoft Edge web browser is now supported This is in addition to PCoIP Management Console Enterprise Edition enabling large enterprise deployments to manage up to 20,000 Tera2 PCoIP Zero Clients from a single console by multiple administration users. Plus, the software includes the assurance of Teradici Support and Maintenance for both the Tera2 PCoIP Zero Client firmware and PCoIP Management Console. With highly demanded enterprise features and usability, users can enjoy greater up-time. You can find more information such as price on this link: PCoIP Management Console