Nutanix Series – Installing Nutanix CE 5.6 on VMware ESXi – ISO Method

Today I finally managed to get around to starting my Nutanix journey, by getting Nutanix Community Edition installed on our VMware lab. Nutanix has been a technology I’ve been closely following for the last 12 months. I’ve heard some great things from both customers and fellow techies about this technology, but never managed to take a deeper look until now. The main driver behind getting involved has been the announcement that Veeam will be supporting the Acropolis Hypervisor, and i was fortunate enough to be accepted on the beta program for Veeam integration with AHV.

First things first, I needed to get Nutanix CE 5.6 nested within our existing VMware lab environment. For this demonstration i am using the ISO method, opposed to the image method that’s well documented.

Caveat: Within our lab environment we are running ESXi 6.0 without vCentre (at the moment)

Download link: HERE

Create your virtual machine, there are some minimum specifications for the VM, i have gone with the following:

02

 

SCSI0:0 will be used for our HDD tier

SCSI0:1 will be used for our SSD tier

SCSI0:2 will be used for the AHV installation

 

 

 

CENTOS 4/5/6/7 (64-bit) is the version used.

As we aren’t using an SSD tier within the lab, we need to mimic SSD. To complete this Edit Settings on your VM, and navigate to VM Options > General > Configuration Parameters and add the following row:

03

Now we need to ensure we expose hardware assisted virtualisation for the virtual machine. Within VMware vSphere Web Client this is a tick box:

04

We will amend the .vmx file using VI

vhv.enable = “TRUE”

featMask.vm.hv.capable = “Min:1”

For assistance on amending .vmx files with VI: HERE

Now mount the ISO File to the Virtual machine and boot:

05.PNG

Hit CE Installer

Configure IP details

06.PNG

AHV will now install

MS Tech Summit – 2018 – Day Two Recap

header

My Day two at #MSTechSummit was focused around Office 365, in particularly the security aspects of the service. Security and compliance of these services are quickly become and equal to availability, people are not just interested in whether the service is going to be up 99.999% of the time, but how they deal with security and compliance

You can see that Microsoft are extremely aware that their threat footprint is huge, and they are spending huge amounts of effort providing the right features to protect their customers.

Security Score:

Security score is a dashboard which gives Office 365 customers with their security score based on the features which are enabled. This score is given out of the maximum features available based on your subscription license. This dashboard also provides assistance on what features can be enabled to increase your score.

file2

 

One really clever feature on this is ‘Compare your score’ this will allow you to compare your score against all other Office 365 customers. Whats clever about this feature is the comparisons. If your Office 365 tenant has 25 mailboxes you may not be as security focused as an enterprise with ten thousand mailboxes, so it’s not useful to compare the score. So you have the option to compare against similar size tenants. In the example above this is a tenant with 25 mailboxes, which has  score of 210. The average across similar tenants in 40, and the overall Office 365 average score is 38

Advanced Threat Protection

Advanced Threat Protection or ATP, is another new feature within Office 365. This completes multiple actions to help protect your Office 365 tenants. Features include reputation checking against known malicious URLs. This prevents users from directing to URLs that are known to ATP.

Email attachments are the primary cause of malicious or Ransomware from entering your business. Office 365 ATP follows a procedure to help your users staying protected. All attachments are stripped from the Office 365 mail and run through a scanning process to see if anything harmful. Furthermore these attachments are sent to a ‘Detonation Chamber’ to execute the file in a secure location and report what the file is attempting to complete. If anything harmful or unusual occurs, the file is deleted and replaced with a text file informing the user that ATP has stripped the attachment

Attack Simulator

This is my favourite security feature of Office 365. These set of features allows you to perform simulation attacks against your user base. The attack simulator includes phishing attacks, brute force password attacks and password spray attacks.

Simulated phishing attacks will send your users emails that mirror normal phishing emails. The feature then reports back and informs you which users fell of the attack. You can then target those users and provide some training on how to spot phishing attacks in the future.

Brute force password attacks will stress test the user base against a set of common passwords. Again this will provide a report on the weak users so you can educate them on password security!

Cloud App Security

Another really cool feature of the security suite in Office 365. Cloud App Security monitors the users for abnormal behaviour. This can be really useful for large scale attacks or disgruntled users!

In this picture Cloud App Security has picked up that the user is an administrator and is now trying to login from a new external IP and new ISP. Additionally there was three failed logon attempts before the successful logon. They’ve not performed an admin change to forward mail to an external address, which hasn’t happened since 82 days ago. All this information tied together indicates that something strange is going on and will allow admins to disable to account and investigate the issue further

MS Tech Summit – 2018

header

Today we kicked off the MS Tech Summit in Birmingham. I attended the same event last year, and heard loads on the Microsoft vision for #Azure and Microsoft 365. This year was no different, we kicked off the event with a back to back key note on Microsoft 365 and Azure:

Microsoft 365 Keynote:

Microsoft Teams was a clear forefront to everything Microsoft 365. The technology underpinned all the future integration that’s coming within 365. Teams will start to centralise integration between Skype for Business, SharePoint and Yammer.

Azure AD as can overlay provides seamless authentication across all these technologies, including hybrid for on premises services.

Centrica then provides a great customer story on how they successfully migrated over 50000 users to Microsoft 365, and are leveraged O365/Yammer/Teams to collaborate with staff all over the world. They have introduced digital champions across their business to understand how different departments can better leveraged digital technology. They have two digital evangelists who are working to continue their digital transformation.

Microsoft Autopilot may well be the most exciting announcement of the two days. Using Azure Ad and InTune, you now have the capability to deploy corporate images to OOB devices out in the wild. When a user receives their Windows 10 device, they enter their email address it checks against Azure to see if they are utilising Azure AD. From that it then deploys the company gold build down to the device from anywhere in the world, including apps, policies and updates. I can see this been extremely beneficial to both customers and CSP. Multi factor authentication underpins all this to ensure security is upheld. The live demo of this was a treat!

 

Azure Keynote

Another great keynote. Azure has now integrated the ability to run ‘Cloud Shell’ over a browser to run PowerShell commands against customer’s azure instances. The shell is browser agnostic and even works on EDGE! (Proof below). This increases customers’ ability to utilising the ‘single pane of glass’ when deploying, managing or updating their infrastructure.

file2.jpeg

Hybrid deployments certainly aren’t going away. Microsoft envision ‘Hybrid 2.0’ allowing better integration between applications/services that can reside anywhere. Diagram below shows the examples of traditional on premises services and their Azure equivalent

Docu-Sign then provided another great customer story. They decided to lift and shift their entire SQL estate to Azure to help them with their incredible scale. They lifted SQL DB’s and put them into Azure Database Services, and repointed applications to the new backend. They are currently completing 1.1million records annually, which doubles in volume year-on-year.

 

Azure Fundamentals

This session was a real treat. Dan Baker (@AzureDan) and Adam Raffe (@AdamRaffe) presented some great use cases for azure. Adam started with an introduction to cognitive services running with Azure. These are allowing business to create interactive bots which can use a multitude of factors to authenticate users. May that be photo recognition or voice.

Azure Dan then revealed how he is using Azure services in his everyday life., This is an important flip to the large scale use cases that we are used to. Dan has created some serverless applications which provide him with information on his day streamed to his famous ‘Magic Mirror’

The next demonstration what his twitter bot. Dan checks important RSS feeds every 30 minutes and then posts into his twitter account when important blogs or services updates are raised. He then extracts information from within the link and adds this to the tweet. I can think of multiple use cases where customers can gain benefit from something very similar!

Following this the session turned interactive. To gain feedback on sessions, Dan collates tweets using the tag #Azuredandemo, and interprets the positive or negative feedback. This then presents as a webpage which changes colour based on the feedback

file6

Finally, IoME! We’ve all heard storied about how someone has saved x in efficiencies by deploying data collections nodes and analysing the data. Dan has performed this magically at a much lower scale. Using an arm strap which takes readings of his blood sugar level, he then tracks this data into Azure. He can then monitor his sugar level automatically every 5 minutes. This has provided Dan with the data on when and how he has high or low levels. If levels are too high or too low this can then alert Dan using an App/Phone or Watch.

Find me a more valuable digital transformation story than Dan monitoring his sugar levels!

KRACK Attack – WIFI vulnerability – What does it mean to you?

KRACK Attack – WI-FI vulnerability – What does it mean to you?

 

You may have seen in the press that a vulnerability has been identified against the WPA2 Wireless encryption protocol. So what is this vulnerability and what does it mean to you?

Security researchers have discovered a number of vulnerabilities in the WPA2 (WI-FI Protected Access II) protocol. These vulnerabilities may allow attackers gain access to private transmitted data traversing your wireless network.

KRACK, Key Re-installation Attack, has been able to demonstrate the ability to un-encrypt wireless communication on multiple platforms, including Windows O/S, Apple IOS, Android and Linux.

So far the following protocols are vulnerable to the attack:

  • WPA
  • WPA II
  • WPA-TKIP Cipher
  • AES-CCMP
  • GCMP

The flaw is not in the cryptography underlying WPA2 or its predecessor, WPA. Rather, it’s in the implementation. When communicating with a client device to initiate a Wi-Fi connection, the router sends a one-time cryptographic key to the device. That key is unique to that connection, and that device. This is so that a second device on the same Wi-Fi network can’t intercept and read the traffic to and from the first device to the router, even though both devices are signed into the same Wi-Fi network.

The problem is that that one-time key can be transmitted more than one time. To minimise connection problems, the WPA and WPA2 standards let the router transmit the one-time key as many as three times if it does not receive an acknowledgement from the client device that the one-time key was received.

Because of that, an attacker within Wi-Fi range can capture the one-time key, and, in some instances, even force the client device to connect to the attacker’s bogus Wi-Fi network. The attacker can use the one-time key to decrypt much of the traffic passing between the client device and the router.

 

So what does this mean to you

Many vendors have already issues patches to mitigate this security vulnerability. Users are recommended to update/apply patches to their WI-FI enabled equipment. This includes routers, user devices and smartphones.

Veeam Backup for Office 365 v1.5 beta – First Look

Today Veeam released the beta of v1.5 for Veeam Backup for Office 365. Here is a quick look at Veeam’s new Office 365 protection software

There appears to be no ability to in place upgrade from Veeam Backup for Office 365 V1.0

1

After uninstalling this version, i then re-attempted the installation. I had intended to install this on the same system as my Veeam back:

2

After spinning a dedicated Windows Server 2012 R2 VM, we was rocking and rolling:

34567

Installation of Veeam Explorer for Exchange is also required

Console screen comparison from v1.0 to v1.5

V1.5:

9

V1.0

10

The obvious difference is the inclusion is the ability to multi tenant from the same console. In the previous version one default repository was configured. In V1.5, multiple repositories can be configured with individual retention policies

11

12

13

 

Adding organisations and creation of jobs has also changed:

14

15

16

 

Configuration of backup job:

171819

21

The upgrade contains the following set of conflicting vibs cisco bootbank cisco vem

Whilst attempting to upgrade a series of VMware ESXi hosts i ran into a small issues with regards to the VIB version installed. Below is our scenario

VMware vSphere ESXi 5.0 upgrading to ESXi 6.0

Cisco Nexus 1010v VDS

The error i was receiving was:

‘the upgrade contains the following set of conflicting vibs cisco bootbank cisco vem’

Capture

Below is the process i followed to rectify this

SSH to the VMware ESXi host

vem status

1

vem stop

2

verify the vem pid has correctly stopped

lsof | grep cisco

lsof grep cisco

if process is still running use the kill-9 switch against the PID

identify the VEM name

esxcli software vib list | grep cisco

3

Put host into maintenance mode

esxcli software remove cisco-vem-v173-esx

4

Now the upgrade should complete as planned

Caveat: information presented in this how to guide is as is,  myself or my employer hold no responsibility to the guaranteed success of this guide

 

 

Installation of Veeam Availability Console 2.0

I’ve been privileged enough to get my hands on the RC version of Veeam Availability Console, or VAC as its more commonly known. The build number of this version is  2.0.1.983.

What is Veeam Availability Console?

VAC is the new iteration of Veeam Managed Backup Portal which is available to Veeam Certified Service Providers. VAC provides the following features:

  • Allows VCSP’s and Enterprise customers to deploy, mange and report on their BaaS or DRaaS customers utilising Veeam Cloud Connect
  • Provides the ability to deploy  Veeam Agents across multiple physical, virtual or cloud platforms
  • Supports multi-tenancy to provide managed customers with unique dashboards and reports of the backup or replication jobs

How to install Veeam Availability Console?

1

Initial Setup

2

.NET Framework 4.5.2 is required for this installation

3

Reboot after .NET Framework Installation

4

Accept the EULA

5

Install License File

6

Installation Components

7

Installation pre-reqs

8

Installation of missing pre-reqs

9

Completion of pre-reqs

10

Credentials for local windows service

11

Confirmation on ports required. These can be customised to suit your environment

12

Installation of SQL 2012

13

Installation of components

14

Installation of components

15

Installation complete

16

 

Next i will follow up with a post on configuration of Veeam Availability Console