DRBD force sync / solve Split-Brain

# drbdadm invalidate all (Will invalidate the data on the node where you run the command)
# drbdadm invalidate_remote all (Will invalidate the data on the other node where you run the command)
# drbdadm connect all

Be careful with above command. If you are not sure please refer Linbit manual.

Manual split brain recovery

DRBD detects split brain at the time connectivity becomes available again and the peer nodes exchange the initial DRBD protocol handshake. If DRBD detects that both nodes are (or were at some point, while disconnected) in the primary role, it immediately tears down the replication connection. The tell-tale sign of this is a message like the following appearing in the system log:

Split-Brain detected, dropping connection!

After split brain has been detected, one node will always have the resource in a StandAlone connection state. The other might either also be in the StandAlone state (if both nodes detected the split brain simultaneously), or in WFConnection (if the peer tore down the connection before the other node had a chance to detect split brain).

At this point, unless you configured DRBD to automatically recover from split brain, you must manually intervene by selecting one node whose modifications will be discarded (this node is referred to as the split brain victim). This intervention is made with the following commands:

drbdadm secondary resource
drbdadm -- --discard-my-data connect resource

On the other node (the split brain survivor), if its connection state is also StandAlone, you would enter:

drbdadm connect resource

You may omit this step if the node is already in the WFConnection state; it will then reconnect automatically.

If the resource affected by the split brain is a stacked resource, use drbdadm --stacked instead of just drbdadm.

Upon connection, your split brain victim immediately changes its connection state to SyncTarget, and has its modifications overwritten by the remaining primary node.

Official Google Blog: SearchWiki: make search your own

Official Google Blog: SearchWiki: make search your own

Page not found when click “Next Page” in Arthemia WP Themes

How to solve this issue?
Check your index.php for Arthemia themes and find this code:

query_posts(”cat=-10,-11,-1&paged=$page&posts_per_page=5″);

Make sure post_per_page variable in there has the same value with your variable in Plugin > Reading > Blog pages show at most >

After you match the value, this issue will be solved.

How to use HTML TAG and JAVASCRIPT in WpMu’s (WORDPRESS MU)Text widget

If you are hosting Wordpress MU now and want to enable user to insert javascript in their text widget, you must edit your wp-includes/widgets.php
Actually, it's not wise to enable this feature because user will be able to post exploit script that may harm your system.
My Wordpress MU version is 2.6.3 if you used different version just find something looks like below script in widgets.php file

if ( current_user_can('unfiltered_html') )
$text = stripslashes( $widget_text['text'] );
else
$text = stripslashes(wp_filter_post_kses( $widget_text['text'] ));

change that part of code with

if ( current_user_can('edit_themes') )
$text = stripslashes( $widget_text['text'] );
else
$text = stripslashes(wp_filter_post_kses( $widget_text['text'] ));

Got this tips from Thainy Blog. From now i will write about programming also.

How to force client dhcp lease expire (change dhcp lease expiration)

I need to make all my windows dhcp lease to be expire because i need to set a new gateway for our office network. I ran through all the website but i can't find how the way to change it then suddenly this idea come out in my head. We able to force all clients to renew their dhcp lease with "ipconfig /renew" command than all i need to do is force all clients to execute that command from windows server. I ran this command "psexec \\pcname ipconfig /renew". Done !

To make it easier i create a script so i can change all clients dhcp lease in on single click.

1. Create script to get all clients computer name from network

const FileName ="MachineList.txt"
set cmd = createobject("ADODB.Command")
set cn = createobject("ADODB.Connection")
set rs = createobject("ADODB.Recordset")

cn.open "Provider=ADsDSOObject;"
cmd.activeconnection = cn

set objRoot = getobject("LDAP://RootDSE")

cmd.commandtext = ";(objectCategory=Computer);" & _
    "name,operatingsystem,operatingsystemservicepack, operatingsystemversion;subtree"
'**** Bypass 1000 record limitation ****
cmd.properties("page size")=1000

set rs = cmd.execute
set objFSO = createobject("Scripting.FileSystemObject")
set objCSV = objFSO.createtextfile(FileName)

while rs.eof <> true and rs.bof <> true
 objcsv.writeline(rs("name"))
 rs.movenext
wend

objCSV.Close
cn.close

wscript.echo "Finished"

2. Create script to renew dhcp lease.

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile("MachineList.Txt")


Set oFilesys = CreateObject("Scripting.FileSystemObject")
Set oFiletxt = oFilesys.CreateTextFile("C:\Documents and Settings\administrator.AXS\My Documents\chpass script\report.txt", True)

On Error Resume Next

Do Until objTextFile.AtEndOfStream

strComputer = objTextFile.ReadLine


DIM objShell, iReturn
set objShell = wscript.createObject("wscript.shell")
iReturn = objShell.Run("CMD /C c:\Windows\system32\psexec.exe \\"& strComputer &" ipconfig /renew", , True) 

If Err.Number <> 0 Then

oFiletxt.WriteLine(strComputer & " - failed") 

Err.Clear

Else

oFiletxt.WriteLine(strComputer & " - success") 

End If

Loop

wscript.echo "Finished"

First run script to get all the client's computers name than run dhcp renew lease script

All about rootkits

What is a rootkit?
Breaking the term rootkit into the two component words, root and kit, is a useful way to define it. Root is a UNIX/Linux term that’s the equivalent of Administrator in Windows. The word kit denotes programs that allow someone to obtain root/admin-level access to the computer by executing the programs in the kit -- all of which is done without end-user consent or knowledge.

Why use a rootkit?
Rootkits have two primary functions: remote command/control (back door) and software eavesdropping. Rootkits allow someone, legitimate or otherwise, to administratively control a computer. This means executing files, accessing logs, monitoring user activity, and even changing the computer’s configuration. Therefore, in the strictest sense, even versions of VNC are rootkits. This surprises most people, as they consider rootkits to be solely malware, but in of themselves they aren’t malicious at all.
One famous (or infamous, depending on your viewpoint) example of rootkit use was Sony BMG’s attempt to prevent copyright violations. Sony BMG didn't tell anyone that it placed DRM software on home computers when certain CDs were played. On a scary note, the rootkit hiding technique Sony used was so good not one antivirus or anti-spyware application detected it.

How do rootkits propagate?
Rootkits can't propagate by themselves, and that fact has precipitated a great deal of confusion. In reality, rootkits are just one component of what is called a blended threat. Blended threats typically consist of three snippets of code: a dropper, loader, and rootkit.
The dropper is the code that gets the rootkit’s installation started. Activating the dropper program usually entails human intervention, such as clicking on a malicious e-mail link. Once initiated, the dropper launches the loader program and then deletes itself. Once active, the loader typically causes a buffer overflow, which loads the rootkit into memory.
Blended threat malware gets its foot in the door through social engineering, exploiting known vulnerabilities, or even brute force. Here are two examples of some current and successful exploits:
IM. One approach requires computers with IM installed (not that much of a stretch). If the appropriate blended threat gains a foothold on just one computer using IM, it takes over the IM client, sending out messages containing malicious links to everyone on the contact list. When the recipient clicks on the link (social engineering, as it’s from a friend), that computer becomes infected and has a rootkit on it as well.
Rich content. The newest approach is to insert the blended threat malware into rich-content files, such as PDF documents. Just opening a malicious PDF file will execute the dropper code, and it’s all over.

User-mode rootkits
There are several types of rootkits, but we'll start with the simplest one. User-mode rootkits run on a computer with administrative privileges. This allows user-mode rootkits to alter security and hide processes, files, system drivers, network ports, and even system services. User-mode rootkits remain installed on the infected computer by copying required files to the computer’s hard drive, automatically launching with every system boot.
Sadly, user-mode rootkits are the only type that antivirus or anti-spyware applications even have a chance of detecting. One example of a user-mode rootkit is Hacker Defender. It’s an old rootkit, but it has an illustrious history. If you read the link about Hacker Defender, you will learn about Mark Russinovich, his rootkit detection tool called Rootkit Revealer, and his cat-and-mouse struggle with the developer of Hacker Defender.

Kernel-mode rootkit
Malware developers are a savvy bunch. Realizing that rootkits running in user-mode can be found by rootkit detection software running in kernel-mode, they developed kernel-mode rootkits, placing the rootkit on the same level as the operating system and rootkit detection software. Simply put, the OS can no longer be trusted. One kernel-mode rootkit that’s getting lots of attention is the Da IOS rootkit, developed by Sebastian Muniz and aimed at Cisco’s IOS operating system.
Instability is the one downfall of a kernel-mode rootkit. If you notice that your computer is blue-screening for other than the normal reasons, it just might be a kernel-mode rootkit.

User-mode/kernel-mode hybrid rootkit
Rootkit developers, wanting the best of both worlds, developed a hybrid rootkit that combines user-mode characteristics (easy to use and stable) with kernel-mode characteristics (stealthy). The hybrid approach is very successful and the most popular rootkit at this time.

Firmware rootkits
Firmware rootkits are the next step in sophistication. This type of rootkit can be any of the other types with an added twist; the rootkit can hide in firmware when the computer is shut down. Restart the computer, and the rootkit reinstalls itself. The altered firmware could be anything from microprocessor code to PCI expansion card firmware. Even if a removal program finds and eliminates the firmware rootkit, the next time the computer starts, the firmware rootkit is right back in business. John Heasman has a great paper called “Implementing and Detecting a PCI Rootkit” (PDF).

Virtual rootkits
Virtual rootkits are a fairly new and innovative approach. The virtual rootkit acts like a software implementation of hardware sets in a manner similar to that used by VMware. This technology has elicited a great deal of apprehension, as virtual rootkits are almost invisible. The Blue Pill is one example of this type of rootkit. To the best of my knowledge, researchers haven’t found virtual rootkits in the wild. Ironically, this is because virtual rootkits are complex and other types are working so well.

Generic symptoms of rootkit infestation
Rootkits are frustrating. By design, it’s difficult to know if they are installed on a computer. Even experts have a hard time but hint that installed rootkits should get the same consideration as other possible reasons for any decrease in operating efficiency. Sorry for being vague, but that’s the nature of the beast. Here's a list of noteworthy symptoms:
If the computer locks up or fails to respond to any kind of input from the mouse or keyboard, it could be due to an installed kernel-mode rootkit.
Settings in Windows change without permission. Examples of this could be the screensaver changing or the taskbar hiding itself.
Web pages or network activities appear to be intermittent or function improperly due to excessive network traffic.
If the rootkit is working correctly, most of these symptoms aren’t going to be noticeable. By definition, good rootkits are stealthy. The last symptom (network slowdown) should be the one that raises a flag. Rootkits can’t hide traffic increases, especially if the computer is acting as a spam relay or participating in a DDoS attack.

Polymorphism
I debated whether to include polymorphism as a topic, since it’s not specific to rootkits. But it’s amazing technology that makes rootkits difficult to find. Polymorphism techniques allow malware such as rootkits to rewrite core assembly code, which makes using antivirus/anti-spyware signature-based defenses useless. Polymorphism even gives behavioral-based (heuristic) defenses a great deal of trouble. The only hope of finding rootkits that use polymorphism is technology that looks deep into the operating system and then compares the results to a known good baseline of the system.

Detection and removal
You all know the drill, but it’s worth repeating. Be sure to keep antivirus/anti-spyware software (and in fact, every software component of the computer) up to date. That will go a long way toward keeping malware away. Keeping everything current is hard, but a tool such as Secunia's Vulnerability Scanning program can help.
Detection and removal depends on the sophistication of the rootkit. If the rootkit is of the user-mode variety, any one of the following rootkit removal tools will most likely work:
F-Secure Blacklight
RootkitRevealer
Windows Malicious Software Removal Tool
ProcessGuard
Rootkit Hunter (Linux and BSD)
The problem with these tools is that you can't be sure they've removed the rootkit. Albeit more labor-intensive, using a bootable CD, such as BartPE, with an antivirus scanner will increase the chances of detecting a rootkit, simply because rootkits can’t obscure their tracks when they aren’t running. I’m afraid that the only way to know for sure is to have a clean computer, take a baseline, and then use an application like Encase to check for any additional code.

Final thoughts
Opinions vary when it comes to rootkit removal, as discussed in the NetworkWorld article “Experts divided over rootkit detection and removal.” Although the article is two years old, the information is still relevant. There’s some hope, though: Intel's Trusted Platform Module (TPM) has been cited as a possible solution to malware infestation. The problem with TPM is that it’s somewhat controversial. Besides, it will take years before sufficient numbers of computers have processors with TPM.
If you're looking for additional information, I recommend the book ROOTKITS: Subverting the Windows Kernel, by Gary Hoglund and James Butler, of HPGary.

How to install Ubuntu 8.10 Intrepid Ibex Release in VirtualBox

After finish with Ubuntu 8.10 Intrepid Ibex Release installation in VirtualBox, i found this error message:
"This kernel requires the following features not present on the CPU:0:6
Unable to boot - please use a kernel appropriate for your CPU"

Step by step how to fix it:
1. Boot Ubuntu CD Installation and choose "Rescue a broken system"

2. Answer the various language and keyboard questions when you are prompted. After the installer detects your hardware it will ask you to select the root file system from a list. For me, the root partition was the first one in the list. Then select Execute a shell in [partition]. Select continue and the shell will start.

Run these commands to download the package list, install a new kernel, and remove the non-working server kernel:

apt-get update
apt-get install linux-generic

Reboot the system.

How to find network printer ip address

Often times we see a networked printer suddenly stop working and you need to find a static (private) ip address of the printer to diagnose further. How do we find IP address of a networked printer? There are a few different ways to go about finding it.

1. A network printer with built-in ethernet port usually provides a menu button that will allow you to display IP address assigned to it. You may also try printing self test or configuration page from your printer.
2. If you can't find an IP address of a network printer from the menu display or your printer is connected to a printer server with no display, you may find its address from any networked computer configured to use the printer. To find the printer IP address from a Windows machine, perform the following.

* Start -> Printers and Faxes, or Start -> Control Panel -> Printers and Faxes
* Right-click the printer name, and left-click Properties
* Click the Ports tab, and widen the first column which displays IP address of the printers

If there is no ip detail in first column you click "Configure Port" button and you may see the ip in there. What? Your Configure Port button is not active? Then you must go to your printer server and check it from there.

3. If your networked printer uses DHCP, you may connect to your router and find the IP address of the printer from DHCP status page. The router displays all host machines that are assigned dynamic IP addresses.

4. You may also try pinging your network from a computer connected to the network, and lookup an arp table. On your computer, click [Start] -> [Run...] and type "cmd" and [Enter]. Type "ipconfig" to find your network address. The network address is found by performing a logical AND operation on your IP address and the subnet mask. For example, if you IP is 192.168.1.101 and subnet mask is 255.255.255.0, then the network address is 192.168.1.0. Ping your network using a broadcast address, i.e. "ping 192.168.1.255". After that, perform "arp -a" to determine all the computing devices connected to the network. One of the IP found is your networked printer.

5. You may also use "netstat -r" command to find an IP address of all network routes. However, if your printer has problem communicating with other network devices, you may not be able to find IP address of the printer using "netstat" command.

How to install and configure shorewall in Ubuntu / Debian

What is Shorewall?

The Shoreline Firewall, more commonly known as "Shorewall", is a high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables utility, Shorewall configures Netfilter to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus take advantage of Netfilter's connection state tracking capabilities.

Install Shorewall

# sudo apt-get install shorewall
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
openbsd-inetd
Use 'apt-get autoremove' to remove them.
Suggested packages:
shorewall-doc
The following NEW packages will be installed:
shorewall
0 upgraded, 1 newly installed, 0 to remove and 26 not upgraded.
Need to get 0B/250kB of archives.
After unpacking 1241kB of additional disk space will be used.
Preconfiguring packages ...
Selecting previously deselected package shorewall.
(Reading database ... 16390 files and directories currently installed.)
Unpacking shorewall (from .../shorewall_3.2.6-2_all.deb) ...
Setting up shorewall (3.2.6-2) ...
#### WARNING ####
The firewall won't be started/stopped unless it is configured

Please read about Debian specific customization in
/usr/share/doc/shorewall/README.Debian.gz.
#################

Configure Shorewall Startup Service

# pico /etc/default/shorewall

#Now simply change the line below from 0 to 1

startup = 0
to
startup = 1

#save, and exit.

Shorewall configuration files are stored in two separate places
/etc/shorewall stores all the program configuration files.
/usr/share/shorewall stores supporting files and action files.

Configuring Shorewall

First you must define which configuration that fit with your network plan. There are 3 types of examples configuration: One interface, Two interface, and Three Interface. For more detail you may refer to http://www.shorewall.net/two-interface.htm.
Or we can use a default configuration sample. We need to copy all samples configuration file from /usr/share/doc/shorewall/default-config to /etc/shorewall

# cp /usr/share/doc/shorewall/default-config/* /etc/shorewall/

Now you have configuration files located at /etc/shorewall

Zones Configuration

First edit the zones file to specify the different network zones, these are just labels that you will use in the other files. Consider the Internet as one zone, and a private network as another zone. If you have this then the zones file would look like this:

# pico /etc/shorewall/zones

# add 2 lines below into your zones file

net ipv4
loc ipv4

#save and exit

Interfaces Configuration

The next file to edit is the interfaces file to specify the interfaces on your machine. Here you will connect the zones that you defined in the previous step with an actual interface. The third field is the broadcast address for the network attached to the interface ("detect" will figure this out for you). Finally the last fields are options for the interface. The options listed below are a good starting point,

# pico /etc/shorewall/interfaces

# add 2 lines below into interfaces file

net eth0 detect dhcp,tcpflags,routefilter,nosmurfs,logmartians
loc eth1 detect tcpflags,nosmurfs

#save and exit

Policy Configuration

The next file defines your firewall default policy. The default policy is used if no other rules apply. Often you will set the default policy to REJECT or DROP as the default, and then configure specifically what ports/services are allowed in the next step, and any that you do not configure are by default rejected or dropped according to this policy. An example policy (based on the zones and interfaces we used above) would be:

# pico /etc/shorewall/policy

# sample from my shorewall policy configuration
loc net DROP info
loc $FW DROP info
loc all DROP info
$FW net DROP info
$FW loc DROP info
$FW all DROP info
net $FW DROP info
net loc DROP info
net all DROP info
all all DROP info


# save and exit

This policy says: by default accept any traffic originating from the machine (fw) to the internet and to the local network. Anything that comes in from the internet destined to either the machine or the local network should be dropped and logged to the syslog level "info". The last line closes everything else off, and probably wont ever be touched. Note: DROP rules are dropped quietly, and REJECTs send something back letting the originator know they've been rejected.

Rules Configuration

The most important file is the rules. This is where you set what is allowed or not. Any new connection that comes into your firewall passes over these rules, if none of these apply, then the default policy will apply. Note: This is only for new connections, existing connections are automatically accepted. The comments in the file give you a good idea of how things work, but the following will provided an example that can give you a head-start:

# /$nano /etc/shorewall/rules

# add few lines below into rules file
DNS/ACCEPT $FW net
SSH/ACCEPT loc $FW
Ping/ACCEPT loc $FW
Ping/ACCEPT loc net
Ping/ACCEPT net $FW
ACCEPT $FW loc icmp
ACCEPT $FW net icmp

#WEB SERVICE PORT
ACCEPT loc net tcp 80
ACCEPT loc net tcp 443
ACCEPT loc $FW tcp 10000


# save and exit

This example can be written in long-hand as, "Accept any pings (icmp) from the internet to the machine, accept any tcp connections from the internet that are on any of the ports referenced in /etc/services for the services ssh(22),www(80),https(443),webmin(10000), etc.

Final step is start shorewall firewall

# sudo /etc/init.d/shorewall start
password :

If there was a syntax error in your configuration you will get an error saying so and you should have a read of /var/log/shorewall-init.log to figure out why.

If everything does start up, you should make sure that you aren't blocking something that you don't mean to, you can do that by looking at your firewall logs.

10 things about Virtualization

Virtualization has been a major buzzword in the IT world for a few years. Now the buzz is getting bigger, as we draw close to the release of Windows Server 2008 on March 1. Microsoft has promised that the Hyper-V virtualization component (formerly called Viridian) will follow within 180 days. Of course, Microsoft already has Virtual Server and Virtual PC, as well as stiff competition on the virtualization front from VMWare and Citrix/XenSource.

With all these options, taking the plunge into virtualization can be a big and confusing step. Here are a few things you should know about virtualization and virtualization software before you start to plan a deployment.

#1: Virtualization is a broad term with many meanings

Virtualization software can be used for a number of purposes. Server consolidation (running multiple logical servers on a single physical machine) is a popular way to save money on hardware costs and make backup and administration easier, and that’s what we’re primarily focused on in this article. However, other uses include:

* Desktop virtualization, for running client operating systems in a VM for training purposes or for support of legacy software or hardware.
* Virtual testing environments, which provide a cost-effective way to test new software, patches, etc., before rolling them out on your production network.
* Presentation virtualization, by which you can run an application in one location and control it from another, with processing being done on a server and only graphics and end-user I/O handled at the client end.
* Application virtualization, which separates the application configuration layer from the operating system so that applications can be run on client machines without being installed.
* Storage virtualization, whereby a SAN solution is used to provide storage for virtual servers, rather than depending on the hard disks in the physical server.

#2: Not all VM software is created equal

An array of virtualization programs are available, and the one(s) you need depends on exactly what you need to do. You might want to run a virtual machine on top of your desktop operating system, running a different OS, either to try out a new OS or because you have some applications that won’t run in one of the operating systems.

For example, if you’re using Windows XP as your desktop OS, you could install Vista in a VM to get to know its features. Or if you’re running Vista but you have an application you occasionally need to use that isn’t compatible with it, you could run XP in a VM with that application installed. For simple uses like this, a low-cost or free VM program, such as VMWare Workstation or Microsoft’s Virtual PC, will work fine.

On the other hand, if you need to consolidate several servers and thus need maximum scalability and security, along with sophisticated management features, you should use a more robust VM solution, such as VMWare’s ESX Servers, Microsoft’s Virtual Server or (when it’s available) the Hyper-V role in Windows Server 2008. For relatively simple server virtualization scenarios, you can use the free VMWare Server.

#3: Check licensing requirements first!

As far as licensing is concerned, most software vendors consider a VM to be no different from a physical computer. In other words, you’ll still need a software license for every instance of the operating system or application you install, whether on a separate physical machine or in a VM on the same machine.

There may also be restrictions in the EULA of either the guest or host OS regarding virtualization. For example, when Windows Vista was released, the licensing agreements for the Home Basic and Home Premium versions prohibited running those operating systems in VMs, but Microsoft has since changed those licensing terms in response to customer input.

Windows Server 2008’s EULA provides for a certain number of virtual images that can be run on the OS, depending on the edition. This ranges from none on Web edition to one on Standard, four on Enterprise, and an unlimited number on Datacenter and Itanium editions.

#4: Be sure your applications are supported

Another issue that needs to be addressed up front is whether the application vendor will support running its software in a virtual machine. Because VMs use emulated generic hardware and don’t provide access to the real hardware, applications running in VMs may not be able to utilize the full power of the installed video card, for example, or may not be able to connect to some of the peripherals connected to the host OS.

#5: Virtualization goes beyond Windows

There are many virtualization technologies and some of them run on operating systems other than Windows. You can also run non-Windows guest operating systems in a VM on a Windows host machine. VMWare can run on Linux, and Microsoft previously made a version of Virtual PC for Macintosh (but did not port it to the Intel-based Macs). Parallels Desktop provides support for running Windows VMs on Mac OS X. Parallels Workstation supports many versions of Windows and Linux as both host and guest. Parallels Virtuozzo is a server virtualization option available in both Linux and Windows versions. Other virtualization solutions include:

* Xen (now owned by Citrix), which is one of the most popular hypervisor solutions for Linux.
* Q, an open source program based on the QEMU open source emulation software, for running Windows or Linux on a Mac.
* Open VZ, for creating virtual servers in the Linux environment.

#6: Virtualization can increase security

Isolating server roles in separate virtual machines instead of running many server applications on the same operating system instance can provide added security. You can also set up a VM to create an isolated environment (a “sandbox”), where you can run applications that might pose a security risk.

Virtual machines are also commonly used for creating “honeypots” or “honeynets.” These are systems or entire networks set up to emulate a production environment with the intention of attracting attackers (and at the same time, diverting them away from the real production resources).

#7: Virtualization can increase availability and aid in disaster recovery

Backing up virtual machine images and restoring them is much easier and faster than traditional disaster recovery methods that require reinstalling the operating system and applications and then restoring data. The VM can be restored to the same physical machine or to a different one in case of hardware failure. Less downtime means higher availability and greater worker productivity.

#8: VMs need more resources

It may seem obvious, but the more virtual machines you want to run simultaneously, the more hardware resources you’ll need on that machine. Each running VM and its guest OS and applications will use RAM and processor cycles, so you’ll need large amounts of memory and one or more fast processors to be able to allocate the proper resources to each VM.

To run multiple resource-hungry servers on one machine, you’ll need a machine with hardware that’s capable of supporting multiple processors and large amounts of RAM and you must be running a host OS that can handle these.

#9: 64 bits are better than 32

For server virtualization, consider deploying a 64-bit host operating system. 64-bit processors support a larger memory address space, and Windows 64-bit operating systems support much larger amounts of RAM (and in some cases, more processors) than their 32-bit counterparts. If you plan to use Windows Server 2008’s Hyper-V role for virtualization, you have no choice. It will be available only in the x64 versions of the OS.

#10: Many resources are available for planning your virtualization deployment

Virtualization is a huge topic, and this article is only meant to provide an overview of your options. Luckily, there are many resources on the Web that can help you understand virtualization concepts and provide more information about specific virtualization products. The following list should get you started:

10 things that will mess up your network ( For IT pros )

1. Don’t have a comprehensive backup and disaster recovery plan
It’s not that backing up is hard to do. The problem is that it sometimes gets lost in the shuffle, because most network administrators are overloaded already, and backups are something that seem like a waste of time and effort—until you need them.
Of course you back up your organization’s important data. I’m not suggesting that most admins don’t have a backup strategy in place. But many of those backup strategies haven’t changed in decades. You set up a tape backup to copy certain important files at specified intervals and then forget about it. You don’t get around to assessing and updating that backup strategy—or even testing the tapes periodically to make sure your data really is getting backed up—until something forces you to do so (the tape system breaks or worse, you have a catastrophic data loss that forces you to actually use those backups).
It’s even worse when it comes to full-fledged disaster recovery plans. You may have a written business continuity plan languishing in a drawer somewhere, but is it really up to date? Does it take into account all of your current equipment and personnel? Are all critical personnel aware of the plan? (For instance, new people may have been hired into key positions since the time the plan was formulated.) Does the plan cover all important elements, including how to detect the problem as quickly as possible, how to notify affected persons, how to isolate affected systems, and what actions to take to repair the damage and restore productivity?

2. Ignore warning signs
That UPS has been showing signs of giving up the ghost for weeks. Or the mail server is suddenly having to be rebooted several times per day. Users are complaining that their Web connectivity mysteriously drops for a few minutes and then comes back. But things are still working, sort of, so you put off investigating the problem until the day you come into work and network is down.
As with our physical health, it pays to heed early warning signs that something is wrong with the network and catch it before it becomes more serious.

3. Never document changes
When you make changes to the server’s configuration settings, it pays to take the time to document them. You’ll be glad you did if a physical disaster destroys the machine or the operating system fails and you have to start over from scratch. Circumstances don’t even have to be that drastic; what if you just make new changes that don’t work the way you expected, and you don’t quite remember the old settings?
Sure, it takes a little time, but like backing up, it’s worth the effort.

4. Don’t waste space on logging
One way to save hard disk space is to forego enabling logging or set your log files to overwrite at a small file size threshold. The problem with that is that disk space is relatively cheap, but hours of pulling your hair out when you’re trying to troubleshoot a problem without logs to help you discover what happened can be costly, in terms of both money and frustration.
Some applications don’t have their logs turned on automatically. But if you want to save yourself a lot of grief when something goes wrong, adopt the philosophy of “everything that can be logged should be logged.”

5. Take your time about installing critical updates
The “It'll never happen to me” syndrome has been the downfall of many networks. Yes, updates and patches sometimes break important applications, cause connectivity problems, or even crash the operating system. You should thoroughly test upgrades before you roll them out to prevent such occurrences. But you should do so as quickly as possible and get those updates installed once you’ve determined that they’re safe.
Remember that Nimda and other major virus or worm infestations have done untold damage to systems even though the patches for them had already been released.

6. Save time and money by putting off upgrades
Upgrading your operating systems and mission-critical applications can be time consuming and expensive. But putting off upgrades for too long can cost you even more, especially in terms of security. There are a couple of reasons for that:
- New software usually has more security mechanisms built in. There is a much greater focus on writing secure code today than in years past.
- Vendors generally retire support for older software after awhile. That means they stop releasing security patches for it, so if you’re running the old stuff, you may not be protected against new vulnerabilities.
If upgrading all the systems in your organization isn’t feasible, do the upgrade in stages, concentrating on the most exposed systems first.

7. Manage passwords sloppily
Although multifactor authentication (smart cards, biometrics) is becoming more popular, most organizations still depend on user names and passwords to log onto the network. Bad password policies and sloppy password management create a weak link that can allow attackers to invade your systems with little technical skill needed.
Require lengthy, complex passwords (or better, passphrases), require users to change them frequently, and don’t allow reuse of the same passwords over and over. Enforce password policies through Windows group policy or third-party products. Ensure that users are educated about the necessity to keep passwords confidential and are forewarned about the techniques that social engineers may use to discover their passwords.
If at all possible, implement a second authentication method (something you have or something you are) in addition to the password or PIN (something you know).

8. Try to please all the people all of the time
Network administration isn’t the job for someone who needs to be liked by everyone. You’ll often be setting down and enforcing rules that users don’t like. Resist the temptation to make exceptions (“Okay, we’ll configure the firewall to allow you to use instant messaging since you asked so nicely.”)
It’s your job to see that users have the access they need to do their jobs—and no more.

9. Don’t try to please any of the people any of the time
Just as it’s important to stand your ground when the security or integrity of the network is at stake, it’s also important to listen to both management and your users, find out what they do need to do their jobs, and make it as easy for them as you can—within the parameters of your mission (a secure and reliable network).
Don’t lose sight of the reason the network exists in the first place: so that users can share files and devices, send and receive mail, access the Internet, etc. If you make those tasks unnecessarily difficult for them, they’ll just look for ways to circumvent your security measures, possibly introducing even worse threats.

10. Make yourself indispensable by not training anyone else to do your job
This is a common mistake throughout the business world, not just in IT. You think if you’re the only one who knows how the mail server is configured or where all the switches are, your job will be secure. This is another reason some administrators fail to document the network configuration and changes.
The sad fact is: no one is indispensable. If you got hit by a truck tomorrow, the company would go on. Your secrecy might make things a lot more difficult for your successor, but eventually he or she will figure it out.
In the meantime, by failing to train others to do your tasks, you may lock yourself into a position that makes it harder to get a promotion… or even take a vacation.

10 things about Blade Server

As an IT Manager, you are likely inundated by positive-spin marketing and vendors touting that their solution is “better, more cost-effective, cheaper, more efficient” and so on. Blade Servers are the latest technology to fall prey to the hype, over-selling and marketing blitzes that follow any new or up and coming technology or product. What happens, though, if we dump the glossy marketing hype and boil-down the facts? Will a distilled overview of what blade servers can really do for you measure up to the claims? Let’s find out.

1. Blade Servers Use Less Power

This bit of hype may be true. In fact, they use up to 28% less wattage than conventional servers. The power in a blade enclosure spreads over the entire enclosure so that the most efficient power configuration is an enclosure full of Blades. The amount of power allocated to each Blade is somewhat vendor-specific and some definitely perform better in this area than others but overall Blades consume significantly less power than their conventional counterparts. Software is also available that can allocate more or less power to specific Blades depending on individual needs.
Mobile processors are also more power efficient than their conventional brethren. These new generation processors use far less power (~50W+) at peak usage times but also have the ability to return to a very low consumption when idle. Newer designs by Intel and AMD have brought some single core processors down to the <10W consumption range.

Conclusion: New design innovations turn hype into hope.

2. Blade Servers Require Less Cooling

In the early days of Blades — say, 5 years ago — this was not true. The hype surrounding the cooling claim is responsible for many IT shops sticking with technology that is more conventional. Early versions of Blades and their enclosures were not airflow friendly but Current Blade and Blade enclosure design is far superior to those of just a few years ago.

Hard drives, CPUs, and Power Supplies are the big heat producers inside a computer. Contemporary Blade Servers come standard with more efficient power supplies that not only consume less power but also give off from 10-25% less heat than earlier versions. Power supplies aren’t the only items to get a contemporary redesign; some vendors are using solid state hard drives with no moving parts that generate almost no heat compared to spinning drives. To decrease heat in Blades further, vendors have not only turned to mobile processors for their power efficiency but also for their reduced heat generation. For those who don’t use solid state technology, some have opted for less power hungry and heat producing 2.5″ drives instead of the standard 3.5″ size.

“The 2.5″ hard drives used in most blade centers usually have a higher failure rate than the typical 3.5″ SAS/SATA drives in non-blade servers,” says Mike Bacher of TulsaConnect Internet Services in Tulsa, Oklahoma. He adds, “[Although] this is changing as time goes on.”

Conclusion: Believe the hype on this one but make intelligent vendor-to-vendor comparisons.

3. Blade Servers Lower Your TCO

TCO is possibly the most overused three-letter acronym in the technology business. Everything a vendor does for you will lower your TCO but usually after blowing a lot of upfront money on the solution. Blade Servers certainly can lower your TCO by lowering overall power costs for computing power and cooling of the Data Center.

Can Blade Servers provide significant savings in other areas?

They take up less rack space, which means you will pay less money in a hosted environment. Most ISPs who lease rackspace do it on a per rack unit basis. Using Blades will greatly decrease your space consumption in those racks.

Blades are in fact less expensive than the equivalent server with a conventional design is. They have become commodity hardware though their performance compares favorably with standard server architecture. The new generation of Blades is changing the stigma of inexpensive and commodity into a positive attribute. According to some vendor hype, you will actually save money on maintenance and management by deploying Blades. This too may actually be the case due to the ease of racking a new Blade and a minimal provisioning time–a lower cost hardware technician can actually connect the new server and have it available for an OS within minutes of taking it out of the box.

Chris Pritchard, System Administrator at Tilted Planet, Ltd. A Full-service hosting company based in Chicago says that, “We looked at blades but they weren’t cost effective for us because of the special power and cooling requirements. It would have been cost prohibitive for us to rebuild our data center.”

New conventional server deployment requires a lot of planning for power, cooling, network, and space requirements are now practically removed from the equation. Due to the modular nature of Blades, a new Blade connects into the Blade enclosure and immediately has power, network, and a shared management interface.

Conclusion: Blade Servers deliver a lot of bang for the buck and lower your TCO.

4. Virtualization

Right behind TCO, virtualization is getting a lot of airtime these days. Virtualization uses the resources of one very powerful server to power multiple servers. Each virtual server runs as if it had its own memory, disk space, processor, and other resources. Virtualization and Blades is a Data Center match made in heaven since both technologies are modular in nature. This modularity allows workload spreading or isolation amongst server groups. Today’s virtualization products create pools of virtualized servers to spread the load of consolidated services to multiple Blades.

Companies generally deploy Blades to lower costs but are equally deployed because of the ease of moving multiple underutilized conventional servers onto a single server or cluster of servers. This is the process known as consolidation. Consolidation through virtualization and resource pooling are other ways of maximizing utilization and lowering costs.

Conclusion: Virtualization and Blades are the future of Data Center Computing.

5. Vendor Tie-in/Buy-in

This aspect of Blade technology is not something you are likely to hear as hype so much but as a matter of fact. If you choose to employ Blade technology in your Data Center, you must decide either on a vendor or on some other factors that steer you toward a specific vendor. The reason is that a Blade enclosure from vendor A is not compatible with a Blade from vendor B or any other vendor. If you want IBM Blades, then you have to purchase the IBM Blade solution as a whole. The same goes for Sun, HP, or Dell. Once you buy-in to a specific vendor’s Blade solution, tying you to that vendor exclusively.

Mike Bacher agrees stating, “Once you commit to a blade center, you are locked in to one vendor for additional blades, which could be detrimental from a pricing standpoint.”

Conclusion: Once you buy into a solution, it’s yours to keep.

6. Less Space/High Density

Another truth from the Land O’ Hype? This is the main reason for making the switch to Blade Servers for some companies who use shared floor space. Blade computing, also called High-density Computing, can get you 2-4 times the number of servers into the same rackspace than with conventional hardware. Most Blade enclosures take up about 7U of vertical rackspace but are able to utilize space more efficiently by using an edge-on design. The offerings vary among vendors but you will get from 10-14 servers in a single Blade enclosure. This can represent a significant space savings over deploying 14 standard rack mount servers.

Conclusion: Space is Money.

7. Less Time to Deploy and Provision

As discussed in item 3, Blade Servers take far less time to deploy and provision than convention rack mounted servers because their power, network, remote access, and management are all setup as soon as they connect into the Blade enclosure. As soon as a new Blade connects to the enclosure, it’s ready for an OS and an IP Address. The modular configuration makes setup a quick process that requires less skill and hassle to get a new server from box to rack to live server.

Conclusion: Time is Money.

8. Built-in Redundancy

Although this is somewhat vendor-dependent, built-in redundancy is one of the big selling features of Blade technology. As soon as the server is plugged in, you have redundant power, network, and remote access.

Conclusion: Repeat After Me: Redundancy is Good.

9. Less Cabling

This is another winner and big favorite amongst Blade technology adopters. If you have ever looked at a Blade farm compared to the racks of conventional servers, you may be sold on this one point alone. The days of spaghetti cabling and the nightmarish feeling when you realize the hardware guy didn’t label them correctly (or at all) are gone. Bladed racks are well-groomed and a pleasure to work on. This is where the Data Center gets a makeover.

Conclusion: Hold the Spaghetti.

10. Same Horsepower, Smaller Footprint.

It’s true. The same powerful multi-core, multi-socket servers are now available in Blade format. These days Blade Servers sport the same steroid-enhanced muscle as standalone servers and look better doing it. Originally, this was not the case. Blade Servers suffered having a reputation of being weaker and wiser in the Server Realm and they were. As stated earlier, Blade Servers have undergone significant technological and design makeovers. Today’s Blades are meaner, cleaner, and greener than ever before.

Conclusion: Maximum Power in a Small Package.

10. Beyond the Hype

Some of the issues concerning Blades that you don’t typically hear from vendors are those relating to local storage, power provisioning, and interoperability (mentioned in item 5). Local storage for Blades is very limited. You can usually use two local drives with a maximum capacity of about 250GB each. If your application requires a high degree of disk I/O, then this can be a limiting factor. For file and print services, some web applications, applications that run comfortably from Network Attached Storage, and network services, converting those services to Blades is relatively easy to accomplish.

When a Blade enclosure is ready for use, all the power needed for a fully populated enclosure generally is allocated all at once. Adding Blades to an existing Data Center may cause you to exceed your practical limits for electrical capacity. It is also possible that your wiring, airflow, and cooling capacity have may need some revision before full deployment.

There is currently no standard format, power requirements, or common interface or enclosure for Blade Servers. You can’t mix Sun, IBM, Dell, or Fujitsu Blades in the same enclosure. Server density per enclosure is also vendor-specific. Some offer 10 Blades per enclosure while others can hold up to 14. These numbers are for standard width Blades; the double-wide ones offer half the density per enclosure.

Summary

The hot hype du jour and yester-jour regarding Blades is generally true—now. It wasn’t a few years ago. Don’t blame the vendors. They weren’t lying to you; they were just prematurely hyping the technology. Blade technology is here to stay and will get even better with time.

Purchasing, provisioning, and using blades requires a large commitment in terms of money, planning, and personnel. It also requires a change in thinking from traditional servers, power, cabinets, and server management. Should you decide to delve into the fascinating and more fact-filled world of Blade technology, remember this one important bit of advice: Determine your needs then cautiously seek out a vendor that can meet those needs.

Ubuntu DHCP RELAY

1. Install package of dhcp relay server
root# apt-get install dhcp3-relay

2. configure etc/default/dhcp3-relay
# What servers should the DHCP relay forward requests to?
SERVERS="10.0.0.11"
# On what interfaces should the DHCP relay (dhrelay) serve DHCP requests?
INTERFACES="eth0 eth1"

3. Edit sysctl.conf to enable ip forward
net.ipv4.tcp_syncookies=1
net.ipv4.ip_forward=1