Categoria: Non categorizzato

Powershell  and bash are a good way to automate your IT activities

Pubblicato il

Check Replica Status – Before deleting it – Part 2

My previous article explained the procedure to perform a failover from VBR console explaining why it is safe (Click here to read it)

In this second article, I’ll show you what can happen if you try a failover in a different way, answering the behavior that a partner had during a cleanup procedure.

In my lab, I created a new Replica Job where the original VM is still Ubuntu-02 (Picture 1) and the replica VM has the suffix _Rep_vc01-1-1 (Picture 2).

Picture 1

Picture 2

After the VM has been created (Picture 3) It is switched it on directly from the vCENTER console (Picture 4). To be sure it works as expected, it is possible to connect remotely.

Picture 3

Picture 4

Picture 5

Going back to VBR console it’s possible to see that nothing has changed (Picture 6) just because the power-on action has been performed directly from the  VMware console,

Picture 6

Attention point: If you try to perform a replica task it fails because the VM is running (picture 7)

Picture 7

Now the main point of the two articles:

It’s a bad choice to delete VMs from VBR “Ready Replica VM”  menu (picture 8/9) without knowing if the VMs have been started from vCENTER console. Why? Because also the production VM gets deleted as shown in picture 10.

Picture 8

Picture 9

Picture 10

Let’s get a little wild with some supposing:

1. If you see the “active” status icon switched on ( from VBR console) it means the failover is started (picture 11)

Picture 11

2. If a permanent failover was performed, the VM disappears from “Replica Ready” menu and replica job results to be empty (Picture 12)

Picture 12

3. If the replica job works fine it means that no permanent failover has been performed

4. If the replica Job works fine but when clicking on the delete button (from “Replica ready menu” of VBR console) (picture 13) the production VM disappears, it means that a new replica job has been re-created after the manual failover has been launched (picture 14).

Picture 13

Picture 14

Knowing that deleting a VM replicated from VBR console needs a little attention, especially if you do not have the continuous and complete control of the VMware architecture, the question is: is it possible to think an easy checking-up before deleting VM?

The answer is Yes and Veeam One can easily help just creating them.

a. From vCENTER: setting up a report that checks if the VM to be deleted is running (power state status) (Table 1)

b. From VBR: if a Replication job is setted-up for that VM (Table 2)

Table 1

Table2

Is there another way to check it up?

Yes. using Powershell scripts.

The example you can find here below is just the first idea that can be polished with a little bit of your effort.

NB1: I’m not a PowerShell expert, I just love writing scripts easy to read by anyone.

NB2: Before trying it please ask your PowerShell expert a consultant!

NB3: It is meant to be launched from VBR.

NB4: If you think that it can be a feature request write to me!

Table 3

That’s all for now guys!

Pubblicato il

Unifi USG – VLAN and Routing Configuration

INTRODUCTION:

A virtual LAN (vLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2) (wikipedia)

vLANs works by applying tags to network frames and handling these tags in networking systems.

——

I love how USG has faced up the vLAN challenge.

Their starting point is working with vLAN as if it were a layer 3 object and not layer 2 of the OSI model.

The idea behind USG is thinking vLAN is a new LAN with a different IP Address”.  Are you a little bit confused? Yes? I also was at the beginning but now I’m enthusiastic of this new approach.

Let’s explain better with an example directly from my Lab Network.

In my Environment I needed to create 2 vLAN. The first one to address the iSCSI protocol and the second to manage the Backup traffic.

I chose #40 to point up iSCSI vLAN and #50 the Backup.

I went directly to USG user interface and created the vLANs from Network menu  as shown in figure 1, 2 and 3

Figure 1

Figure 2

Figure 3

The next step is enabling routing between the new networks and the original  LAN.

The task is performing selecting Switch ports from Profiles Menu.

As shown on figure 4 I set up  an easy rule to let the networks talk to “each other”. In this case LAN to iSCSI as Figure 4

Figure 4

Now the last step. Enabling traffic from and to the Networks. In a simple word I worked at Firewall level.

I spent some hours to understand the options the USG can offer to their customers because it’s possible to set up many rules to manage traffic among LAN (LAN-IN and OUT), WAN (WAN-IN and OUT), GUEST (IN and OUT) and LOCAL (WAN/LAN/GUEST)

Really many many options but with a little patience, you can tune your networks answering to any security design.

In this example, I just created rules to manage the traffic LAN IN (FIGURE 5 and 6)

https://lnx.gable.it/wp-content/uploads/2020/05/4-vlan.jpg

FIGURE 5

FIGURE 6

Before ending this article two more notes:

If you want to grant the Servers connected to LAN to surf on Internet,  you just  need to set up a LAN-IN and a LAN-OUT rule.

To work with vLAN you need to buy an Ethernet Switch vLAN compliant

Pubblicato il

Unifi USG – Setup and configuration

Last device I added to my lab is the Ubiquity Unify Security Gateway (from now on USG)

I need it because I have to work with a great number of vLAN in my demo lab.

Let’s see what I learned in the last test weeks and how I set it up to address my needs.

The hardware installation is quite easy. After unpacking the box you just need to plug-in the power supply and two ethernet cables, the first one on LAN Port and the second to WAN port.

The USG setup is composed of 5 configuration phases

  1. LAN / WAN
  2. Unifi-Controller
  3. VPN
  4. VLAN
  5. Routing

In this first article, we are going to cover the three first phases.

I – LAN /WAN Configuration

  1. On your PC set up the Ethernet IP Address as 192.168.1.x/24 and plug the LAN cable. Now ping the 192.168.1.1 address to be sure you can reach the USG. Open a Browser and  you’ll be able to configure LAN and WAN interfaces from 192.168.1.1 address.

Figure 1

My personal router works on 192.168.18.x while I choose to set up the LAN on 192.168.16.x address

After “applying the changes”, you have to re-change the IP address of your PC to a LAN address (192.168.16.99 for example) and test the USG answer to ping.

II Unify Controller

After creating an account on the Ubiquity site (https://account.ui.com/register), download and install the Unifi Controller (https://www.ui.com/download/unifi-switching-routing) on your local PC.

Let’s see the most important steps on the wizard:

Click on “Launch a Browser to manage the network” button (Figure 2)

Figure 2

Log-in to Ubiquiti account

Figure 3

Checking if the USG device is properly discovered

Figure 4

After the wizard has been completed you can start to play with the friendly user interface. Figure 5 and 6 show the USG Device status (the fourth icons on the left panel (device))

Figure 5

Figure 6

III VPN Creation

The Wizard consists in:

  1. Creating a new Network (Figure 6) selecting the options “Remote user VPN” and L2PT server. On Radius menu you must add a new profile as shown in (Figure 7)

Figure 6

Figure 7

2) Enable Radius Server as shown in figure 8

Figure 8

Now you can set on your windows/linux/mac/android device the VPN connection and test it

Before ending the article two more notes.

  1. If you see the provisioning entry on the web interface, it means USG is loading and saving the new configuration.
  2. You can have all detail about USG products at the following internet address:  https://www.ui.com/unifi-routing/usg/
Pubblicato il

How to find strings with PowerShell

An article to explain how easy it is to answer some working needs using Microsoft Powershell.

In my job, I happen to have the need to search some data written inside files.

Three classic requests:

1) I need to remember some info about a meeting (I take always notes during meetings)

2) I need to get a statistic about how many customers asked a particular feature

3) I need to search for some errors in application logs

In this short article, I show you how to answer.

In my example, I need to find  a string with the content “find me” in my Documents folder

The PowerShell command is:

Get-ChildItem -Recurse -Path “C:\Users\VBR\Documents\” | Select-String Pattern “find me”

it is composed of two parts separated by a vertical bar (|)

In the first part, the command will search all files into the path C:\Users\VBR\Documents\ (Recurse)

In the second will search the type (string) and the object (pattern)

I like the idea of saving the results of the command in a file and also having just the path of the string I searched.

The command is changed as you can see below:

Get-ChildItem -Recurse -Path “C:\Users\VBR\Documents\Test-Find” | Select-String -Pattern “find me” | select path | Out-File C:\Scripts\Results\search_script_out.txt

To remember:
All PowerShell commands support wild card (*, ?, [ ]), which means you can search any string in your environment.