Monday, June 30, 2014

Installing VMWare Tools on FreeBSD 10

Install compat6x-amd64

Before you can work with the VMware Tools, you must install Perl and an older FreeBSD compatibility layer:

# cd /usr/ports/misc/compat6x
# make install

or

# pkg_add -r perl compat6x-`uname -m`

Take a VMWare Snapshot

Important! Take a snapshot here! Do not skip this step.

Mount the VMWare Tools ISO

# mount -t cd9660 /dev/cd0 /mnt

Copy the vmware-freebsd-tools.tar.gz file to a local location
# cp /mnt/vmware-freebsd-tools.tar.gz /tmp

Extract the vmware-freebsd-tools.tar.gz
# cd tmp

# tar zxvf vmware-freebsd-tools.tar.gz

Run the installer and configure VMware Tools
# cd vmware-tools-distrib

# ./vmware-install.pl

Sunday, June 29, 2014

Quick way to update your host to VMware ESXi 5.5 U1

A quick way to upgrade your host to the newest version at the time of this article, ESXi 5.5 U1 has a few requirements:

Valid DNS servers on your ESXi hosts.
Internet access on the ESXi hosts.
Does require a reboot, just as with normal host.
Before attempting the update, be sure to either disable the ESXi firewall (esxcli network firewall set -e false) or enable the correct firewall rule httpClient. (esxcli network firewall ruleset set -e true -r httpClient). This rule allows both TCP/80 (HTTP) and TCP/443 (HTTPS) outbound.

After you’ve disabled the ESXi firewall or enabled the correct rule. you can then start the update using the esxcli software profile update command. To update via the VMware online depot, use the command like this: esxcli software profile install -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-5.5.0-20140302001-standard

The -d option stands for the depot, and this points to the online (VUM) depot. But you can also use it for standalone hosts. -p points to the Image Profile included in the depot, and there are 4 versions available. I chose the 5.5 U1 standard (with tools).

Name
—-
ESXi-5.5.0-20140302001-no-tools
ESXi-5.5.0-20140301001s-no-tools
ESXi-5.5.0-20140301001s-standard
ESXi-5.5.0-20140302001-standard

The S in the image profile is a security-only update and only includes security updates. The no-tools is an image profile that does not include the VMware Tools binaries.



If you don’t have access to the online depot, due to something like company policy, you can follow the same procedure for most cases. Upload the offline depot (available on the download page here) to a datastore. Then use the command esxcli software profile update -d /vmfs/volumes/datastore1\ \(3\)/update-from-esxi5.5-5.5_update01.zip -p ESXi-5.5.0-20140302001-standard

During the upgrade, I ran into the following error:

[Exception]
You attempted to install an image profile which would have resulted in the removal of VIBs ['VMware_bootbank_vmware-fdm_5.5.0-1312298']. If this is not what you intended, you may use the esxcli software profile update command to preserve the VIBs above. If this is what you intended, please use the –ok-to-remove option to explicitly allow the removal.
Please refer to the log file for more details.

Fix this using esxcli software profile install -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-5.5.0-20140302001-standard –ok-to-remove

http://tomverhaeg.nl/vmware-esxi/update-to-vmware-esxi-5-5u1/

Saturday, June 28, 2014

Changing a GPT GUID partition table disk into a master boot record disk MBR

To change a GUID partition table disk into a master boot record disk using command line
Back up or move all volumes on the basic GUID partition table (GPT) disk you want to convert into a master boot record (MBR) disk.

Open an elevated command prompt and type diskpart. If the disk does not contain any partitions or volumes, skip to step 6.
At the DISKPART prompt (right-click Command Prompt, and then click Run as Administrator), type list disk. Make note of the disk number you want to delete.
At the DISKPART prompt, type select disk .
At the DISKPART prompt, type clean.

Important: Running the clean command will delete all partitions or volumes on the disk.

At the DISKPART prompt, type convert mbr.

list disk: Displays a list of disks and information about them, such as their size, amount of available free space, whether the disk is a basic or dynamic disk, and whether the disk uses the master boot record (MBR) or GUID partition table (GPT) partition style. The disk marked with an asterisk (*) has focus.

select disk: Selects the specified disk, where disknumber is the disk number, and gives it focus.

clean: Removes all partitions or volumes from the disk with focus.

convert mbr: Converts an empty basic disk with the GUID Partition Table (GPT) partition style to a basic disk with the master boot record (MBR) partition style.

Symantec Backup Exec 2012

When backing up a FreeBSD on a virtual machine on ESXi:

It took about 5 hours to finish with Exceptions:

Media Label: IMG000001
GRT backup set folder: E:\BEData\IMG000001
Transport mode 'nbd' was used for the disk 'WebProxy.vmdk'
Transport mode 'nbd' was used for the disk 'WebProxy_1.vmdk'
V-79-57344-38761 - Failed to mount one or more virtual disk images because they contained GPT style disks. Backups that were enabled for Granular Recovery Technology may not be available for restore.

Solution:

In the backup job deselect the option "Use Backup Exec Granular Recovery Technology (GRT) to enable the restore of individual files and folders from virtual machines" under Settings-VMware Virtual Infrastructure.

To simulate a virtual machine is gone completely, I build a fresh install virtual machine with Windows 7 and try to restore the system from the backup:

It took about 10 minutes to restore from the backup. However, the system could not be booted up and it shows the Blue Screen of Death. The solution and the proper procedure is to use a backup exec recovery disk (a .ISO image) to boot up the machine then restore from the Backup Exec server.

Tuesday, June 24, 2014

.htaccess Restrict Magento admin page access to a certain allowed IP address behind a reverse proxy

.htaccess Restrict Magento admin page access to a certain allowed IP address behind a reverse proxy
<IfModule mod_rewrite.c>
  ### Restrict Magento admin page access to a certain allowed IP address
  RewriteCond %{REQUEST_URI} ^/(index.php/)?admin [NC]
  #RewriteCond %{REMOTE_ADDR} !(^192\.168\.1\.7$|^192\.168\.1\.9$)
  RewriteCond %{HTTP:X-FORWARDED-FOR} !(^192\.168\.1\.7$|^88\.88\.88\.88$)
  RewriteRule ^(.*)$ http://%{HTTP_HOST}/ [R=302,L]
</IfModule>

Sunday, June 22, 2014

What kind of cable do I need?

What kind of cable do I need?

===
Toby,

This is just an example of the progress of time and the evolution of networking equipment. Back in the day it used to be mandatory to use a crossover cable between switches and routers and between some servers and hubs, but modern equipment can autosense the connection type and change it's mdx configuration on a per port basis. Therefore newer training materials will list a standard cable as the proper connection.

I still advise you keep a crossover cable handy though in your travels since you never know when you will meet an older piece of equipment that may require that type of connection.

Good luck with your studies,

Kailen
===
To kind of tie into what was said, you should get in the habit of always using the suggested cable type. If you don't then you could spend hours troubleshooting an issue that could have been avoided by using the correct type. It is nice when the devices auto-configure for you, but you do not want to get in the habit of relying on it.
===
To flex my newly acquired networking muscle...I will shed some light on this topic (I don't have too many networking muscles).

True, auto-sensing ports eliminate the need to think about whether you're using cross over or straight through. But, as mentioned, it is probably safer to practice good networking rules.

Note: The correct method to connect a router to a switch is by using a straight through cable. Switches and Hubs transmit on pins 3 & 6, where as pretty much any other NIC's and Router's transmit on pins 1 & 2.

So :

router to router....crossover

PC to PC....crossover

switch to switch.....crossover

PC to router....crossover

PC to switch, Router to switch, PC to Hub....straight-through
===
This topic has to do with the OSI Model.

You are dealing with the 3 bottom most layers. Network, Data Link, and Physical.

Routing is done at Layer 3. (IP addressing)
Switching is done at Layer 2 (Mac Addresses, ARP, Etc.)
Cables fall under layer 1. (Fiber, Copper, NIC)

Cross-over cables are used for same layer transfer. (e.g. Layer 2 - Layer 2 and Layer 3 - Layer 3)

Straight through cables are used for different layer transfer(one of many uses) (e.g. Layer 2 to Layer 3)

Auto sensing ports (where available) make life a little easier by doing away with the guess work and layer thinking. I work on a network backbone, so we try not to rely on auto sensing ports to much (its just something else to fail)
===

Reference:
https://learningnetwork.cisco.com/thread/2792
http://www.techpowerup.com/forums/threads/what-kind-of-cable-do-i-need.155807/

Layer 3 Switches Explained

Layer 3 Switches Explained

by DAVID DAVIS on AUGUST 30, 2007
Layer 3 switches are becoming more and more common in the Enterprise. After reading this tip, you’ll know the difference between a switch, a router, and a Layer 3 switch. You’ll also understand what to look for when shopping for Layer 3 switches.

Layer 3 Switches Explained
By: David Davis, CCIE #9369, CWNA, MCSE, CISSP, Linux+, CEH
The following article was originally posted at SearchNetworking.com:Layer 3 Switches Explainedand it is reproduced with their permission.
Let’s say that the switches in your data center or wiring closet are old. You know that you need to replace them and have heard about Layer 3 switches. But what is a Layer 3 switch, what can it do for you, and how does it differ from a regular switch or router? Let’s find out.

How do switches and routers work?

Before defining what a Layer 3 switch is, let’s make sure that we are all on common ground and understand what a regular switch and a router do.
switch works at Layer 2 of the OSI model (data-link). It is a LAN device that can also be called a multi-port bridge. A switch switches Ethernet frames between Ethernet devices. Switches do not care about IP addresses nor do they even examine IP addresses as the frames flow through the switch. However, unlike a hub that just duplicates data and sends it out all ports, switches keep a bridge forwarding table that shows what MAC addresses have been seen on what port.
In the Cisco world, the bridge forwarding table is called a CAM Table, or Content Addressable Memory table. If a switch receives an Ethernet frame for a destination that it doesn’t have in its table, it floods that frame out to all ports (like a hub does all the time). However, the switch learns from the response of that flood and records the response to that frame in its forwarding table for the next time. Switches form collision domains. In other words, the switches “play traffic cop” with the inbound frames by buffering each packet before switching it. This way, there are no collisions and, to each device connected to the switch, it seems like that device has its own Ethernet segment and can talk at full speed, without risk of collisions.
router, on the other hand, works at Layer 3 of the OSI model (Network). It is a WAN device that connects a LAN to a WAN or a subnetted LAN to another subnetted LAN. A router routes IP packets between IP networks. Routers do this using an IP routing table. In that table, they have either static or dynamic routes. When an IP packet comes in, the router looks up the destination IP in the IP routing table. If that destination IP is not found in the table the router drops the packet, unless it has a default route. Routers form broadcast domains because they drop broadcast packets.

How does a Layer 3 switch work?

A Layer 3 switch works much like a router because it has the same IP routing table for lookups and it forms a broadcast domain. However, the “switch” part of “Layer 3 switch” is there because:
  1. The layer 3 switch looks like a switch. It has 24+ Ethernet ports and no WAN interfaces.
  2. The layer 3 switch will act like a switch when it is connecting devices that are on the same network.
  3. The layer 3 switch is the same as a switch with the router’s IP routing intelligence built in.
  4. The switch works very quickly to switch or route the packets it is sent.
In other words, the Layer 3 switch is really like a high-speed router without the WAN connectivity.
You might be asking yourself why you would want the routing functionality of a router in your switch if you don’t have WAN interfaces. Well, the routing functionality of the Layer 3 switch is there to route between different subnets or VLANs on a campus LAN or any sort of large LAN. This means that the Layer 3 switch is really for large Ethernet networks that need to subnet into smaller networks. Most of the time, this is done using VLANs.
When it comes to Layer 3 switching, there are two kinds: hardware and software. With a hardware-based solution, the device is using an ASIC (a dedicated chip) to perform the function. With the software implementation, the device is using a computer processor and software to perform the function. Generally, Layer 3 switches and high-end routers route packets using hardware (ASICs) and general-purpose routers use software to perform routing functions.

What is a VLAN?

A VLAN is a virtual LAN. This virtual LAN is also an IP subnet. The difference between just subnetting a network and using VLANs is the flexibility that VLANs can provide for your LAN subnetting. Here is an example: Say that you have a single switch port in one VLAN, in one building. One hundred yards away, you can have another switch port, in another building. Both of those switch ports can be in the same VLAN and only those two switch ports can talk, despite the fact that they are separated by multiple buildings and are connected by a 100 yard fiber optic cable. Without a VLAN, this type of organization wouldn’t be possible.
In a traditional VLAN, switches tag the VLAN traffic, and only the devices on the same VLAN can communicate with one another. If devices on different VLANs need to communicate, they would talk to each other via a trunk port on a router. That trunk port and the processing power of the router would create a bottleneck for communications. With a Layer 3 switch, routing and trunking are performed at very high speeds.
Besides the functionality mentioned above, a VLAN has a number of other features such as:
  • Performance & broadcast control
  • Segregating departments or project networks
  • Security
This article can’t begin to cover all that you need to know about VLANs. What you need to know is that Layer 3 switches are used to make VLANs easier and faster. Layer 3 switches make VLANs easier to configure because you don’t need a separate router between VLANs. All the routing can be done right on the switch. Layer 3 switches make VLANs faster because they eliminate the bottleneck that results from a router forming a single link between VLANs.

Do I need a Layer 3 switch?

You should investigate getting a Layer 3 switch if you can answer yes to any of the following questions:
  • Do you have a network with a lot of broadcasts that needs better performance?
  • Do you have subnets and/or VLANs that are currently connected via a router?
  • Do you need higher performance VLANs?
  • Do departments need their own broadcast domains for performance or security?
  • Are you considering implementing VLANs?
Article summary
Here is what we have learned:
  • Routers work at Layer 3 and route IP packets between networks.
  • Switches work at Layer 2 and switch Ethernet frames between Ethernet devices.
  • For some of the higher-end Cisco switches, enabling Layer 3 switching is simply a software upgrade available for a fee.
  • Layer 3 switches are used primarily for inter-VLAN routing.
  • Layer 3 switches don’t have WAN connectivity

Reference:
http://happyrouter.com/layer-3-switches-explained

Saturday, June 21, 2014

RouterOS

RouterOS

What is RouterOS?
Configuration
Firewall
Routing
MPLS
VPN
Wireless
Hotspot
Quality of service
Web proxy
Tools


What is RouterOS?

MikroTik RouterOS is the operating system of MikroTik RouterBOARD hardware. It can also be installed on a PC and will turn it into a router with all the necessary features - routing, firewall, bandwidth management, wireless access point, backhaul link, hotspot gateway, VPN server and more.

RouterOS is a stand-alone operating system based on the Linux v2.6 kernel, and our goal here at MikroTik is to provide all these features with a quick and simple installation and an easy to use interface.

You can try RouterOS today, go to www.mikrotik.com and download the installation CD image. The free trial provides all of the features with no limitations. In the following pages you will find examples of some of the most important RouterOS features.
Configuration

RouterOS supports various methods of configuration - local access with keyboard and monitor, serial console with a terminal application, Telnet and secure SSH access over networks, a custom GUI configuration tool called Winbox, a simple Web based configuration interface and an API programming interface for building your own control application. In case there is no local access, and there is a problem with IP level communications, RouterOS also supports a MAC level based connection with the custom made Mac-Telnet and Winbox tools.

RouterOS features a powerful, yet easy to learn command-line configuration interface with integrated scripting capabilities.

• Winbox GUI over IP and MAC
• CLI with Telnet, SSH, Local console and Serial console
• API for programming your own tools
• Web interface

New in RouterOS v4 is the Lua scripting language, which opens up a multitude of approaches in automation and programming of your router.
Firewall

The firewall implements packet filtering and thereby provides security functions, that are used to manage data flow to, from and through the router. Along with the Network Address Translation it serves for preventing unauthorized access to directly attached networks and the router itself as well as a filter for outgoing traffic.

RouterOS features a stateful firewall, which means that is performs stateful packet inspection and keeps track of the state of network connections traveling across it. It also supports Source and Destionation NAT (Network Address Translation), NAT helpers for popular applications and UPnP.

The Firewall provides features to make use of internal connection, routing and packet marks. It can filter by IP address, address range, port, port range, IP protocol, DSCP and other parameters, also supports Static and Dynamic Address Lists, and can match packets by pattern in their content, specified in Regular Expressions, called Layer7 matching.

The RouterOS Firewall facility also supports IPv6.
Routing

RouterOS supports static routing and a multitude of dynamic routing protocols.

• For IPv4 it supports RIP v1 and v2, OSPF v2, BGP v4.
• For IPv6 it supports RIPng, OSPFv3 and BGP.

RouterOS also suppors Virtual Routing and Forwarding (VRF), Policy based routing, Interface based routing and ECMP routing. You can use the Firewall filter to mark specific connections with Routing marks, and then make the marked traffic use a different ISP.

Now with MPLS support added to RouterOS, VRF is also introduced. Virtual Routing and Forwarding is a technology that allows multiple instances of a routing table to co-exist within the same router at the same time. Because the routing instances are independent, the same or overlapping IP addresses can be used without conflicting with each other. VRF also increases network security. It is often used in, but not limited to MPLS networks.
MPLS

MPLS stands for MultiProtocol Label Switching. It can be used to replace IP outing - packet forwarding decision is no longer based on fields in IP header and routing table, but on labels that are attached to packet. This approach speeds up forwarding process because next hop lookup becomes very simple compared to routing lookup.

Efficency of forwarding process is the main benefit of MPLS. MPLS makes it easy to create “virtual links” between nodes on the network, regardless of the protocol of their encapsulated data.

It is a highly scalable, protocol agnostic, data-carrying mechanism. In an MPLS network, data packets are assigned labels. Packet-forwarding decisions are made solely on the contents of this label, without the need to examine the packet itself. This allows one to create end-to-end circuits across any type of transport medium, using any protocol.

Some of the supported MPLS features:
• Static Label bindings for IPv4
• Label Distribution protocol for IPv4
• RSVP Traffic Engineering tunnels
• VPLS MP-BGP based autodiscovery and signaling
• MP-BGP based MPLS IP VPN
VPN

To establish secure connections over open networks or the Internet, or connect remote locations with encrypted links, RouterOS supports various VPN methods and tunnel protocols:

• Ipsec – tunnel and transport mode, certificate or PSK, AH and ESP security protocols
• Point to point tunneling (OpenVPN, PPTP, PPPoE, L2TP)
• Advanced PPP features (MLPPP, BCP)
• Simple tunnels (IPIP, EoIP)
• 6to4 tunnel support (IPv6 over IPv4 network)
• VLAN – IEEE802.1q Virtual LAN support, Q-in-Q support
• MPLS based VPNs
This means that you can securely interconnect banking networks, use your workplace resources while travelling, connect to your home local network, or increase security of your wireless backbone link. You can even interconnect two branch office networks and they would be able to use each other’s resources, as if the computers would be in the same location - all secure and encrypted.
Wireless

A variety of Wireless technologies are suppored in RouterOS, the most basic of them being the wireless access point and client. If it’s a small hotspot network in your home, or a city wide mesh network, RouterOS will help you in all situations.

Some of the features supported by RouterOS:

• IEEE802.11a/b/g/n wireless client and access point
• Nstreme and Nstreme2 proprietary protocols
• Client polling
• RTS/CTS
• Wireless Distribution System (WDS)
• Virtual AP
• WEP, WPA, WPA2 encryption
• Access control list
• Wireless client roaming
• WMM
• HWMP+ Wireless MESH protocol
• MME wireless routing protocol

RouterOS also features the NStreme proprietary wireless protocol that allows to extend the connection range and speed, when using MikroTik routers at each end. This has helped to achieve the current non-amplified wifi link lenght world record in Italy. Also supported is NSteme dual which allows to use two antennas at each end, one for receiving and one for sending.
HotSpot

The MikroTik HotSpot Gateway enables providing of public network access for clients using wireless or wired network connections. The user will be presented a login screen when first opening their web broswer. Once a login and password is provided, the user will be allowed internet access. This is ideal for hotel, school, airport, internet cafe or any other public place where administration doesn’t have control over the user computer. No software installatin or network configuration is needed, hotspot will direct any connection request to the login form.

Extensive user management is possible by making different user profiles, each of which can allow certain uptime, upload and download speed limitation, transfer amount limitation and more.

Hotspot also supports authentication against standard RADIUS servers and MikroTik’s own User Manager which will give you a centralized management of all users in your networks.

• Plug-n-Play access to the Network
• Authentication of local Network Clients
• User Accounting
• RADIUS support for Authentication and Accounting
• Configurable bypass for non-interactive devices
• Walled garden for browsing exceptions
• Trial user and Advertisement modes
Quality of Service

Bandwidth Control is a set of mechanisms that control data rate allocation, delay variability, timely delivery, and delivery reliability.

Quality of Service (QoS) means that the router can prioritize and shape network traffic. Some features of MikroTik RouterOS traffic control mechanism are listed below:

• limit data rate for certain IP adresses, subnets, protocols, ports, and other parameters
• limit peer-to-peer traffic
• prioritize some packet flows over others
• use queue bursts for faster web browsing
• apply queues on fixed time intervals
• share available traffic among users equally, or depending on the load of the channel
RouterOS supports Hierarchical Token Bucket (HTB) QoS system with CIR, MIR, burst and priority support, and provides both advanced queuing, and also an easy solution for basic QoS implementation - Simple queues.
Web Proxy

RouterOS features a MikroTik custom made proxy server for caching web resources, and speeding up customer browsing by delivering them cached file copies at local network speed. MikroTik RouterOS implements the following proxy server features:

• Regular HTTP proxy
• Transparent proxy
• Access list by source, destination, URL and requested method (HTTP firewall)
• Cache access list to specify which objects to cache, and which not.
• Direct Access List to specify which resources should be accessed directly, and which - through another proxy server
• Logging facility
• SOCKS proxy support
• Parent proxy support
• Cache storage on external drives
RouterOS can also act as a Transparent Caching server, with no configuration required in the customer PC. RouterOS will take all HTTP requests and redirect them to the local proxy service. This process will be entirely transparent to the user, and the only difference to them will be the increased browsing speed.
Tools

To help administrating your network, RouterOS also provides a large number of small network tools to optimize your everyday tasks. Here are some of them:

• Ping, traceroute
• Bandwidth test, ping flood
• Packet sniffer, torch
• Telnet, SSH
• E-mail and SMS send tools
• Automated script execution tools
• CALEA data mirroring
• File Fetch tool
• Active connection table
• NTP Client and Server
• TFTP server
• Dynamic DNS updater
• VRRP redundancy support
• SNMP for providing graphs and stats
• RADIUS client and server (User Manager)

http://www.mikrotik-routeros.net/routeros.aspx

Getting Apache installed to get a web server running

Getting Apache installed to get a web server running!

Installing Apache2.2

Make sure you update ports and then run the following commands:

# cd /usr/ports/www/apache22
# make install clean

That will install apache2.2
Configuring apache2
Lets edit the httpd.conf file:

# vi /usr/local/etc/apache22/httpd.conf

Scroll down and change the following settings. The optional settings I will put OPTIONAL before the setting:

OPTIONAL: Listen 80 - You can change this default option if you have more than one apache server running on your network

User www - Changes what user apache runs as

Group www - Changes what group apache runs as

ServerAdmin to your email address.

DocumentRoot "/usr/local/www/apache22/data" - I don't usually use the default path. I put my www documents on a seperate drive.

Directory "/usr/local/www/apache22/data" - Change this to the same path as DocumentRoot (See above)

<Directory /usr/local/www/apache22/> Change this to the root of your vhosts folder

DirectoryIndex index.html index.html.var - add any pages you would use. For instance, add index.php if you use php pages

OPTIONAL: #CustomLog /var/log/httpd-access.log combined - I usually leave this commented unless you want to use this to track users looking at your site

ScriptAlias /cgi-bin/ "/usr/local/www/cgi-bin/" - change this to your cgi-bin path

Directory "/usr/local/www/cgi-bin"> - change this to the same path as ScriptAlias /cgi-bin above


Now lets tell apache to start:

# apachectl start

and hit Enter on your keyboard
We now need to tell Apache to run on startup. Please run the following command:

# echo 'apache22_enable="YES"' >> /etc/rc.conf

If you get no errors, apache should be running. Look at the page by opening a browser to http://localhost or replace localhost with the IP or the actual hostname of the box. If you went with the DocumentRoot defaults, You will see an apache test page until you get your site up and going. If you are behind a router or firewall, make sure you forward the apache port (Port 80) to the FreeBSD box otherwise you won't be able to get there from here. :-)

Configuring SSL

Let's get SSL Configured and Installed:

(FROM http://www.bsdguides.org/guides/freebsd/webserver/apache_ssl_php_mysql.php)

# mkdir /usr/local/etc/apache22/ssl.key
# mkdir /usr/local/etc/apache22/ssl.crt
# chmod 500 /usr/local/etc/apache22/ssl.key
# chmod 500 /usr/local/etc/apache22/ssl.crt
# chown root:wheel /usr/local/etc/apache22/ssl.key
# chown root:wheel /usr/local/etc/apache22/ssl.crt

Create Certificate
Now, you need to understand that one server can hold multiple certificates, but only one per listening IP address. So, if your server is listening on one IP address, you can only have one certificate for the server. Follow me so far? All of your virtual domains can share the same certificate, but clients will get warning prompts when they connect to a secure site where the certificate does not match the domain name. If your server is listening on multiple IP addresses, your virtual hosts have to be IP-based -- not name-based. This is something to consider when creating your certificate. :-)

Change to your root dir by typing in the following command. We want to save this configuration there as a backup.

# cd /root
# openssl genrsa -des3 -out server.key 1024

You will now be prompted to enter in a password. Write this down as you will need it later. We need to make a Certificate Signing Request (CSR):

# openssl req -new -key server.key -out server.csr

Enter your password when it asks for it. Make sure you enter your FQDN for the "Common Name" portion.
Self-signing your Certificate
You could always pay money to Verisign or Thawte for this but it costs $$$. Here is the way to do it:

# openssl x509 -req -days 365 -in /root/server.csr -signkey /root/server.key -out /root/server.crt

Now your cert is good for 365 days. If you want to make it longer, go right ahead and do so :-)
If you would like more information about SSL Certs, go to http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#aboutcerts

Now we need to copy the certs to the right place:

# cp /root/server.key /usr/local/etc/apache22/ssl.key/
# cp /root/server.crt /usr/local/etc/apache22/ssl.crt/

Now to give them the right permissions as well:

# chmod 400 /usr/local/etc/apache22/ssl.key/server.key
# chmod 400 /usr/local/etc/apache22/ssl.crt/server.crt
# chown root:wheel /usr/local/etc/apache22/ssl.key/server.key
# chown root:wheel /usr/local/etc/apache22/ssl.key/server.crt

We will now want to copy the default httpd-ssl.conf from the extras folder to the Includes folder:

# cd /usr/local/etc/apache22/extra
# vi httpd-ssl.conf

Now modify the following:


DocumentRoot "/usr/local/www/data" - Change the path to your httpd.conf document root.

ServerName www.example.com:443 - Change www.example.com to your domain name.

ServerAdmin
  Change this to your email address

ErrorLog /var/log/httpd-error.log - You can leave this or comment it out.

TransferLog /var/log/httpd-access.log - You can leave this or comment it out.

SSLCertificateFile "/usr/local/etc/apache22/ssl.crt/server.crt"

SSLCertificateKeyFile "/usr/local/etc/apache22/ssl.key/server.key"


One additional thing you will need to do is open up  /usr/local/etc/apache22/httpd.conf and comment out the following line:
Include etc/apache22/extra/httpd-ssl.conf 
Now run the following:

# apachectl stop
# apachectl start

The start means it will start in ssl mode to serve both http:// and https:// addresses. This used to be apachectl sslstart but that command has been depreciated.
The URL below includes instructions on how to remove the pass phrase prompt when apache starts
Configuring php for Apache

This section is pretty easy. Just run the following:

# cd /usr/ports/lang/php5
# make config

Make sure the box is checked that says Apache. If it isisn’t, put the cursor over it and then hit the Space Bar. Hit Tab and then hit Enter.
Then run the following to upgrade php5 to support Apache2.2

# make install clean

Next, we want to configure apache to use php5.

# vi /usr/local/etc/apache22/httpd.conf

and look for the first AddType section and add this to next line below the AddType section

AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

Next go to DirectoryIndex and make sure index.php is part of it like so:

DirectoryIndex index.php index.html

With Apache2.2 it now wants to load an Accept Filter. If you don't load the following module on startup, You will get an error everytime you start apache. Run the following command:

# echo 'accf_http_load="YES"' >> /boot/loader.conf

Now rather than rebooting the box, we can load the module manually by running:

# kldload accf_http

and then if you start Apache, You won't get that error.
Now run the following command to start apache.

# apachectl stop
# apachectl start

You will now have apache with SSL and PHP support!

Reference:
http://freebsdrocks.net/index.php?option=com_content&task=view&id=17&Itemid=25

vSphere Web Client Login

vSphere Web Client URL: https://vcenter:9443
name: administrator@vsphere.local
password: *********

Lookup Service URL: https://vcenter:7444/lookupservice/sdk
vCenter Inventory Service URL: https://vcenter:10443

Friday, June 20, 2014

Ways to transfer VMware Workstation Virtual Machines to ESXi

Method 1:
Connecting to ESXi host > right click on the virtual machine > Manage > Upload

Method 2:
Right click on left pane > select Datastore and Datastore Clusters > select a datastore > click on "Browse this datastore".

Method 3:
File > Export to OVF.

Using the Local ESXi Shell

Using the Local ESXi Shell

After you enable the ESXi Shell in the direct console, you can use it from main direct console screen or remotely through a serial port.

1. At the main direct console screen, press Alt-F1 to open a virtual console window to the host.

2. Get a list of running virtual machines, identified by World ID, UUID, Display Name, and path to the .vmx configuration file, using this command:

# esxcli vm process list

3. Power off one of the virtual machines from the list using this command:

# esxcli vm process kill --type=[soft,hard,force] --world-id=WorldNumber

Alternate power off command syntax is:

# esxcli vm process kill -t [soft,hard,force] -w WorldNumber

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1014165

4. shutdown and restart commands:

# reboot -f
# halt
# shutdown

Thursday, June 19, 2014

客戶「又要馬兒好,又要馬兒不吃草」,PM該如何面對?

作者 / Bryan Yao
「101專案管理啓蒙」可說是我們今年最受歡迎的內訓課程,不少企業HR告訴我,常見的專案管理課幾乎都以PMP證照為主,像101這樣循序漸進帶領大家寫出一套「專案劇本」的課相對很特別。正因為這樣的實務導向,課堂中不少學員都提出了很實際的問題。這些問題還挺值得從事PM工作的你我思考一下,以下就是某位在知名企業的PM提出的小煩惱:
老師在課堂上提到專案金三角(範疇、時間、成本、品質)的概念,任何一項都會與其他項目聯動。但我的專案每次發生變動時,我詢問客戶:成本、品質哪個可以犧牲?得到的答案都是:全部都不能犧牲。這根本是不可能的嘛!我該怎麼辦呢?
首先,這是個專案執行上很常見的問題,但我認為問題的解決之道卻不在專案管理,而偏向溝通方法與心理學。

我們先以「換位思考」的方式站在本案利害關係人(也就是客戶)的角度來想想看。這裡所說的客戶,多半是客戶公司的代表窗口,也就是跟我們一樣的上班族,唯一區別在於彼此服務的對象不同。我們乙方PM的職責是提交產品滿足客戶公司,而甲方代表的責任便是善盡監督之責,確保每一分投資獲得最大的回報。

既然客戶公司花了錢,就期待得到最大的效益,這跟我們去購物是一樣的心態,最好能用少少的錢買到最讚的東西,而這位客戶代表既然被公司授權,首要之務就是確保乙方可以滿足他的上司。所以當我們問他「成本、品質哪個可以犧牲?」時,身為PM我們心裡想的固然是「專案金三角」的邏輯,但對方心裡的OS卻可能是:「什麼!追加成本?犧牲品質?是要我幫你們的利益背書嗎?老闆會宰了我!」,這時他不但不會點頭,反倒會出現兩種反應,一是立即「啟動結界」進入「防禦模式」,要不就是「開啟保險」進入到「戰鬥模式」,不論是哪一種,接下來我們日子都不會好過。

相信各位都有遇到銷售高手的經驗,原本想買支一萬塊的手機,結果不知著了什麼魔,刷了兩萬多的最新旗艦還外加奈米包膜、真皮護套、和高檔耳機,重點是:還很開心!這不算什麼,我聽過有人去買Toyota,最後開了台Lexus回家,一邊被老婆罵,還一邊看著新車傻笑!

銷售高手有點是值得我們PM學習的:面對客戶,他們只做「加法」,不做「減法」。他們總是強調更多的效益所帶來的好處與優點(當然前提是付出成本),而不太強調客戶的犧牲。

銷售高手看到我們對一萬元的手機有興趣,他不會去強調:「先生,這支只能算中階機喔!所以無論在功能、用料、與品質上,都做了一些犧牲,這就是一分錢一分貨的道理,這簡單的邏輯你應該懂的!」聽到這裡我們的評語不會是「真理」而是「真賤」!並開始轉頭看隔壁還有沒有其他店家。

銷售高手當然也希望我們買更高階的手機,但他會這樣說:「先生,你選的這支賣得很好,CP值很高,買了絕不會後悔!」但他會伺機而動,當你在測試相機時說:「你常用手機拍照嗎?你選的那隻是500萬畫素,記錄生活是很夠用的,但如果你喜歡攝影,這隻有千萬畫素雙鏡頭,可做出立體景深效果,還有HDR多重曝光功能,很多專業攝影師都拿這隻當休閒機…而且這支的音響效果、材質設計上都是頂級的,號稱是地球上最強的手機…」非常可怕的魔音穿腦,瞬間一群小朋友又不見了,然後我們會帶著忐忑不安卻又欣喜若狂的情緒回家,我猜這大概就是偷情的快感吧!

有次去南部旅遊,朋友帶我去買蜜餞。有兩家店開在同條街上,一家門庭若市,一家卻乏人問津。我問在地的朋友這兩家差在哪裡?他說其實味道跟價錢都差不多,他也搞不清楚差在哪裡,不過從小他們都是跟A店家買。我這人就喜歡做實驗,因此兩家都買了我最喜歡的脆梅,果然味道價格都難以分辨,唯一我注意到的小差距,是A老闆先舀幾顆到袋子裡,然後看著秤一直追加梅子,直到我要買的量,報了價格後,竟又多舀了兩顆梅子進袋裡。至於B老闆則是手感精準,只舀一勺梅子就很接近我買的量,但超過一些,他便從袋中舀出一兩顆。當看到「屬於我的梅子」被拿回去時,我瞬間明白這兩位老闆的差異了!

每天都在賣蜜餞的人,A老闆的手感會差嗎?我不確定,但我相信她更了解人性。她知道身為客戶的我們都喜歡「加法」,痛恨「減法」。現在回想起來,我覺得我剛講錯了,A店家的脆梅感覺比較好吃!
所以我給這位PM的建議是,不要強調「犧牲」這件事,要先讓客戶覺得,我們有決心做到100分,滿足你所有的要求甚至更多(我們犧牲就好,你不用犧牲)。但因為時間限制(口頭上少強調人力限制或預算限制,因為人力是我們乙方的責任,而預算限制則有怪罪甲方小氣的嫌疑,唯有時間是歸上帝管轄),我們需要你給我們一個「優先順序」,我們先把最重要的事情做好之後,再來處理剩下的工作。一定要給客戶安心感,讓他覺得我們不想規避掉任何工作,只是需要一個工作的優先順序罷了,而且您身為客戶,絕對有這個權力來指導我們先後緩急。

有的PM可能會擔心,萬一優先的事情做完後,客戶跑來要我們完成剩餘的工作,要我們交出那120分怎麼辦?這樣不是增加我們額外的成本嗎?根據我的經驗,這類難搞的專案,通常是時間、預算、品質限制較嚴格的,直到專案完成前,每天都是緊鑼密鼓像打仗一樣地進行,當第一優先的事情完成後,原本第二優先的工作馬上就會遞補成第一,所以總是有「最急迫」的問題要處理。對於最終的交期,客戶可能比你還要在意,所以不太可能deadline前客戶還有閒功夫要你慢慢做些雕花鑲金的工作,就算有空閑時間,客戶窗口多半會跟公司回報提早結案,這樣對他自己的績效也有幫助。

所以不要把問題弄得那麼嚴重,要求客戶對「未來」可能的犧牲當下就做出取捨,甚至去背書畫押。而是儘量把問題變成「眼前」我們該如何決定「先後順序」,如此而已。如果PM能做出這樣的引導,客戶會比較安心,必要時,還可以像銷售高手賣手機一樣,建議客戶投入更多資源以獲得加倍回報。

危機往往就是轉機, 許多資深PM都懂得這個道理,因此反而很歡迎這樣的變更,他們知道這正是爭取更多資源的契機,而且客戶也會獲得更多的價值,是個雙贏。畢竟對專業賽車手來說,有彎道才有超越的機會呀!

http://www.projectup.net/blog/index.php?option=com_content&view=article&id=15139:pm&catid=2:pm&Itemid=19

Tuesday, June 17, 2014

Automatic vertical scroll bar in WPF TextBlock?

Automatic vertical scroll bar in WPF TextBlock?

<TextBox Name="myTextBox"
ScrollViewer.HorizontalScrollBarVisibility="Auto"
ScrollViewer.VerticalScrollBarVisibility="Visible"
ScrollViewer.CanContentScroll="True">SOME TEXT
</TextBox>

These are attached property of wpf. For more information

http://wpfbugs.blogspot.in/2014/02/wpf-layout-controls-scrollviewer.html

Monday, June 16, 2014

MySQL Import error

ERROR HY000: This function has none of DETERMINISTIC, NO SQL, or READS SQL DATA in its declaration and binary logging is enabled (you *might* want to use the less safe log_bin_trust_function_creators variable)

mysql> SET GLOBAL log_bin_trust_function_creators = 1;

Note: You can also set this variable by using the --log-bin-trust-function-creators=1 option when starting the server.

cmd> mysql --default-character-set=utf8 -u root -p DB_NAME < 2014-06-16_DB_NAME.sql

After imported, run this query to set it back:
mysql> SET GLOBAL log_bin_trust_function_creators = 0;

Thursday, June 12, 2014

MySQL Query Log

Turn on query log permanently, eidt my.ini:

[mysqld]

log

Turn on query log at runtime:

SET GLOBAL general_log = 'ON';
SET GLOBAL general_log = 'OFF';

Note: use the "FLUSH LOGS" command to flush the logs from memory to the log file.

Wednesday, June 11, 2014

MySQL C# Text Encoding Problem

Solution:

<add key="MyDBConnectionString" value="Server=127.0.0.1;Database=posserver;Uid=root;Pwd=mypassword;Port=3306;CharSet=utf8;"/>

Note: Use lower case value utf8 and not upper case UTF8 as this will fail.
Note: that resultsets still are returned in the character set of the data returned.

http://www.connectionstrings.com/mysql/

Tuesday, June 10, 2014

flush refresh MySQL query log file

mysql> flush logs;