Install Open Source VMware Tools on Red Hat Enterprise/CentOS/Scientific Linux 6

VMware now makes a repository available for us to install the VMware tools for a variety of Linux distributions including Red Hat, Scientific, CentOS, and Ubuntu.  In this example I will install VMware tools on a Red Hat Enterprise/CentOS/Scientific Linux 6 guest running on a VMware ESXi 4.1 host.
First import the VMware repository GPG signing public keys:
# rpm --import http://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-DSA-KEY.pub
# rpm --import http://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-RSA-KEY.pub
Now add the VMware repository.  If you’d like you can use the “echo” command below or simply create the file and its contents are listed below it.  There are other packages available in the repository for other Linux distros, architectures, and ESX host versions.  Again I am using the Red Hat Enterprise 6/VMware ESXi 4.1 version.

Monitoring Windows Server 2008 R2 with SNMP and Cacti - part2

(Page 2)
Configure Cacti Server
Now we need to configure our Cacti server.  Type http://YourCactiServer/cacti/ into your web browser and login.

On the left side under the Management section click Devices.

Monitoring Windows Server 2008 R2 with SNMP and Cacti - part1

So you have a new Windows Server 2008 R2 installed and now you’d like to start gathering statistics about how it’s performing.  The SNMP protocol is a great way to get started.  In this tutorial I will install the SNMP agent service on a Windows server and configure it to allow queries from a SNMP based management server.  On the management server I will use a tool named Cacti that can collect this SNMP information and generate graphs from it in a fairly easy way.  I will assume that you have a server with Cacti already set up.  If not, details on how to set up an instance of Cacti on a CentOS Linux server can be found

Configure NFS Server v3 and v4 on Scientific Linux 6 and Red Hat Enterprise Linux (RHEL) 6

Recently the latest version of Scientific Linux 6 was released. Scientific Linux is a distribution which uses Red Hat Enterprise Linux as its upstream and aims to be compatible with binaries compiled for Red Hat Enterprise. I am really impressed with the quality of this distro and the timeliness with which updates and security fixes are distributed. Thanks to all the developers and testers on the Scientific Linux team! Now let’s move on to configuring an NFS server on RHEL/Scientific Linux.
In my environment I will be using VMware ESXi 4.1 and Ubuntu 10.10 as NFS clients. ESXi 4.1 supports a maximum of NFS v3 so that version will need to remain activated. Fortunately it appears as though out of the box the NFS server on RHEL/Scientific Linux has support for NFS v3 and v4. Ubuntu 10.10 will by default use the NFSv4 protocol.

Set Up Rsyslog and LogAnalyzer on CentOS Linux 5.5 for Centralized Logging - part3

(Page 3)
Configuring Rsyslog for Remote Logging
Now we’ll configure our rsyslog server to allow acceptance of syslog messages from other network devices.  First we need to configure the firewall to allow inbound traffic on port 514.  In this example I will add two rules to allow traffic via TCP and UDP.  Syslog by default only allows for message transmission through UDP but rsyslog adds TCP for more reliable message transmission.  Add these rules to “/etc/sysconfig/iptables”:

-A RH-Firewall-1-INPUT -p udp -m udp --dport 514 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 514 -j ACCEPT
Now restart the iptables firewall:

# service iptables restart
We need to add code to allow rsyslog to accept messages from remote syslog hosts.  Basically we’ll specify to accept messages via TCP and UDP from the localhost and hosts on the 192.168.1.0 subnet.  Add these lines near the top of the “/etc/rsyslog.conf” file above the code that we added previously related to MySQL.

$AllowedSender UDP, 127.0.0.1, 192.168.1.0/24
$AllowedSender TCP, 127.0.0.1, 192.168.1.0/24
At one point there was a bug in rsyslog which prevented the above lines from working and syslog messages were accepted from all senders.  This appears to be corrected now.  Another possibility to limit accepted senders is to place limits through the port 514 rule sets that we defined earlier in the iptables firewall configuration file.

Set Up Rsyslog and LogAnalyzer on CentOS Linux 5.5 for Centralized Logging - part2

(Page 2)
Now some additional configuration of LogAnalyzer is required in the web browser.  Point your browser out to your server and the LogAnalyzer subdirectory, in my case it is http://web1/loganalyzer.

In the middle under Critical Error click “here” in the “Click here to Install” line.

Set Up Rsyslog and LogAnalyzer on CentOS Linux 5.5 for Centralized Logging - part1

LogAnalyzer is a web based program that allows you to view event messages from a syslog source within your web browser.  Rsyslog is a drop in replacement for the syslog daemon that among other things allows syslog messages to be saved in a MySQL database.  Combining these two great programs and directing other network devices to forward syslog messages to a central server allows for a very powerful solution for searching and archiving event messages that occur throughout your network environment.  In this example I will install rsyslog on a CentOS Linux 5.5 server to aggregate and collect syslog messages and configure LogAnalyzer on the same server to allow for a user friendly interface for viewing and searching through these messages.

Install Windows 2008 R2 NPS for RADIUS Authentication for Cisco Router Logins - part3

(Page 3)

This next attribute setting is optional but often configured to allow users to automatically have their privileges elevated to privileged (15) EXEC mode when they login to the Cisco router.  Under RADIUS Attributes select Vendor Specific.  Click Add.

Install Windows 2008 R2 NPS for RADIUS Authentication for Cisco Router Logins - part2

Optionally we can specify that this network policy will apply to a specific RADIUS client (i.e. Cisco router).  click Add.

Install Windows 2008 R2 NPS for RADIUS Authentication for Cisco Router Logins - part1

A while back I documented a procedure to allow RADIUS Authentication for Cisco Router Logins.  Shortly thereafter I included additional instructions on how to Set Up Windows 2003 IAS Server with RADIUS Authentication for Cisco Router Logins. This updated post will discuss the configuration of a Windows 2008 R2 server for Cisco router logins using RADIUS authentication.  In my example I will install the Network Policy Server to support RADIUS on a Windows 2008 R2 domain controller and give router login access to an Active Directory domain user.
First go into Server Manager.

Install Samba Server on Red Hat Enterprise Linux/CentOS/Scientific Linux 6

Recently the latest version of Scientific Linux 6 was released. Scientific Linux is a distribution which uses Red Hat Enterprise Linux as its upstream and aims to be compatible with binaries compiled for Red Hat Enterprise. I am really impressed with the quality of this distro and the timeliness with which updates and security fixes are distributed. Thanks to all the developers and testers on the Scientific Linux team!

In this post I will discuss installing Red Hat Enterprise Linux/CentOS/Scientific Linux 6 as a Samba server. The instructions should also be relevant to other Linux distros including CentOS. This example will rely on a local user database as the mechanism to provide security. In future posts I may discuss more complex scenarios including integrating the Samba server into Windows domains and Active Directory.

Installing and Configuring Remote Desktop Services (Terminal Services) on Windows Server 2008 R2 - part5

Eliminate Certificate Warnings (optional)
Now let’s work to eliminate the multiple certificate warnings we receive when accessing our Remote Desktops and RemoteApp programs.  In this example I will make use of an enterprise certificate authority configured in my AD domain, of which my RD Session Host/Web Access server is a member.
Note that this process will only eliminate the warnings if my clients and RDS server are members of the AD domain since they will automatically trust the AD enterprise certificate authority.  If you have non-domain clients that connect to your RDS server you’ll need to export and import your CA root certificate into the certificate store on these systems so the IIS and RDS certificates are trusted.  Page 1 of the post Configuring Non-Domain Windows IIS Servers has details on how to do this.

Installing and Configuring Remote Desktop Services (Terminal Services) on Windows Server 2008 R2 - part4

Test Newly Published RemoteApp Program
Now I’ll log on to a client machine in my domain to test the newly published Calculator.  On the client open up Internet Explorer and enter “http://YourWebAccessServer/rdweb”.

Installing and Configuring Remote Desktop Services (Terminal Services) on Windows Server 2008 R2 - part3

Configure Session Host to Use Licensing Server
After you reboot and log on to your Session Host and go to Start > Administrative Tools > Remote Desktop Services > Remote Desktop Session Host Configuration.

Installing and Configuring Remote Desktop Services (Terminal Services) on Windows Server 2008 R2 - part2

Install Remote Desktop Session Host and Web Access Roles
Now switch to the server that will be our Remote Desktop Session Host and Web Access server.  Start Server Manager.

Installing and Configuring Remote Desktop Services (Terminal Services) on Windows Server 2008 R2 - part1

In the latest release of Windows 2008 R2, Terminal Services has been renamed Remote Desktop Services (RDS).  There are many enhancements in this release including enhanced multimedia performance and the ability to publish custom applications sets to specific users through Remote Desktop Web Access.  The Web Access role as the name suggests allows users to access Remote Desktop applications through a web site.  This feature is official known as RemoteApp.  The new name for the core Terminal Server running in application mode for user sessions is Remote Desktop Session Host.
In my environment I will configure the Remote Desktop Session Host and Web Access roles on the same server.  I will also install the Remote Desktop Licensing role on a dedicated server so that any additional Session Hosts I add in the future can share this service.  The License Server role can be installed on your Session Host server if desired.  All of my servers are members of an Active Directory domain.

Installing Citrix Secure Gateway and Web Interface (XenApp 6) - part5

Configure Web Interface to Support Secure Gateway
Now we need to configure the Web Interface to to ensure that client connections are directed through the Secure Gateway.  If this is not configured, the clients will access the Web Interface through the Secure Gateway but connections to applications will be direct, meaning the client will not use the Secure Gateway connection for applications.  Go to Start > All Programs > Citrix > Management Consoles > Citrix Web Interface Management.

Installing Citrix Secure Gateway and Web Interface (XenApp 6) - part4

Configuring Secure Gateway

It will automatically start the Configuration Wizard so click OK.

Installing Citrix Secure Gateway and Web Interface (XenApp 6) - part3

Install Citrix Secure Gateway 3.2
The first step with installing the Secure Gateway on our dual Secure Gateway/Web Interface server is to change the port that WI listens on for HTTPS.  Don’t worry, clients won’t need to remember these details because the Secure Gateway will still be configured to use the default HTTPS port of 443.
Go to Start > Administrative Tools > IIS Manager.

Installing Citrix Secure Gateway and Web Interface (XenApp 6) - part2

Configuring Web Interface
Once the installation completes, we are presented with this screen that allows us to configure the components we’ve installed on this server.

Installing Citrix Secure Gateway and Web Interface (XenApp 6) - part1

In this installment we’ll take a look at setting up Citrix Secure Gateway (CSG) 3.2 and Web Interface (WI) 5.3 together on a single server to provide secure connections to a Citrix XenApp farm.  CSG allows clients to make secure connections to our XenApp servers from the Internet without the use of a VPN.  I will be using the versions of CSG and WI that are provided with Citrix XenApp 6 and I’ll be installing them on Windows Server 2008 R2.  The server will be set up in a DMZ and will not be a member of my Active Directory domain.
This tutorial assumes that you have already installed a XenApp 6 server farm and configured it with published applications.  Click here for details on how to install XenApp 6.  Also you’ll need to make sure and publish an application on your XenApp server, you can find details in this post.  In addition, you’ll need to configure a DNS server or hosts file on your client to allow a domain name to be used when accessing the CSG/WI server from the client.

Installing and Configuring Citrix XenApp 6 - part5

Publishing a Citrix XenApp Application
Now it’s time to publish our first application to our clients.  Go into the Citrix Delivery Services Console if it is not already running.

Installing and Configuring Citrix XenApp 6 - part4

Configuring License Server and Installing Licenses

Installing and Configuring Citrix XenApp 6 - part3

Configuring Web Interface
After you’ve rebooted log back on and go back into the Role Manager if it doesn’t start automatically.

Installing and Configuring Citrix XenApp 6 - part2

Configuring XenApp Server
Now we will configure the different components of our XenApp installation.  If the Role Manager window does not appear click Start > All Programs > Citrix > XenApp Server Role Manager > XenApp Server Role Manager.

Installing and Configuring Citrix XenApp 6 - part1

With the recent release of Citrix XenApp 6 I’ve begun testing this version as we prepare to upgrade our Windows terminal server environment.  Probably the biggest reason for upgrading is that XenApp 6 offers support for Windows Server 2008 R2.  There are also a number of changes in the tools used to administer your Citrix farm.  In the recent past you had to use multiple tools for administration as Citrix migrated functionality into the MMC.  This seems to now be mostly complete.  The updates to the tools are welcome, but include a bit of relearning to find all the new methods and places to make configuration changes.
If you are evaluating and testing XenApp 6, Citrix has a developer license available that allows you to test with a single user for 1 year.  Search the internet for “citrix developer license” for details.  There is also a 99 user evaluation license available that is valid for 90 days.

Configure HAProxy and Keepalived for Load Balancing and Reverse Proxy on Red Hat/Scientific/CentOS Linux 5/6

HAProxy is an open source load balancer/reverse proxy that can provide high availability for your network services. While generally used for web services, it can also be used to provide more reliability for services such as SMTP and terminal services. In addition we can combine it with the Keepalived package to allow high availability/failover for the HAProxy server itself. HAProxy plus Keepalived can provide a good solution for high availability at a very low cost in comparison to proprietary hardware based load balancers.

In this example I will configure 2 HAProxy/Keepalived servers (lb1/lb2) that will direct traffic to 2 Apache web servers (web1/web2). I will not detail the set up of the web servers. Here is a list of the server and IP address configuration scheme:

Compiz Fusion and Dell Inspiron 700m with Intel 855GM Video Chipset

The Dell Inspiron 700m is a mid 2000′s vintage laptop with a Pentium M 1.6Ghz CPU and an Intel 855GM video adapter. While antiquated by today’s standards I have one as a spare and I find it still works reasonably well for basic web surfing and word processing. One downside with the age of the hardware is that the Intel graphics adapter is not supported for many graphics capabilities of modern OS’s such as Aero with Windows Vista/7. For me Windows 7 is not very pretty without Aero.

Configure OpenSSH Public Key Encryption with Keychain for Passwordless SSH Logins

Public key encryption is a powerful tool that you can use with SSH in order to achieve logins to remote hosts without entering a password everytime.  It can be much more secure than using simple password authentication.  It is also ideal for use with unattended scripting and automation when a password cannot be entered to authenticate.
In this example I will authenticate between two SSH systems, aptly named “client1″ and “server1″.  Server1 is the host that we want to log in to without a password.  In this example I am using an RPM based Red Hat Enterprise/Centos/Scientific Linux system, but it should be similar for most other Linux distributions and Windows tools such as Cygwin.

Installing Windows Remote Management (WinRM) and PowerShell 2.0 on Windows Server 2003 / XP

Windows Remote Management WinRM and PowerShell 2.0 are two very versatile tools that can greatly increase the manageability of your Windows hosts. Unfortunately it has been somewhat difficult for me locating the most up to date versions of this software. Basically the package available that installs PowerShell 2.0 also includes the WinRM 2.0 release as well. Also available at the link below are WinRM/PowerShell 2.0 releases for Windows Vista and Server 2008 R1.

There is a prerequisite that the computer is running Microsoft .Net Framework 2.0 SP1. I have included a link below to .Net 2.0 SP2:

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=5b2c0358-915b-4eb5-9b1d-10e506da9d0f&displaylang=en

Now you can install the WinRM 2.0/PowerShell 2.0 Management Framework package here:

http://support.microsoft.com/kb/968930

Install Samba Server on Red Hat Enterprise Linux/CentOS/Scientific Linux 6

Recently the latest version of Scientific Linux 6 was released. Scientific Linux is a distribution which uses Red Hat Enterprise Linux as its upstream and aims to be compatible with binaries compiled for Red Hat Enterprise. I am really impressed with the quality of this distro and the timeliness with which updates and security fixes are distributed. Thanks to all the developers and testers on the Scientific Linux team!

In this post I will discuss installing Red Hat Enterprise Linux/CentOS/Scientific Linux 6 as a Samba server. The instructions should also be relevant to other Linux distros including CentOS. This example will rely on a local user database as the mechanism to provide security. In future posts I may discuss more complex scenarios including integrating the Samba server into Windows domains and Active Directory.

Install Open Source VMware Tools on Red Hat Enterprise/CentOS/Scientific Linux 6

VMware now makes a repository available for us to install the VMware tools for a variety of Linux distributions including Red Hat, Scientific, CentOS, and Ubuntu. In this example I will install VMware tools on a Red Hat Enterprise/CentOS/Scientific Linux 6 guest running on a VMware ESXi 4.1 host.

First import the VMware repository GPG signing public keys:

# rpm --import http://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-DSA-KEY.pub
# rpm --import http://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-RSA-KEY.pub

Configure Automount/Autofs on Ubuntu 10.10 Maverick Linux

Automount/autofs is a Linux daemon which allows for behind the scenes mounting and unmounting of NFS exported directories. Basically with autofs NFS shares will be automatically mounted when a user or system attempts to access their resources and disconnected after a period of inactivity. This minimizes the number of active NFS mounts and is generally transparent to users.

First we’ll install autofs and include the NFS client: