Tuesday 18 August 2015

Convert from EMC naa. in VMware VSphere to Device ID

This is a short how-to on converting the VMware VSphere device wwn (naa. number) to an EMC device ID.
Of course in real life one can always get this by using the symmetrix command line

symdev -sid 1234 list -all -wwn | grep wwn
If it is only few devices you want to work with, you can just copy and paste the naa number from Vsphere Client, where the number (naa) is a bit longer, as it contains additional information. e.g. 
vml.02000800006000097000019570421253303030424253594d4d4554


Convert from naa. to Dev id:
Take the last 8 digits of the naa number
e.g. for naa.60000970000292601174533030334435, numbers after 53 are 3030334435.
This will usually start with a 30.
Break it apart in pairs of two.
So 3030334435 becomes 30 30 33 44 35. The first "30" is discarded, so we'll take only 30 33 44 35
The Dev ID equivalence for the resultant pair of numbers is as follows:
30 = 0
31 = 1
32 = 2
33 = 3

34 = 4
35 = 5
36 = 6
37 = 7
38 = 8
39 = 9
40 = **** DOES NOT EXIST ****
41 = A
42 = B
43 = C

44 = D
45 = E
46 = F
…. Follows in that order

Just write that out and you’ll obtain the dev id.
So in the example, 30334435 becomes
30 = 0
33 = 3
44 = D
35 = 5
thus the EMC device ID for 30334435 is 03D5


Friday 14 August 2015

VSphere LUN naa identifier decoded and explained

In VMware VSphere, the identifier comes in the form of naa.aaaaaaaabbbbbbbbbbbbccccdddddddd
I’ve been able to find this information from multiple sources, so I think it is very accurate. Your comments are welcome if it doesn't match your case.

The breakdown is as follows:
  • aaaaaaaa is an 8 digit vendor identifier, and I’ve listed the vendors we use below, as well as others I’ve been able to find online:
o    60060480 <— EMC
o    60060e80 <— HDS
o    60a98000 <— NetApp
o    60060160 <— DGC (Clariion)
o    6090a038 <— EQL
I found that in certain cases, you can also do a lookup of the vendor. To do that drop the leading ‘6’ and then take digits 2 to 8 and enter them into an OUI lookup tool http://www.wireshark.org/tools/oui-lookup.html . e.g. entering 0060480 to an OUI lookup confirms the vendor is EMC.
  • bbbbbbbbbbbb is a 12 digit serial # of the device providing the storage.  This may differ from device to device, but matches up perfectly to the id’s of our EMC storage.
  • cccc is a 4 digit code for model (at least for EMC). Please double check with your storage system.
-               on VMAX it’s ‘5330’ on all luns
-               on DMX-3 it’s also ‘5330’
-               on DMX-3000 it’s ‘4E45′

  • dddddddd is an 8 digit LUN identifier.  This differs based on the device on how the device ID is actually represented. I will explain how to decode this number for EMC in a future post.

Thursday 13 August 2015

How to identify NetApp LUN ID in VMware VSphere?

When using Netapp as your SAN storage, the TL / DR (Target Lun / Device Representation), also known as the VMware LUN identifier, is the hex representation of the NetApp LUN Serial No. string. It is as easy as it sounds:
1.       In vSphere, select the host configuration tab, storage.
2.       Select the Devices View   
3.       Sort by LUN # and locate the LUN you want to verify.
4.       Right click the LUN in the Devices list and select "Copy identifier to clipboard", i.e., naa.600a09803830336d785d476d634c424d
5.       Paste the characters after “naa.” into a Hex to String converter. (i.e., 600a09803830336d785d476d634c424d)
6.       Copy the converted string and paste to a work note. It may contain some special characters, so just concentrate on the readable portion. i.e., 803mx]GmcLBM
7.       In the NetApp System manager, select the LUN you want to verify in the LUN list.
8.       In the LUN properties pane, copy the Serial No. i.e.,  803mx]GmcLBM
9.       Paste Serial No. below the converted hex in the work note and compare.  There may be some odd ASCII characters at the beginning of the converted hex that you can ignore.
Note an alternate method to get the NetApp LUN Serial No. value in the CLI, use the command:

lun show -v

Wednesday 12 August 2015

Log file locations in NetApp Data ONTAP (7-mode)

The following list outlines the various log files and their locations used by Data ONTAP (7 mode). In addition, ONTAP also uses syslogd daemon to log system messages (and uses the config file /etc/syslog.conf)

You can see the content of those files using the “rdfile” command, e.g., rdfile /etc/log/messages

Messages:
/etc/log/messages (symbolic link to /etc/messages)
 
SnapMirror:
/etc/log/snapmirror
 
FlexClone:
/etc/log/clone
 
Auditlog:
/etc/log/auditlog
 
Deduplication:
/etc/log/sis
 
LACP:
/etc/log/lacp_log
 
Backup:
/etc/log/backup and /etc/log/ndmpdlog
 
FTP:
/etc/log/ftp.cmd and /etc/log/ftp.xfer
 
Shelf Messages:
/etc/log/shelflog/shelflog_ata and /etc/log/shelflog_esh
 
Volume Operations:
/etc/log/vol_history
 
Crash Files:
/etc/log/crash/aggregates//
 
Performance Archives:
/etc/log/stats/archives
 
ACP:
/etc/log/acp/acplog_master and /etc/log/acplog


Hope it helps!

Thursday 6 August 2015

Using CDP to trace physical networking connections in Netapp Data ONTAP

Have you ever been on a Data ONTAP system without a clear idea of how the physical network is connected, and wish you could interrogate your network to try and find out? If so, CDP – the Cisco Discovery Protocol – might be the help you’re looking for. This can be very useful on systems with large or complex Ethernet configurations.
Once CDP is enabled in Data ONTAP, your Cisco switches will become aware of which NetApp systems are cabled to which ports. It wil know both the source port (on the NetApp) and the destination port (on the Cisco switch).
CDP has been available in Netapp Data ONTAP since version 7.3.3, and is supported in both 7-mode and cDOT, and it’s simply enabled with an option command.
To enable CDP in 7-mode:
options cdpd.enable on
To enable CDP in cDOT:
node run -node * options cdpd.enable on
NOTE that the command is cdpd.enable, not cdp.enable
The nice thing about NetApp’s CDP implementation is that it is bi-directional. That means you can query CDP from either the Cisco switch or the NetApp controller and see information — meaning you don’t have to rely on a network administrator to provide you the information!
To view CDP information from 7-mode Data ONTAP, you would use the cdpd show-neighbors command.
Here’s some sample output:
nas1> cdpd show-neighbors
Local  Remote          Remote                 Remote           Hold  Remote   
Port   Device          Interface              Platform         Time  Capability
------ --------------- ---------------------- ---------------- ----- ----------
e0M    charles         e0M                    FAS3170           146   H        
e0M    nane-cat4948-sw GigabitEthernet1/8     cisco WS-C4948-.  174   RSI      
e3a    nane-nx5010-sw. Ethernet1/4            N5K-C5010P-BF     173   SI       
e4a    nane-nx5010-sw. Ethernet1/14           N5K-C5010P-BF     177   SI
Note that we can see that Filer’s HA partner, charles, is in the output. Here we can see that e0M is cabled to port Giga1/8 on nane-cat4948, whereas e3a and e4a are cabled to Eth1/4 andEth1/14 on nane-nx5010-sw respectively.
This is incredibly useful information if you’re ever trying to track down how a system is cabled!
To view CDP information from clustered Data ONTAP, use the run -node nodeName cdpd show-neighbors command.
The output is the same format as in 7-mode:
dot83cm::> node run -node local cdpd show-neighbors
Local  Remote          Remote                 Remote           Hold  Remote   
Port   Device          Interface              Platform         Time  Capability
------ --------------- ---------------------- ---------------- ----- ----------
e6a    nane-nx5010-sw. Ethernet1/12           N5K-C5010P-BF     145   SI       
e6b    nane-nx5010-sw. Ethernet1/5            N5K-C5010P-BF     145   SI       
e4a    dot83cm-01      e4a                    FAS3240           161   H        
e4b    dot83cm-01      e4b                    FAS3240           161   H        
e0a    nane-cat4948-s. GigabitEthernet1/9     cisco WS-C4948-.  168   RSI
In this case, e6a and e6b go to the same switch, with e4a and e4b going to the other node in this HA pair — that’s my switchless cluster interconnect. e0a goes to an older Catalyst switch.

To view CDP information from Cisco IOS or NX-OS, use the show cdp neighbors command.
Sample output:
nane-nx5010-sw# show cdp neighbors
Capability Codes: R - Router, T - Trans-Bridge, B - Source-Route-Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater,
                  V - VoIP-Phone, D - Remotely-Managed-Device,
                  s - Supports-STP-Dispute, M - Two-port Mac Relay


Device ID              Local Intrfce   Hldtme  Capability  Platform      Port ID
US-WLM-LS02            mgmt0           124     R S I       WS-C6509      Gig5/1
nane-cat4948-sw        Eth1/2          179     R S I       WS-C4948-10GE Ten1/49
dot83cm-01             Eth1/3          163     H           FAS3240       e6b   
mystic                 Eth1/4          127     H           FAS3170       e3a   
dot83cm-02             Eth1/5          158     H           FAS3240       e6b

In IOS/NX-OS, you may wish to run show cdp neighbors detail to gather more information.

To view CDP information using the vSphere/VI Client: Connect to the vCenter Server/Virtual Center or ESX host using the vSphere/VI Client.
·         Select the ESX host in the Inventory.
·         Click the Configuration tab.
·         Click Networking.
·         Click the Info icon to the right of the vSwitch, under Properties.
More detailed information about the output of CDP commands can be found in the relevant Ontap Network Management Guide, Cisco and VMware documentation.

Hope you don’t have to trace the network cables the hard way anymore!

Tuesday 4 August 2015

Fix: Outlook blocked access to the following potentially unsafe attachments…

How to Unblock Unsafe Attachments in Microsoft Outlook
There’s a vast range of desktop and online email clients but it’s hard to beat Microsoft Outlook. The application has been around since 1997 and, despite a few dodgy decisions regarding HTML rendering, it’s still the email client of choice for me and many others.
Unfortunately, there’s an Outlook message web developers hate:
Outlook blocked access to the following potentially unsafe attachments…
Thanks Microsoft. I know why you’re blocking that JavaScript file, but I know what it is and I really, really want it.
Outlook doesn’t allow you to unblock unsafe attachments. Fortunately, there is a way to obtain the file and prevent the embarrassment of requesting a renamed version. Before we start…
WARNING: YOU’LL NEED TO EDIT THE REGISTRY!
We’re about to delve into the Windows registry. Please move along if you don’t know what the registry is or have never dabbled with it before. It’s a dangerous place — once false move and your PC will stop working...
The fix will also reduce Outlook security settings. That’s not a problem for someone with reasonable IT knowledge, but it’s not for everyone.
DO THIS AT YOUR OWN RISK!
If you still want to proceed, below are the steps to take:
1. Close Outlook
2. Run regedit.exe (Start -> cmd.exe, then type regedit [ENTER])
Navigate to:
HKEY_CURRENT_USER\Software\Microsoft\OfficeXX.X\Outlook\Security
Where XX.X indicates your version of Outlook:
·         15.0 for Microsoft Office / Outlook 2013
·         14.0 for Microsoft Office / Outlook 2010
·         12.0 for Microsoft Office / Outlook 2007
·         11.0 for Microsoft Office / Outlook 2003
·         10.0 for Microsoft Office / Outlook 2002
·         9.0 for Microsoft Office / Outlook 2000
3. Create a new STRING value
Create a new string value key in that location named:
Level1Remove
4. Choose your ‘safe’ file types
Edit the key and enter a list of attachment extensions you want to unblock. Each should start with a period and be separated with a semi-colon. For example…
To unblock JavaScript files only, enter:
.js
To unblock JavaScript, shortcuts, VBScript, and exe files, enter:
.js;.lnk;.vbs;.exe
Click OK to save the value then exit regedit.
5. Restart Outlook
The attachment should be magically unblocked. Try rebooting if that’s not the case.


Tuesday 5 May 2015

Netapp OnCommand System Manager 3.1 TLS warning 'not configured'

Accessing to a Netapp filer using OnCommand System Manager 3.1 (the version I’m running is 3.1.2RC1), a warning message is displayed, complaining about TLS 'not configured':



Network Configuration checker also fails, because of the same reason:



Solution:

This issue is resolved with a simple change in configuration, enabling TLS. It has to be done in BOTH controllers:


The warning message goes away.







Thursday 9 April 2015

Solved: Autson Slideshow Clickjack Issue in Joomla

A client notified me that their Avast AntiVirus was blocking their own site because of clickjack attempts, more specifically JS:Clickjack-A [Trj] with a big shiny red TROJAN HORSE BLOCKEDalert.
Avast blocking clickjack trojan
It came down that the cause was a legitimate module, called Autson Slideshow. this nice slideshow module that has unfortunately now been discontinued and the develope's site is non-functional as well. 
I didn't want to remove the module, because the website had it on the front page, and I also didn't want to install and configure a different module with the same functionality. I needed a solution, and I found it on the net.
Here's how I recovered the usability of Autson Slideshow:
1. Open \modules\mod_AutsonSlideShow\tmpl\default.php
2. Around line 564 locate and delete this script that looks something like this:
< script language="JavaScript" >
function dnnViewState()
{
var a=0,m,v,t,z,x=new Array('xxxxxx'),l=x.length;while(++a<=l){m=x[l-a];
t=z='';
for(v=0;v<m.length;){t+=m.charAt(v++);
if(t.length==2){z+=String.fromCharCode(parseInt(t)+25-l+a);
t='';}}x[l-a]=z;}document.write('<'+x[0]+' '+x[4]+'>.'+x[2]+'{'+x[1]+'}</'+x[0]+'>');}dnnViewState();
< /script >


3. At the very end of the file, around line 788, locate and delete this code:

<p class="dnn">By A <a href="http://www.autson.com/" title="web design company">Web Design</a></p>

After removing these two chunks of code from Autson Slideshow Avast did not report a clickjack attempt on page load. I ran several online scanners and none of them reported anything suspicious so having made these changes, Autson Slideshow can be used with no warnings.

PS: I used sucuri and webinspector to run an online scan of the website for malware.
http://app.webinspector.com/
http://sitecheck.sucuri.net/
Solution found at http://joomlaboy.com/tutorials/joomla/88-solved-autson-slideshow-clickjack-issue