Import VM into AWS cloud from VMware(on-Prime)

  1. Install AWS CLI and configure access key id and secret access key.

  1. Create S3 bucket where we can upload VM
  2. Create Role for VM Import (vmimport)
  3. Edit trust relationship on newly create Role name vmimport

 

{

“Version”: “2012-10-17”,

“Statement”: [

{

“Effect”: “Allow”,

“Principal”: { “Service”: “vmie.amazonaws.com” },

“Action”: “sts:AssumeRole”,

“Condition”: {

“StringEquals”:{

“sts:Externalid”: “vmimport”

}

}

}

]

}

 

  1. Remove VMware tools from the VM under VMware
  2. Create user in the VM server that would be used to take remote access
  3. Configure Dynamic IP Address DHCP for NIC under VM
  4. Shutdown VM and Export as OVA
  5. Upload the OVF into S3 Bucket
  6. Open AWS CLI and run command to import the image from S3 to AMI

aws ec2 import-image –description “Demo OVA” –license-type byol –disk-container file://D:/containers.json

 

The following is an example containers.json file.

[

{

“Description”: “Demo OVA“,

“Format”: “ova”,

“UserBucket”: {

“S3Bucket”: “my-import-bucket“,

“S3Key”: “my-windows-2012-vm.ova

}

}]

 

To check status

aws ec2 describe-import-image-tasks –import-task-ids “import-ami-fgtji74a”

 

You can then create EC2 instance from this imported AMI.

 

 

 

 

 

 

Advertisements

Site To Site VPN Between AWS and SonicWALL

VPN (Virtual Private Network) technology can help to create and encrypt a connection between LAN networks over the Internet. Also, local resource either on AWS or behind SonicWALL can be accessed securely through Site to Site VPN.

In this blog, we are showing how to create a VPN between AWS and SonicWALL UTM.

Create and configure VPN :

1. Login to AWS account.
2. Open Services then select VPC.

AWS account interface

3. To create new VPC, this will act as mater subnet, click Your VPCs then hit Create VPC.

Create new VPC

4. Put relevant Name tag, put IP in IPv4 CIDR block, no IPv6, and Tenancy as Default and click the button YesCreate.

IPv4 CIDR block

5. Now go to Subnets and click Create Subnet.

Create-Subnet

6. Put relevant Name tagSelect VPC created earlierAvailability Zone, mention required IPv4 CIDR block and click the button YesCreate.

Hint : IPv4 CIDR block can be any subset of VPC subnet or it could be same as VPC subnet.

IPv4 CIDR block

7. Go to Customer Gateways and click on Create Customer Gateway.

Create Customer Gateway

8. Put relevant Name, select Routing as Static, put IP device as IP Address and click Create Customer Gateway.

 IP Address and click Create Customer Gateway

9. Go to Virtual Private Gateways and click Create Virtual Private Gateway.

Virtual Private Gateway

10. Put relevant Name, select Amazon default ASN and click button Create Virtual Private Gateway.

Amazon default ASN and click button Create Virtual Private Gateway

11. Go to VPN Connections and click Create VPN Connection.

click Create VPN Connection

12.  Mention relevant Name tag and select the Virtual Private Gateway created in step 10.

select the Virtual Private Gateway created

13. Now select Customer Gateway as Existing and select the Customer Gateway ID which was created in step 8.

Customer Gateway ID

14. Select Routing Options as Static.

15. Mention internal network (LAN) behind the SonicWALL as Static IP Prefixes. This will create routes to the network behind the SonicWALL.

network behind the SonicWALL

16. Leave the Tunnel Options blank and click Create VPN Connection, AWS will generate these for you.

Create VPN Connection

17. Now go to Route Tables > Select the required Route Table > under the tab Route Propagation > click Edit.

Route Tables

18. Enable route propagation for Virtual Private Gateway by putting check mark and click Save.

Virtual Private Gateway

19. Go to VPN Connections > Select required VPN and Select Download Configuration.

VPN Connections

20. On the Download Configuration window, select Vendor as GenericPlatform as Generic, and Software as Vendor Agnostic and click Download button.

Download Configuration window

NOTE: Download the file and open it in any text editor software, Notepad++ recommended.

21. Now login to SonicWALL Web console and create address object for AWS subnet (AWS VPC).

SonicWALL Web console

22.  Navigate to VPN > Settings and click Add.

Navigate to VPN

23. Under General TabPolicy Type as Site to SiteAuthentication Method as PSK, any relevant name.

24. Go back to the AWS VPN file, navigate to section “IPSec Tunnel #1”, search for “Virtual Private Gateway” and copy the IP to IPsec Primary Gateway.

25. Under section “IPSec Tunnel #1”, search for “Pre-Shared Key” and copy the key as Shared Secret.

Pre-Shared-Key

26. Go to tab Network.

27. Select Any address for Local Networks and select the AWS subnet (created in step 23) as destination network.

Note : It is compulsory to select the local networks as Any address, else traffic will not pass. Verified on SonicOS Enhanced 6.2.7.1-23n

Local-Networks

28. Go to Proposals tab, select Main Mode for Exchange.

29. Go back to the AWS VPN file, under section “IPSec Tunnel #1”, search for “DiffieHellman” and match the same on SonicWALL.

30. Search for “Encryption Algorithm”, “Authentication Algorithm” and “Lifetime” and match the same on SonicWALL.

Authentication Algorithm

 

31. For “Ipsec (Phase 2) Proposal”, Go back to the AWS VPN file, under section “#2: IPSec Configuration”, search for “Protocol”, “Encryption Algorithm”, “Authentication Algorithm” and match the same on SonicWALL.

 

32. In SonicWALL enable Perfect Forward Secrecy and search for “Perfect Forward Secrecy” in AWS file, and match the DH Group on SonicWALL.

33. Search for “Lifetime” in AWS file, and match the same on SonicWALL.

34. Click OK to create the Tunnel.

35. To Verify go to VPN > Settings and check for Green mark, access the traffic between the sites.

VPN security

Recover Failed/Dead Exchange Server 2013

 

Recover an Exchange Server

You can recover a lost server by using the Setup /m:RecoverServer switch in Microsoft Exchange Server 2013. Most of the settings for a computer running Exchange 2013 are stored in Active Directory. The /m:RecoverServer switch rebuilds an Exchange server with the same name by using the settings and other information stored in Active Directory.

Recovering a lost Exchange server is often accomplished by using new hardware. However, you can also use an existing server.

 

  1. Install Windows OS and give same IP as previous (failed Exchange).

1

 

2. Reset Domain account as shown in below image.

2

 

3. Join Domain with same computer name as previous.

4.Drives letters must be same a previous installation.

You can view previous installation path from adsiedit.msc

 

3

 

 

 

 

  1. Create Drive Letter and Folder path for Datebase(.edb) and logs accordingly. You can get that from Adsiedit.msc

 

And restore .EDB file from backup on that folder.

4

 

5

 

 

 

 

 

  1. Install Exchange 2013 Prerequisites.

 

  1. Install Exchange 2013 with /m:RecoverServer

 

Setup /m:RecoverServer /IAcceptExchangeServerLicenseTerms

 

 

 

 

6

Now check Exchange Server Services.

Move Database and Log Folder Path in Exchange 2013

Move Database and Log Folder Path in Exchange 2013

To view current list of databases type Get-MailboxDatabase cmdlet in EMS.

1

By default Exchange Database location is under C:\Program Files\Microsoft\Exchange Server\V15\Mailbox\ which is definitely not recommended place to store the Mailbox database.

It is always recommended to store Exchange Database and Logs on a different drive other than C:\ Drive.

 

Here, I will move both database and logs to F drive.

Before you proceed please be aware that:

  • the command must be run while logged on to the mailbox server hosting the database
  • this process requires that the database be dismounted while the move takes place, making it unavailable for mailbox users
  • this process should not be followed for databases that are replicated within a Database Availability Group
  • this process cannot be run at the same time as a backup is in progress

 

Move-Databasepath “Mailbox Database 0587117746″ -EdbFilepath “F:\ExchangeDB\Mailbox Database 0587117746.edb” -LogFolderpath “F:\ExchangeLog”

2

Now let’s verify if the database has changed its location. Run the following cmdlet again.

Get-MailboxDatabase | FL Name,*Path*

3

Delete Unisphere Logs

I was getting below event in my VNX 5300 System Alerts.And it was something like logs are getting full.So have to delete it.

Severity : Critical
System : VNXFILE-CS0
Domain : Local
Created : Mar 18, 2015 2:03:01 AM
Message : dskMon[17374]: FS /dev/mapper/emc_vg_lun_5-emc_lv_nas_var_emcsupport mounted on /nbsnas/var/emcsupport filling up (at 91%, max = 90%).
Full Description : The specified feature detected a potential space capacity issue for the specified device name and mount point. This issue may need the attention of the system administrator.
Recommended Action : Verify that the mount point’s condition has reached cautionary levels. Identify whether there is any free space available, and if it can be returned to the mount point. For example, remove unnecessary files or move areas of this mount point onto other, less full mount points on the system. If you cannot reduce the space consumption on this mount point, you might want to expand the mount point to gain additional space. Contact your Authorized Service Provider if you need assistance.
Event Code : 0x1260180018

To fix this…

1. ssh/telnet into the pirmary control station as nasadmin or root. We will be creating a file for the user nasadmin.

2. Change directory to the /nas/log/webui directory. This directory rsync’s with another log directory in /nbsnas

[nasadmin@CS0 /]# cd/nas/log/webui

3. Delete all alert_log files. I would suggest using tar to back them up first.

[nasadmin@CS0 /]# rm alert_log*

4. Recreate the alert_log file and apply the approriate ownership/permissions

[nasadmin@CS0 /]# touch alert_log

[nasadmin@CS0 /]# chmod 664 alert_log

[nasadmin@CS0 /]# chown nasadmin:nasadmin alert_log

 

DAG Required Same Drive Latter for Database & Logs- Change the drive letter that holds the Exchange 2010 databases or logs

1. Dismount the databases which reside on the drive you want to change

2. Open computer management and change the drive letter to whatever you want

3. Open the Exchange Shell and use the Move-DatabasePath CMDLET with the -ConfigurationOnly switch

4. The command would be

Move-DatabasePath -Identity “Database Name” -EdbFilePath “X:\Exchange Databases\DB1.edb” –LogFolderPath “Y:\Exchange Logs\DB1” -ConfigurationOnly

5. You should now be able to mount the databases again because Exchange will have updated itself and look for the new drive letters

6. You may need to restart the MS Exchange Search Indexer service for the index files to start appearing on the new drives instead of the olds ones, or leave it to catch up!