Thursday, December 30, 2010

TMG 2010 Firewall Routing

We are using Microsoft Forefront Threat Management Gateway 2010 in the virtual environment for high availability. It was quite difficult to find documentation on how to route IP addresses and use the firewall. Here is how I setup routing and firewall. I am assuming that you have already installed the software ready to begin.

Step 1. First you need to assign all of the IP addresses to NIC that will eventually be routed through the firewall. This is done in the networking interface and not TMG.

Step 2. Now that you have all of the IP addresses assigned to the NIC you can open the Forefront TMG Console. Click on the Firewall Policy.

Step 3. Click on the "Publish Non-Web Server Protocols". Then create a name for the rule.

Step 4. Now enter the IP address for the server within the NAT pool/behind the firewall.

Step 5. Now choose the port that you want to forward. You will need to create a rule for each port you want to forward.

Step 6. Network Listener, choose External and then click Address.

Step 7. Choose the external address you want this port and ip.

Step 8. Your rule is now complete.

You will now need to update the TMG access rule and you can then test the routing and port.

Wednesday, December 29, 2010

XenDesktop 5 on vSphere 4.1 (Part 1.)

I recently upgraded our XenDesktop 4 lab to XenDesktop 5 to show off some of the new features. As with the last lab I am using VMware's vCenter 4.1 which is the most recent version at the time of this post. I am using the Express version since my lab will be small. Here are my notes for the install:

Software Used:
  • Windows 2008 R2 x64 - This will be the Citrix broker for the desktops and the web server.
  • Windows 7 x86 - This will be the desktop we are connecting to with the Citrix plugin.
  • Windows Active Directory - I will not be going through the setup in this walk through.
  • vSphere 4.1 & vCenter 4.1 - This should be configured prior to this walk through.

Step 1. Windows 2008 R2 / Citrix Delivery Controller - I assume that you have installed VMware Tools, joined the server to the existing Active Directory and ready to install the Xen Broker. I have ISO mounting software and will transfer the XenDesktop5.iso to the desktop to run the installer.

Step 2. Windows 7 Virtual Desktop. Now transfer the XenDesktop5.iso to the Windows 7 Desktop. Now install the Desktop components.

Now that you have the broker setup and the master image you will need to configure the broker to host the VDI images. Please check out the Configure XenBroker posting.

VDI Desktop Setup for Performance

When building Windows 7 VDI master images you might find that these changes will help you get the most out of your Windows 7 clones. While this list is not complete it will help you get started. If you have any addition you think should be added please post them.

Disable Windows Autoupdate

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000001
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
"Start"=dword:00000004
Disable Offline Files

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache]
"Enabled"=dword:00000000
Disable Disk Defragmentation BootOptimizeFunction

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction]
"Enable"="N"
Disable Background Layout Service

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OptimalLayout]
"EnableAutoLayout"=dword:00000000
Disable System Restore

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000001
Disable Last Access Time Stamp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
"NtfsDisableLastAccessUpdate"=dword:00000001
Disable Hibernate

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power]
Various keys and values are set according to the version of Windows detected.
Disable CrashDump

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl]
"CrashDumpEnabled"=dword:00000000
"LogEvent"=dword:00000000
"SendAlert"=dword:00000000
Disable Indexing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cisvc]
"Start"=dword:00000004
Reduce Event Log File Size to 64 kB

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
“MaxSize"=dword:00010000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security]
"MaxSize"=dword:00010000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System]
"MaxSize"=dword:00010000
Reduce Internet Explorer Temporary File Cache

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CacheLimit"=dword:00000400 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Content]
"CacheLimit"=dword:00000400 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CacheLimit"=dword:00000400
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Content]
"CacheLimit"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths"=dword:00000004
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit"=dword:00000100
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit"=dword:00000100
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit"=dword:00000100
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit"=dword:00000100
Disable Clear Page File at Shutdown

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"ClearPageFileAtShutdown"=dword:00000000
Disable Superfetch (Windows Vista and Windows 7 Only)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysMain]
"Start"=dword:00000004
Disable Windows Defender (Windows Vista and Windows 7 Only)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=hex(2):00
Disable Windows Search (Windows Vista and Windows 7 Only)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WSearch]
"Start"=dword:00000004
Disable Scheduled Disk Defragmentation (Windows Vista and Windows 7 Only) Programmatic optimization. Additional Optimizations Available When Running the Tool Manually Disable Move to Recycle Bin (Windows XP)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BitBucket]
“UseGlobalSettings"=dword:00000001
"NukeOnDelete"=dword:00000001
Disable Move to Recycle Bin (Windows Vista and Windows 7)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoRecycleFiles"=dword:00000001
Disable Machine Account Password Changes

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"DisablePasswordChange"=dword:00000001
Disable UDP Checksum Offload (Only When a Broadcom NIC Is Detected)
Programmatic optimization.

For more information from Citrix/VMware follow the link(s) below:

http://support.citrix.com/article/CTX125874

Monday, December 27, 2010

XenDesktop 4 on vSphere 4.1

I recently setup a XenDesktop 4 lab to show our customers the difference between both VMware's View 4.5 and XenDesktop 4. I am using VMware's vCenter 4.1 which is the most recent version at the time of this post. I am using the Express version since my lab will be small. Here are my notes for the install:

Software Used:
  • Windows 2003 x86 - This will be the Citrix broker for the desktops and the web server.
  • Windows 7 x86 - This will be the desktop we are connecting to with the Citrix plugin.
  • Windows Active Directory - I will not be going through the setup in this walk through.
  • vSphere 4.1 & vCenter 4.1 - This should be configured prior to this walk through.
Step 1. Windows 2003 / Citrix Delivery Controller - I assume that you have installed VMware Tools, joined the server to the existing Active Directory and ready to install the Xen Broker. I have ISO mounting software and will transfer the DDC_VDA.iso to the desktop to run the installer.


Step 2. Windows 7 Desktop - Once you have all of the updates load on the Windows desktop then you need to mount the DDC_VDA and install the Desktop Components like you did for the Windows 2003 Server. Then once installed and rebooted you need to install the update for the XenDesktop which you downloaded.

Step 3. vCenter 4.1 SDK setup - Log into the vCenter Server and navigate to the folder where the proxy.xml file is located. "c:\ProgramData\VMware\VMware Virtual Center\". It is probably in your best interest to make a backup of the file before you make any changes. Now using WordPad open the proxy.xml. Look for the following:
<e id="5">
     <_type>vim.ProxyService.LocalServiceSpec</_type>
     <accessMode>httpAndHttps</accessMode>
     <port>8085</port>
     <serverNamespace>/sdk</serverNamespace>
</e>
Make sure that the is set to httpAndHttps like the above code. Then save and restart the vCenter Service in the Windows services section.

Step 4. Configure the Delivery Controller - Now that we have the SDK proxy setup properly we can now configure the pools for the desktop(s).

Thursday, December 16, 2010

List User Accounts

If you want to get a list of users on the Linux box you can find out using the following.
cat /etc/passwd

Create a system user

If you have a need to create a new system user for things like Mongrel use the commands below.

adduser [--home DIR] [--shell SHELL] [--no-create-home] [--uid ID]
[--firstuid ID] [--lastuid ID] [--gecos GECOS] [--ingroup GROUP | --gid ID]
[--disabled-password] [--disabled-login] [--encrypt-home] USER
   Add a normal user

adduser --system [--home DIR] [--shell SHELL] [--no-create-home] [--uid ID]
[--gecos GECOS] [--group | --ingroup GROUP | --gid ID] [--disabled-password]
[--disabled-login] USER
   Add a system user

adduser --group [--gid ID] GROUP
addgroup [--gid ID] GROUP
   Add a user group

addgroup --system [--gid ID] GROUP
   Add a system group

adduser USER GROUP
   Add an existing user to an existing group

general options:
  --quiet | -q      don't give process information to stdout
  --force-badname   allow usernames which do not match the
                    NAME_REGEX[_SYSTEM] configuration variable
  --help | -h       usage message
  --version | -v    version number and copyright
  --conf | -c FILE  use FILE as configuration file

Tuesday, December 14, 2010

Install previous rails version

If you want to install previous version of Rails here is the code needed. Just replace the version you are looking for.
gem install rails --version=1.1.6

Raspberry Pi Zero W - Wireless Configuation

create the file under "boot" folder wpa_supplicant.conf country=GB ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev u...