Introduction to Storage Area Network (SAN) -Part1

As we all know Information is the basic Asset for any Company . It is the currency of business as we may say  . So to ensure That business delivers the expected results they must have access to accurate information and without delay. Here come The SAN which has been regarded as the ultimate responses to all these need.

The Major Subjects That Ringed the Storage precedence 

1-Infrastructure Simplification: Consolidation(many servers in one server) ,Virtualization,Automated Management

2-information lifecycle Management : Managing data through lifecycle to conception until  Disposal in a manner that optimizes storage and lower The cost

3-Buisness Continuity: Maintaining access to data all the times and protecting Critical data

4-The increase of amount of data used by 60% per year Makes the SAN enters the arena

SO What is SAN ?

SANs are the leading storage infrastructure for the

global economy of today. SANs offer simplified storage management, scalability,

flexibility, availability, and improved data access, movement, and backup.

The storage Network Industry Association (SNIA) Defines The SAN as any Network whose primary purpose is to transfer data between computer  systems and storage elements . So it is not as people always think that SAN must be a Fiber it can be Ethernet if its primary purpose to provide access to storage Elements is also considered SAN. Also SAN are sometimes  used for system interconnection in clusters to increase the computing power.

A SAN can also be the whole storage system which consists of storage elements Storage Devices, Computer Systems , all control software , communicating over the Network.

SAN can use routers, gateways, hubs , switches and directors to allow any device to any device connection across the network as it eliminates the traditional connection between the server and the storage. So SAN can be local or extended over geographical distances.

SAN enables many servers to share a common storage utility, which may comprise many storage devices including disk, tape, Optical Storage and the storage utility may be located far from the servers that use it.

There are 3 ways SAN uses in data Transfer

1-Server to storage : Many servers access same storage

2-Server to Server: SAN for high High-speed , High volume communication between Servers .

3-Storage to Storage : This the best Technique in data transfers as you don’t need server intervention in backing up the data or when a remote device mirroring is done across the SAN.

We will stop  at this part and Continue in Part2

Mina Samir fahmy

Associate infrastructure Associate at Ingazat information Technology

Twitter : @Eng_Minasamir

Desktop Virtualization overview

This article is my first article about Desktop Virtualization i used some info from Citrix.com and Their latest webcast by John Fanelli (Vice President, Product Marketing, Enterprise desktop, Citrix Systems,Inc)

When you enter the business of IT and Infrastructure you will found out that your target is  to get in the head of the CEO of any company, you need to know what he needs , his priorities , also his vision ,then you start thinking how can i satisfies him how i can grow up his business through IT, How can i help him, So as we speaking here are the most common priorities for any CEO:

1-Opening New branch office

2-Attracting New Employees

3-Aquiring New Companies

4-Outsourcing Key IT

Their big problem is to expand Their IT infrastructure and to buy new hardware .Also They face a lot of problems linking their branches.

 

Why Traditional Desktop Can’t address Their Priorities

1-      Complex on-site Infrastructure

2-      Limited workspace flexibility

3-      Move, Adds, Change Can Take Weeks

4-      Hard to secure Distributed Assets: Since Most of Clients is now laptops so you can’t secure moving client like this.

After the social Media Revolution and the Smart phones, Tablets Revolution New Generation Of workers have come up:

1-Uses Web based applications.

2-Have New Expectation of how IT can look like.

3-Have the concept of bringing your own computer.

4-Expecting Certain User Experience

Cosumerization

Consumerization : it all starts with the Device, the user is expecting something different from what he experienced in the device he uses also cons. Note that:

1-These Devices are Mobile

2-They can connect from any where

3-The User Experience on this Devices is great ,Touches ,the gestures,swipes ex..

Consumerization is not all about hardware it is about the service the user use.File storage on the cloud is a service highly used nowadays because it is so easy and user think it is secure

.

Also user is now getting used to self Service like going to ATM machine and using his CARD to cash out money he don’t need help anymore.The most important thing to him now is the service he needs a service he goes online and search for it and subscribe and begin use it and this puts the load on IT stuff who need to meet the user Expectation.

Traditional desktops is complex ,Inflexible,hard to secure.

In the mean Time IT has This user stack to take care of. And has a lot of Problems Maintaining and  Making This stack stable at all time.

So at Desktop Virtualization we do some changes with this stack we move it to the admin side and now Admins Deliver the Fresh OS combined with the users preferences and Applications.

It is a win-win situation for the IT and the users .Now it is easy for IT to Maintain and control Desktops and it is easy for Users to go Mobile and have their own Choice.

IT can update, Secure, Change, move Desktops easily in their data center Environment.

Summing Up why to Go Virtual!!?

1-Virtual is Simpler, Faster, Secure.

2-Enable Virtual Work-styles.

3-Leverage The latest Mobile Devices

4-Rabildly adapt the business change

5-Transform computer Computing

When you come to real market implementation of Desktop Virtualization you find out Great result:

“We believe we are one of the first, if not the first, bank to run a virtualized trading floor. Feedback from both traders and non-traders on performance and usability has been outstanding”     —Group senior level Executive – Leading Global bank

“With Citrix Desktop Virtualization, we were able to get 25000 new employees from an acquisition up-and-running on more than 20 financial applications in a single day”

–senior Director of technical service

Some Results and Benefits gained from Using DV in real business:

1-Deliever Rich Desktop virtualization and integrated business Critical Multimedia collaboration tools.

2-Overall Energy Consumption Reduction of 55%

3-Enabling Secure desktop delivery to mobile devices including IPads.

4-Achieving Windows7 compatibility for legacy applications.

5-Accelerated Key business processes from hours to Minutes.

6-Ensuring Seamless continuity of any service.

Hope you enjoyed My first Article and I will post part 2 so soon.

Mina Samir Fahmy

Associate Consultant @ Ingazat Information Technology

Mina.samir@Ingazat.com

Continue reading →

Enabling Enhanced Presence Privacy Mode in Lync 2010

Here is a nice trick in Lync Server 2010 , with Enhanced Presence Privacy Mode on in Lync 2010 , users can restrict their presence information to people in their contact list only.

here is how to do it :

1. Open Lync Server 2010 Management Shell.
2. Run the following command:

   Get-CsPrivacyConfiguration | Set-CsPrivacyConfiguration -EnablePrivacyMode $True

However in a Migration/Coexistence scenario this setting apply only to Lync users, not OCS users so be ware of this.

That’s it folks ! see you next time 🙂

Moving your Lync Server 2010 CMS to Another Server

While I was working in a lab, I wanted to deploy another Frontend Server, move CMS and decommission the old Frontend; however there are some steps you must follow to accomplish

1. From the Topology Builder Create New FE and publish
2. Install your new front end server
3. Move Conference Directory to the other frontend server by running the following PS Command : Get-CsConferenceDirectory | Move-CsConferenceDirectory -TargetPool atl-cs-002.litwareinc.com
4. verify that you have used local setup to run the Prepare Standard Edition server option to install CMS SQLRTC instance
5. Run the following PS command to install the CMS database Install-CSDatabase -CentralManagementDatabase -SqlServerFqdn atl-sql-001.litwareinc.com -SqlInstanceName rtc
6. Run Enable-CsTopology
7. Run the following PS command Move-CsManagementServer it will search for available pools and provide you with options to move the CMS
8. In case of Disaster recovery run the following PS Command Move-CsManagementServer -ConfigurationFileName “C:\CsConfiguration.xml” -LisConfigurationFileName “C:\CsLisConfiguration.xml” –Force Where the LisConfigurationFileName is previously saved E9-1-1 backup file (if you are using E9-11); and ConfigurationFileName is your previously saved configuration backup file.

 

How to Remove OCS 2007 R2 Users Information from AD

so it’s been a long time since we posted anything here, but we are back active stay tuned with us, promise you will find interesting things here.

so you’ve decided to try Lync Server 2010. Good Call !! but the problem that you have old OCS 2007 R2 pilot and it was decommissioned long time ago and you have users still enabled or so their information says so in Active Directory.

you have to import Legacy Voice Policy from OCS 2007 R2 to Lync Side but the problem is there is no OCS gone with the wind. when you want to enable users for Lync 2010 and Lync still recognizes them as legacy users as Lync reads their information from AD, all you have to do is the following :

Open ADSIEdit , point to where your users reside , right click on your user and select properties and clear the following attributes :

msRTCSIP-PrimaryHomeServer
msRTCSIP-PrimaryUserAddress
also change the msRTCSIP-User Enabled to “Not Set”

That’s It !! now you are good to go to enable your users

Happy Lync 2010 !!

Exchange 2010 Storage Architecture – Level 300 – Arabic Session

http://vimeo.com/11189186

DPM agent installing Error 337

During  installing DPM agent on DOM client, you will may be facing the below error :-

Error 337: You cannot install the protection agent on server.domain.local because access to the computer has been denied

This error means that client is already protected by another DPM server. So, if you want to protect it with

The newer DPM server, you must firstly uninstall DPM agent from this client and then installing the new DPM agent

From the newer DPM server.

So, it means that any DPM client can’t be protected by more than one DPM server.

Publishing application through terminal services

The most popular question facing any system administrator is how to publish application which depends on additional tools through terminal services?

And if there is any a ability to publish any application from terminal services server without installing the application on it?

For the first question, if you want to publish any application which needs to setup any additional tools like oracle Jinitiator, before initiating that application on terminal services server,

You must setup that j-initiator firstly and then setup that application. But how to setup that additional tools?

1-      Go to run from start menu

2-      Type cmd

3-      In cmd window, type the next command:

Change user /install

4-      Press enter

5-      After installing, type the next command:

Change user /execute

For the second question, the clear answer is yes. You can publish any application without needing to install the server side of that application on terminal services server and only you need

To install the client version of that application. I mean that if you want to run a reporting application like (Wellview), you are not in need to install the server version of it, but you just need to install

The client version as you do on any user PC. And after that, you will be publish and run the application through terminal services server.

Exchange 2010 – CAS Architecture – Level 300 – Part 2

http://vimeo.com/11189975

Load Balancing Exchange 2010 Using Cisco ACE – Part 1

Hi , it is been a while since I posted in our blog . In this article we will talk about Load balancing CAS Servers in Exchange 2010 using Cisco ACE 4710. So let’s get started.

First we will need to talk about some terminologies and concepts.

Stickiness:

Also Called Persistence or Affinity , it is the ability to “Stick” the connection to the same Real Server  for the client, for example imagine a web site for banking or e-Trading the requests from the Client has to go to the same Real Server until the client disconnects or ends the session.

Sticky Types

The ACE appliance supports stickiness based on:

• HTTP cookies

Client cookies uniquely identify clients to the ACE and the servers providing content. A cookie is a small data structure within the HTTP header that is used by a server to deliver data to a Web client and request that the client between the client and the server.

When the ACE examines a request for content and determines through policy matching that the content is sticky, it examines any cookie or URL present in the content request. The ACE uses the information in the cookie or URL to direct the content request to the appropriate server.

The ACE supports the following types of cookie stickiness:

• Dynamic cookie learning

You can configure the ACE to look for a specific cookie name and automatically learn its value either from the client request HTTP header or from the server Set-Cookie message in the server response. Dynamic cookie learning is useful when dealing with applications that store more than just the session ID or user ID within the same cookie. Only very specific bytes of the cookie value are relevant to stickiness.

By default, the ACE learns the entire cookie value. You can optionally specify an offset and length to instruct the ACE to learn only a portion of the cookie value.

Alternatively, you can specify a secondary cookie value that appears in the URL string in the HTTP request. This option instructs the ACE to search for (and eventually learn or stick to) the cookie information as part of the URL. URL learning is useful with applications that insert cookie information as part of the HTTP URL. In some cases, you can use this feature to work around clients that reject cookies.

• Cookie insert

The ACE inserts the cookie on behalf of the server upon the return request, so that the ACE can perform cookie stickiness even when the servers are not configured to set cookies. The cookie contains information that the ACE uses to ensure persistence to a specific real server.

• HTTP headers

You can use HTTP-header information to provide stickiness. With HTTP header stickiness, you can specify a header offset to provide stickiness based on a unique portion of the HTTP header

• IP addresses

You can use the source IP address, the destination IP address, or both to uniquely identify individual clients and their requests for stickiness purposes based on their IP netmask. However, if an enterprise or a service provider uses a megaproxy to establish client connections to the Internet, the source IP address no longer is a reliable indicator of the true source of the request. In this case, you can use cookies or one of the other sticky methods to ensure session persistence.

• HTTP content

allows you to stick a client to a server based on the content of an HTTP packet. You can specify a beginning pattern and ending pattern, the number of bytes to parse, and an offset that specifies how many bytes to ignore from the beginning of the data

• Layer 4 payloads

Layer 4 payload stickiness allows you to stick a client to a server based on the data in Layer 4 frames. You can specify a beginning pattern and ending pattern, the number of bytes to parse, and an offset that specifies how many bytes to ignore from the beginning of the data.

• RADIUS attributes

RADIUS stickiness can be based on the following RADIUS attributes:

•Calling station ID

•Username

• RTSP headers

RTSP stickiness is based on information in the RTSP session header. With RTSP header stickiness, you can specify a header offset to provide stickiness based on a unique portion of the RTSP header.

*Real Time Streaming Protocol (RTSP) is a network control protocol designed for use in entertainment and communications systems to control streaming media servers. The protocol is used to establish and control media sessions between end points.

• SIP headers

SIP header stickiness is based on the SIP Call-ID header field. SIP header stickiness requires the entire SIP header, so you cannot specify an offset.

*Session Initiation Protocol (SIP) is a signaling protocol, widely used for controlling multimedia communication sessions such as voice and video calls over Internet Protocol (IP).

Access the ACE CLI using HyperTerminal for Windows by following these steps:

1. Launch HyperTerminal.

2. Enter a name for your connection in the Name field.

3. Click OK.

4. From the Connect using drop-down list, choose the COM

port to which the device is connected.

5. Click OK.

6. Set the port properties:

Bits per second = 9600

Data bits = 8

Parity = none

Stop bits = 1

Flow control = None

7. Click OK to connect.

1.At the login prompt, log into the ACE by entering the login username admin and password. By default, the username and password are admin. For example, enter:

Starting sysmgr processes.. Please wait…Done!!!

switch login: admin

Password: admin

2. At the Enter the new password for “admin”: prompt, change the default Admin password. If you do not change the default Admin password, after you upgrade the ACE software you will only be able to log in to the ACE through the console port.

Enter the new password for “admin”: xxxxx

Confirm the new password for “admin”: xxxxx

admin user password successfully changed.

3. At the Enter the new password for “www”: prompt, change the default www user password. If you do change the default www user password, the www user will be disabled and you will not be able to use Extensible Markup Language (XML) to remotely configure an ACE until you change the default www user password.

Enter the new password for “www”: xxxxx

Confirm the new password for “www”: xxxxx

www user password successfully changed.

Caution At this point, you should consider whether you plan to configure the ACE using the Device Manager GUI or using the CLI. If you have a trunking network setup, or if your VLAN 1000 has been used, you should bypass the following setup script and use the CLI

4. At the “Would you like to enter the basic configuration dialog? (yes/no)” prompt, press Enter to continue the setup. To bypass setup and directly access the CLI, type no.

Would you like to enter the basic configuration dialog? (yes/no) [y]:

Note The ACE provides a default response in brackets [ ] for each question in the setup script. Accept the default response to a configuration prompt by pressing Enter.

5. Select port 1 to carry management VLAN communication by pressing Enter.

Enter the Ethernet port number to be used as the management port (1-4):? [1]:

6. Assign an IP address for the management VLAN interface by entering 172.25.91.110.

Enter the management port IP Address (n.n.n.n): [192.168.1.10]: 172.25.91.110

7. Accept the default subnet mask for the management VLAN interface by pressing Enter.

Enter the management port Netmask(n.n.n.n): [255.255.255.0]:

8. Assign the IP address of the gateway router (the next-hop address for this route) by entering 172.25.91.1.

Enter the default route next hop IP Address (n.n.n.n) or <enter> to skip this step: 172.25.91.1

9. Examine the entered values.

Summary of entered values:

Management Port: 1

Ip address 172.25.91.110

Netmask: 255.255.255.0

Default Route: 172.25.91.1

10. Review the configuration details by pressing d.

Submit the configuration including security settings to the ACE Appliance? (yes/no/details): [y]:

interface gigabitEthernet 1/3

switchport access vlan 1000

no shut

access-list ALL extended permit ip any any

class-map type management

match-any remote_access

match protocol xml-https any

match protocol dm-telnet any

match protocol icmp any

match protocol telnet any

match protocol ssh any

match protocol http any

match protocol https any

match protocol snmp any

policy-map type management first-match remote_mgmt_allow_policy

class remote_access

permit

interface vlan 1000

ip address 172.25.91.110 255.255.255.0

access-group input ALL

service-policy input remote_mgmt_allow_policy

no shutdown

ssh key rsa

ip route 0.0.0.0 0.0.0.0 172.25.91.1

11. Accept this configuration by pressing Enter; otherwise, press n.

Submit the configuration including security settings to the ACE Appliance? (yes/no/details): [y]:

12. After you select y, the following message appears.

Configuration successfully applied. You can now manage this ACE Appliance by entering the url ‘https://172.25.91.110′ into a web browser to access the Device Manager GUI.

After you have completed the setup script, the command prompt appears.

switch/Admin#

After you specify a Gigabit Ethernet port, port mode, and management VLAN, the setup script automatically applies the following default configuration:

• A Management VLAN is allocated to the specified Ethernet port.

• An extended IP access list that allows IP traffic originating from any other host addresses.

• A traffic classification is created for management protocols HTTP, HTTPS, ICMP, SSH, Telnet, and XML-HTTPS. HTTPS is dedicated to connectivity with the Device Manager GUI.

• A VLAN interface is configured on the ACE.

Assigning a Name to the ACE

The hostname is used for the command-line prompts and default configuration filenames. When you establish sessions to multiple devices, the hostname helps you keep track of which ACE you are entering commands to. By default, the hostname for the ACE is switch.

For example, change the hostname of the ACE from switch to host1 by entering:

switch/Admin# Config

switch/Admin(config)# hostname host1

The prompt appears with the new hostname.

host1/Admin(config)#

Logging in to the ACE

You can access the ACE Device Manager GUI through a web-based interface. Log in to the Device Manager by following these steps:

1. Navigate to the ACE Device Manager by entering the secure HTTPS address or hostname of the ACE in the address field of a web browser. For the example setup shown earlier in Figure 1, enter:

https://172.25.91.110/

2. Click Yes at the prompt to accept (trust) and install the signed certificate from Cisco Systems, Inc. To avoid having to approve the signed certificate every time you log in to the Device Manager, accept the certificate.

• 3. In the User Name field, type admin for the admin user account.
• 4. In the Password field, type the new password that you entered
• 5. Click Login. The default window that appears is the Virtual Contexts window with the Admin context listed, as shown in Figure 7.

• Virtual Contexts Pane (Admin Context)

The “default” resource class works well for basic configurations that do not need sticky session persistence. For sticky session persistence, you need a resource class that allocates more than 0% of the “Sticky” resources. For each context in which you configure stickiness, you must do the following:

–Configure a resource class in the Admin context that you can associate with one or more contexts where you want to configure stickiness.

Creating a Resource Class

Create a resource class by following these steps:

1. Choose Config > Virtual Contexts > System > Resource Class.

Next we will start by configuring VLAN interfaces required for operation :

Create VLAN interface and give it an IP address , Netmask and enable it

Enable the Physical Interface and give it a name and assign it to a VLAN interface

Adding NAT Pools

Next create a NAT pool by clicking on the NAT pools link. you need a NAT pool as it provides a set of IP addresses that ACE can use as source addresses when sending requests to the real servers. The NAT pool must be configured on the same VLAN interface that you identified or created

For VLAN ID, specify the VLAN number from the VLAN Interfaces step. Use the NAT Pool ID set in the field or enter your own. Then enter the IP address range for the NAT pool using the Start IP Address and End IP Address or Netmask fields.

The NAT pool can be as small as single IP address and it can even re-use the virtual IP (VIP) you plan to use for the application. However, NAT pools with more IP addresses allow more concurrent requests to the real servers. ACE allows several thousand concurrent connections per NAT pool IP address, as long as port address translation (PAT) is enabled. With PAT disabled, ACE can only handle one connection per NAT pool IP address

This Concludes Part 1 , In Part 2 we will configure Virtual Server , Real Servers , Farms and Sticky Groups and SSL Proxy Service so stay tuned.