Saturday, September 22, 2012

No More Passwords

Too many websites have been breached in the past 24 months: 21 Sony sites, Gawker, and most recently LinkedIn. A minimum of 20 million passwords were leaked causing chaos on the Internet, from increase in spam originating from legitimate email accounts, to stolen credit cards used for money laundry from stolen emails attached to Amazon, PayPal, eBay and other online payment systems and stores.

This is an article showing what password crackers have done with all those leaked passwords; in summary: Minimal work is now needed to crack 90% of passwords in less than 24 hours!!!

Users are stupid. Fact well established thanks to all those leaks, where users have used the same password for their accounts as the email password. But, for the website developers to also be a failure in understanding proper password hashing & encryption? This is the ultimate failure that users cannot see coming until it's too late.

So why are we relying on passwords still? I own accounts at least 15 different websites and I do not like the idea of Single Sign On where one password allows me to login to all of them. That's simply insecure & risky.

The answer is very simple: We don't need passwords in general. Websites should instead offer authorization/access codes in combination to email addresses to access content. Those codes are auto generated by the website, random, long (128+ characters), and most importantly, the user does not have to input any data nor remember anything. It's important to not tie the code to any user data (salting).

The only thing that needs a password is: Email and online payment systems. Everything else should send its auth code by email. When a user wants to login, they go to their email, open the email that has the code and copy/paste it to login.

In case a website is cracked, then users aren't at risk & the website maintainers can simply regenerate all auth codes and email them to the users.

As for now, I adopted the "make a silly temp password" method. I keep forgetting passwords on purpose and every time, I reset the password and enter a new temporary and random password, until website maintainers cut the crap and ditch this password scheme.

Tuesday, September 11, 2012

Review: Pretec 8GB microSD Card

I bought this 8GB class 10 microSD card that also comes with an adapter from newegg for $8 (free delivery when choosing 5-7 day delivery). Pretec is a Taiwanese company.

The microSD card comes pre-formatted as FAT16 and preloaded with software for Android from a company called NQ Mobile:

  • Mobile Security: Protects against mobile viruses, trojans and spyware
    • Free features: anti-malware, Contacts backup, System optimization, Privacy Protection (checks app permissions), Traffic Manager
    • Premium: Anti-theft, Virus database update
  • Mobile Manager: Suite of tools for managing phone-related functions
    • Free: Call Manager (block calls/SMS), Backup Contacts, Erase call history/SMS
    • Premium: Hidden private space, spam database update
  • Mobile Booster: Smartphone performance optimization
    • Free: Single-key optimization, Task monitor, traffic monitor, power monitor, software manager, file manager
The sd card also comes with a Windows application for photo recovery and free recovery of 25 pictures, after which you have to pay.

The default capacity is 7.5GB, and the used capacity by the apps above is 20MB. fdisk output:
fdisk -l /dev/sdc

Disk /dev/sdc: 7964 MB, 7964983296 bytes
91 heads, 18 sectors/track, 9497 cylinders, total 15556608 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

   Device Boot      Start         End      Blocks   Id  System
/dev/sdc1            8192    15556607     7774208    6  FAT16

Writing 1GB to the sd card:

dd if=/dev/zero of=./test.dd bs=10M count=100
100+0 records in
100+0 records out
1048576000 bytes (1.0 GB) copied, 0.974053 s, 1.1 GB/s

Writing 100MB to the sd card with fdatasync enabled to avoid caching (realistic number for cameras):

dd if=/dev/zero of=./test.dd bs=10M count=10 conv=fdatasync
10+0 records in
10+0 records out
104857600 bytes (105 MB) copied, 8.36829 s, 12.5 MB/s

Writing 500MB to the sd card with fdatasync enabled:


dd if=/dev/zero of=./test.dd bs=10M count=50 conv=fdatasync
50+0 records in
50+0 records out
524288000 bytes (524 MB) copied, 63.5707 s, 8.2 MB/s

Putting ext4 instead of FAT16 on the card. First I changed the partition type using fdisk/cfdisk, then I used mkfs.ext4 with no options (defaults) on the partition.

mkfs.ext4 /dev/sdc1
mke2fs 1.42.5 (29-Jul-2012)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
486720 inodes, 1943552 blocks
97177 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=1992294400
60 block groups
32768 blocks per group, 32768 fragments per group
8112 inodes per group
Superblock backups stored on blocks:
        32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632

Allocating group tables: done                           
Writing inode tables: done                           
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
Now running the same write tests as above:

dd if=/dev/zero of=./test.dd bs=10M count=100             
100+0 records in
100+0 records out
1048576000 bytes (1.0 GB) copied, 0.698984 s, 1.5 GB/s

dd if=/dev/zero of=./test.dd bs=10M count=10 conv=fdatasync
10+0 records in
10+0 records out
104857600 bytes (105 MB) copied, 9.40124 s, 11.2 MB/s

dd if=/dev/zero of=./test.dd bs=10M count=50 conv=fdatasync
50+0 records in
50+0 records out
524288000 bytes (524 MB) copied, 42.9945 s, 12.2 MB/s

Now testing XFS file system:
mkfs.xfs -f /dev/sdc1
meta-data=/dev/sdc1              isize=256    agcount=4, agsize=485888 blks
         =                       sectsz=512   attr=2, projid32bit=0
data     =                       bsize=4096   blocks=1943552, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0
log      =internal log           bsize=4096   blocks=2560, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0

dd if=/dev/zero of=./test.dd bs=10M count=100              
100+0 records in
100+0 records out
1048576000 bytes (1.0 GB) copied, 0.590697 s, 1.8 GB/s

dd if=/dev/zero of=./test.dd bs=10M count=10 conv=fdatasync
10+0 records in
10+0 records out
104857600 bytes (105 MB) copied, 8.03924 s, 13.0 MB/s

dd if=/dev/zero of=./test.dd bs=10M count=50 conv=fdatasync
50+0 records in
50+0 records out
524288000 bytes (524 MB) copied, 42.0262 s, 12.5 MB/s


Unfortunately, there's no native exFAT driver for Linux so I cannot test the write speeds properly. exFAT is the filesystem used by some video cameras and is newer than FAT16.


In conclusion, the card does perform to the class 10 speed standards: a minimum of 10 MB/s. Your experience will vary depending on the filesystem you choose.

Note: Do not be fooled by the 1GB/s speeds. Those happened because my machine has l6GB RAM. Whenever a program writes to storage, the operating system will write to RAM then sync the data to disk, for the best performance. So, the more free memory you have, the better the performance.

Monday, September 3, 2012

Event: BarCamp Kuwait 4

The awesome @ahamshay has been able to get us another BarCamp event this year.

If you're not familiar with BarCamp, it's where we geeks gather and share our projects and demonstrate them (if possible).

If you'd like to attend, we'd appreciate it if you register so we can properly estimate the number of attendees & speakers.

Monday, August 27, 2012

IBM Open Fabric Manager v4.1 Advanced on Linux

Table of Contents


  1. Pre-Introduction
  2. Introduction
  3. Manuals and Files
  4. Environmnt
    1. Hardware
    2. Software Versions and Firmwares
    3. Hardware Connectivity and Layout
  5. Required Papers and Licenses
  6. BOFM Advanced Tool Download and Director 6.3 Plugin
  7. IBM Java vs Sun/Oracle Java
  8. OFM and AMM Tips and Limitations
  9. Installing on Windows: Server-Client Combined Bundle
  10. Installing OFM on Linux: Server Process as a Service
  11. Preparing the Spare Blade Server
  12. OFM Templates
  13. Using BOFM Advanced


Pre-Introduction

Initially, the intention of this post was to detail a full implementation of HS22 blade servers, V7000 storage, DS4800 storage, BladeCenter Open Fabric Manager (BOFM) and SUSE Linux Enterprise Server (SLES) 11 SP1 and SP2, but I decided to break it down for easier writing and understanding.

If you do not find what you want here, email me, and hopefully I'll be able to answer you and add your question and its answer to this post for everyone's benefit.

Introduction

IBM BladeCenter Open Fabric Manager (BOFM or OFM) is a feature on IBM's Blade chassis which allows the user to change the WWNN, WWPN, NIC MACs & virtual adapter WWN/MAC addresses for each blade slot, and assign specific boot targets for each blade slot. This is useful in case one blade server fails, another can be placed in its slot, powered on, and it'll boot from SAN the same image of the previous server because it has its WWNN/WWPN/MACs. It's important to boot from SAN otherwise the solution is almost useless.

This post details the implementation of BOFM v4.1 Advanced and configuring the tool as a service on a Linux environment.

Note: I was tasked to install and configure BOFM on a pre-existing environment that is running in production mode, thus, I'll be using existing WWNs to not alter fabric zoning nor host mappings.

The information has been laid out in order for a reason. Read it all to not miss anything.

Manuals and Files

Finding some manuals was hard, and IBM has 2 versions of the 4.1 (June 2011) manual: A public version and one that is included with the BOFM Advanced Utility package. There's slight difference between them.

I've uploaded all files to my account for you to download, and save you the headache of finding them.

  1. BOFM_IUG_5ed.pdf: 4.1 Manual - came with the ZIP file of the Advanced Utility
  2. jr1bs_bofm_pdf.pdf: 4.1 Manual - public version
  3. LicensingFAQ.pdf
  4. LicensingSteps.pdf
  5. bladecenter_interoperability_guide_2012-march.pdf
  6. ofm: wrapper install script
  7. wrapper.conf: wrapper config file
  8. BC1template_final.csv: BladeChassis 1 BOFM template
  9. BC2template_final.csv: BladeChassis 2 BOFM template

You can download all these files from my account. The linked files above point at their original source.

Environment

Hardware

Some items were just purchased and others were refurbished.

  • 2x IBM BladeChassis H 8852-4TG
  • 19x IBM HS22 blade servers  7870-H2G
  • QLogic 8Gbps expansion cards for the HS22 blades (part number  44X1947)
  • 9x IBM HS21 blade servers  8853-C2G
  • Emulex 4Gbps expansion cards for the HS21 blades (part number 39Y9183)
  • Built in NIC cards. No expansions added.
  • 4x Advanced Management Modules (AMM)  (part number 80Y9080)
  • 1x IBM StorWize V7000 storage unit
  • 1x IBM DS4800 storage unit
  • 4x IBM BNT 1Gbps switch modules (part number 32R1866)
  • 4x IBM Brocade 8Gbps SAN switches (part number  44X1924)

Software versions and Firmwares

Do not update to the latest version available!

Make sure that you apply the firmwares that are compatible with the BOFM interoperability guide (compatibility matrix), or even better, check the changelog of the latest firmware and make sure it supports BOFM. If there's no mention, ask your IBM vendor to contact IBM TechLine and verify whether the latest firmwares support BOFM or not (regardless of the BOFM compatibility matrix).

The BOFM compatibility list isn't maintained up to date always and thus, at the time of your implementation, important bug fixes may have been introduced in the latest firmwares.

The list below does not mean things were up to date (as it wasn't my task). It means that I had these during my implementation and they worked for me.

The list has been produced from the AMM's firmware VPD page.
  • AMM Firmware BPET62P (62)
  • HS22 BIOS:  P9E156C (1.17)
  • HS22 Diagnostics:  DSYT92O (4.01)
  • HS22 blade management processor:  YUOOD4G (1.32)
  • HS22 QLogic UEFI Driver: 2.27
  • HS22 QLogic BIOS Driver: 2.09
  • HS22 QLogic FCode Driver: 3.14
  • HS22 QLogic firmware: 5.03.09
  • HS21 BIOS:   BCE148BUS (1.21)
  • HS21 Diagnostics:  BCYT30AUS (1.08)
  • HS21 blade management processor:  BCBT63A (1.23)
  • BNT switches:  WMZ04000 (0502)
  • Brocade switches:  BREFSM (632b)
  • BladeCenter Open Fabric Manager Advanced (BOFM) OFM41K
  • VMware vSphere 5 update 1
  • SUSE Enterprise Linux Server (SLES) 11 SP1 and SP2 (3.2 kernel)
  • IBM Java 1.6.0 (what was available in SLES SP2 DVD)
  • Windows 2008 R2
  • IBM Java 1.6.0 (came with IBM Director v6.3)
  • IBM Systems Director v6.3
  • SAP ECC 6 (ERP application)
  • Wincor (Point of Sale application)

Hardware Connectivity and Layout

The customer has 3 VMware servers (HS22 blades). 2 of which are zoned to the V7000 and 1 is isolated and zoned to the DS4800.

Note: Due to the settings required on the HBA, a server zoned for the V7000 cannot be zoned with a different storage unit (like DS4000, DS5000, DS3000) at the same time.

The customer wanted to use the DS4800 for all systems along with the V7000, but that requires a storage virtualization license on the V7000, which was outside of the customer's budget, so servers were split: SAP Production zoned to V7000, and Development and Quality Assurance servers zoned to the DS4800.

All SAP production servers are HS22 blades. The HS21 blades are used for SAP Dev & QA, and all Wincor systems. Wincor systems are also split between the V7000 & DS4800.

Required Papers and Licenses

You will need access to the papers shipped by IBM: The license activation codes for BOFM Standard and BOFM Advanced. BOFM Standard license is a requirement for the Advanced license to work.

The BOFM Standard license paper has the following title: "BladeCenter Open Fabric Manager license entitlement information"  -- Part number: 2019B1X, and the authorization code is made of 25 digits: ABCDE-ABCDE-ABCDE-ABCDE-ABCDE

The BOFM Advanced license paper has the following title: "Activation Services information" -- Part number: 4812S3X, and the authorization code is made of 12 digits: IBM00000-0000

To get your licenses, and download the BOFM Advanced Utility, you have to do the following:

  1. Create an account for your organization at http://licensing.datacentertech.net (as instructed in the papers)
  2. Add your BladeChassis type and serial. Can be found in the AMM -> MM Control -> License Manager -> select any item & click edit
  3. Activate the BOFM Standard license by adding your 25 digit authorization code to the website above
  4. Activate the BOFM Advanced license by adding your 12 digit activation code to the same website above
  5. Register for support for your BOFM Advanced Edition on http://www.serversoftwaresubscription.com
  6. Upon registration, you'll be able to download the BOFM Advanced Utility/Tool for the site in #5

BOFM Advanced Tool Download and IBM Director 6.3 Plugin

None of the IBM documentations mention this, but version 6.3 of IBM Systems Director does not have a plugin for BOFM. It has been discontinued and the Advanced tool is now a standalone utility. You do not need any version of IBM Director at all, and Director is listed here only because I was tasked to install it.

You can download the latest version of BOFM Advanced utility/tool from http://www.serversoftwaresubscription.com after you register your license.

The direct download link to BOFM Advanced v4.1 (Windows & Linux): http://www.serversoftwaresubscription.com/Downloads/46D0959GMER.zip

You will need to apply the licenses to your chassis (whether temporary or permanent) for the tool to connect to the chassis and function properly.

IBM Java vs Sun/Oracle Java

I was surprised to see that SLES ships with IBM Java rather than Sun's, but it turned out to be for the best. IBM Java has some different implementations and options for system signals (interrupts) and if you use Sun's Java, things may not function as they should.

So my advice to you is to stick with IBM Java and make sure you have version 1.6.0 or higher. I do not know if version 1.7 will work for you. It wasn't available in SUSE's repository, and on Windows, I used the JRE that was shipped with IBM Director.

I have initially installed BOFM Advanced Utility on the same server as IBM Director, which was a Windows 2008 R2 OS, then later on, I moved the setup to a virtual machine running SLES 11 SP2. I'll explain why later.

OFM and AMM Tips and Limitations

These are some tips and limitations of the Open Fabric Manager and the Advanced Management Module of the Blade Chassis:

  1. Create a separate user for OFM to use, so that if the user is locked, it doesn't lock you out of the AMM.
  2. The password has a max length of 15 characters. The AMM accepts special characters but the ftp login used by the BOFM tool doesn't, so stick to alpha-numeric characters only.
  3. The spare blade that other blades fail-over onto it must have OFM disabled on it.
  4. Always checking the zoning! Make sure the boot-targets are the same as zoned in the fabric, otherwise you'll have a lot of disconnectivity or the links will keep showing as degraded.
  5. Follow the OFM guide rules on what parameters to set on the AMM.
  6. Make sure the TCP max commands in AMM under Network Protocols is set to 20 (as the guide says) otherwise it won't let you open the OFM page to apply the settings.
  7. Configuring SNMP is required. When the tool initially connects to the AMM, it sets the 3rd SNMP server as the OFM server's IP address.
  8. Use IP addresses instead of hostnames to avoid DNS query delays or to be able to reach the systems in case the DNS system wasn't working.
  9. If your server has multiple IPs and you'd like to bind the server process to a specific IP, modify the file server.prop found in "C:\ofm\data\" or "/opt/ofm/data/" and change "localIPAddress=localhost" from localhost to the desired IP.
  10. To connect the OFM Console to a different server, open the file "C:\ofm\data\OFMConsole.prop" or "/opt/ofm/data/OFMConsole.prop" and change "ServerIP=localhost" to the server's IP.
  11. Use a text editor to edit the template files rather than Excel/Calc because those may add commas to empty lines, which OFM rejects.

Installing on Windows: Server-Client Combined Bundle

The ZIP package has 2 installers: One for Linux & another for Windows. Make sure that Java is installed and that it's configured in the system PATH environment variable. You can test that by running "cmd" then typing "java -version" -- if it says the command couldn't be found, then Java isn't properly setup, otherwise it'll print the Java version.

After installing the package on Windows, you'll need to open "cmd" and navigate to the installation directory and into the "Combined" directory, then run:
java -jar "C:\Program Files\OFM\V41\combined\OFMcombined.jar"

That will launch the OFM server process then the client interface afterwards which will connect to the same server process. It may take some time (2-5 minutes) and that is normal, especially after you configure the chassis login info.

This is useful for your initial configuration and template design, then deployment. Also, it's to test the fail-over and fail-back features.

The "Combined" package runs the server process with the client, and as soon as you close the client user interface, it'll terminate the server process. For permanent monitoring, you'll need to configure the server process to run as a service/daemon, and configure the client to connect to that specific server process.
This guide will go through that step but it'll be on Linux. If the same software doesn't work for you on Windows, look up guides online, if you work it out, feel free to contact me and I'll link to your post or add your findings here and credit you for it (obviously).

Installing OFM on Linux: Server Process as a Service

Before we begin, I should explain why I chose Linux, and in this particular case, on VMware. The client has a VMware environment already in place and most of their systems are running Linux. Because OFM Advanced runs as a continuous service, it's of utmost importance to make sure the service is available at all times, and that the server doesn't reboot for updates or whatnot whenever it feels like it (like the default behavior of Windows).

Also, with VMware in place, the customer makes use of VMware's High Availability cluster, so that if one physical server fails, the virtual machine will start automatically on the other available systems. This is better than relying on 1 physical server, because if it fails, OFM will no longer function and production systems will be at risk if one fails.

Alright! With that explained, let's get to the juicy stuff!

Unpack the ZIP file then make sure the binary is executable: chmod +x OFM41K.bin
Then execute it to start the installation: ./OFM41K.bin
I suggest you install the process as "root" because the process needs to bind to a port.
For some reason, after installation, the data directory wasn't created & I only noticed after the running the server process and saw the errors. So, to create the data directory, run:
mkdir -p /opt/ofm/data/
The installation will deploy the files in the same directory where you ran the installer, or the user's home directory.
If your server has multiple IPs, then follow the instructions in the Tips & Limitations section above to bind the process to a specific IP.

There isn't much to do now apart from configuring the server component to run as a daemon on Linux. For that, I used the Java Service Wrapper (JSW): http://wrapper.tanukisoftware.com/doc/english/download.jsp#stable
Make sure you download the latest stable, not the just latest!

Unpack the file anywhere you like. Copy the following files from it and put them in the OFM server directory: {OFM_INSTALLATION_DIR}/usr/OFM/V41/server/

  1. {WRAPPER_DIR}/bin/wrapper
  2. {WRAPPER_HOME}/src/bin/sh.script.in
  3. {WRAPPER_HOME}/conf/wrapper.conf
Rename sh.script.in to ofm: mv sh.script.in ofm

So, now in the OFM "server" directory, you should have the following files: wrapper, ofm, wrapper.conf, and the OFM original files.

Before we start modifying stuff, you need to copy a few library files to OFM's lib directory {OFM_INSTALLATION_DIR}/usr/OFM/V41/lib/:
  1. {WRAPPER_DIR}/lib/libwrapper.so
  2. {WRAPPER_DIR}/lib/wrapper.jar
The last thing to do now is to change the wrapper.conf file to match OFM's requirements and use the Wrapper Class to run it as a service: Download my copy of wrapper.conf and the "ofm" script, and either overwrite your wrapper.conf or modify it manually. Whatever you feel like, but make sure you read the entire file to see if you want to enable a certain function that I hadn't enabled for my setup (like notifications).


You may make the same mistake I did, so I'll explain a few lines of that config:

  1. "wrapper.java.mainclass=org.tanukisoftware.wrapper.WrapperSimpleApp" should be as is and not  be replaced with the name of the OFM class. The wrapper will use its own SimpleApp class to implement the service.
  2. Keep the libraries listed in the same order. I followed the same order as the OFM jar file's meta data.
  3. "wrapper.app.parameter.1=com.ibm.ofm.server.OfmServer" This points at the OFM class (found inside the OFM jar file).
  4. "wrapper.app.parameter.2=-c" This runs OFM in console mode.
    If you do not configure this, you'll get an exception: java.lang.IllegalArgumentException: Signal already used by VM: INT

O.K.! Almost done, now what's left is to register it as a Linux service:
Run the script file that you renamed to "ofm" like this: ./ofm install
If all goes well, it'll register a new service called "ofm" and you can verify it with: chkconfig ofm -l
The output should be something like this:
ofm                       0:off  1:off  2:on   3:on   4:on   5:on   6:off

If you get an error when trying to run the ofm script, make sure it's executable: "chmod +x ./ofm" (without the double quotes), then try to the run the install command above.

You should now be able to start & stop the service manually, and it will start automatically whenever the server starts: "service ofm start" / "service ofm stop" / "service ofm status"

Preparing the Spare Blade Server

In my case, I had 2 spare blades: HS22 and HS21, because the customer was using production systems on both models. Systems running on HS22 will fail over to HS22 and HS21 systems onto the HS21. This keeps things simple in terms of configurations and we avoid any sort of hardware conflicts.

I haven't tried mapping QLogic WWNN/WWPN onto an Emulex card, but it should work as long as you configure everything properly, but I don't recommend this at all. (It should work because the cards accept both WWNN & WWPN values and replace the defaults with them).

  1. You need to make sure that you do not configure the spare blade for OFM. If you have, then disable OFM on it in the config then reapply the config. OFM will not fail over to a blade that has OFM enabled on it.
  2. Enter the BIOS of the spare blade and change the boot sequence to: Legacy Mode, then Hard Disk 0. Legacy must be the first entry in the entire list.
Your spare blade is now ready to boot any OS from SAN, whenever a blade is failed over to it.

OFM Templates

The OFM templates are available in the Manuals and Files section above to see how I setup the servers for my client's specific environment. The MAC addresses & WWN numbers are the client's and I got permission to use them here as is.

Read the BOFM manual(s) as it properly describes how to make the templates, the available options and what each option means. So, I'll skip describing that in this post.

As I mentioned in the introduction, this implementation of BOFM was for an environment that is in production, and changing the WWNs/WWPNs of each server, in the storage and the SAN switches was going to require A LOT of downtime, which the client wasn't willing to do, nor is it required in the first place.

BOFM generates its own WWNs & MAC addresses but you don't have to use those. You can change the addresses to anything you want and that's what I did: I changed the addresses in the templates to match the existing servers' addresses, which meant that we do not have to change anything in the SAN fabric nor the storage host mappings.

After applying the BOFM templates, you have to restart the server for BOFM to be enabled on the blade servers and for the WWN/MAC to function properly, even if you kept the same addresses.

BOFM allows you to configure multiple WWNs/MACs and even ones for virtual NIC adapters, but in my case, I only needed to configure 2 WWNs/WWPNs & 2 MACs per blade server.

Here's a screenshot of the Advanced Management Module (AMM) after applying BOFM templates:


Here's a screenshot showing the IBM Storwize V7000's identity after applying the BOFM (meaning that the server is seeing the storage properly):

Using BOFM Advanced

Step 1: Run the client you installed and configured to connect to the OFM server process.

Step 2: Click on the Inventory tab, right click and choose Host Discovery then fill in the info.
If the tool doesn't automatically fetch the inventory, right click the newly added chassis host and select Get Inventory. You can monitor the progress in the events window at the bottom and wait till it's done.

Make sure you save the user/pass into the tool otherwise the failover monitor will not have access to the chassis.

Step 3: Click on the Templates tab. Here you'll create the templates and deploy them.

Step 4: You'll need to create them in order. The Address Manager is the CSV template I have attached above. You can import the CSV template after modifying it, too.

You can either use the templates I provided above or generate ones from the tool then modify them. If you're using a version of OFM newer than 4.1, it's better to generate new ones and modify them to make sure they're compatible.

Make sure you add the MAC addresses and not just the WWNs, otherwise an OS will treat the adapters as if they're new ones and you'll lose the IP configuration.

Step 5: After adding the proper info (WWNs/MACs), create the Standby Pool template. This does not require a CSV file and it'll deploy into the screen directly.

Here you will select the Failover rules for the spare blade and which spare blades to use. You can select multiple spare blades from multiple chassis.

Because the HS22 blades have QLogic and are configured to use V7000, and the HS21 have Emulex and are configured to use the DS4700, I created two separate standby pools: One for V7000/HS22 and one for DS4700/HS21.

Later when selecting the blades to protect (enable failover protection for), a standby pool must be selected, which means the blades in that pool must be compatible with the blade being protected and configured to use the same storage.



In my setup, I used only 1 spare blade.

Step 6: Now it's time to configure the Failover Monitor(s). Each monitor associates a blade or more to one pool.

Select a blade, or more, that you'd like to be monitored for failures, and choose what type of failures to monitor, then click Save.

  • Power Off
  • CPU Failure
  • Blade Communication Errors
  • Blade Removal (from its slot in the chassis)
  • Hard disk failure
  • Blade Denied Power (if one or more power supplies were dead)
  • Memory Failure
  • Voltage Warnings (happens with faulty motherboards)
  • PFA Events (Predictive Failure Analysis reports events that will eventually lead to hardware failure)


Select the Standby Pool and the restrictions to apply on how to choose the spare blade to failover to it:
Click Finish to save the Failover Monitor template.

You can add/remove spares from the Standby Pool at any time, and I recommend you re-do the Failover Monitor after modifying the pool.

The Failover Monitor can be paused and resumed to prevent any failovers during maintenance windows.

Manual failover is also possible. First pause the Failover Monitor then right click the Standby Pool and choose Manual Failover then choose a blade to failover to. Once you do that, OFM will shutdown the main blade then boot up the spare.

Once you're done testing, you can revert back the settings (since OFM wrote the WWN/MAC to the spare), by manually failing over to the original blade. 

Friday, August 3, 2012

Arab Internet Governance Forum: Preparations

Ahmad Al-Ibrahim is organizing a meeting to discuss topics and seek participants for the upcoming Internet Governance Forum event later this year.

The forum will be called "Arab Internet Governance Forum." There will be a brief about the scope here and more details will be discussed in a meeting with the bloggers.

Scope of the forum:
  • Focus on discussing public policies related to internet governance especially in the areas of access, stability, security and development.
  • Facilitate the exchange of information, best practices, knowledge and lessons learned by involving experts, technical community and academics.
  • Gather different opinions and build consensus for harmonized Arab views on priorities and on mechanisms to respond to Arab countries needs related to internet governance issues.
  • Discuss emerging issues and develop recommendations on them, as appropriate.
  • Build and develop capacity in internet governance as well as improve the participation of all stakeholders to benefit from all possible resources of knowledge and expertise.
  • Communicate the Arab positions globally and enhance the Arab role in formulating global internet governance policies.
  • Engage in outreach with the internet governance forum and other regional IGFs with the purpose of exchanging knowledge and expertise.
IGF 2012 will be hosted in Kuwait and organized by KITS.

The main themes of the forums are:
  • Access
  • Openness
  • Security and Privacy
  • Content
  • Managing Critical Internet Resources
  • Youth

This preparation meeting will be held on Sunday August 5th, 2012 in KITS @ 9:30 PM.

You can invite as many people as you want, as we want this to reach all the bloggers if possible. It's important for all to know about it.

Tuesday, April 24, 2012

Flexible Ethics: What is Inspiration

So K took the initiative to inquire from a blog on Al-Zanki's Social Media Boss's statement which they boasted on their site. The guys from the Social Media gang replied some days later and I'm surprised that they replied in the first place! But rest assured, both their reply & Al-Zanki's reply have been nothing but a boat-load of egotistical idiocy.



So at first, The Social Media Boss gang said that copying Mashable's Code of Ethics' page is called Inspiration!!!! They were inspired by Mashable's "structure" (whatever that means), so they copied their Code of Ethics page. Not only that, Khalid comments later that it has been removed, and he slaps in a smiley!

Wow! I didn't know that plagiarism can be fixed by deleting the content, pretend that it never happened AND add a smiley to it! Plagiarists rejoice!

The amount of epic fail isn't enough to describe my feelings, not only towards this fraud who calls himself a social media expert, but also my feelings towards those who pay him to spew his "inspired" thoughts and copied book. Sorry, I meant "his authentic book."

Monday, April 23, 2012

Stack Overflow Worldwide Meetup: Kuwait

The 2nd annual Stack Overflow Worldwide Meetup is on next Saturday and Kuwait is participating thanks to Bashar who registered for Kuwait in the event.

This year however, StackExchange is setting the meetup for all sorts of professions related to IT, not just coders: Coders, DBAs, Sys Admins, Network Admins, Security Auditors, Web Masters, Cryptography, Game Development, and the list goes on.

The presentations/talks are 5 minutes long to keep room for everyone to pitch in. Also, according to the translation of Ahmad's Arabic page, there may be a chance for romance (?!?!?).

The event will be held at KITS on Saturday April 28th from 1400 till 2100 (2-9 PM).

Sunday, April 22, 2012

Sorting Docx Files By Date in Shell

A friend of mine asked me to recover data from a formatted disk and because the disk is formatted, there's no way to know the file name, directory or some other attributes that are saved in the Master File Table (MFT) of the NTFS filesystem.

Docx files are basically a collection of XML files that are zipped together. Knowing this fact, all I had to do is write a script that unzips the control file that has the time stamps, create the directories based on year & month (yyyy-mm), then move the file inside it.

One required package to be installed is the "xmlstarlet" package. Use your package manager to install it before running the script.

You don't need to modify this script. Just save it, chmod +x the script then use it with "find" like the example. One thing, if you intend to traverse subdirectories, then remove the maxdepth option and make sure your destination directory (DocxSorted) is located in an upper level:
find /media/MyDisk/Unsorted -iname "*.docx" -exec /home/user/Desktop/sortDocxByDate.sh "{}" /media/MyDisk/DocxSorted \;

The script:

#!/bin/bash
# This is to be used by "find -exec" and pass the files as argument then the destination
# This is for .docx only!
# Example: find . -maxdepth 1 -iname "*.docx" -exec ./sortDocxByDate.sh "{}" DocxSorted \;
# Written by MBH http://mbhtech.blogspot.com -- free to use and modify
theFile=$1
dst=$2

DirDate=`unzip -p $theFile docProps/core.xml | xmlstarlet sel -t -m //dcterms:modified -v . | cut -d- -f1,2`

if [ ! -d "$dst/$DirDate" ]; then
mkdir -p "$dst/$DirDate"
echo created dir $DirDate
fi

mv $theFile $dst/$DirDate/`basename $theFile`
#echo moving $theFile to $dst/$DirDate/`basename $theFile`

Saturday, April 21, 2012

The Flexible Code of Ethics

My buddy K pointed me to 2 links the other day. Here, see these two screenshots for yourself and tell me what do you see.


   


Yes, this is Khalid Al-Zanki at his usual act of plagiarism and theft. In case you're not familiar with his previous (bad) work of art, here you are.

This time, he's talking about ethics, and not only he copied Mashable's entire page, no! That's too typical of him; this time, he's also preaching in seminars about ethics! After he copied Mashable's entire page, with NOT A SINGLE MODIFICATION!

I hope for a day when people learn to use search engines and run background checks about the people they're bringing for seminars or training sessions.

* Figure out the links yourself. I won't link to his pages to not rank him higher on search engines.

Wednesday, February 15, 2012

Tech Talk: Knowing NoSQL

Web Master, developer of the underground, and master of mischief @burhan will be talking on NoSQL databases, on Wednesday Feb 22nd 7:30 PM - 9:30 PM at Kuwait IT Society in Roudha area.

Event details: on Failbook (Arabic); on Google+ (English).

The event is organized by our favorite local code exporter, @ahmad_alibrahim.