Category Archives: Uncategorized

Using FAHControl to monitor multiple [email protected] Clients

This blog post will cover how to centrally manage multiple [email protected] clients.

  • Installing FAHControl
  • Monitor Multiple instances of VMware Appliance for [email protected]
  • Configuring Access to your Linux based clients or directly on the VMware [email protected] Appliance
  • Connecting FAHControl to your clients
  • Troubleshooting FAHControl issues
  • Firewall Rules

Installing FAHControl to monitor multiple installations

For Windows instances, this is installed as part of the FAHClient

  • “C:\Program Files (x86)\FAHClient\FAHControl.exe”

For Linux, you will need to install FAHControl separately

Monitoring multiple instances of the VMware Appliance for [email protected]

When you deploy you’re OVA you’ll be asked to configure the below highlighted settings, by default we input a rule of 0.0.0.0/0 meaning any FAHControl node can connect (using the correct password). You can alter this for your local subnets.

Configuring Access to your Linux based clients or directly on the VMware [email protected] Appliance

On your Linux machines or deployed OVAs

  • Connect via SSH
  • Edit the config.xml file
vi /etc/fahclient/config.xml
  • Insert the following code to enable FAHControl access
    • From within vi press ‘i’ to enter insert mode
  • To configure a single address to access your client
    • Without passwords;
<command-allow-no-pass v='127.0.0.1 x.x.x.x’ />
  • With Password;
<command-allow v='127.0.0.1 192.168.200.10' />

<password v='VMware1!' />

N.B. The localhost address must remain configured, otherwise the client work run

  • Save the config.xml file
  • Press ESC key
  • Enter without quotes “:wq!”

  • Reload the FAHClient
    • /etc/init.d/FAHClient restart

If you see “Starting fahclient … FAIL” check your XML file again for any syntax errors.

Examples Config.xml changes

Using password with a single IP restriction

  <!-- Remote Command Server -->

  <command-allow v='127.0.0.1 192.168.200.10' />

  <password v='VMware1!'/>

Without a password against a single IP restriction

  <!-- Remote Command Server -->

  <command-allow-no-pass v='127.0.0.1 192.168.200.10' />

Without either a password or IP restriction

<!-- Remote Command Server -->

  <command-allow-no-pass v='127.0.0.1 0.0.0.0/0' />

Connecting FAHControl to your clients

  • Open your FAHControl and click Add
  • Enter the name of your client as you would like it to be displayed, the IP address of your client and your password if necessary, and click save
  • You should now see your client is connected in FAHControl.

Troubleshooting FAHControl issues

FAHControl uses the default TCP Port 36330

Test access with telnet you should get a response as below.

The VMware Appliance for [email protected] has IPTables configured to allow this port by default, if you did not specify a specific remote management address during deployment, then access is open to all IP addresses.

Ensure that the machine where you are running FAHControl is not blocking outbound connections to TCP 33630.

Appendix

Firewall rules

The below firewall rules have been added to the VMware Appliance for [email protected]  by default to allow for FAHControl to remotely manage FAHClient.

If you are using these instructions for a Linux machine, you can use the below settings as well.

iptables -A INPUT -p tcp --dport 36330 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp --dport 36330 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

 

Regards

Trend Deep Security – Agentless Deployment with NSX – Issues with Web Reputation Service

So I’ve just had the pleasure of deploying Trend Deep Security via the Agent-less method, utilizing the NSX free license which allows guest introspection, but no other features.

Starting in NSX 6.2.3, the default license upon install will be NSX for vShield Endpoint. This license enables use of NSX for deploying and managing vShield Endpoint for anti-virus offload capability only, and has hard enforcement to restrict usage of VXLAN, firewall, and Edge services, by blocking host preparation and creation of NSX Edges.

The Issue

With the basic Deep Security License you get the following coverage;

  • Anti-Malware
  • Web Reputation Service

However upon deploying Trend and jumping through the various hoops. (flakey support for NSX free license). You will find that you have multiple errors showing against your VM’s.

Trend-Agentless-Issue-1

The Cause

After speaking with Trend, I received the following response, which seems kind of obvious; Continue reading Trend Deep Security – Agentless Deployment with NSX – Issues with Web Reputation Service

More Blogs and sites I’ve been reading and sharing

My Firefox tabs have filled up again, some of these tabs have been open since the start of 2014!!!

So time to share!!!

First off, proud to announce that Cisco asked me to produce a blog post, and decided it was good enough to release into the wild on their site!!!

Get Certified, or get left behind!!!!

PowerShell and Scripting

http://explainshell.com/ – write down a command-line to see the help text that matches each argument

scriptcop.start-automating.com – ScriptCop is a tool to help make sure your scripts follow the rules. ScriptCop performs static analysis on your PowerShell, and provides tools for automating testing with PowerShell. Continue reading More Blogs and sites I’ve been reading and sharing

Veeam: High Level End user case study, from an engineer’s perspective

Sometimes we get so bogged down into the technical details, we forget that some people just want to know about a product and how it’s used, not how to configure it and the advance settings.

This blog post was first wrote for my employers blog by me, but I think it’s a perfect High Level post detailing a customer and how the product met their requirements.

The Company

Working in the financial sector, the company has around 200 on-site employees, projecting to expand up to 300 with a recruitment drive they are planning. After having a new VMware infrastructure implemented and upgrading their Microsoft Servers to the latest and greatest, the backup solution was the next on the upgrade list. Continue reading Veeam: High Level End user case study, from an engineer’s perspective