Author Archives: admin

Security Done Right

Leave a reply

During my job-related trip to Israel a couple of months ago, I was subjected to a thorough security check at the airport. I learned later on that everybody goes through the same process. It was a little inconvenient, but in the end, I felt safe.

With all the advance technologies in security, nothing beats the old way of conducting security – thorough checks on individuals. I also noticed the defense in depth strategy at the Israel airport – the several layers of security people have to pass to get to their destinations. No wonder some of the greatest IT security companies come from Israel (e.g. Checkpoint Firewall).

As an IT security professional (I’m a CISSP certified), I can totally relate to the security measures Israel has to implement. And companies need to learn from them. Not a day goes by that we learn companies being hacked, shamed, and extorted by hackers around the world.

Sadly, some companies only take security seriously when it’s too late – when their data has been stolen, their systems have been compromised, and their twitter account has been taken over. It will be a never ending battle with hackers, but it’s a great idea to start securing your systems now.

Backing Up NetApp Filer on Backup Exec 2012

Leave a reply

The popularity of deduped disk-based backup, coupled with snapshots and other technologies, may render tape backup obsolete. For instance, if you have a NetApp Filer, you can use snapshot technology for backup, and snapmirror technology for disaster recovery. However, there may be some requirements such as regulatory requirements to keep files for several years, or infrastructure limitations such as low bandwidth to remote DR (disaster recovery) site that inhibits nightly replication. In these instances, using tape backup is still the best option.

The proper way to backup a NetApp Filer to tape on Backup Exec 2012 is via NDMP. You can backup your Filer on the network, using remote NDMP. If you can directly connect a tape device to the NetApp Filer, that would even be better, because backup will not go through the network anymore, thus backup jobs will be faster.

However, using NDMP requires a license on Backup Exec. The alternative way to backup the Filer without buying the NDMP license is via the CIFS share. Configuring the Backup Exec 2012 via CIFS shares though can be a little tricky. These are the things you need to do to make it work:

1. Disable NDMP service on the NetApp Filer. This is done by issuing the command “ndmpd off” at the command line.
2. Change the default NDMP port number on the Backup Exec 2012 server. The default port number is 10000. You may use port 9000. This is done by editing the “services” file located at C:\Windows\system32\drivers\etc and adding the line “ndmp 9000/tcp” Reboot server after editing the file.
3. Make sure you have at least one Remote Agent for Windows license installed on your Backup Exec server.
4. Make sure that the “Enable selection of user shares” is checked in the “Configuration and Settings -> Backup Exec Settings -> Network and Security” settings.
5. When defining the backup job, select “File Server” at the type of server to backup.
6. When entering the NetApp Filer name, use IP address or the fully qualified domain name (FQDN).

The backup status for backing up NetApp Filer this way will always be “Completed with Exceptions,” since Backup Exec still looks for remote agent on the client. But this is fine, as long as all files are being backed up.

Easy and Cheap vCenter Server

Leave a reply

If your VMware infrastructure contains no more than 5 hosts and 50 virtual machines, you can save some effort and Windows license fee by using the VMware vCenter Server Appliance instead of the vCenter Server on a Windows machine. The vCenter Server Appliance is a preconfigured Suse Linux-based virtual machine, with PostgreSQL for the embedded database.

The vCenter appliance is easy to deploy and configure, and it will save you time and maintenance effort, because unlike Windows, you do not have to install anti-virus and monthly patches. It can join Active Directory for user authentication. It will save you Windows license fee, but you still need to purchase vCenter license.

The vCenter appliance can be downloaded from the VMware site as an ova or an ovf plus vmdk files. You do not need to download the ovf and the vmdk files if you downloaded the ova file. Ova file is merely a single file distribution of ovf and vmdk, stored in tar format.

To deploy the appliance, use the vSphere Client and deploy the downloaded ova file as an ovf template. You can deploy it as a thin provisioned format if you do not want to commit 80GB space right away. Once deployed and powered on, you can continue with the rest of the configuration using the GUI browser based interface at https://vCenterserver:5400/. The vCenter Server Appliance has the default user name root and password vmware.

The wizard will guide you through the rest of the configuration. There are really very few configuration items. The common ones are static IP address (if you don’t want dhcp), and the Active Directory settings. And the best thing is, you do not have to manage/configure the Suse-Linux-based appliance via CLI. Everything can be managed via the GUI browser-based interface.

Teaching Kids to Program

Should we teach our kids computer programming? I believe we should, even though their future careers will not be in computers. Computer programming teaches kids logic, mathematics and computation, design, and creativity — skills that are necessary in any chosen profession.

Many will argue that kids these days are very computer savvy. They can easily figure out how an app on a computer, tablet, or iPhone works. I totally agree with them. However, for the most part, they are consumers or users of the technology. Being a creator is totally different. Creating or programming an app is a skill that is learned and developed over the years.

Recently, I took on the task of teaching my eleven year old daughter computer programming, since her school is not teaching them programming. At least not yet. I believe that the earlier you teach your kids computer programming, the better they will be. It’s not that I wanted my daughter to be a nerd, or take up a computer career. I just wanted her to learn a very valuable skill — a skill that will be very useful for her future. We all know that the future will be dominated by computer technology.

Teaching kids to program is easier than you think. There is a program called Scratch that was created by MIT to basically teach kids or any beginner to program. From their website: “Scratch is a programming language that makes it easy to create your own interactive stories, animations, games, music, and art — and share your creations on the web.”

I used a book called Super Scratch Programming Adventure!: Learn to Program By Making Cool Games by the Lead Project to teach my daughter Scratch. I was glad that she got totally engaged in Scratch. Up next, Python programming for kids.

My Top 10 Favorite Books

Aside from the technical (computer) books I read to keep my skills up-to-date, I’ve read numerous business and self-help books that helped me in my personal and professional life. Here’s a list of my top 10 books:

1. The 7 Habits of Highly Effective People by Stephen R. Covey. I read this book when I was just starting my career way back in the early 90’s. This book has a tremendous impact in my personal and professional life. It helped me how to be proactive, how to manage my time, and how to prioritize my goals.

2. The World is Flat: A Brief History of the Twentieth-First Century by Thomas L. Friedman. This is the best book I read on globalization. It argued that one should be a “versatilist” to compete in a shrinking world.

3. The Tipping Point: How Little Things Can Make a Big Difference by Malcolm Gladwell. This book explains that an idea, trend, or behavior can reach a “tipping point” where it spreads rapidly. The book is well research and has a lot of examples. I also like Gladwell’s Blink and Outliers books.

4. Never Eat Alone: And Other Secrets to Success, One Relationship at a Time by Keith Ferrazi. This is the best book I read on networking. The best advice I got is that you have to be generous – ask other people how you can help them.

5. The Last Lecture by Randy Pausch. I like this book because the author is a Computer Science professor at Carnegie Mellon who taught about overcoming obstacles and achieving dreams.

6. Good to Great: Why Some Companies Make the Leap… and Others Don’t by Jim Collins. This is one of the best business books I’ve ever read. It is based on research and careful analysis on companies that are doing great in the market.

7. A Short History of Nearly Everything by Bill Bryson. This book explained how the universe and humans came into being, from a science perspective. It recounted the researches and scientific discoveries and inventions from the Big Bang to the rise of civilization. The author made the book very entertaining.

8. The Harvard Sampler: Liberal Education for the Twenty-First Century by Jennifer M. Shephard, Professor Stephen M. Kosslyn and Evelynn M. Hammonds. The book is a collection of essays by distinguished Harvard professors, showcasing diverse subjects such as religion, cyberspace, evolution, medical science, energy sources, morality, human rights, and many more. The essays are entertaining and thought provoking.

9. Confessions of a Public Speaker by Scott Berkun. Aside from the Toastmasters manuals and magazines that I’ve read, this book provides tons of practical tips on how to conquer your fear of public speaking, how to organize your speech, and how to deliver your speech.

10. The Magic of Thinking Big by David J. Schwartz. Very inspirational book – provides useful methods on how to improve one’s life and achieve greater happiness.

Getting Promoted in IT

One of the perks of serving at an Harvard alumni club (I am currently the Secretary of the Harvard-Radcliffe Club of Worcester), was attending a 2-day Alumni Leadership Conference in Cambridge, MA. It was a nice break from work. I met alumni leaders from all over the world, talked to accomplished people (I met the writer of one of my daughter’s favorite movies – Kung Fu Panda), learned what’s new in the Harvard world, and learned leadership skills from great speakers.

One of those speakers is David Ager, a faculty member at the Harvard Business School. He totally engaged the audience while delivering his opening address – “Leadership of High Performing Talent: A Case Study.” We discussed a case study about Rob Parson, a superstar performer in the financial industry. In a nutshell, Rob Parson delivered significant revenue to the company but his abrasive character and non-teamwork attitude didn’t fit well into the culture of the company. He was due for performance review and the question was – Should Rob be promoted?

The setting of the case study was in the financial industry, but the lesson holds true as well in the Information Techology (IT) industry. There are a lot of Rob Parson in IT – software developers, architects, analysts, programmers – who are high performers, but they rub other people the wrong way. They are intelligent, smart, and they develop very sophisticated software — the bread and butter of IT companies. Some of these IT superstars aspire for promotion for managerial role. Should they be promoted? Too often we hear stories about a great software architect who went to manage people, but faltered as a result.

IT professionals who would really like to manage people should be carefully evaluated for their potential. They should learn people and business skills in order to succeed. Before giving them any managerial position, they should undergo a development program and they should be under a guidance of a mentor (or a coach) for at least a year. Most IT professionals should not take on the managerial role. They should remain on their technical role to be productive, but they should be given other incentives that motivate and make them happy – such as complete authority of their work, flex time, an environment that foster creativity and so on.

Hot Adding NetApp Shelf

One of the great features of NetApp FAS 3200 series is the ability to add shelves without any downtime. As our need for storage space exponentially increases, we need the ability for our storage system to be expanded without any interruption to our business users. I recently added a DS4243 shelf into an existing stack, and followed the steps below:

1. Change the disk shelf ID. Make sure the shelf ID is unique among the stack. On the DS4243 shelf, the ID can be changed by pressing the U-shaped button located near the shelf LEDs. The shelf needs to be power cycled for the new ID to take effect.

2. Cable the SAS connection. It is very important to unplug/connect the cable one at time.

a. Unplug the cable from the I/O module A (IOM A)circle port from the last shelf in the stack.

b. Connect the cable from the new shelf IOM A square port to the IOM A circle port that was disconnected in step a.

c. Reconnect the cable that was disconnected in step a to the IOM A circle port of the new shelf.

d. Repeat the same procedure for IOM B.

3. Check connectivity by running the following commands on the console:

sasadmin expander_map
sasadmin shelf
storage show disk -p

4. Assign disk to the filer. If auto assign is turned on, the disks will be auto assigned to the filer. I disabled autoassign disk, since in a cluster, I want to control where the disks go. I usually go to the console of the filer where I want the disk assigned, check to see all unassigned disk drive using the command disk show -n, and finally issue the command disk assign all to assign the disks.

For a complete step by step instructions, consult your NetApp manuals.

Palawan: Philippines Last Frontier

I recently visited Singapore and the Philippines, with my wife and daughter, for vacation. We celebrated the holidays with family, relatives and friends. We also got the chance to visit Coron, Palawan to see what they say is the Philippines Last Frontier.

I was surprised by the sheer beauty of the place. I’ve never seen anything like it. The blue-green water looks so clean. The mountains and rock formations are breathtaking. The islands (more than 60 of them) and its beaches are in pristine condition.

We snorkeled around a couple of islands and shipwrecks, and we saw the most beautiful coral reefs garden. We got the chance to feed and see the colorful fishes. We were even lucky to see a sea turtle.

We swam through the cleanest lake in Asia, the Kayangan Lake and the Twin Lagoon, and dipped through a 100% salt water hot springs.

The town is very friendly to tourists. There are several nice hotels, resorts, and restaurants. The town still needs some development, such as roads and reliable electricity. But who cares. You only stay in town to sleep. You mostly explore the place by going to the different islands.

The place is simply paradise.

Upgrading Netbackup from Version 6.5 to 7.1

I recently upgraded a Netbackup infrastructure from version 6.5 to version 7.1. Here are some of my observations and advice:

1. Preparation took longer than the actual upgrade of the server. Pre-installation tasks included understanding the architecture of the backup infrastructure including the master and media server, disk-based backup, and ndmp; checking the hardware (processor, memory, disk space) and operating system version were compatible and up to snuff; checking the general health of the running Netbackup software including the devices and policies; backing up the catalog database; obtaining updated Netbackup licenses from Symantec; downloading the base Netbackup software and the patches; joining, unzipping, and untarring software and patches; and other related tasks. Planning and preparation are really the key for a successful upgrade. These activities will save a lot of trouble during the upgrade process.

2. The upgrade process was seamless. On Solaris server, I ran the “install” command to start the upgrade. The process asked for several questions. Some packages were already integrated in the base package such as ndmp, so the program asked for the existing Netbackup ndmp package to be uninstalled. The part that took longer was the catalog database upgrade.

3. Upgrade of client agents was also easy. Upgrading UNIX and Linux clients was completed using the push tool “update_clients.” Windows clients were upgraded using the Netbackup Windows installation program. One good thing though was that no reboot was necessary. Also, I found out that Windows 2000 and Solaris 8 clients were not supported on 7.1, although it will still backup using the old 6.5 agent.

4. For bmr (bare metal restore), there was no need for a separate boot server. All client install included the boot server assistant software.

5. The GUI administration interface is almost the same, except for some new features such as vmware support.

6. The java administration console is so much better, in terms of responsiveness.

Creating LUN in NetApp Using CLI

Leave a reply

If you want to create a LUN (Logical Unit Number) on a vfiler in NetApp, you will be forced to use CLI commands.  There is no wizard GUI tool for vfilers at least for now.

To carve up a storage space in NetApp to be presented to a SPARC Solaris machine using iSCSI HBA, I used the following steps:

1. Configure iSCSI HBA on Solaris (i.e., configure IP address, netmask, gateway, vlan tagging [it if its on a separate vlan], etc)

2. Login through NetApp console or remote session.

3. Go to the vfiler

nas3240> vfiler context vfiler-iscsi

4. Determine which volume to create the LUN. Make sure it has enough space.

nas3240@vfiler-iscsi> vol status

nas3240@vfiler-iscsi> df -h

5. Create qtree. I usually create the LUN on qtree level instead of volume. This makes my structure cleaner.

nas3240@vfiler-iscsi> qtree create /vol/iscsi_apps/solaris

6. Create the LUN using this syntax: lun create -s size -t ostype lun_path

nas3240@vfiler-iscsi> lun create -s 200g -t solaris /vol/iscsi_apps/solaris/lun0

Successful execution of this command wil create LUN “/vol/iscsi_apps/solaris/lun0” with a size of 200GB, and space-reserved.  For LUN, the best practice is to thick provision (space-reserved), so you won’t have problems when the storage runs out of space.

7. Create initiator group or igroup which contain the IQN for the solaris host. Initiate a iscsi login command from solaris host, and NetApp will see the IQN number.  This IQN number will appear on the console and you can cut and paste that number. Use this syntax to create igroup: igroup create -i -t ostype initiator_group iqn_from_host

nas3240@vfiler-iscsi> igroup create -i -t solaris solaris_group iqn.2000-04.com.qlogic.gs2342345.2

8. Map the LUN to the host using igroup you created. Use this syntax: lun map lun_path initiator_group [lun_id] where: lun_path is the path name of the LUN you created, initiator_group is the name of the igroup you created, and lun_id is the identification number that the initiator uses when the LUN is mapped to it. If you do not enter a number, Data ONTAP generates the next available LUN ID number.

nas3240@vfiler-iscsi> lun map /vol/iscsi_apps/solaris/lun0 solaris_group

9. Verify LUN list and their mapping.

nas3240@vfiler-iscsi> lun show -m

LUN path                                    Mapped to              LUN ID    Protocol
——————————————————————————————
vol/iscsi_apps/solaris/lun0      solaris_group        2                   iSCSI

10.  Go to solaris box, and do iSCSI refresh.  Check that it can see the LUN disk that has been provisioned.