Pulseway.

com | Pulseway - Official Site

2012 Domain Preparation

01 Configure Static IP Address

- Uncheck TCP/IPv6
- Set Static IP
NOTE: IP Address will be the IP address of DC, DNS & DHCP

02 Change Computer Name

- Activate if there's key

03 Install Role
- Active Directory
- DNS Service
- Activate Remote Registry (Services -> Remote Registry -> Startup Automatic)
- Server Manager -> Upper right Alert -> Promote this server to a domain
Controler
- Add a new forest
- Specify root name (rdm.local) -> Next
- Specifiy domain controller capabilities (DNS, GC)
- Type the Directory Service Restore Mode (DSRM) password (for
recovery) -. Next
- Error will appear. This error is normal because we do not have any
DNS server yet. Next
- Leave default for the NetBIOS name -> Next
- Paths for Database NTDS, Logs NTDS and SYSVOL
NOTE: Leave if you don't have any location
- Review the installation and click Next.
NOTE: You can view the script and save it or use this script to
install AD DS

WINDOWS POWERSHELL SCRIPT FOR AD DS DEPLOYMENT

# Windows PowerShell script for AD DS Deployment #

Import-Module ADDSDeployment
Install-ADDSForest `
-CreateDnsDelegation:$false `
-DatabasePath "C:\Windows\NTDS" `
-DomainMode "Win2012R2" `
-DomainName "rdm.local" `
-DomainNetbiosName "RDM" `
-ForestMode "Win2012R2" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$false `
-SysvolPath "C:\Windows\SYSVOL" `
-Force:$true

- If all prerequisite checks were passed successfully you can click on

Install

NOTE: Using Power Shell

Install Active Directory
- Add-WindowsFeature -name ad-domain-services -IncludeManagementTools
 04 Configure DNS
- DNS -> Reverse Lookup Zone (Right Click) -> New Zone
- New Zone Wizard -> Select the type of zone you want to create: ->
Primary zone (Select) -> Select the zone in Active Directory -> Next
- New Zone Wizard -> To all DNS servers in this domain: -> Next
- IPv4 Reverse Lookup Zone -> Next
- Network ID: (input IP Address) -> Next
- Allow both nonsecure and secure dynamic updates -> Next
- NIC Properties IPv4 -> Select IPv4 (Properties) -> Use the following
DNS address
- Input IP of the server.
- Browse -> \Windows\System32\Drivers\etc\hosts (edit hosts) Add -> IP
of DNS and FQDN
- Turn down UAC
- CMD -> ipconfig /registerdns
- DNS Manager -> DNS Server (Right Click) -> Interfaces (Only the
following IP Address if standalone)
- Check in DNS Manager at Reverse Lookup Zone -> Register Pointer ip of
the Server
- nslookup (IP of the Server will appear in the result)

NOTE: MAKE SURE PUT NETWORK LOCATION AWARENESS TO DELAYED START or the
Network NIC will be on Public Network and Unidentified network
- Services.msc -> Network Location Awareness (Delayed Start)

NOTE: Cannot turn on Network Discovery in Network Sharing Center in

Wndows Server 2008, 2008 R2 or 2012
Make sure that the following dependency services are started:
- DNS Client
- Function Discovery Resource Publication
- SSDP Discovery
- UPnP Device Host

Configure the Windows firewall to allow Network Discovery. To do

this, follow these steps:
- Open Control Panel, click System and Security, and then click
Windows Firewall.
- In the left pane, click Allow an app or feature through Windows
Firewall if you are running Windows Server 2012. Or,
click Allow a program or feature through Windows Firewall
if you are running Windows Server 2008 or Windows Server 2008 R2.
- Click Change settings. If you are prompted for an administrator
password or confirmation, type the password or provide confirmation.
- Select Network discovery, and then click OK.
- Configure other firewalls in the network to allow Network
Discovery.
- Turn on Network Discovery in Network and Sharing Center.

DISABLE RECURSION ON A WINDOWS DNS SERVER

- Open DNS Manager (To open DNS Manager, click Start, point to
Administrative Tools, and then click DNS.)
- In the console tree, right-click the applicable DNS server,
then click Properties.
- Click the Advanced tab.
- In Server options, select the Disable recursion check box
- Under the Root Hints tab, delete all root hints entries, and
then click OK.
- Restart the DNS service (from the Services control panel)
 NOTE: Time-Service EventID:12

- net stop w32time

- w32tm /config /syncfromflags:manual

/manualpeerlist:"0.us.pool.ntp.org, 1.us.pool.ntp.org, 2.us.pool.ntp.org,
3.us.pool.ntp.org"

- w32tm /config /reliable:yes

- net start w32time

This is due to the fact the domain controllers are still trying
to use the old PDC Emulator as their time source.
You can quickly rectify this by running the command:
- w32tm /resync /rediscover

If you want to verify the time source that a domain controller is

using run the command:
- w32tm /query /source

POWERSHELL

- w32tm /config /manualpeerlist:pool.ntp.org

/syncfromflags:MANUAL
- Stop-Service w32time
- Start-Service w32time

NOTE: Windows Remote Management

- winrm enumerate winrm/config/listener

NOTE: ACTIVEDIRECTORY_DOMAINSERVICE EventID 2886

Open Regedit (Start>Run>Regedit) and navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics

You will see that this key has listed a bunch of diagnostic features,
all set to zero. You can enable the logging for each
of these events by changing the number to anything up to 5. A
list of what each number does can be found here.

Change the value of 16 LDAP Interface Events to 2 by double clicking it

and changing 0 to 2, and hitting enter.

Now keep your eye on the Event Log for event ID 2889, which will
contain the IP Address of the client connecting with these binds.

Alternately, if you disable these binds, the server will post one log
event every 24 hours with ID 2888.

After a few days, or hours, or no time depending upon how patient you
are, you may check the Event Log and find these entries, or not.
To make things easier you could create a custom log in event
viewer, and filter in only event id’s 2886, 2888, and 2889.

As you can see, my filter is only finding event id 2886, which is the
security for the bind warning. I am not seeing any 2888 or 2889,
which would mean that clients were connecting using these binds.
So let’s go ahead and correct the security vulnerability less privilege is more.

To do this, we need to configure the server to REQUIRE LDAP signing.

This is done by Group Policy. Microsoft recommends that you make this
change in the Default Domain Policy– yet I do not touch that one.
So I am going to make a new GPO and link it in the domain,
then apply it to all computers. You can make the changes to the
Default Domain Policy if you want.

- Open up GPMC from Start>All Programs>Administrative Tools>Group

Policy Management.

- Right click your domain, and click Create a GPO and link it here…

- Name it something appropriate, like LDAP Signing.

- Then open the GPO by right clicking it and selecting Edit. Now drill
down to:

According to EV100630 (Event ID 2886 — LDAP signing), the solution to

this is to configure the directory to reject LDAP binds
that do not require signing on the DC and AD LDS servers. See
the blog entry for more details.

The two GPOs to configure to remove this warning are:

- Computer Configuration -> Policies -> Windows Settings -> Security

Settings -> Local Policies -> Security Options
-> Network Security: LDAP client signing requirements = negotiate
signing.

- Computer Configuration -> Policies -> Windows Settings -> Security

Settings -> Local Policies -> Security Options
-> Domain controller: LDAP server signing requirements = require
signing.

05 Install/ Configure DHCP

- Server Manager -> Add roles and features -> Add Roles and Features
Wizard (Menu) -> Next
- Select Role-based or feature-base installation -> Next

- Select a server from the server pool -> Next

- Select DHCP Server -> Next - Features -> Select .NET Framework 3.5
Feautres -> Next
- DHCP Server -> Next -> Confirm Installation Selection -> Install

- Close to finish the installation

- Open Server Manager and click NOTIFICATIONS ICON. Small window will
appear. Click Complete DHCP configuration

05-A CONFIGURING DHCP SERVER AND CREATING SCOPE

- Open DHCP's MMC -> Next

 - Right click IPv4 -> New Scope -> Next -> Give the scope a name ->
Next
- Give the scope range -> Next
- Add Exclusion and Delay (leave default value) -> Next
- Yes, I want to configure these options now -> Next
- Give the IP of router if any -> Next
- Validate to be sue the DNS's suffix is correct (Important) -> Next
- WINS Server (Leave blank) -> Next
- Yes, I want to activate this scope now -> Next
- Finish

PREPARING SAN/ LUN Storage

STARTWIND OR Microsoft iSCSI

STARWIND
- https://www.starwindsoftware.com/download-starwind-products <// Download
Starwind and check for installation instruction

MICROSOFT iSCSI SAN (Windows 2012 R2)

Server 2912 now includes iSCSI software components, which means you can
create SAN in server 2012. Two main components of iSCSI are;

- iSCSI INITIATOR - A client or system that can be using the storage

from SAN.
- iSCSI TARGET - the SAN box or storage box or the server where
iSCSI target component is installed.

Server 2012 iSCSI SAN feature to configure shared storage for fail-over
clustering for Hyper V and VMware VSphere, and other.

LAB Environment
- Memory 6144 MB
- Processor 2x2
- Hard Disk (SATA) 60 GB
- Hard Disk 2 (SATA) 100 GB
- Hard Disk 3 (SATA) 60 GB
- CD/ DVD (SATA) Using file
- Network Adapater VMNet 3 (Host Only)
- USB Present
- Display Auto detect

INSTALLATION
a. Server Manager -> Manage -> Add Roles and Features -> Add Roles and
Features Wizard (Next)
b. Select Installation Type -> Role-based or feature-based installation
-> Next
c. Select Destinaton Server Option -> Select a Server from the Server
pool -> Next
d. Select Server Roles Pages, (Expand) File and Storage Service role ->
(Expand) File and iSCSI Services feature ->
(Select) iSCSI Target Server feature -> Next
e. Feature Page -> Next
f. Review the confirmation page and INSTALL -> After installation is
complete (Finish)

NOTE: Before creating any virtual disk or LUNs the disks needs to be online
and create a NTFS partition on these disks.
Bringing online, go to Server Manager -> (Click) File and Storage
services tab -> (Select) Disks tab -? (Right Click Disk) -> (Click) Bring Online.
 Repeat step for each disks. (Warning will appear after clicking) Bring
Online -> Read and click YES.

CONFIGURATION
a. Create volumes in these disk -> (Right-click the disk) and (Select)
New Volume
b. Volume wizard will pop up -> Next -> Choose the server an disk and
Next
c. (OK) on warning -> Specify size of the volume -> Next
d. Assign drive letter to new volume -> Next
e. Select System -> Next -> Review Confirmation page -> (Click) Create.
f. Repeat the same step for other disk to create. To view the volumes,
(Click) Volumes tab.

LUNs OR VIRTUAL DISK CONFIGUURATION

a. Server Manager -> File and Storage services tab -> (Click) iSCSI tab
-> (Click) Tasks -> (Select) New iSCSI Virtual Disk
b. New iSCSI Virtual Disk Wizard Menu -> (Select) Server and Select
Volume -> Next
c. Type name of the Virtual Disk. (ex. LUN-01) -> Next (see below its a
VHDX file, same file format that Hyper V uses for virtual disks of Hyper V virtual
machines.
d. Specify virtual disk's size -> Choose disk type -> Dynamically
expanding -> Next
e. Assisgn iSCSI target -> (Choose) new iSCSI target option -> Next
f. Type name of the new target
g. In Access Server tab -> (Click) Add button -> Add initiator id
dialog box will open. There are three ways to identify the initiator
(Device that will use this virtual disk). Input IP and type the
initiator eg. 192.168.254.254 -> OK
h. Access Server Tab you can see the lists of iSCSI initiators -> To
add other iSCSI inititator -> (Click) Add and repeat the step above -> Next
i. Enable Authentication page -> Either CHAP or reverse CHAP for
authenticating iSCSI inititors and iSCSI target can be used. No selection -> Next
j. Review configuration -> (Click) Create to create a new virtual disk
or LUN.
k. After the installation you can view the virtual disks in iSCSI tab.

PREPARATION OF VCENTER

01 The domain join cannot be completed because the SID of the domain you
attempted to join was identical to the SID of this machine.
- cmd -> C:\Windows\System32\Sysprep\sysprep.exe
- Click on start button and Type ‘RUN’
- In Run Prompt type ‘%WINDIR%\system32\sysprep’
- Double click on ‘sysprep’ and check ‘geberalize’ checkbok as per
below image.

VMWARE
INTRODUCTION
LABORATORY ENVIRONMENT
- HOST - Windows 2016 DataCenter
- Intel i7 3.4Ghz (2nd Gen)
 - 32GB Memory
- Hyper Vison VMware Workstation 12PRO
- ISO Image / Windows Server 2012 R2, VMware ESXi 6.5, VMware VSphere 6.5
- Starwind SAN Software/ Microsoft 2012 R2 iSCSI Service

- GUEST VM 01 - Windows 2012 (MS 2012 R2 x64 - DC)

- 2x2 CPU
- 6144GB Memory
- 60GB HDD
- NIC01 192.168.254.5 vmnet03 (Custom Specific VM Network)
- NIC02 vmnet08 (Host-Only)
- Domain rdm.local

- GUEST VM 02 - Windows 2012 (MS 2012 R2 x64 - Vcenter)

- 2x2 CPU
- 6144GB Memory
- 60GB HDD
- NIC01 192.168.254.15 vmnet03 (Custom Specific VM Network)
- Domain rdm.local

- GUEST VM 03 - Windows 2012 (MS 2012 R2 x64 - SANSrv01)

- 2x2 CPU
- 6144GB Memory
- HDD00 60GB
- HDD01 100GB
- HDD02 60GB
- NIC01 192.168.254.10 vmnet03 (Custom Specific VM Network)
- Domain rdm.local

- GUEST VM 04 - VMware ESXi 6.7 (VMware ESXi 6.7 - Srv01)

- 2x2 CPU
- 6144GB Memory
- HDD00 60GB
- HDD01 100GB
- HDD02 60GB
- NIC01 192.168.254.200 vmnet03 (Custom Specific VM Network)
- Domain rdm.local

- GUEST VM 05 - VMware ESXi 6.7 (VMware ESXi 6.7 - Srv02)

- 2x2 CPU
- 6144GB Memory
- HDD00 60GB
- HDD01 100GB
- HDD02 60GB
- NIC01 192.168.254.202 vmnet03 (Custom Specific VM Network)
- Domain rdm.local

- GUEST VM 06 - VMware ESXi 6.7 (VMware ESXi 6.7 - Srv03)

- 2x2 CPU
- 6144GB Memory
- HDD00 60GB
- HDD01 100GB
- HDD02 60GB
- NIC01 192.168.254.204 vmnet03 (Custom Specific VM Network)
- Domain rdm.local

02 Installing vCenter 6.5 Server Step by Step

- Mount VMware-VIM-all-6.7.0-8832884.ISO
- Check in Microsoft Visual C++ 2017 higher version in Add Remove Programs
un-install, it will create issue.
- Run IIS -> Server Name -> Sites -> (Right Click) Default Web Site -> Edit
Bindings -> Change instance that use port 80 -> Click Close
- Restart IIS -> Proceed to installation of VCenter.
- Run the installer -> VMware vCenterInstaller -> (Click) Install -> Next ->
Next -> (Select) Embedded Deployment -> Next
NOTE: Embedded Deployment vCenter Server and Embedded Platforms Service
Controller

External Deployment - Platform Services Controller

- vCenter Server

- Server Name: vCenterSrv.rdm.local -> Next

- vCenter Single Sign-On Configuration -> vCenter Single Sign-On Domain
Name : vsphere.local
-> vCenter Single Sing-On username :
administrator
-> vCenter Single Sign-On password : !@#$%$%#$%
-> Confirm password : !@#$%$%#$%
-> Site name :
VCenter.local
- Next
- vCenter Server Service Account -> Use Windows Local System Account
(Select) -> Next
- Database Settings -> Use an embedded database (VMware
Postgres) -> Next
- Configure Ports -> Check in firewall where these port is
available or free -> Next
- Destination Directory -> Next -> CEIP -> Next -> Ready to
Install (Review) Next -> Installion Finish (Close)
- in Web Browser -> Open VM site -> (User Name)
[email protected] (Password) !@#$%$%#$%
- vSpehre Client -> root (Right Click) -> New DataCenter -> DataCenter name
OK
-

03 Configuring Active Directory Authentication for vCenter Server

- Test windows authentication login by ticking Use Windows Session
Authentication
- Checking user by typing in cmd -> whoami, set user -> net user
- Login to vSphere Web Client ->

NOTE: JOIN vCenter Server to ACTIVE DIRECTORY //>

https://www.altaro.com/vmware/join-vcenter-server-instance-active-directory/

REQUIREMENTS:
- Writable domain controller. AD deployment may include what's known as
a read-only domain controller (RODC).
While it is possible to join a PSC or vCenter to a domain with
read-only domain controller (RODC), scenario is nonetheless
unsupported by VMware.
- Fully Qualified Domain Name (FQDN) must be used for vCenter when
adding it to AD such as vCenterProd.acme.local. You will not
be able to join it if you use an IP address instead.
- Make sure no firewall is restricting vCenter from reaching the
domain's controllers.
- The clocks on all resources must be in sync.
- vCenter must be able to resolve DNS names for the AD domain - and
controllers - it is being joined to
 - On vCenter, create a local user account as a member of the
SystemConfiguration.Administrators group.
Alternatively, use the local [email protected]

JOINING vCenter SERVER TO AD

- vSphere Web Client (log as Administrator) -> Home -> System
Configuration (icon)
- Navigator -> Node 1 -> Nodes (eg. vCenter65.rdm.local) -> Manage ->
Settings -> Active Directory -> Join (NOTE: if it's already join to Domain jump to
Next Next Step)
- Join Active Directory (Menu) -> Supply needed information eg. Domain:
rdm.local; Organiational unit (optional); User Name: rmagistrado (eg); Password:
****** ->
node name (right click) -> reboot (select).

NOTE: No notification on whether the domain join process succeeded or

not. Instead, you'll need to reboot vCenter for the change to take root. However,
you can have
a look at the Computers built-in container using the Active
Directory Users and Computers snap-in. You should find a computer account created
for the vCenter
Server just joined. eg. vCenter65.rdm.local

NOTE: When vCenter is back online, the AD domain to which it's been
added should be listed in the Doman field. to remove vCenter from te AD domain,
Click on the Leave button
You'll need to reenter the credentials-or similar - used to join
it in the first place and reboot it for the change to take effect. If all went
acccordng to plan,
vCenter is now a member of the AD domain. Means that AD security
principals - translated AD users and groups - can be used for authentication
purposes and to assign
permission on vSphere objects. However, we still need to execute
a couple more tasks before we can do this.

ADDING an SSO IDENTITY SOURCE // SSI identity source are the means
through which additional authentication domains are added to vCenter. This makes it
possible to leverage user
accounts and groups from a number of disparate security domains.
A domain local to vCenter is always created by default. This domain is called
vsphere.local
unless you changed it to something elses while installing
vCenter. The [email protected] account you're familiar with, is a member
of this domain hence
the suffix. If you're using vCenter for Windows, you should also
be able to authenticate and set permissions using users and groups local to the
Windows server
where vCenter is installed.

Likewise, we need to create an SSO identity source for Active

Directory before we can use security principles from the AD domain.

- vSphere Web Client -> Home -> Administration -> Single Sign-on ->
Configuration -> Identity Sources -> + (green plus sign) Add identity Source ->
Add identity Source Menu -> (first option) Active Directory
(Integrated Windows Authentication)

NOTE: Domain name is automatically picked up. Leave the Use Machine
Account option selected. Alternatively, select the SPN option if you're planning on
renaming
vCenter which is something you should avoid doing as it is not
supported by VMware.

- Add identity source menu, Domain Name: rdm.local, Use machine account
-> Next -> Review information -> Finish

NOTE: You should now see the identity source listed. You can also set
any of the identity sources as the default domain. For instance, if you prefer to
log in with
your AD credentials, set the AD identity source as the default
domain. Doing this, voids the need to append the domain bit to the username. If
wanted to log
with AD account, only use rmagistrado instead of
[email protected]

- SSO Configuration for vCenter65.rdm.local (menu) -> Select domain

(highlight) -> Click Set as Default Domain button.

NOTE: With the AD identity source in place, we can now authenticate and
set permissions using users and groups from AD.

GLOBAL PERMISSIONS // Global permissions are set on root objects

and span across the vSphere hierarchy including integrated products. User account
or group
granted this much, will have access to the root object and
children falling under it - provided propagation has been enabled - depending on
the role assigned.

Consider for instance the vCenter Server object at the top of the
inventory hierarchy. By default, the inbuilt local Administrators group has full
access
to it and, by propagation, to the remaining objects in the
inventory as the group is automatically added to the Global Permissions list where
it is assigned
the Administrator role. You may wish to assign the same to an AD
user account or group.

- Home -> Administration -> Access Control -> Global Permissons ->
Manage -> Add Permission
- Add Permission Menu -> Add -> Select Users/ Groups Menu -> Domain:
rdm.local -> User/ Group : rmagistrado -> Add -> OK
- Global Permission Root - Add Permission Menu -> (Select)
Administrator -> (Check) Propagate to children -> OK
- Verify -> Home -> Hosts and clusters -> Permissions (See the AD
account or group just added, listed)

NOTE: The same applies to viewing the permissions applied on child

objects.
should now be able to log in as [email protected] on vCenter
via vSphere Web Client. As previously mentioned, setting the AD identity source as
the default
domain, voids the need to add the domain bit to the username when
typeing in the credentials.

NOTE: IF AFTER RESTART (USE WINDOWS SESSION AUTHENTICATION) IS NOT CLICKABLE

-> SERVICES.MSC -> VMware Cip Message Proxy Service -> Restart or Run Delayed
 NOTE: NO PRIVILEDGE IN OTHER MENU OR ADMINISTRATIVE RIGHTS -> ADMINISTRATION
-> SINGLE SIGN-ON -> USERS AND GROUPS -> GROUPS -> ADMINISTRATORS -> ADD MEMBER ->
ADMINISTRATION -> SINGLE SIGN-ON -> USERS AND GROUPS -> GROUPS ->
SYSTEMCONFIGURATION.ADMINISTRATORS

04 Installing VMware ESXi 6.5 Step by Step

REQUIREMENTS: (LAB)
- Processor 2x2
- Memory 5GB
- Hard Disk(SCSI) 40GB
- CD/ DVD (IDE) AutoDetect
- NIC 8 NIC Bridge
- USB CONT. Present
- Display Auto Detect

- CD/DVD -> Use ISO Image file: -> VMware-VMvisor-Installer-6.5.0-

4564106.x86_64.ISO -> OK
- ESXi-6.5.0-20* -> Enter -> Wecome Screen (Enter) -> License Agreement (F11)
Accept and Continue -> Select Disk (Enter) Continue -> Keyboard (US Default) Enter
->
Enter a root password (Enter) Continue -> Confirm Install (F11) Install
-> Installation Complete (Enter) Reboot
- ESXi Screen Boot Logging -> F2 -> login (Enter) -> Configure Management
Network (Enter) -> IPv4 Configuration (Enter) -> Set Static IP (Enter) ->
IPv6 (Disable) (Enter) -> DNS Configuration (Configure) (Enter) ->
Hostname (Name of the Machine) (Enter) -> Custom DNS Suffixes (eg. rdm.local)
(Enter) ->
ESC (Ask for confirmation) Reboot
- DNS Configuration for ESXi Host -> DC Server -> DNS -> Domain Name ->
Forward Lookup Zone -> (Right Click) New AAA Host -> Supply Name and IP Address ->
(Check) ->
Create associated pointer (PTR) record. (Add Host Button)

05 Adding VMware ESXi 6.5 Host to vCenter Server/ Rename DataStore

A. - Browser (Chrome/ Firefox) -> VSphere Web Client
-> Login by SSO or Windows Session
-> DataCenter (eg. vDataCenter65)
-> (Right Click) DataCenter
-> (Select) Add Host
-> Add Host Menu (Hostname (eg. ESXi65-01) or IP Address (192.168.1.26)
Next
-> Connection settings (UserName/ Password) (One Specified when
installing ESXi OS) Next
-> Security Alert (Yes)
-> Host Summary (Review) Next
-> Assign License (You can supply UserName and Password if you have one
or use Evaluation Licenses) Next
-> Lockdown Mode (Default) Next
-> VM location (Default or Add VM's if any is availabe) Next
-> Ready to complete (Finish)
-> Review in Recent Tasks for completation of tasked.

B. - From DataCenter -> Select Host -> Configure

-> Datastores (Right Click)
-> Rename (Select)
-> Datastore - Rename (Enter New Name) OK

06 Configuring StarWind Virtual SAN/ Microsoft iSCSI for VMware ESXi

 A. StarWin Virtual SAN //> Download StarWind Virtual SAN either for vSphere
or HyperV (https://www.starwindsoftware.com/download-starwind-products)
NOTE: VIRTUAL MACHINE REQUIREMENSTS
Minimum 4v Processor 2GHz
Memory 4GB
NIC 3 Ports (Dedicated as separate vSwitches for Management,
StarWind synchronization and iSCSI traffic to ensure the proper
functioning of Virtual SAN

-> Extract (it contains 3 files .vmdk - appliance, .ovf - vm

information, .pdf for installation guide)
-> VMworkstation -> File -> Open -> (Browse file location) ->
StarWndVSAN)vSphere.ovf (Open) -> Supply Name and Location (Click) Import
-> VMworkstation -> (Right Click) SolarWinds Appliance -> Settings -> +
Add -> Hard Disk (Add storage if availalbe) Next
-> Type -> SCSI (Recommended) -> Create a new virtual disk Next -> Size
Next -> File name (Location) Finish
-> Network Adapter -> Change to specific network
-> PowerOn VM -> (Supply Credentials) Username/ Password (root)
-> # cd /etc/sysconfig/network-scripts/ (Enter)
-> edit default 1st NIC (ens192) -> # vi ifcfg-ens192 (Inside vi
Editor) (Press Insert or Alt+i for editing or insert)
NOTE: Change information and Add the following in the end of file
BOOTPROTO=static
IPADDR=192.168.1.30
PREFIX=24
GATEWAY=192.168.1.5
DNS1=192.168.1.5

-> (Press) ESC -> Type :wq (Save and Exit) ifdown ens192 && ifup ens192
-> Open browser -> type IP eg. https://192.168.1.30:9090 -> Advanced ->
(Click) Proceed to 192.168.1.30 (Unsafe)
-> Supply username and password (Credentials) / root/root ->
-> Starwind Virtual SAN Menu -> Change System Time -> (Click System
Time) Select Time Zone -> Set Time Manually -> Change
-> Starwind Virtual SAN Menu -> Storage -> Right Menu (Check the
Available Disk To Add in VSAN Server)
-> Select Disk by Clicking on it -> Create Partition Table -> Format
Disk /dev/sdb (Menu) -> Select in Erase (if New HDD) Don't overwrite existing data
Partitioning: Compatible with all systems and devices (MBR)
Format
-> (Click) Create Partition -> Selection (Erase: Don't overwrite
existing data, Type: XFS - Red Hat Enterprise Linux 7 default, Name: vDisk01,
Mouting: Custom, Mount Point: /mnt/vDisk01, Mount options (Check)
Mount at boot, (Click) Create partition
-> If Disk is not Mounted Select the Disk -> Click the Disk ->
FileSystem -> (Click) Mount (It should mount and display it the system. Follow
steps
If there is additional disk to be configure.
-> Install StarWind Management Console -> Click starwind-v8 -> Accept
the agreement Next -> Select StarWind Management Console/ Configure user account
for Web-access to Management Console -> Software Location Next ->
Desktop Icon Next -> License Key Next -> Install

-> StarWind Management Console -> Add Server -> Supply Host IP/ Port
3261 OK -> Connect
-> Server ->vDos
-> Server -> Add Device -> (Select) Device Type/ Hard Disk Device ->
Disk Type/ Virtual Disk -> Virtual Disk Location/ Name: vDisk-ISO, Location: VSA
Storage\mnt\vDisk01, Size: 15GB
-> Thick-provisioned Next -> Write-Back Next -> No Flash Cache
Next -> Create -> Close

07 Configuring Multi Pathing Network for Storage Access (REDUNDANT ACCESS NETWORK
FOR STORAGE)
NOTE: VMNIC0/ VMNIC01 Management Network
VMNIC2/ VMNIC3 iSCSI Storage Network

-> ESXi Host -> Configure -> Networking -> Virtual Switches -> Select Switch
that are available (eg. vSwitch0)
NOTE: VM Network, either to remove or stay as it is.

-> (Select) Management Network -> (Network Adapter ICON) (Click) Management
the Physical Network Adapters -> Add Adapters -> (Select) Adapters that tobe added
(eg. vmnic1) -> OK
-> Management Network (Select) Edit Settings -> (Select) Teaming and
failover -> (Mask) Unused adapters to Active adapters (eg. vmnic1) -> (Select) OK
NOTE: This is to group the management and have FA

NOTE: Adding Network to use in iSCSI

-> Host -> Configure -> Networking -> Virtual switches -> Add host networking
-> VMkernel Network Adapter (Next) -> New standard switch (Next) -> Add adapters ->
(Select)
(eg. vmnic2, vmnic3) (Next) -> Network label: (eg. iSCSI-01) (Next) ->
IPv4 settings/ Use static IPv4 settings (eg. 192.168.1.35/ 255.255.255.0) (Next) ->
Ready to complete (Finish)
NOTE: Exclude vmnic3 to add to another traffic for FA
-> Host -> Configure -> Networking -> Virtual switches -> (Select) (eg.
vSwitch1) -> Edit settings -> iSCSI-01 - Edit Settings/ Teaming and failover ->
(Move) vmnic3 to Unused adapters -> OK
NOTE: Adding another path
-> Host -> Configure -> Networking -> Virtual switches -> Add host networking
-> VMkernel Network Adapter (Next) -> Select an existing standard switch (Next) ->
Network label: (eg. iSCSI-02) Next
Use static IPv4 settings/ IPv4 address: (eg. 192.168.1.36/
255.255.255.0) (Next) -> (Finish)
-> (Select) (eg. iSCSI-02) -> Edit settings -> Teaming ad failover
(Menu) -> (Override)/ (Select) (eg. vmnic2) (Move) Unused adapters OK
-> Check if all is ok -> Host -> Configure -> Networking -> VMkernel adapters
NOTE: iSCSI traffic is not recommended to configure in distributed switches

08 Mapping LUN or Data store to ESXi Host

->

vmware tutorial for beginners

vmware 6.5
vmware 6.5 install
vmware 6.5 install configure manage
vmware 6.5 installation guide
vmware 6.5 installation step by step
vmware 6.5 add distributed switch
vmware 6.5 add network
vmware 6.5 add nfs datastore
vmware 6.5 certificate
vmware 6.5 cluster
vmware 6.5 configuration
vmware 6.5 configure vmotion
vmware 6.5 converter
vmware 6.5 create distributed switch
vmware 6.5 create network
vmware 6.5 delete datastore
vmware 6.5 demo
vmware 6.5 deployment guide
vmware 6.5 distributed switch
vmware 6.5 download
vmware 6.5 drs
vmware 6.5 encryption
vmware 6.5 expand virtual disk size
vmware 6.5 fault tolerance
vmware 6.5 features
vmware 6.5 foundation exam
vmware 6.5 ft
vmware 6.5 gpu passthrough
vmware 6.5 ha
vmware 6.5 ha configuration
vmware 6.5 high availability
vmware 6.5 home lab
vmware 6.5 host profiles
vmware 6.5 import ova
vmware 6.5 import vmdk
vmware 6.5 improvements
vmware 6.5 increase datastore size
vmware 6.5 iscsi
vmware 6.5 iscsi setup
vmware 6.5 lab
vmware 6.5 lab setup
vmware 6.5 lacp
vmware 6.5 lacp configuration
vmware 6.5 linked mode
vmware 6.5 migration tool
vmware 6.5 mount iso
vmware 6.5 networking
vmware 6.5 networking best practices
vmware 6.5 new
vmware 6.5 new features
vmware 6.5 nfs datastore
vmware 6.5 nic teaming
vmware 6.5 overview
vmware 6.5 passthrough
vmware 6.5 permissions
vmware 6.5 platform services controller
vmware 6.5 raw device mapping
vmware 6.5 remote console
vmware 6.5 remove datastore
vmware 6.5 replication
vmware 6.5 resource pools
vmware 6.5 scheduled tasks
vmware 6.5 security
vmware 6.5 set time zone
vmware 6.5 setup
vmware 6.5 ssl certificate
vmware 6.5 step by step
vmware 6.5 template
vmware 6.5 time zone
vmware 6.5 training
vmware 6.5 training videos
vmware 6.5 update manager
vmware 6.5 upgrade
vmware 6.5 upgrade manager
vmware 6.5 vcenter
vmware 6.5 vcenter ha
vmware 6.5 vcenter install
vmware 6.5 vcsa
vmware 6.5 videos
vmware 6.5 virtual switch configuration
vmware 6.5 vmotion setup
vmware 6.5 vsan configuration
vmware 6.5 vswitch
vmware 6.5 vvols
vmware 6.5 web client
vmware 6.5 web interface
vmware 6.5 what's new
vmware 6.5 windows 2016
vmware 6.5 youtube
vmware esx 6.5
vmware esxi 6.5
vmware vsphere 6.5 training

NOTE:
CHECKING PROGRAM USING PORT 80 IN WINDOWS
- netstat -anb >%USERPROFILE%\ports.txt <// CMD run in elevated
- netstat -anb | findstr :80 <// run with filter
- netstat -aon | findstr :80 <// -a displays all
connections and listening ports
-o displays the owning process
ID associated with each connection
-n displays addresses and port
numbers in numerical form
- netstat -ano ^| findstr "0.0.0.0:80
- tasklist /svc /FI "PID eq 1348" <// You can then use the
"tasklist" command with the specific PID that corresponds to a port in question.