Virtualizing Cisco Unity on ESX

Just doing a little reading on the possibilities of running Cisco Call Manager (Unified Communications), Unity, and CRS (UCCX) in a virtual environment.

Cisco actually supports running Unity as a virtual machine guest in ESX. The Desgin Guide is here http://www.cisco.com/en/US/docs/voice_ip_comm/unity/virtualization_design/guide/cuvirtualdg010.html

Cisco does not support Vmotion, HA, or iSCSI attached storage for a virtualized Unity box. They also do not support a physical to virtual conversion of a Unity server. Hopefully Cisco will support Vmotion and HA at some point.

I also found some interesting information on running an older Call Manager version (4.x) as a VM – http://www.blindhog.net/cisco-install-call-manager-4x-with-vmware/

Here is some info I found on UCCX – http://tannerezell.com/cisco/?p=85

Handy Linux iptables script

Here is a script I put together some years ago to create a simple Iptables firewall on my linux webserver. Some of the code was borrowed from a linux security book but I do not remember which one. Anyway it is a pretty handy script to give you some control and protection.

First create three files in /usr/local/etc:

ipblack.lst – this file contains a list of ip addresses you want to blacklist. One ip or subnet per line.

Example:

94.178.222.17
87.0.0.0/8

ipwhite.lst – this file contains a list of ip addresses that you allow unrestricted access (Be careful with this). One ip or subnet per line. Make sure you add localhost to this file.

Example:

localhost
10.10.1.1 #Home IP Address

ports.lst – this file contains a list of ports you allow.

Example:

22 #SSH
25 #SMTP
53 #DNS/Domain
80 #HTTPD
443 #HTTPS

Add this iptables.sh script to /usr/local/sbin

#!/bin/sh

#Iptables for webserver

IPTABLES=/sbin/iptables
WHITELIST=/usr/local/etc/ipwhite.lst
BLACKLIST=/usr/local/etc/ipblack.lst
PORTSLIST=/usr/local/etc/ports.lst

#—-Flood Variables—–#

# Overall Limit for TCP-SYN-Flood detection
TCPSYNLIMIT=”5/s”
# Burst Limit for TCP-SYN-Flood detection
TCPSYNLIMITBURST=”10″

# Overall Limit for Loggging in Logging-Chains
LOGLIMIT=”2/s”
# Burst Limit for Logging in Logging-Chains
LOGLIMITBURST=”10″

# Overall Limit for Ping-Flood-Detection
PINGLIMIT=”5/s”

# Burst Limit for Ping-Flood-Detection
PINGLIMITBURST=”10″

#Clear any current filters
$IPTABLES -F

#Process Whitelist
for x in `grep -v ^# $WHITELIST | awk ‘{print $1}’`; do
echo “Permitting $x…”
$IPTABLES -A INPUT -t filter -s $x -j ACCEPT
done

#Process Blacklist
for x in `grep -v ^# $BLACKLIST | awk ‘{print $1}’`; do
echo “Blocking $x…”
#$IPTABLES -A INPUT -t filter -s $x -j LOG
$IPTABLES -A INPUT -t filter -s $x -j DROP
done

#Allow Ports list
for port in `grep -v ^# $PORTSLIST | awk ‘{print $1}’`; do
echo “Accepting port $port…”
$IPTABLES -A INPUT -t filter -p tcp –dport $port -j ACCEPT
done

$IPTABLES -A INPUT -t filter -p tcp –syn -j DROP

#ICMP TIMESTAMP REQUEST AND REPLY
$IPTABLES -A INPUT -p icmp –icmp-type timestamp-request -j DROP
$IPTABLES -A FORWARD -p icmp –icmp-type timestamp-request -j DROP

#Logging of possible TCP-SYN-Floods
$IPTABLES -N LSYNFLOOD
$IPTABLES -A LSYNFLOOD -m limit –limit $LOGLIMIT –limit-burst $LOGLIMITBURST -j LOG –log-prefix “fp=SYNFLOOD:1 a=DROP ”
$IPTABLES -A LSYNFLOOD -j DROP

#INVALID SYN packets
$IPTABLES -A INPUT -i eth0 -p tcp –tcp-flags ALL ACK,RST,SYN,FIN -j DROP
$IPTABLES -A INPUT -i eth0 -p tcp –tcp-flags SYN,FIN SYN,FIN -j DROP
$IPTABLES -A INPUT -i eth0 -p tcp –tcp-flags SYN,RST SYN,RST -j DROP

#Logging of possible Ping-Floods
$IPTABLES -N LPINGFLOOD
$IPTABLES -A LPINGFLOOD -m limit –limit $LOGLIMIT –limit-burst $LOGLIMITBURST -j LOG –log-prefix “fp=PINGFLOOD:1 a=DROP ”
$IPTABLES -A LPINGFLOOD -j DROP

Add /usr/local/sbin/iptables.sh to rc.local so that it runs when the machine starts up.

Anytime you make changes to the ipblack.lst, ipwhite.lst, or ports.lst files rerun the iptables.sh script to apply the rules.

The script also applies iptable rules to help protect against ping floods, SYN flood, and invalid SYN packets.

Migrating to vSphere 4

Details on the migration from VI 3 to vSphere 4.

vSphere Update Center

Check out the step-by-step vSphere migration videos.

VMware Launches vSphere 4

Introducing VMware vSphere 4 – The Industry’s First Cloud Operating System http://blogs.vmware.com/vmtn/2009/04/introducing-vmware-vsphere-4-the-industrys-first-cloud-operating-system.html

VMware vSphere 4 Launch Supported by Broad Virtualization Ecosystem http://vmblog.com/archive/2009/04/21/vmware-vsphere-4-launch-supported-by-broad-virtualization-ecosystem.aspx

VMware vSphere 4 Provides “Always On IT” for SMB and Branch Office IT Environments With Low Cost, High Availability Solutions http://vmblog.com/archive/2009/04/21/vmware-vsphere-4-provides-always-on-it-for-smb-and-branch-office-it-environments-with-low-cost-high-availability-solutions.aspx

A random collection of what’s new vSphere eye candy http://www.boche.net/blog/index.php/2009/04/20/a-random-collection-of-whats-new-vsphere-eye-candy/

VMware Launches vSphere – http://www.mikedipetrillo.com/mikedvirtualization/2009/04/vmware-launches-vsphere.html

Yellow-bricks.com has put together a great list of vSphere links: http://www.yellow-bricks.com/2009/04/21/vsphere-linkage/

Civony – A great distraction

If you have some time to kill (waste) check out this online game Civony by UMGE.

The game is in the spirit of Age of Empires or the old Warcraft games where you have to build houses, train your army, collect resources, upgrade structures, learn skills, etc. I have been playing it for a couple of days now. It is a bit slow, but definitely a good distraction while you are waiting for an upgrade or download to complete.

Check it out at http://www.civony.com/

Hint – Lumber, Stone, and Iron – you will need plenty of each – build 4 farms, 4 quarries, 4 sawmills and 4 ironmines, then upgrade each as you can. Follow the quests that the game gives you and the resources will come.

Have a great weekend!

A Few VMware/ESX/ESXi Tips, Tricks, and How to’s

Just a few quick useful VMware/ESX tips.

Installing VMware tools on an Ubuntu guest

ESX Server, NIC Teaming, and VLAN trunking

Speed up your Windows 2003 Server guests – Disable File Last Access Check

Hidden network adapters when importing to VMWare

Installing Windows XP on ESX with LSI Logic Driver

Moving hosts from one vCenter server to another.

Enable SSH on ESXi

Hope you find them as useful as I have.

Free VMware Visio Stencils from Veeam

Check out these great Visio stencils available for free from Veeam. Perfect for designing or documenting your virtual infrastructure.

Veeam Stencils is a free collection of VMware Visio stencils that can be used by ESX administrators, system integrators and datacenter managers to create their own diagrams in Microsoft Visio 2003 or higher.

Download them here http://www.veeam.com/vmware-esx-stencils.html

Xmarks – Organizing Browser Bookmarks

Between my computer at work with IE and Firefox and my computer at home running IE and Firefox, I have bookmarks and favorites spread all over the place – hundreds of them. I go home at night to do some research and remember bookmarking a site earlier but that was at work, log in to the office VPN just to get a bookmark. Not the end of the world, but still frustrating and time consuming. Xmarks allows you to easily manage, organize, and share your browser bookmarks/favorites.

I generally use Firefox for most browsing, but there are some vendor portals, sites, and utilities that either require or simply work better with IE or Firefox. Occasionally I will favorite something in IE and want it later with Firefox.

Xmarks is a free utility/service that lets you manage and maintain your bookmarks/favorites between browsers and computers. You simply sync your bookmarks using different profiles (work/home/etc) that you create and configure.

You also have access to all of your bookmarks/favorites online from any computer using the My Xmarks portal and you can share your bookmarks with others.

Check out Xmarks at http://www.xmarks.com/

Minor Update to RVTools

Version 2.5.1 (April 15, 2009) – Bug fix! Better exception handling on the vDisk and vNetwork tab pages.

Download it here – http://www.robware.net/

Virtualization Blogs that I Read

There are a lot of great blogs out there that deal with VMware, Virtualization, EMC, Storage, Cloud Computing, etc – here are a few that I subscribe to in my feed reader that I read/browse daily.

Some of these are updated often and some of them have not been updated in awhile but they are still full of a lot of great information. I know that there are a lot more of them out there, so feel free to add a comment with your favorite virtualization blog.

Yellow-Bricks – Building blocks for virtualization.

VM/ETC – Go Green with Virtualization. Go UGLY Green with vmetc.com

Virtual Geek – an insider’s perspective, technical tips n’ tricks in the era of the VMware Revolution

Scott Lowe – The weblog of an IT pro specializing in virtualization, storage, and servers

RTFM Education – Beyond the Manual

Virtualization Pro – A SearchVMware Blog

vCritical – Don’t believe everything you read.

Mike D’s Blog – A Technologist and Virtualization Expert

VMwarewolf – VMware Technical Support Discussions

VM Blog – Virtualization Technology News and Information for Everyone

Official VMware Blogs

VMware Knowledge Base Blog – News and announcements from the VMware Knowledge Base Team

VMTN Blog – Virtualization news from VMware and the community of virtualization users, including the VMware Communities and VMTN, the VMware Technology Network.

Next Page →