EMC Storage Viewer 2.1 is out

Chad Sakac talked about it end of November, read my blog post here.

The application requires VMware vSphere Client 4.0 and Microsoft Visual J# 2.0. For your information, you can use a vSphere Client to connect to your ESX 3.5 environment and manage it, vSphere Client is backward compatible. EMC Storage Viewer 2.1 also requires EMC Solution Enabler 7.1 or better.

Once you have all that in place and successfully installed, you can go on with the EMC Storage Viewer 2.1 installation. You can upgrade an older version, no need to uninstall anything prior this setup. It installs itself in your VMware client installation path, under /Plugins.

For those who are new to this product, please read Chad’s blog post. It is outstanding and full of useful information and usual with Chad, it’s a long post also but it worth it definitely!

Source: Virtualgeek.typepad.com

QNAP TS-639 Pro Turbo NAS Part 5

Still on my quest to performance with my awesome QNAP TS-639 Pro Turbo NAS, today let me post some of my test results and tuning tips.

In a previous post I gave you some tips to tune up iSCSI, now I’ll give you some tips to tune up the network interface and TCP/IP stack of your QNAP NAS.
The default maximum Linux TCP buffer sizes are waaaay too small, echo these new values:

echo 16777216 > /proc/sys/net/core/rmem_max
echo 16777216 > /proc/sys/net/core/wmem_max
echo 4096 65536 16777216 > /proc/sys/net/ipv4/tcp_rmem
echo 4096 65536 16777216 > /proc/sys/net/ipv4/tcp_wmem

Check if you are using an e1000 driver: ethtool -i eth0
And if you do increase the number of descriptors by adding this to /etc/modprobe.conf:
alias eth0 e1000
options e1000 RxDescriptors=4096,4096 TxDescriptors=4096,4096

A reboot is necessary since modprobe.conf is read at boot. To verify that this worked: ethtool -g eth0
Increase TCP throughput by increasing the size of the interface queue: ifconfig eth0 txqueuelen 1000

echo 0 > /proc/sys/net/ipv4/tcp_timestamps
echo 1 > /proc/sys/net/ipv4/tcp_sack
echo 1 > /proc/sys/net/ipv4/tcp_window_scaling

You can edit /etc/rc.local, or /etc/boot.local depending on your distribution so the parameters get automatically re-applied at boot time.
Another method to reapply the values is to include the following in your /etc/sysctl.conf. Execute sysctl -p to make these new settings take effect right away.
Note that echoing to /proc is volatile, any changes you make there are lost after reboot!

I’m using IOzone 3.321 which is a very powerful filesystem benchmarking tool. It can export the results to a binary format spreadsheet file that you open with Excel to creat great looking 3D graphics. To avoid any disk latency and bottleneck, I use the memory to create some sort of temp file from where IOzone works from. You do that by using the -g 2G parameter.

So basically you have enabled NFS and you have created a NFS share with the appropriate access rights on your QNAP device. On the client side, in my case a Dell lappy running Windows 7 Ultimate x64bit, you have mounted the NFS share. Now here is the IOzone command I have used to generate the load: iozone -Ra -g 2G -b output_nfs.wks

FYI for my tests I have setup my 2 WD VelociRaptors in RAID0. Read my blog post part#2 for more nfo about the disks.

WOW look at the IOPS +700!

Note to install DSTAT to your QNAP, you need first to install the Optware IPKG (Itsy Package Management System) then SSH in your device, navigate to /opt/bin  and use this command:
./ipkg-opt install http://ipkg.nslu2-linux.org/feeds/optware/ts509/cross/stable/dstat_0.6.9-1_i686.ipk

A list of all interesting IPacKaGes available can be found at ipkg.nslu2-linux.org. Use it at your own risk!!!

Thats it for part#5, stay tuned for #6 with more 3D graphs from IOzone benchmark results and 2D graphs from HD Tune PRO :)

iSCSI Tweaks and Recommendations

Whilst playing with my new and awesome QNAP TS-639 Pro Turbo NAS I came across some very interesting tweaks and recommendations for iSCSI in general. This is a summary of my research on the subject. I’m not going to explain each tweak and reg hack. Test them in a test environment NOT in production. By the way, REGEDIT could result in your system not starting properly or in data corruption or loss. Now that I’ve scared you, let’s see the registry tweaks for tuning up your SCSI interface

• Use gigabit adapters and eventually 10GbE for high perf demanding apps but more important. use the proper cable, that is CAT 6 minimum.
• Force full-duplex on all adapters and switch ports that will participate in the iSCSI traffic.
• Enable 9K Jumbo frames for your GbE network adapters and switch ports. Refer to your adapters and switch manual.
• Change the following TCP parameters in the registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
  • GlobalMaxTcpWindowSize = 256960 (DWORD) N.B. For dedicated NIC, set TcpWindowSize = 256960 (DWORD) in Tcpip\Parameters\Interfaces\{dedicated NIC UUID}
  • Tcp1323Opts = 3 (DWORD)
  • SackOpts = 1 (DWORD)
• In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\iSCSI dedicated interface if any>
  • TcpAckFrequency = 1 (DWORD)
• In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class
  • search for MaxRequestHoldTime and change value to 0×00000258 (dec 600)
• Use MC\S (instead of MPIO) for high performances and high availability
• Disable DNS on your storage device. This one is a bit tricky if your device does other things such NFS, SMB/CIFS.
• Always create persistent iSCSI target connections and bindings (see iSCSI Initiator Properties)
• For Windows OS, set NTFS allocation unit size to 64KB and make sure you ALIGN the partition
• For NTFS formated LUNs, never exceed 80% utilization, this is due to NTFS overhead
• Multiple smaller spindles is always better than large ones. calculate IOPS from vendor specs
• On your storage device array controller a queue exists (Target Port Queue Depth), make sure is big enough to handle all initiators. Modern storage can handle up to 2048 outstanding IOs.

QNAP TS-639 Pro Turbo NAS Part 4

This is part #4 of my journey to QNAP TS-639 Pro Turbo NAS. This is an awesome piece of hardware!
Now that I have sticked my 2 new Western Digital VelociRaptor Enterprise, built a RAID0, and created an iSCSI target and LUN, it’s time to do some baseline tests with my favourite I/O tool, that is IOMeter.

Here is my test environment:
- A DELL lappy running W7 Ultimate x64bit connected through the onboard gigabit NIC set to FULLDUPLEX/Gb to a DLINK DIR-855 Gb switch.
- A QNAP TS-639 Pro Turbo NAS using a single NIC, set to FULLDUPLEX/Gb with default MTU (1500) also connected my DLINK DIR-855 Gb switch.
- IOmeter v2006.07.27 and Dynamo running on my lappy, 1 worker, 1000000000 sectors, all access specifications, running for one hour.

Now let’s see the results.

So +890 IOPS is not that bad at all for SATA drives! Next big tests would be iSCSI over jumbo frame and over NFS, and why not for both of iSCSI and NFS tests use LACP if my switch permits it but that’s for another post so stay tuned!

QNAP TS-639 Pro Turbo NAS Part 3

One of the features I like the most in my QNAP TS-639 Pro Turbo NAS is the integrated management web interface. It is based on AJAX technology and it’s awesome.
My QNAP was still at version 2.x and as soon I received my disks (see QNAP TS-639 Pro Turbo NAS Part 2) I could flash to v3.1 first and now v3.2 which just came out yesterday…

Watch this video to see AJAX in action

Let’s talk a bit of this new firmware v3.2:

What’s New?
- Web File Manager 2
  * Brand new user interface with best use experience
  * Supports file compression/decompression (7z, gzip, gz, zip, bzip2, bz2, tar, rar, tgz)
  * Sub-folder Privileges
  * Supports file searching
  * Supports drag-n-drop: moving file & folder within NAS
  * Multiple files uploading /downloading
  * Upload: up to 128 files at a time
  * Download: auto-compress selected files into one zip file
- Apple Time Machine Support
- WebDAV Support
  * Supports most modern operating systems. Windows XP/Vista, Mac OS X, Ubuntu 9.10 and iPhone/iPod Touch (must install WebDAV client app first).
- IPv6 Support
- DFS (Share Folder Aggregation)
- Cloud Storage Backup (Amazon S3)
- Real-time Function Search
- Import User List
- Language Support: Dutch & Czech

Enhancement
- iSCSI Target Enhancement
  * Supports SPC-3 Persistent Reservation
  * Supports MPIO and MC/S
  * Fully compatible with VMware vSphere 4.x and Windows Server 2008
- Remote Replication Enhancement
- Windows AD Enhancement
- Surveillance Station Enhancement (Support Windows 64bit OS and Y-cam)
- Date & Time Enhancement (Customized Datetime format)
- UPnP Media Server – TwonkyMedia Server 5.1
- Password Strength Checker
- Support SNMP v3
- HTTPS for both Web Administration & Web Server
- Better NTFS External HDD Support (More stable and faster)
- Component Upgrade (Apache:2.2.14, MySQL:5.1.36, PHP:5.3.0)
- Web Administration page layout can be remembered now

Stay tuned for part 4!

WinMin A Multi Layer OS ala Linux ?

It all started like this: “…there’s always been a dirty little secret hiding underneath that iconic field of green grass. From an engineering and security standpoint, the foundation of Windows 2000 and Windows XP is absolutely horrible.”

No kidding, even thought Windows XP is the well-known OS of all time, it is also the most insecure of all time too!

So it all started in 2003, too late for Windows 2003 and Vista but just on time for Windows 2008 and W7. The project was led by Eric Traut who is one of Microsoft’s chief operating system design engineers. He gave a demo at the University of Illinois, where he talked about where the Windows core is going and ended with a sneak peek at the kernel of the next version of Windows (starts at 43′), known by the exciting codename of “Windows 7.” That is almost 3 years ago!

Traut ran a stripped-down version of Windows 7 called “MinWin” that included only the core kernel: for the first time Windows NT has been seen running naked, without even a GUI to dress itself.

It was consuming about 25MB on disk (compare with 14GB for a full Vista install) and 40MB of RAM. Traut admitted that he would “still like to see it get smaller.”

You can go that path without fundamentally re-thinking the OS kernel and all those DLLs, especially the core ones such KERNEL32.DLL, USER32.DLL, and GDI32.DLL, are linked up. For instance ADVAPI32.DLL, which is responsible for both managing the services on the local machine as well as domain interaction, two unrelated things.  

Here comes the idea of layers Having different layers each one depending on the layers beneath except for the first layer obviously.
This smells like not teen spirit but Linux’s RunLevels
Is Microsoft moving away NT technology, a monolithic OS, and entering (embracing!?) *NIX world with real multi user capabilities!?

Now with the battle of hypervizors, even though Windows 2008 R2 Core is 14x smaller than the full deployment, it is still 1GB too large! For instance, ESXi 4.0 is 65MB (w/o VMware Tools, VC client, …).

Sources: Arstechnica.com, Arstechnica.com, Brianmadden.com

QNAP TS-639 Pro Turbo NAS Part 2

This morning I received my 2 Western Digital VelociRaptor Enterprise disks to put into my QNAP TS-639 Pro Turbo NAS. The disk is described as the world’s fastest SATA disk! Google it and read the reviews, especially at Tomshardware.com. IOPS wise, the disks are significantly faster than any other SATA disk. BTW to calculate disk IOPS, read my other post on that subject.

My QNAP TS-639 Pro Turbo NAS doesn’t allow you to configure anything before at least one disk is installed, that’s a shame!Maybe because it was still running firmware revision 2.x. Anyway, once I popped in the disks, I went through the configuration wizard and 3 minutes later tadaaaam my QNAP TS-639 Pro Turbo NAS is running 2 WD VelociRaptor in RAID0 for maximum performances…

In the following post, I will talk about how to configure iSCSI, how work with jumbo frame, how to set the NIC’s for load balancing and failover.

Stay tuned!

vSphere 4.0 Quick Start Guide

Just ordered my copy at Amazon.com :)

Why this book particularly? Well I’m following the authors either on Twitter or their blog posts (RSS) and I was never disappointed by their articles and information they gave out. Six brains, six VMware and Virtualization Guru’s have teamed up to write a book for VMware Admins. No marketing blah blah, pure knowledge transfer… Just plug-in and digest

Product Description
vSphere 4.0 Quick Start Guide continues from an idea started several years ago by a few engineers. The idea was simple, provide an easy to use reference guide for all level administrators, consultants and architects. Recently VMware introduced many new features in vSphere 4.0 and with this handy pocket guide you will learn about each of these new features. With each chapter, the pages in this essential guide will answer common questions while giving you unprecedented insight into: Expert tips & tricks Pitfalls to avoid RemoteCLI & PowerCLI (PowerShell) scripts Configuration how to’s Virtualization best practices

Attacking the BitLocker Boot Process…

…is as easy as 1, 2, 3!

What a stupid thing, the BitLocker boot loader doesn’t do an integrity check upon itself, can you believe that!?
So an attacker with access to the target computer just boots from an USB flash drive and replaces the BitLocker bootloader with a substitute bootloader which mimics the BitLocker PIN query process and saves the PIN entered by the user to disk in unencrypted form.

After that you just need to pass by and get the USB key with the PIN, job done!

The Franhofer Institute in Germany just published a document “Attacking the BitLocker Boot Process“.

Abstract
We discuss five attack strategies against BitLocker, which target the way BitLocker is using the TPM sealing mechanism. BitLocker is a disk encryption feature included in some versions of Microsoft Windows. It represents a state-of-the-art design, enhanced with TPM support for improved security. We show that, under certain assumptions, a dedicated attacker can circumvent the protection and break confidentiality with limited effort. Our attacks neither exploit vulnerabilities in the encryption itself nor do they directly attack the TPM. They rather exploit sequences of actions that Trusted Computing fails to prevent, demonstrating limitations of the technology.

The ChromiumOS64 Project

Or how to port the original Google’s Chromium OS project to a 64 bit architecture and integrate the open source Xen hypervizor 3.4.3. Man this is awesome!
Thanks to Teo En Ming from Singapore, visit his web site for more info and download links… In the mean time I have to test this

At the same time many people who had access to the early source code of Google’s Chromium OS project came up with interesting things, some are distributing their work into an image for inside a virtual machine or for a real hardware.

Source: Virtualization.info