ESX5i Z77 DirectPath vt-d Asrock Z77 Pro3

28/04/2015 – 11:38

I assembled a Z77 based system around a Asrock Z77 Pro3, which I chose for its VT-d functionality and just installed ESX5i to check if it works:

Asrock Z77 Pro3 Bios v1.1
Intel i5-2400
ESX5i build 623860

Raspberry Pi, Raspbmc, NFS, MySQL

26/03/2015 – 23:05

Recently I acquired a Rasperry Pi device, mainly because I was never really satisfied with the implementations I had used before (24p stutter, problems with energy saving mode etc..). Some weeks ago a friend of mine had purchased an android-based USB stick with HDMI output, which he tried to use as media player, and that had me rethinking. Afer some research I ended up with the Pi, mainly because I learned from my friend’s android stick: it’s not the hardware that counts, its whether the software is optimized for the hardware and how seemless the user experience gets.

Using XBMC for years now I decided to give RASPBMC a try, a distribution specifically developed for the Pi, running XBMC only. I found it to run astoundishingly fluid, the only grief I had was that (because I exclusivly use 720p and 1080p files) the buffering when starting a video or jumping inside the video took quite some time (5 seconds)
All is not lost though. With a history as overclocker (soldered my first Athlon Slot A from 500MHz to 850MHz) I naturally looked for the headroom on the Pi. People reported 900-1000MHz instead of the standard 700MHz. I gave 880MHz a try, that was fine for a day, then the other day while watching a bluray file it got stuck, after reboot I had filesystem corruption on the SD card. >Reinstall
I found out that overclocking a setup with a SD card installation was prone to corruption on hard overclocks. Well, didn’t get that earlier. Installation to USB was the way to go people said, I tried that using a USB 3.0 8GB stick (60MB/s read, 25MB/s write), the system was much quicker booting and especially inside raspbmc fluidness increased.
880MHz was also just fine now!
For some time I sticked to “file mode”, navigating to directories with video files. Then i activated library mode – uuh, aah, that is slow. Thumbnail generation and sql load brought the Pi to its knees.

From earlier Windows/XBMC times I knew the DB part can be outssourced to a mysql server. Well, I already had one running (VM on HyperV host), so I added a advancedsettings.xml to the Pi, voila.
Library mode was now nearly as quick as file mode.

Still: RASPBMC added a option to install to NFS shares, and users reported that installation method to be even more responsive (and overclockable). I gave Services for UNIX under Windows server a try, it installed just fine, but I didn’t manage to boot it from the share (block init failed etc, VSync issues…). I then setup a FreeNAS VM on my HyperV host, added a 8GB VHD file (SSD based) to the machine, created a ZFS share and NFS export on it. Raspbmc installed and ran without problems on first try. I instantly took a ZFS snapshot of the state, and set daily ZFS snapshots to be done inside FreeNAS. Inside FreeNAs i can now add additional shares for further Pis, and have them root files all in one place while no more requiring a big or fast SD card or USB stick to run a Pi.

raspbi-setup

Logitech Media Server 7.7.2 running on Windows Server 2012 Core VM

21/02/2015 – 21:46

Just wanted to state the fact of LMS (Logitech Media Server) running on virtual instances of Windows 2012 Server Core. Running LMS on 2012 Core will give you VMs with under 6GB VHD and 360MB memory footprint each.

The quick steps:
* Create new VM, one CPU core suffices (LMS does only support one core), use dynamic memory, 256MB startup, maximum depends on your resources, but you won’t need more than 1024MB
* Install 2012 Server Core
* Use ‘sconfig’ for: network, name, RDP access
* connect via RDP
* Connect network shares using ‘net use DRIVELETTER: \\server\sharename’
* Copy LMS 7.7.2 to network share from your workstation
* Start LMS setup as usual
* Deactivate firewall or open port 9000 using the ‘netsh’ command
* From the command line navigate to c:\program files (x86)\Squeezebox\Server\Squeeboxcp.exe”, set LMS as service on system startup
* From your workstation browse: servername:9000, add needed shares (via webinterface)

Done! Use your superslim server backend!

Windows 2012 Server remote management:
* Activate Remote Desktop
* Activate Remote Management
* On management node issue powershell command as admin: ‘Set-Item wsman:\localhost\Client\TrustedHosts SERVERNAME -Concatenate -Force

The Password complexity is a Local Policy setting named “Passwords must meet complexity requirements” under Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy.

In a Server Core installation there is no graphical user interface to set this policy.
Instead use secedit to import and export the security settings from a Full Installation of Windows Server 2008.
First export your security configuration using the following command:

secedit /export /cfg C:\securityconfig.cfg

Then open notepad.exe and edit the C:\securityconfig.cfg file.
Under [System Access] you should find PAssword complexity = 1
Change the value to 0 and save the file.

Then fire up the next command to import the configuration:

secedit /configure /db C:\Windows\security\new.sdb /cfg C:\securityconfig.cfg /areas SECURITYPOLICY

Windows 2012 Server Core, edit password complexity requirements in command line

20/02/2013 – 21:51
  • secedit /export /cfg X:\passcomp.cfg
  • Edit passcomp.cfg: “PasswordComplexity = 0”
  • secedit /configure /db C:\Windows\security\new.sdb /cfg X:\passcomp.cfg /areas SECURITYPOLICY

    Enable Remote Management:
    netsh advfirewall firewall set rule group=”Windows Management Instrumentation (WMI)” new enable=yes
    netsh advfirewall firewall set rule group=”remote event log management” new enable=yes

  • FritzBox: Monitor Traffic

    10/11/2012 – 22:48

    I have been using Fritzbox devices for some time now, moving from a 7170 to a 7390. What I have always missed was an easy to set up monitoring solution for the traffic going through them, most importantly the internet interface.

    There are some solutions that can do that, but some only indicate the current traffic, with no charting option, some are hard to set up for home situations:

  • FritzBox Traffic 1.0.9: Monitors current traffic, Windows sidebar widget
  • uPNP to MRTG: converts uPNP extracted values to MRTG compatible ones, charting with MRTG is then possible, not a trivial setup however
  • Wireshark Analysis: Activate capturing on Fritzbox, then analyse afterwards with Wireshark
  • What I wanted was an easy to set up solution with charts, and although using PRTG for years now I didn’t realize it can do just that meanwhile, I must have missed that in the release logs…

    What you will get looks like that
     

    So here we go for the setup

  • First activate uPNP access to the Fritzbox. Go the webinterface, network, programs
  • Install PRTG from here:
    http://www.de.paessler.com/prtg
  • Add device, use your Fritzbox’s IP for name and IP value, use ‘manual’ for sensor management
  • Select ‘Add sensor’, search for ‘AVM’ or ‘Fritz’, and select ‘Add This’, use Fritzbox WAN Traffic as name
  • Open the sensor, go to settings, set scanning interval to 30 seconds, save
  • Go to channels tab, select Traffic IN, set ‘Vertical axis scaling’ according to your internet connection’s speed. Using ADSL 16000 (16MBit down, 1MBit up) you should use a settings of 16000 kbit/sec. This way the charts are more usable and especially the upload can be recognized more easily.
  • Stichwort:
    Fritzbox Bandbreite und Traffic überwachen

    Using a Draytek Router as dedicated VPN Gateway

    07/11/2012 – 23:13

    I am currently using a Fritzbox 7390 as a device for handling a 16MBit ADSL line, telephony (SIP based) and two DECT devices. I also used the 7390 as VPN endpoint for some time, dealing with Astaro UTMs as counterparts. VPN was halfways robust, some points however were unnerving:

  • There is no possibility to force a tunnel initiation on the 7390 (“always start up tunnel”), the tunnels only initiated on demand from devices inside the 7390’s local nets.
  • Configuration has to be done via config text files that have to be uploaded. Each upload results in a reboot.
  • There is no VPN logging for debugging
  • Activating/deactivating tunnels in the web interface results in reboots
  • Tunnels sometimes hung -> Reboot
  • No firewall rules configurable for IPSec tunnels
  • We use a lot of Draytek devices at work, which we have good results with, and acquiring a used Draytek 2900 on Ebay cost me 11€ including freight. I personally recommend either the Draytek 2900 (hardware based 3DES) or the 2920 (hardware based AES), the 2910 is a lemon, the 26xx series does not support hardware encryption/decryption.

    My goals were:

  • VPN on 7390 disabled, Draytek as main VPN gateway
  • No need to touch existing devices at home: 7390 still is main gateway
  • Existing port-forwarding rules on 7390 still needs to work
  • Draytek can be turned off or taken away, existing net still needs to work
  • Firewall rules need to be installed on Draytek to regulate access LAN<>VPN
  • Schematic for the setup

    The Draytek uses a IP from the local subnet on its LAN port (e.g. 200.200.200.3), another on its WAN port (200.200.200.2), using the Fritzbox as gateway (200.200.200.1). A connection has to be established between a Fritzbox LAN port and the Draytek WAN port and between a Fritzbox LAN port and a Draytek LAN port. (Cabling-wise this can be achieved by using a cable FritzboxLAN<>DraytekLAN, and a short 30cm cable between DraytekLAN and DraytekWAN)

    WAN setup Draytek

    The Draytek has a valid gateway to the internet now, so we can go ahead and configure a VPN tunnel to a remote site (configuring Draytek tunnels is not part of this guide).

    We still have to get the clients to be able to use the tunnel however, and there are two options for that:

  • Set static route on (each) client: route add 192.168.100.0 mask 255.255.255.0 200.200.200.3
  • Set static route in Fritzbox, to route packets for 192.168.100.0 to 200.200.200.3
  • Preferred method: set route in main gateway (Fritzbox)
    (Net, network, static ipv4 routes)

    We still want to set firewall rules in the Draytek. You can get some examples here:

    FileZilla FTP Server with implicit TLS encryption on a ADSL line with dynamic IPs

    06/11/2012 – 21:03

    FileZilla FTP Server with implicit TLS encryption on a ADSL line with dynamic IPs

    1. Create DynDNS, DtDNS, NoIP or similar account
    2. Install Filezilla Server
    3. Options, Passive Mode settings, Use custom port range e.g. 30032-30049, Use the following IP: e.g. “XYZ.dyndns.org”
    4. SSL/TLS settings, Enable FTP over SSL/TLS, disable explicit FTP over TLS, enable Force PROT P to encrypt…, Listen for implicit SSL/TLS on ports: e.g. 30031
    5. Create User, enable “Force SSL for user”
    6. Add portforwarding for TLS port AND passive port range in ADSL Router, e.g. here: TCP ports 30032-30049
    7. In the FTP client software set “implicit FTP”

    Drivebending

    26/09/2012 – 22:02

    For quite I while I watched my data pool grow towards its capacity limits, a pool I had already split over two 3GB drives manually with a 2GB drive as backup. Managing redundancy and backups was quite a PITA, so I looked out for alternatives.
    I considered acquiring a hardware based RAID5 solution, I had a look into flexibility of software RAID 5, I tested Windows 2012 Storage Pools, which I find a intriguing concept. Storage Spools were slow however, and I did not quite like to use a v1.0 solution. So I stumbled over Stablebit Drivepool and Drivebender, which both head into the same direction, and finally settled on Drivebender, which I have now been using for six weeks on the following setup:

    Virtual Machine (HyperV) Server 2008 R2
    3x 3TB PassThrough disks -> Drivebender Pool
    1x 3TB Passthrough disk -> backup drive

    I use drivebender to span a pool over three disks inside a VM. This setup can be migrated at any time to a new VM host (take three drives and the VM’s .vhd file), as the drivebender and drive setup are independent of the physical hardware. The pool has a total of 9TB storage, inside which I use the “file duplication” feature of Drivebender to achieve redundancy for my important files. I additionally use a backup drive for vital data and a different location, to which I transfer that data yet again.

    At any time I can throw in any size of harddrive I have at hand to extend the pool, and I can evacuate drives I want to take out of the pool.

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx