| Port mirroring | monitors traffic at a VM level |
| Network Adapter Metering | show how much bandwidth is used by a specific VM, done by ACLs |
| PVLAN in promiscuous mode | communicates with all ports in the same VLAN |
| PVLAN in community mode | communicates with all ports in the same VLAN and the same community |
| PVLAN in isolated mode | communicates with promisicuous ports on the same VLAN |
| vRSS | virtual Recieve side scaling - offloads network traffic to processors, so to increase bandwidth, increase cores |
| SR-IOV | Single Root I/O Virtualization - allows network traffic to bypass Hyper-V switch to improve performance. Can't be used with NIC Teaming. Offloads traffic from CPU's to physical adapter |
| NIC Teaming | distributes traffic over multiple adapters. implemented in Host OS, not Guest but can't be used with SR-IOV, IF using you need to create a vswitch that uses the team, To enable for the VM, you need to change an advanced feature or it doesn't use. |
| Switch independent Teaming mode | used if no teaming is supported on a switch |
| Static Teaming Nic teaming mode | plugged into the same switch |
| LACP | plugged into same switch and uses the LACP protocol to automatically configure teaming |
| generation 2 VM | requires 2012 R2, supports PXE boot, virtual SCSI device and Secure boot |
| Windows Filtering Platform (WFP) | filters and modifies TCP/IP packets in realtime enabled by default on new virtual switches |
| virutal Fibre Channel | a virtual adapter at the VM level that always access to a SAN LUN |
| emulated SCSI controller | can be used to attach VHDs to a VM |
| Host Bus Adapter (HBA) | added to the host and is the mechanism that allows support of the virtual fibre channel |
| Offloaded Data Transfer | feature in 2012 to enable more efficient processing of large stat transfers, requires a vhd on supported hardware and mounted as either virtual scsi or pass through |
| VirtualSubnetID | functions as a broadcast domain similar to a VLAN. 0 = cleared, valid ID's are in the range of 4096 and 16777215 |
| NUMA Topology | Non-Uniform Memory Access, Is a hyper-v feature that is not compatabile with dynaminc Memory. It allows a vm to optimize assignment of virtual RAM and VCPUs but also requires NUMA aware services like SQL.It ties the vCPU and memory to the physical nodes where it is effective. |
| Enhanced Session Mode | Enabled on the host to do things like allow redirection of local devices and resources from computer running the virtual machine connection |
| Virtual Switch | Host level virtual switch management, includes External, Internal, and Private |
| Access Based Enumeration (ABE) | will only display the available files and folders to a user based on their rights |
| VMChimney | A Hyper-V feature that can be used to offload external virtual network adapters to a physical network adapter |
| Sync Clock | Handles Hyper-V guest time syncronization to fight drift with the time synchronization intergration service |
| Web Service Scanners | Supports network connected image scanners and printers. Uses WSD(Web Services for Devices) Scan driver and the Windows Image Acquistion (WIA) |
| Powershell Web Access Gateway | A feature that gives you acess to power via a web browser portal. It is a role that can be added and and also requires a web server role installed. After installed, you need to add an authorization rule. |
Friday, March 27, 2015
Microsoft 70-410 - Configuring Servers
These are study notes for Microsoft 70-410 dealing with Servers and Hyper-V. This is again from the google spreadsheet here.
Microsoft 70-410 Installing and Configuring Windows Server 2012 Powershell Commands Study Guide
Here are the list of Powershell commands I came across while studying for the Microsoft 70-410 test.
I have made a google docs spreadsheet of these, and that link is accessible here for a more convenient format. This is not an exhaustive list, but should help with test crunch
I have made a google docs spreadsheet of these, and that link is accessible here for a more convenient format. This is not an exhaustive list, but should help with test crunch
| Command | Description |
| Enable-NetFirewallRule | enables a disabled firewall rule |
| Get-NetFirewallProfile | retrieve information that is presented on the Windows Firewall with Advanced Security Properties MMC Console, with the tabs for Domain, Private and Public profiles. |
| Get-NetFirewallSetting | retrieve global firewall settings. Does not matter what profile is in use. |
| Set-NetFirewallInterfaceFilter | modifies interfaces attached to firewall rules |
| Get-NetFirewallRule | gets firewall rules from a computer. -policystore and grab all rules applied |
| Disable-NetFirewallRule | Disables an existing firewall rule, you can use -displayname to specifiy the rule |
| Get-NetFirewallAddressFilter | gets the filtered ip addresses assigned to firewall rules |
| Remove-NetFirewallRule | deletes one or more firewall rules from policy store |
| Set-NetFirewallAddressFilter | changes the local or remote ip address filters assigned to a rule |
| Copy-NetFirewallRule | copy a firewall rule as well as any associated filters to a policy store. This will make copy of all firewall to the new policy store. |
| New-NetFirewallRule | creates a firewall rule that can be inbound or outbond |
| Set-NetFirewallRule | changes the existing firewall rule |
| Set-NetFirewallSetting | changes properties that apply to firewall and is not dependent on profile, it is a global setting |
| Show-NetFirewallRule | displays firewall rules in a policy store |
| Rename-NetFirewallRule | Renames a firewall rule |
| Set-NetFirewallProfile | change profile level settings like enabling/disabling profile or changing logging for profiles including domain, public, private, and global |
| New-VHD | Creates a New VHD in Hyper-V environments |
| Set-VMHost | with resourcemetering save interval parameter can specify how often data that tracks resources will be saved |
| create vdisk diskpart | Creates a new virtual disk to be added to a system, it still must be initialized, partioned, formatted and assigned |
| New-VirtualDisk | Used for managing virtual disk properties in the Storage Spaces Disk Pool |
| Rename-VM | Used to change a VM name in Hyper-V manager |
| Set-VM | changes virtual machine settings, for example memory, cpu, autostart and autostop details |
| Set-VHD | manages VHD properties like physical sector size or parent VHD files |
| Measure-VM | Designed for reporting resource utilization data for one or more VMs, but it must first be enable at the host level |
| Rename-Item | Can be used to rename VHD's and other files |
| Enable-VMResourceMetering | designed to enable resource metering for a specific VM |
| Get-Counter | gets the memory from performance counters which can only get memory usage by OS or maximum amount configured, not what Hyper-V has allocated |
| Get-VMMemory | shows the VM's configured memory not actaul usage |
| Add disk diskpart | Creates a mirror of a simple volume |
| Set-Item | Can be used to do things like add servers to a managed servers trusted host list |
| Set-ItemProperty | can be used to do things like change or add registry entries to overide UAC to permit access |
| Add-DNSserverResourceRecord | creates resource records inside a zone |
| Add-DNSServerPrimaryZone | Creates a new primary zone, For example "GlobalNames" which can replace WINS |
| Add-DNSserverForwarder | adds forwarders to forward dns queries to other zones |
| Add-DNSserverResourceRecordDS | creates DNSSEC resource records inside a zone |
| Disable-ADAccount | disables an ad account |
| Enable-ADAccount | enables an ad account |
| Set-ADAccountExpiration | sets an account expiration date |
| Set-ADuser | configure properties of the account |
| remove-AdUser | removes Ad user accounts |
| Clear-ADAccountExpration | can set a user account to have no expiration date |
| Set-AddAccountPassword | configures the password of an ad account |
| Unlock-AdAccount | unlock and ad user whose account has been locked out |
| Get-AdComputer | Use to get information about the computer, for example -lastlogontimestamp parameter could be used to find the last time the computer logged on to the network or did something like reboot *****This was a test question for me based on this and dsquery -o |
| Get-ADGroupMember | gets ad members in a specific group |
| Add-ADgroupMember | add ad members to a group |
| Get-ADGroup | use to check for groups that match certain input criteria |
| Set-AdComputer | changes properties of a computer object like sAMAccountName, DNSHostname and Description |
| Set-ADObject | modifies Active Directory Object properties and can do things like enable the global catalog |
| Set-ADDomain | changes properties of the domain such as DNS suffix, managed by or last logon replication interval |
| Set-ADOrganizationalUnit | modifies the attribute properties of an OU |
| new-netroute | define interface to advertise ipv6 address out of and add to routing table |
| set-netipinterface | Allow the interface to advertise the IPv6 address out of the interface |
| Set-NetIsatapConfiguration | Define the router and enable isatap on that router because it is disabled by default, also enables isatap on a client |
| Get-NetIPAddress | get interfaces that is being used by ISATAP |
| Restart-Service | Can be used to restart services like dns |
| Set-AppLockerPolicy | change the properties of an existing applocker policy and can merge two policy with the -merge parameter |
| Set-AppLockerFileInformation | gets applocker info from file or event logs |
| Get-AppLockerPolicy | gets an existing applocker policy |
| Import-GPO | imports GPOs that have been backed up into GPO |
| New-GPO | Create a new GPO policy tath could include an applocker policy |
| Test-AppLockerPolicy | Test whether specific files are allowed on local computer for specific user |
| DSCConfigurationNameCreatedAsAFunction | call this configuraiton name with the -machinename parameter specified to to create the folder and MOF file that will be used in the DSCConfiguration |
| Start-DscConfiguration | calls the MOF file that will apply the DSC configuration |
| Test-DscConfiguration | will compare current standard to dsc drift |
| Set-GPPermission | change the permissions of group policy objects in Active Directory |
| Get-GPPermission | retrieve permissions on existing group policies |
| Set-GPLink | used to link or unlink group policy objects |
| Set-GPInheritance | sets an inheritance link for group policy objects |
| uninstall-WindowsFeature | uninstalls a windows feature, use the remove option to delete the feature from the harddisk |
| Install-WindowsFeature (Server-Gui-Mgmt-Infra) | Installs the minimal server interface including Server Manager, MMC, Powershell and command line |
| Install-WindowsFeature (Server-Gui-Shell) | depends on minimal interface and includes Desktop, Start Screen, Explorer, and Internet Explorer |
| Install-ADDSDomain | used to install a new AD domain |
| Add-ADDSReadOnlyDomainControllerAccount | It is used to create a read-only domain controller |
| Install-ADDSDomainController | installs a domain controller in a new or existing domain |
| Install-ADDSForest | install a new AD forest |
| Add-VMNetworkAdapterACL | applies and ACL to traffic through a virtual machine network adapter |
| Add-PSWAAuthorizationRule | adds an authorization rule for the powershell web access gateway, inlcuding computers, users and credentials |
| Remove-PSWaAuthorizationRule | Removes a specified rule from powershell web access gateway |
| Get-PswaAuthorizationRule | Gets the poweshell web access gateway rules |
| test-PswaAuthorizationRule | test a rule to determine if a specific user or computer has access |
Thursday, March 19, 2015
Cisco EIGRP to Extreme OSPF Route Migration and Redistribution
This post will describe some of the configuration necessary to use a Cisco switch running EIGRP and redistribute routes between EIGRP and OSPF for a device that is not Cisco, in this case Extreme Networks. The steps in this post should work for any router that can run open standards like OSPF.
The network design is as follows:
In this configuration the network 172.31.1.0/30 is a point to point link with using VLAN tag 302. The extreme configuration for this with the port/interface on the Extreme side being 1:1 (first port in the first slot) would be
create vlan p2pToCisco
configure vlan p2pToCisco tag 302
configure vlan p2pToCisco add ports 1:1 tagged
configure vlan p2pToCisco ipaddress 172.31.1.2 255.255.255.252
The following commands configure ospf on the Extreme switch assigning it to area 0.0.0.0. You would also add any other networks such as the 10.10.x.0/24 networks to this ospf area. The ospf link-type of point-to-point is used for point to point connections. The passive type is for networks that will not connect to any other ospf areas. The default for Cisco is a type called broadcast.
configure ospf routerid 1.1.1.1
configure ospf add vlan p2pToCisco area 0.0.0.0 link-type point-to-point
configure ospf vlan p2pToCisco priority 0
configure ospf vlan (OtherVlans) area 0.0.0.0 passive
enable ospf
To verify configuration you can run the commands
show iproute, show ospf, and show ospf lsdb detail
On the Cisco side which will be doing the route redistribution the configuration is as follows.
On the VLAN interface you must set the ospf network type to point to point by default when you create the ospf router this will have an ospf type of broadcast. With that you will see the Cisco and the Extreme create an OSPF Full peer status and using when looking at the link state database you may see the networks but they will not enter the routing table.
The network design is as follows:
In this configuration the network 172.31.1.0/30 is a point to point link with using VLAN tag 302. The extreme configuration for this with the port/interface on the Extreme side being 1:1 (first port in the first slot) would be
create vlan p2pToCisco
configure vlan p2pToCisco tag 302
configure vlan p2pToCisco add ports 1:1 tagged
configure vlan p2pToCisco ipaddress 172.31.1.2 255.255.255.252
The following commands configure ospf on the Extreme switch assigning it to area 0.0.0.0. You would also add any other networks such as the 10.10.x.0/24 networks to this ospf area. The ospf link-type of point-to-point is used for point to point connections. The passive type is for networks that will not connect to any other ospf areas. The default for Cisco is a type called broadcast.
configure ospf routerid 1.1.1.1
configure ospf add vlan p2pToCisco area 0.0.0.0 link-type point-to-point
configure ospf vlan p2pToCisco priority 0
configure ospf vlan (OtherVlans) area 0.0.0.0 passive
enable ospf
To verify configuration you can run the commands
show iproute, show ospf, and show ospf lsdb detail
On the Cisco side which will be doing the route redistribution the configuration is as follows.
On the VLAN interface you must set the ospf network type to point to point by default when you create the ospf router this will have an ospf type of broadcast. With that you will see the Cisco and the Extreme create an OSPF Full peer status and using when looking at the link state database you may see the networks but they will not enter the routing table.
interface Vlan302
description Interface for point to point to
Extreme
ip address 172.31.1.1 255.255.255.252
ip ospf network point-to-point
!
On the EIGRP router you need to redistribute the routes into OSPF like the following example.
router eigrp 101
network 169.254.10.32 0.0.0.31
redistribute ospf 1 metric 1500 10 255 1 1500
eigrp stub connected summary redistributed
!
On the OSPF router you also need to redistribute the EIGRP routes but you need to create a route-map filter to keep the summary addresses that OSPF feeds into EIGRP from being redistributed back into OSPF creating a routing loop.
To create a route-map match list preventing 10.0.0.0/8 summaries from being reinjected into the route table use the following.
ip prefix-list
eigrp-to-ospf seq 5 deny 10.0.0.0/8
ip prefix-list
eigrp-to-ospf seq 10 permit 0.0.0.0/0 le 32
route-map
eigrp-to-ospf permit 10
match ip address prefix-list eigrp-to-ospf
The following is what the OSPF router configuration would look like
router ospf 1
log-adjacency-changes
redistribute eigrp 101 metric-type 1 subnets
route-map eigrp-to-ospf
network 172.31.1.0 0.0.0.3 area 0.0.0.0
!
Finally the following configuration will set the cisco interface to be a trunk to match the Extreme tagged VLAN.
interface GigabitEthernet1/0/1
description Uplink to Extreme 1:1
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport mode trunk
!
Subscribe to:
Posts (Atom)