Think about it: fingerprints are unique. Everybody has them and every one of them is unique, so it’s a secure way to prove your identity, right?
We all thought that passwords were easily hackable, if not by guessing, by brute force attacks. And we all know the “difficult” passwords: P@$$w0rd123 and 3AsyD03s1T. As if hackers are stupid! They’re not! Believe it or not, but these so called encrypted, but still “readable” passwords are easy to guess, just like your dog’s name and your mother’s birthday. I mean, a dog’s name is Bello, Spot, Rex, Fluffy or a dozen other names and as for birthdays: we only have to try every date since 1-1-1900, which is roughly only 115 x 365 = 42,000 dates which are there to try.
Read more »
Smart zoning examples
In my smart zoning post from last February I already presented the way to get started with Cisco smart zoning. I initially planned to give a more detailed calculation on how much time you can save if you were using smart zoning compared to SIST zoning.
I was talking to an EMC SAN instructor (Richard Butler) this week and after I did a little white boarding and used my hands to picture how massive a traditional SIST zone environment would be, we agreed smart zoning is the way to go.
Read more »
EMC Elect 2016 nominations are open
It’s that time of year again: the nominations for the community heroes that might become part of the EMC Elect group of next year.
The nominations can be sent in by anybody who wants to honor their community hero. What’s considered a community hero? To be recognized as EMC Elect candidate you could think about how you represented EMC throughout 2015. Well, represented is not the right word, since you don’t really represent EMC, but if you write or talk about EMC on ECN, Twitter, LinkedIn, Facebook, or you are a speaker in public accessible forums or events, or write blogs about EMC equipment or software, you certainly are a candidate to be nominated.
Can you nominate yourself?
Why not? It’s not about who nominates who, but who gets nominated! And it’s not a contest! Only 1 nomination will do just fine. It has no added value to nominate somebody more than once! In the end the judges will look at your curriculum anyway and what you did during this year, so it’s perfectly fine to mention this to EMC yourself! Go ahead, make a nomination, or two, or five. Get the word out and make sure we get as many nominations as possible. The judges will decide who gets in after the current month.
Nominations can be done from November 1, 2015 to November 30, 2015, so don’t wait too long and let’s all nominate!!!
According to rumors Western Digital would love to buy SanDisk for $19B. Multiple companies are interested in buying SanDisk, but it’s WD that seems to have the advantage. The deal will perhaps already take place during next week!
Micron also interested
Read more »
HP and SanDisk are making revolutionary memory market ready
The IT companies HP and SanDisk are promising that their Storage Class Memory (SCM) will be 1000 times as fast as the current generation of flash memory. That’s quite an assumption or is it really proven that it will be this fast.
Storage Class Memory (SCM) is a combination of the memristor technology HP is working on for years already and SanDisk’s ReRAM technology. The new type of memory has some pretty impressive characteristics:
- It’s 1000x faster
- It lasts a 1000x longer
Read more »
I recently had the “pleasure” to figure out what was wrong with a Brocade based SAN environment. Servers were loosing connectivity on one of the HBAs, but all links were online and further investigation was necessary.
Going through all the error counters on each of the long wave SFPs finally revealed one of the SFPs’ health as marginal (hence it was still online, but very buggy indeed). The webtools GUI showed this particular SFP als orange instead of green. Disabling and re-enabling this SFP didn’t help and I decided to shut this SFP for good. And guess what: all my troubles went away. The trunk this SFP was in went back to a non-redundant, but healthy state and all servers got back to normal operations and got their redundant paths back.
So to summarize the story: look for marginal or even faulted SFPs when vague connectivity issues arise. If links are redundant, shutting the faulty one might help.
Previously I wrote about setting the NTP, time and timezone settings in a Cisco switch and now it’s time for the same in a Brocade switch.
It’s in fact not that hard to do. Log in to the CLI and use the following commands:
tsclockserver ntp.domain.ext (make sure the DNS is set up properly first)
This will set the NTP server address in this switch to ip address 184.108.40.206. Set this only on the principal switch, as this switch will propagate the time to the other switches in the fabric.
To set the timezone use the following command:
This will ask for the region and country the switch is located in.
Choose 8 for Europe and 34 for the Netherlands and after verifying the setting, choose 1 (yes) to set the TZ.
Use the “date” command to verify the current time and date and TZ region:
Wed May 13 01:08:32 CEST 2015
This makes life a lot easier when troubleshooting!
If you have multiple datacenters or a multi tenant fibre channel environment and you’re using Cisco FC switches, it’s a best practice to use VSANs to separate the configurations of each location / tenant. To allow storage arrays and / or hosts in different VSANs to communicate with each other Inter VSAN Routing needs to be used.
If you need to have 2 EMC VNX storage arrays “talk” to each other for MirrorView for example over 2 or more datacenters (for data replication purposes that is) or hosts in one DC talk to storage in another DC, using transit VSANs (and therefore IVR) will keep your VSANs with equipment indoors and the slightly more vulnerable VSAN outdoors. If some farmer with his tractor rips your single mode fiber, only the outdoor VSAN will be fractured and the indoor VSANs remain unharmed. And of course communication between the remote sites is interrupted, but the indoor VSANs / fabrics remain unchanged.
Read more »
VMware now has this great new feature to be more in control of where its data blocks actually land on the storage system: VVOLs. But up until now EMC didn’t have a system capable of actually providing the back end for that. Until now I said. Starting with the VNXe 3200 all storage arrays are made vVOL capable and you can play around with that yourself. FOR FREE!
The Software Defined VNX is now a reality!
Read more »
I recently ran into a log time difference at a customer’s site so I want to repeat my blog from last year (Configuring the timezone and NTP). It’s slightly different on Cisco LAN / Routing equipment, but on Cisco MDS SAN switches the DST configuration is set by using the following commands:
clock summer-time CEST 5 Sun Mar 02:00 5 Sun Oct 03:00 60
copy run start
- CEST means Central Europe Summer Time (you can use your timezone name instead if you like)
- the first 5, followed by “Sun” means that the DST will become active on the LAST (5th, sometimes the 4th) Sunday of the month following the day you just named (March)
- 02:00 is the time of day when the DST will become active (time will go forward)
- the second 5, followed by “Sun” means that the DST will become active on the LAST (5th, sometimes the 4th) Sunday of the month following the day you just named (October)
- 03:00 is the time of day when the DST will end (time will go back to normal, backwards, so from 03:00 in my example the clock will go back to 02:00)
You can check the date, time and timezone by typing “show clock”.
The Cisco Fabric Manager or the newer DCNM can be great for creating a limited number of zones and aliases, but when the number of zones exceeds 10 or 20 or so, creating, cloning and editing these can be a pain in the B@TT.
FC-SWITCH-01# conf t
Enter configuration commands, one per line. End with CNTL/Z.
FC-SWITCH-01(config)# fcalias name VM101-HBA1 vsan 45
FC-SWITCH-01(config)# member pwwn 20:21:22:25:B6:00:00:01
Enhanced zone session has been created. Please ‘commit’ the changes when done.
FC-SWITCH-01(config-fcalias)# fcalias name VM101-HBA1 vsan 45
FC-SWITCH-01(config-fcalias)# member pwwn 20:21:22:25:B6:00:00:02
FC-SWITCH-01(config-fcalias)# fcalias name VM102-HBA1 vsan 45
FC-SWITCH-01(config-fcalias)# member pwwn 20:21:22:25:B6:00:00:03
FC-SWITCH-01(config-fcalias)# device-alias commit
Create two new zones:
FC-SWITCH-01(config-zone)# zone name VM101-HBA1_VNX-5600-08-SPA6 vsan 45
FC-SWITCH-01(config-zone)# member fcalias VNX5600-08-SPA6
FC-SWITCH-01(config-zone)# member fcalias VM101-HBA1
FC-SWITCH-01(config-zone)# zone name VM102-HBA1_VNX-5600-08-SPB7 vsan 45
FC-SWITCH-01(config-zone)# member fcalias VNX5600-08-SPB7
FC-SWITCH-01(config-zone)# member fcalias VM102-HBA1
FC-SWITCH-01(config-zone)# zone commit vsan 45
Commit operation initiated. Check zone status
Now add the two new zones to a zoneset:
FC-SWITCH-01(config)# zoneset name ZS_VSAN170 vsan 45
FC-SWITCH-01(config-zoneset)# member VM101-HBA1_VNX-5600-08-SPA6
FC-SWITCH-01(config-zoneset)# member VM102-HBA1_VNX-5600-08-SPB7
FC-SWITCH-01(config-zoneset)# zone commit vsan 45
What are the maximum distances using different fiber grades?
This post is meant as an easy reference for when you plan to switch to higher FC or Ethernet speeds or when you’re connecting distant locations and need to order new fiber cables for your rack to rack cabling.
The graphs show the direction where OM-specs are going compared to distances.
Read more »
When you encounter a fabric lock, because you accidentally left the GUI or CLI without committing the changes, you can try the following to clear the lock and retry to apply your changes:
- run ‘show cfs lock’ to see who lock`s the fabric
- run ‘clear device-alias session’ to clear the lock when you were doing zoning activities
Instead of the “clear device-alias session” in line 2, another common possibility to get the lock cleared is:
- ‘clear ivr session’ (when you were in the middle of IVR activities)
Other locks can occur, but the device-alias and ivr are probably the most common. At least the ones that I encountered so far.
When you need to look up the current zoning config of a Cisco SAN-switch / VSAN, there’s a number of commands that will help you. Because a “show run” doesn’t always do the trick well, especially if you have a large config. And using the “sh run | i “some text you’re looking for” doesn’t always help as well if you don’t know the exact phrase you’re looking for.
I hope this table helps:
||Displays zone information for all VSANs.
|show zone vsan 100
||Displays zone information for VSAN 100.
|show zoneset vsan 100
||Displays information for the zone set in VSAN 100.
|show zoneset vsan 2-5
||Displays configured zone set information for a range of VSANs (2, 3, 4 and 5 in this case).
|show zone name AZone
||Displays members of zone “AZONE”.
|show fcalias vsan 100
||Displays fcalias configuration in VSAN 100.
|show zone member pwwn 20:00:00:25:b1:34:aa:c2
||Displays membership status of a port wwn. Very good if you’re concerned that 1 HBA is used in more than 1 zone!
|show zone statistics
||Displays zone statistics.
|show zone statistics read-only-zoning
||Displays read-only zoning statistics.
|show zoneset active
||Displays the active zone sets.
|show zoneset brief
||Displays brief descriptions of zone sets.
|show zone active
||Displays the active zones.
|show zone status
||Displays zone status.
||Displays zone statistics.
||Displays the interface-based zones.
It’s just another short post on a single command again. This time I was looking for an easy way to get started on ESRS on the latest OE for Block code or the newer MCx code (33.071 or newer).
First of all you need to set up DNS in your VNX machine. In Unisphere, go to settings and click on “configure DNS”.
Also, if there’s a firewall blocking internet traffic, you need to make sure the storage processors can reach *.emc.com over tcp ports 443 and 8443.
After this you can use the following command on the CLI:
naviseccli -h [SPx ip#] esrsconfig -agentProvision -user [Online Support logon name] –password [Online Support super secret password]
Repeat this for the other SP as well.
Read more »
It’s that time of the year again: EMC World in Las Vegas, which takes place from May 4 to May 7. And this year I’m not going unprepared again. So I made a list of do’s and don’ts, so I can more easily pick the best way to spend my precious time. Are YOU going too?
So what’s my week about?
When I arrive in Vegas after having 2 layovers in London and Dallas, I’m probably half asleep. Because of the 9 hour time difference I’m sure I will sleep at very odd hours and be awake at even worse hours. I just hope I’m not sleepwalking through the casino, since I don’t even like gambling. Although it would be funny to wake up, finding out that I’ve won a few grand, right? My stay in Sin City will start with a packed two days filled with meetings. Yes: working on the Saturday and Sunday: it’s all part of the game! And that day I already have a meeting conflict, but the week will have plenty of opportunity to catch up with old friends, so I’m not worried there.
Read more »
It’s a very short post, but in case you’re looking for the command:
naviseccli -h [SPx ip#] mirror -sync -listsyncprogress -name [LUN name]
It’s that simple!
Oh, I’m assuming you already have the logon credentials in a security file, if not, you need to add these to the command:
naviseccli -h [SPx ip#] -user [username] -password [super secret password] -scope [0-1-2] mirror -sync -listsyncprogress -name [LUN name]
Limited amount of EMC World discount codes available
Just like in previous years the EMC Elect have a limited number of discount codes available for anyone who still needs to register for EMC World. The value of each code is $150! The amount of codes is limited and they expire on april 6, so if you need to register: follow up on this post and I’ll mail you your personal discount code.
- The code can only be used for new registrations, if you already registered, the code won’t work.
- Only 1 code per registration can be applied.
- Codes only work for non-EMC people.
- The code is worth $150.
- If you know somebody who wants their own code: direct them to me and I’ll give them a code.
Hurry up! The codes stop working on April 6!!
In Europe it’s happening RIGHT NOW, but if you’re missing it, here’s a list of sites where you can see where and when the next eclipse will take place:
Don’t forget to protect your eyes! You only have one pair.
Now what? Yet another vulnerability exposed?
On Tuesday, March 3, 2015, researchers announced a new SSL/TLS vulnerability called the FREAK attack. It allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data. This site is dedicated to tracking the impact of the attack and helping users test whether they’re vulnerable.
At the moment it seems that only Firefox is safe to use! And needlessly to say that you should ALWAYS be aware of unsafe content. Try not to click anywhere unless you really trust the website!!!
The FREAK attack was discovered by Karthikeyan Bhargavan at INRIA in Paris and the miTLS team. Further disclosure was coordinated by Matthew Green. This report is maintained by computer scientists at the University of Michigan, including Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, and J. Alex Halderman. The team can be contacted at firstname.lastname@example.org.
For additional details about the attack and its implications, see this post by Matt Green, this site by the discoverers, this Washington Post article, and this post by Ed Felten.
Please visit this website to find out more about the vulnerability of your browser or website: https://freakattack.com/