New ZFS Server

I bought a new server to replace my Dell PowerEdge R710. The new server is an HP DL180 G6. Equipped with E5620 CPU and 48GB of RAM.
IMG_0604

The server also came with 12 300GB 15,000 RPM SAS drives. These drives will be split between the server backplane and a Dell PowerVault MD1000 to increase throughput.
IMG_0605

The new server will also act as a backup server, so I’ll add 3 3TB drives in RAIDZ-1 config.

First order of business is to replace the stock HP P400 RAID card with a non-raid HBA. For this, I’ve chosen the popular IBM M1015 SAS card. It’s a great 6Gbps PCIe 2.0 card that can be easily reflashed to plain HBA mode.
IMG_0606

I’ve also added a temporary Intel PRO/1000 Quad port NIC for Round-Robin iSCSI. In the next few weeks this will be replaced with 40Gbps Infiniband card. But that’s not ready yet.
IMG_0607

The stock RAID card has the SFF-8087 connector in the back of the card, the M1015 has the connectors on top.
IMG_0608

Fortunately HP provided enough slack on the cable to reach to the top of the new card.
IMG_0609

Before the M1015 can be used with ZFS (NexentaStor in my case). I need to reflash the card to “IT” firmware. The process is relatively simple.

Download the IT firmware here – This should be compatible with any LSI SAS2008 based card.

1. Extract the contents of the RAR file to a DOS bootable USB Flash drive.
2. Boot the server using the flash drive. Make sure only one card is connected.

3. Clear the firmware from the card

> megarec -writesbr 0 empty.bin

4. Erase the flash

> megarec -cleanflash 0

5. Reboot the box.
6. Flash the new IT Firmware to the card

> sas2flsh -o -f 2108it.bin -b mptsas2.rom

7. Enable the card’s IT mode. “500605bxxxxxxxxx” SAS address from sticker on the card without dash or quotes.

> sas2flsh -o -sasadd 500605bxxxxxxxxx

8. Final reboot and the card is good to go.

Last step is to rack up the server, populate the drives and install NexentaStor.
IMG_0613

Once NexentaStor is installed. Create the proper DataSets and we’re done. In current config running 14x300GB drives in Mirrored groups giving me about 2TB of usable, high performance storage.
nexenta

New Mail Server – The Search

Looking to set up a new mail server. Currently running Exchange Server but it’s a pain to manage multiple domains. Spam filtering not great. I have few dozen domains and I’d like to consolidate them. I need an easy to use and manage server where I don’t have to spend too much time on it.

Required Features:

* Free (or really cheap)
* Webmail
* Push via Activesync or IMAP Idle
* Anti-Spam Filtering
* Multi-Domain / Aliases
* All-In-One Solution
* Web Based Admin / No manual file editing

Ability to easily create email aliases, great for registering at web sites. Also to determine which web site is selling email addresses.

Product Free WebMail Anti-Spam Push Notes
Axigen Almost Free (100 User Limit) Yes No* No* * Available in full version
Kolab 3.0 Free ? ? ? Failed to install
hMailServer Free No Yes Yes (IMAP Idle) No web admin
SoGo Free ? ? ? Steep learning curve
Blue Mind Free Yes No ? Missing features
Horde Free ? ? ? Steep learning curve
Zimbra Community Free Yes Yes Yes Worth a second look
Synovel Collabsuite Free Yes Yes ? Not sure if Push works

It’s quite a list but I wanted to make sure I touch on all the popular products.

First thing’s first. Configure a Virtual Machine for testing. Most of the products are Linux based, and I’m fine with that but some products run only under Windows so a Windows VM will also be required.

CentosInstall

Once both VM’s were configured and all the updates have been installed I took a snapshot of each VM to make moving onto the next product easy.

WinInstall

I also created a local hosts entry to see how the product responds accessed “remotely”

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#	127.0.0.1       localhost
#	::1             localhost

192.168.77.35 linux.mailtest.com
192.168.77.36 windows.mailtest.com

On To Testing

Upgrading Force10 S50

I picked up another Force10 S50 switch from eBay. This one will be going to the datacenter to replace a couple of Dell switches.

IMG_0601

First thing’s first. Need to configure the switch for remote management. Let’s see what we got.

Force10 Boot Code...
Version 01.00.25 05/12/2005
 
Select an option. If no selection in 2 seconds then
operational code will start.
 
1 - Start operational code.
2 - Start Boot Menu.
Select (1, 2):2
 
 
Boot Menu Version 01.00.25 05/12/2005
 
 
 
Options available
1 - Start operational code
2 - Change baud rate
3 - Retrieve event log using XMODEM (64KB).
4 - Load new operational code using XMODEM
5 - Display operational code vital product data
6 - Update Boot Code
7 - Delete operational code
8 - Reset the system
9 - Restore Configuration to factory defaults (delete config files)
[Boot Menu]

Hmm. That’s a pretty old version of the boot code. In any case, I needed to reset the switch to factory in order to clear the admin password. Once the switch finished booting I went on to see what’s it running.

(Force10 S50) #show hardware
 
Switch: 1
 
System Description............................. Force10 S50
Vendor ID...................................... 07
Plant ID....................................... 01
Country Code................................... 04
Date Code...................................... 072005
Serial Number.................................. DE4526001
Part Number.................................... 759-00001-00
Revision....................................... 0A
Catalog Number................................. SA-01-GE-48T
Burned In MAC Address.......................... 00:01:E8:D5:A2:A0
Software Version............................... <strong>2.1.4</strong>
 
Additional Packages............................ Force10 QOS
                                                Force10 Stacking

Eek! That’s a pretty old version of the SFTOS firmware. In fact it’s one of the first, if not the first release for the S50. Really need to upgrade it to something a bit more recent. This actually turned out to be much bigger deal than I anticipated. Force10 site seems to be of no help trying to find an updated firmware for this box. After a LOT of Googling, I finally stumbled upon a 2.5.1 .bin file on an IBM ftp site. That’s the only image I have found after hours of searching. While not the latest version it sure is a big step up from the current 2.1.4 SFTOS.

SFTOS-SA-2.5.1.3

Of course there was no way for me to verify that this image is in fact legitimate, and there was a high risk of bricking the switch if the image wasn’t up to par. But I decided to risk it and go ahead with the upgrade.

First thing’s first. Need to configure networking on the switch in order to TFTP the bin file to it from my workstation. The config process is quite different in 2.1.4 than in 2.5.3 but after a bit of research, I found the proper commands.

 
User:admin
Password:
(Force10 S50) >enable
Password:
 
(Force10 S50) #network parms 192.168.77.248 255.255.255.0 192.168.77.1
 
(Force10 S50) #network mgmt_vlan 1
 
(Force10 S50) #show network
 
IP Address..................................... 192.168.77.248
Subnet Mask.................................... 255.255.255.0
Default Gateway................................ 192.168.77.1
Burned In MAC Address.......................... 00:01:E8:D5:A2:A0
Locally Administered MAC Address............... 00:00:00:00:00:00
MAC Address Type............................... Burned In
Network Configuration Protocol Current......... None
Management VLAN ID............................. 1
Web Mode....................................... Disable
Java Mode...................................... Disable
 
(Force10 S50) #config
 
(Force10 S50) (Config)#interface 1/0/1
 
(Force10 S50) (Interface 1/0/1)#vlan participation include 1
 
(Force10 S50) (Interface 1/0/1)#no shutdown
 
(Force10 S50) (Interface 1/0/1)#exit
 
(Force10 S50) (Config)#exit
 
(Force10 S50) #ping 192.168.77.6
 
Send count=3, Receive count=3 from 192.168.77.6

Once I confirmed the switch is on the network. It was time to send up the .bin file. I configured a tftp server on my workstation and copied/renamed the bin to sftos.bin to save myself some typing.

 
(Force10 S50) #copy tftp://192.168.77.6/sftos.bin system:image
 
Mode........................................... TFTP
Set TFTP Server IP............................. 192.168.77.6
TFTP Path......................................
TFTP Filename.................................. sftos.bin
Data Type...................................... Code
 
Are you sure you want to start? (y/n) y
 
TFTP code transfer starting
 
TFTP receive complete... storing in Flash File System...
 
 
File transfer operation completed successfully.

The copying process took only a few seconds. Took a few minutes to store the File in Flash. Now for the main part. Reboot the switch and hope that the new image will take. At the end of this either the switch will work or it’ll be an expensive paper weight.

(Force10 S50) #reload
 
Management switch has unsaved changes.
Would you like to save them now? (y/n) n
 
Configuration Not Saved!
Are you sure you want to reload the stack? (y/n) y
 
 
Reloading all switches.
 
Force10 Boot Code...
 
tffsDevCreate failed.
 
Storing configuration files
Storing Code base
usrTffsConfig returned 0xffffffff, formatting...
Calling FORMAT ROUTINE

The switch was formatting for quite a long time. After a while I was pretty sure the switch was hosed, but decided to stick it out and see if it comes back. Sure enough, few more minutes later the rest of the upgrade process completed.

Format routine returned with status 0x0
Recover configuration files
CPU Card ID:   0x508245
dimInitialize returned 3
adding the default image - code.bin to the list
dimImageAdd returned -3
Boot Menu Version: 30 Aug 2006
Version 02.01.43 08/30/2006
 
Select an option. If no selection in 2 seconds then
operational code will start.
 
1 - Start operational code.
2 - Start Boot Menu.
Select (1, 2):
 
 
Operational Code Date: Thu Jan 11 02:38:37 2007
Uncompressing.....
 
                       50%                     100%
||||||||||||||||||||||||||||||||||||||||||||||||||
Attaching interface lo0...done
 
Adding 40920 symbols for standalone.
PCI device attached as unit 0.
PCI device attached as unit 1.
PCI device attached as unit 2.
PCI device attached as unit 3.
PCI device attached as unit 4.
Configuring CPUTRANS TX
Configuring CPUTRANS RX
MonitorTask - Active
ConsoleDebugger - Disabled
 
(Unit 1)>STACK: master on 0:1:e8:d5:a2:a0 (1 cpu, 5 units)
STACK: attach 5 units on 1 cpu
This switch is manager of the stack.
 
 
User:
 
  ******* Binary configuration file detected, migration in progress....  *******
  ******* To prevent loss of data, DO NOT POWER OFF MACHINE!             *******
  ******* Migration to text configuration file completed.                *******
Saved Configuration being applied...Please Wait....
 
  ******* Applying text configuration.                                   *******
 
  ******* The following lines in "startup-config" failed execution:
  ******* Line 12:: logging facility -À
  ******* Line 14:: logging history 5595
  ******* Line 15:: logging history size 838875251
 
User:
  ******* Finished text configuration                                    *******

So, that looked like it worked. Let’s reboot the box and see if all is well.

 
User:admin
Password:
 
Force10-S50>enable
Password:
 
Force10-S50#reload
 
Are you sure you want to reload the stack?(y/n) y
 
 
Reloading all switches.
Calling hardware API to reset the box....
If system doesn't reset within 1 minute, hardware might have become faulty....
 
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
 
Force10 Boot Code...
 
 
 
CPU Card ID:   0x508245
Boot Menu Version: 30 Aug 2006
2Version 02.01.43 08/30/2006
 
Select an option. If no selection in 2 seconds then
operational code will start.
 
1 - Start operational code.
2 - Start Boot Menu.
Select (1, 2):2
 
 
 
Boot Menu Version: 30 Aug 2006
 
Options available
1  - Start operational code
2  - Change baud rate
3  - Retrieve event log using XMODEM
4  - Load new operational code using XMODEM
5  - Display operational code vital product data
6  - Run flash diagnostics
7  - Update boot code
8  - Delete operational code
9  - Reset the system
10 - Restore configuration to factory defaults (delete config files)
11 - Activate Backup Image
[Boot Menu] 10
[Boot Menu] 9
 
Are you SURE you want to reset the system? (y/n):y
 
Calling hardware API to reset the box....

Eureka! We’re good to go. Switch seems healthy and fully functional. Out of curiosity I wanted to see what features came with the image downloaded from the IBM site.

User:admin
Password:
Force10-S50>enable
Password:
 
Force10-S50#show hardware
 
Switch: 1
 
System Description............................. Force10-S50 48GE 2TENGIG L3 Stackable switch
Vendor ID...................................... 07
Plant ID....................................... 01
Country Code................................... 04
Date Code...................................... 072005
Serial Number.................................. DE4526001
Part Number.................................... 759-00001-00
Revision....................................... 0A
Catalog Number................................. SA-01-GE-48T
Burned In MAC Address.......................... 00:01:E8:D5:A2:A0
Software Version............................... 2.5.1.3
 
Additional Packages............................ Force10 QOS
                                                Force10 Multicast
                                                Force10 Stacking
                                                Force10 Routing
 
Pluggable Modules and Transceivers:
 None
 
--More-- or (q)uit
Force10-S50#

Ah. That’s much better. Not only it’s running great the new image adds few more features including L3 routing. Not too shabby.

Now the switch is ready to be configured as per my earlier post here.

How to bring down a rack in just few quick easy steps.

Note to self. pfSense full + SSD = Not Good.

Had a bit of a kerfuffle over the long weekend. Was working remotely on a firewall trying to get NAT through VPN working properly, the firewall didn’t appear to work as it should so I decided to reboot it to make sure all routes are clear. Turns out it was a bad idea. The firewall failed to come back up which resulted in a 100km/drive to the data center to investigate the issue.

When I got there, I quickly plugged in a monitor to the 1U server acting as the firewall and was greeted by a nice “Boot Disk Failure” error on the screen. Good thing I brought a spare firewall, one of my modified Watchguard x750e’s. A quick swap and few minutes later the new firewall was running a restore script on the Watchguard (thanks to a config backup).

Back at home a little digging showed that non-embedded version of pfSense do not play nicely with SSD’s. Especially if RRD is installed. Turns out that RRD writes out new traffic images to physical disk every minute. Multiply that by 8 months and that’s a lot of writes to an SSD that doesn’t support write leveling.

Lesson learned. I bought a couple more Watchguard x750e’s from eBay. One to serve as a replacement at another data center, which is also running installed pfSense on a PC/SSD combo and another Firebox as a warm spare.

New Web Site

Been spending some free time lately learning some new technologies and improving my knowledge of others.

End result: http://www.jubjoo.com

jubjoo

Implemented with C# 2012, ASP.Net, SQL 2012. Using .Net Framework 4.5, Entity Framework 5.0, WCF. Latest Telerik for Ajax release. Extensive use of Linq (Linq2Sql), Lambda expressions.
In-Memory image manipulation. Video decoding/encoding. SEO Optimization using URL Routing (no more URL Rewriter, Woo!).

The site is built for easy load balancing and scalability. Currently split into 4 servers (Front End Web, SQL, Media Storage and Web Server, and Worker (Video Encoding, DB Writes, Image scaling and branding).

This is typically how I keep up to date with latest tech. Rather than spending time going over books, I build these projects utilizing the actual technologies. I still spend a lot of time reading documentation but I find this a lot more fun and engaging.

I should note that I’m not a web designer. Hence the minimalistic approach to the site design. I can develop anything in code but it’ll just not look very good.

Windows 7 PPTP VPN Local Domain Authentication

Here’s a hidden gem. When connecting to another site domain via Windows PPTP (Yeah I know it’s no longer secure). Windows will lose connectivity to the local domain and might even cause an account lockout as Windows will attempt to use VPN credentials on local domain and will fail authentication often without a prompt.

There’s a hidden setting in the .pbk file that prevents credentials from being overwritten.

The file is located in C:\Users\<USERNAME>\AppData\Roaming\Microsoft\Network\Connections\Pbk

* Open the file in Notepad.
* Change UseRasCredentials=1 to UseRasCredentials=0
* Save file and reconnect VPN

And that’s it. Now even with the gateway being redirected all local authentications will continue to work.

Teensy + USB Raw HID + C# = Eureka!

I’ve spent at least 3 days converting my Amp Delay Service from Serial communication to Raw HID communication protocol. My CarPC was using at one point 5 COM ports for the various devices connected to it. Iw was becoming a real pain keeping track of each COM port and the actual device that it represents. So I decided to convert my devices to plain USB devices rather than Serial.

Everything was going great until I tried sending data to Teensy while converting the Amp Delay box. The Amp Delay service needs to ping the Teensy device but for some reason (which is still unknown to me) sending data to the Emulated Serial device doesn’t work.

I’ve tried a handful of 3rd party USB libraries, tried rolling my own, tried synchronous vs overlapped IO. Nothing worked. I just could not send data to the device.

After hours of Googling, I finally stumbled on a solution. Turns out that when Teensy operates in Raw HID mode it presents itself to the PC as two devices:

VID_16C0&PID_0486&MI_00 – Raw HID Device
VID_16C0&PID_0486&MI_01 – Emulated Serial device

The “Serial” object in Arduino can send data to the Emulated Serial device which is the method I used to send the Gauge Pod Sender data to the PC. There seems to be a problem however sending data from the host to the device over this protocol.

The correct solution was:

1. Connect to the RAW HID Device instead.
2. Use RawHID.send and RawHID.read in Arduino code to communicate with the host.

I completely accidentally stumbled upon the RawHID object. It is not documented ANYWHERE. The difference is that Serial.print sends data to the Emulated Serial device and RawHID.send sends it to the RAW HID device.

 
void SendHID(String text) 
{
 
  uint8_t sendMessage[64]; //buffer
  text.getBytes(sendMessage, text.length()+1); //convert text to bytes
 
  //fill rest of buffer with zero
  for (int idx = text.length(); idx < 64; idx++)
    sendMessage[idx] = 0;
 
//send to PC, allow 100ms for sending the frame
  int sent = RawHID.send(sendMessage, 100);
 
}

Another interesting tidbit.

arduino-1.0.3\hardware\teensy\cores\usb_rawhid\usb_private.h

holds the VendorID and ProductID that can be changed. When the sketch is uploaded to the device the values are changed on it. This makes it easy to distinguish multiple Teensy devices on the same PC. By changing the Product ID I can have the Amp Delay box and the Gauge Pod sender uniquely identified and don’t have to worry about the program connecting to the wrong box.