Remote Shell Access in ESXi

If you’ve used VMware ESX in the past, you’ll know that one of the most useful administrative features is the Red Hat based console used to interact with the ESX host. With the introduction of VMware’s console-less hypervisor ESXi, many of us were left trying to find ways to accomplish familiar tasks in a shell-less environment.
Fortunately word has gotten out that contrary to VMware marketing, ESXi does include a limited shell which can be accessed in times of need. This shell is actually the open-source BusyBox, which includes among other tools an ssh client/server. To access this shell and enable remote ssh logins, follow the steps below. Note: This assumes you have physical (or console based) access to the ESXi host.

1) After booting into ESXi, go to the console screen of the host and press the buttons ALT-F1 which will take you another console terminal screen.
2) Type the word “unsupported” and hit enter at this screen. Note: character echoing is turned off so you will not see what you are typing.
3) A prompt will appear explaining you are entering “Tech Support Mode”, please read it carefully and understand what you are agreeing to. Enter the root password and hit enter.
4) To enable sshd, type “vi /etc/inted.conf”
5) Find the line that begins with ssh and delete the “#” at the beginning. (I assume you know vi editor commands)
6) Save the file and find the inted service by typing “ps | grep inetd”.
7) Kill the inetd process by typing “kill -9 process id from step 6
8) The inetd process will now restart and the sshd service will be enabled. You can now use an ssh client to access the ESXi host as root.

Create a No-Hassel VPN for Free

Using DynDNS and my previously written article on how to create an XP VPN, you can establish a no-hassel VPN solution for free!

Here’s how:

1. First follow the steps on how to create an XP VPN solution here.
2. Create a free account with dyndns.com and sign-up for their free dynamic dns service.
3. Choose from one of the many domain names and download their free dns updater software.

These three easy steps will give you the power to vpn to your home computer from anywhere in the world, at anytime. Using the dyndns service you don’t have to constantly remember a changing IP address, you just need to remember your free domain name. Being able to map your ever changing ip address with a domain name can unlock many other doors as well.

Such as:

• Hosting your own webserver (website or blog).
• Hosting your own FTP server.
• Using telnet, ssh, and rdp instead of using vpn.

 

These are just a few great benefits of making your home/office computer available and accessible remotely. Not to mention you won’t forget another important file or presentation at home. Ahhh, the joys of technology!

Building an ESX3i White Box: Enterprise Virtualization for Less

Server virtualization is and has been a hot topic in the IT field in recent years. The use of virtualized servers allows businesses to expand their infrastructure in density (vertically) instead of in physical machine quantity (horizontally). Among other benefits this minimizes the required floor space, power consumption, and physical hardware required to keep the business running. These particular benefits are very appealing to large corporations which own and operate their own datacenters, and to the individual or small business owner who is renting rack space in a secure datacenter the savings created by server virtulization can be even more importantant. This article documents the step required to build a relatively low cost server virtualization platform with most of the features being used by billion dollar corporations today.
If you wish to try ESXi before you build a server specifically for it, simply follow the Software section of this article and plug the loaded USB drive into an available computer which can boot from a USB slot. Most computers made within the past few years should work to some degree, depending on the hardware and if ESXi comes with drivers for it.

Software
Although there are various vendors currently offering virtualization software, the leading choice among top businesses currently is VMware. VMware offers a full range of virtualization products, but for this article we will focus on their most recent release; ESXi. This software is a minimal version of their popular ESX Server product line which provides “an enterprise-class hypervisor with a thin 32 MB footprint”. It is intended to be installed on an SD card which is included with a select number of enterprise class servers from hardware vendors such as Dell, IBM, and HP. To learn more about ESXi, click the following link http://vmware.com/products/esxi/.

Edit: VMware now gives users a license of ESXi for free after registration!  You are no longer limited to a trial.
Although the licensing for ESXi is currently $495, VMware allows anyone to download a 60 day trial of the product for free. This evaluation copy was used throughout the system build, and can be upgraded to the retail copy at the end of the trial period if desired.

Note: The following instructions are a summary of the instructions found at http://vmetc.com/2008/02/05/create-your-own-bootable-esx-3i-usb-stick/ .
Since USB jump drives are much more common than PCI to SD card adaptors, we will install the software onto a >=1GB USB drive. To start, download an evaluation copy of the software (VMware ESXi 3.5 Installable Update 1) from VMware’s site http://vmware.com/download/vi/ . Next you will need to download a trial copy of WinImage (http://www.winimage.com) and a freeware arc hiver such as 7zip (http://www.7-zip.org). Then perform the following steps:

1. Extract INSTALL.TGZ from the root directory of the ESXi ISO image using 7zip.
2. Extract /usr/lib/vmware/installer/VMware-VMvisor-big-3.5.0-67921.i386.dd.bz2 from INSTALL.TGZ using 7zip
3. Extract VMware-VMvisor-big-3.5.0-67921.i386.dd from VMware-VMvisor-big-3.5.0-67921.i386.dd.bz2 using 7zip
4. Attach the USB flash drive and make sure you no longer need the data on it
5. Use WinImage to transfer VMware-VMvisor-big-3.5.0-67921.i386.dd to the USB flash drive
1. Disk->Restore Virtual Hard Disk image on physical drive…
2. Select the USB flash drive (Warning: If you select the wrong disk you will lose data!)
3. Select the image file VMware-VMvisor-big-3.5.0-67921.i386.dd
4. Confirm the warning message
5. Wait for the transfer to complete
6. Unplug the USB flash drive (Warning: If you forget to unplug the flash drive from the PC you might lose the data on your hard drives the next time you boot!)

Hardware
Now that we have our bootable ESX drive, it is time to build the physical box which will host the virtual machines. Because ESX is meant to be an enterprise product, it is only sold and supported on a select number of expensive server platforms which sell for anywhere from $3000-$30,000. However even though these are the only officially supported platforms VMware lists, the ESXi hypervisor can actually work with a variety of undocumented hardware. Because of this, building a white box often involves finding out by trial and error which hardware works and which doesn’t. The following, guaranteed to work, configuration was used during my build to fit my personal needs and desired budget, but other more or less powerful configurations may also work if suitable. All of the parts used were purchased from online PC hardware providers and the prices listed may reflect currently unavailable sales or rebates.

Part/ Price
4U rack mountable case: Norco RPC-800 / $74
8GB Corsair XMS2 DDR2 800 RAM (4×2GB) / $152
Corsair CMPSU-550VX 550W Power Supply / $80
Intel Q9300 Processor / $275
ABIT IP35 Pro Motherboard / $130
Intel EXPI9300PT Gigabit PCI-E Network Card (x2) / $90
2GB Sony USB Micro Drive / $13
Cheap PCI or PCI-E video card (only needed for setup) / $15
1TB HDD (Western Digital Caviar SE16 WD5000AAKS SATA drive x2) / $180
Total $1,009

The hardware used provides a fairly beefy machine (quad core with 8GB RAM and 1TB of disk space) easily capable of running numerous virtual servers simultaneously. For example the above hardware is currently running four different VM’s each with a 3 GHz CPU core and 2GB RAM. The particular motherboard used includes two on-board gigabit NIC’s which are unfortunately not supported by ESXi at this time. Therefore, the two PCI-E Intel NIC’s were included to provide both a VM traffic and an ESX management physical Ethernet port. Because ESXi also does not support IDE devices, the hard drives used must be SATA. And although the motherboard includes onboard raid, the chipset used is only supported in IDE mode (meaning no RAID or AHCI support). If raid is desired, a raid PCI or PCI-E card may be used.

Installation
After setting up the physical ESX box, insert the USB drive with the newly loaded hypervisor into an available USB port. Once the box boots up, a setting needs to be configured in the bios for the server to boot from the USB drive. Under Integrated Peripherals->OnChip PCI Device->USB Device Settings make sure the USB Storage Function is set to Enabled. Then make sure the Hard Disk Boot Priority is set to have the USB drive boot first. Then save the settings and let the machine boot into ESX. You are now ready to configure the ESX server as desired.

Final Thoughts
Server virtualization is an increasingly important skill for IT professionals. While the system described in this article is certainly stable enough to used in a business environment, because it uses white box components and is not officially supported by VMware it is more practical for use in a “home” or lab environment. By using the above procedures ESXi gives the novice techie the ability to learn, play, and benefit from the skills required for in-demand positions in the IT field.

Guest Author

IT Support Journal readers, please welcome a guest author and good friend, Mark Seidenstricker. Mark is an up-and-coming IT professional currently working as an IT admin for a Fortune 500 company. He has a bachelors degree in computer engineering and a masters degree in electrical engineering. Mark is quickly becoming an expert in the virtualization arena and will providing us some insight to the VMWare product line. Mark has provided us with a four part series on virtualization using VMWare, which I have read and is pretty great stuff, you will definitely want to check back for the first article which will be posted tomorrow, June 25th. Hopefully this will just be the beginning of Mark’s contributions to the site!

Content is Coming!

 

 

 

 

Folks, sorry for the lack of content the past couple of weeks. I have been very busy and unable to update the site. I want to re-assure my readers though, that I do have some great new stuff on the horizon. Here are a few upcoming titles:

• Let Robocopy protect & serve your file migration.
• How to build a freelance IT business in minutes.
• Digitally sign and encrypt your email - For Free!
• USB Email - Using Thunderbird Portable
• Play it safe with Volume Shadow Copy

I hope these teasers will keep you all checking back. If you have any suggestions for content that you would like to see, please contact me. Also don’t forget to check out the forum, there are IT professionals monitoring it for your questions.

Help Fight Spam in Exchange 2003

Spam is a difficult animal to tame, so any product that can help fight it will certainly be regarded by network admins, even more so if it is FREE!

In Exchange service pack two Microsoft integrated an Intelligent Message Filter or IMF. You can use IMF and IMF tools to set thresholds on SPAM Emails. IMF also includes a builtin way to dynamically check Realtime Block Lists (RBL’s). RBL’s are pretty self-explainatory, they are dynamically updated lists that provide domain names and IP addresses of SPAMing sources. Two organizations that are known for keeping great RBL’s are spamcop.net and spamhaus.org. Both of these site even provide up-to-date stats on the world of SPAMing.

In order to use RBL’s from spamcop and spamhaus, follow these steps:

1. Go into your Exchange 2003 System Manager.

2. Go to the Global Settings -> Message Delivery

3. Right click on Message Delivery and select “Properties” from the drop down menu

4. Go to the “Connection Filtering” tab.

5. Click on the “Add” button.

6. For “Display Name” you can add whatever you like, but usually the name of the RBL server is what you want to put in there.

7. For “DNS Suffix of Provider” you will want to put the url to the server - for example the one for Spamhaus is zen.spamhaus.org

8. If you think you want a custom error message, then fill out that field with whatever you want it to be.

9. Finally click OK and the RBL will be assigned to IMF.

As you can see on that main screen there is the ability to have a global accept and deny list with IP addresses, as well as an exception list - this is where you can whitelist/blacklist people in if you like.

After you are done adding your RBLs, click on OK for the main menu and then you will likely get a popup reminding you that you need to activate these rules.

Just like that popup says, you need to activate them - so if this is your first time setting up a connection filter, then go into the System Manager -> Administrative Groups -> and then to the server that you want to activate this on.

Once in the section for your server, then go to Protocols -> SMTP -> Default SMTP Virtual Sever and then right click on that and select “Properties” from the menu that comes up.

1. Under the General tab, click on “Advanced”.

2. Select the port 25 identity and click on the “Edit” button.

3. Check the “Apply Connection Filter” and then select OK all the way out until you are back at the System Manager.

4. Watch you SPAM messages typically get cut in half!

The two filter manager URL’s we used are as follows:
Spamhaus: zen.spamhaus.org
SpamCop: bl.spamcop.net

Disable “Run-Once” from Internet Explorer

I have finally had it with Internet Explorer loading the Run-Once page everytime I open a new browser window. These Microsoft “Features” have to stop! If you are annoyed as I am about this default webpage, just follow the steps below to rid yourself of Run-Once rage.

 

 

Disabling Run-Once
At least relief is not a hard pill to swallow, the fix is actually pretty simple.
1. Create a new notepad document.
2. Paste the following into the document:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

“RunOnceHasShown”=dword:00000001

“RunOnceComplete”=dword:00000001

3. Now choose Save As and save the document as a registry file by choosing Save As Type = All Files and by naming the file Killrunonce.reg.
4. Finally set your new registry values by double-clicking the registry file you just created. (Note: You will need to say Yes to the prompt.)

 

Open Internet Explorer again and you should see your wonderful new homepage and your Run-Once anger will quickly melt away.