Planet Collab

πŸ”’
❌ About FreshRSS
There are new available articles, click to refresh the page.
Before yesterdayRoot

VMware Storage DRS

By Root

So im finally back with a new blog
i know i been sleeping during the corona pandemic, so lets get to it
i previously explain how to configure the DRS in VMware Level and now we will do it in the Storage level
so in my previous blog i show you how to install Storage
so the reason for Storage DRS is to move machine from an over utilized storage to a none busy storage
here i will show you only how to install it and the result is similar to the VMware DRS
similar to the VMware DRS i will create a new Cluster

Go to vCenter – Datacenter – New Datastore Cluster
1

Choose a name and check the box to Turn ON Storage DRS2

Choose the DRS storage Automation to be Fully Automated3

Leave this section as it’s but sometimes this I/O check box could cause Error but this is a labso i would leave it as it’s
andΒ  i played the thresholds a little bit so it triggered the storage automation 4

I selected the cluster here that need connecting to the Storage DRS
5

in this step i selected the 3 Storage that will be under this clusterΒ  (ISCSI-A, ISCSI-B & ISCSI-C)6

At the summary page press Finish7

and now i can see all my storage is under the Datastore Cluster
8

now let me add a new Virtual Machine
10

Select Create a new Virtual Machine11

Select the Datacenter
12

Choose the Cluster were you want to install the VM 13

Now the BIG Step, no need to choose a specific storage, i can select the Storage Cluster and automatically the system will choose the storage14

Choose ESXi 5.5 and later15

Select the Guest Machine16

In the Customization page just press Next17

Now in the summary page you can see under the Datastore
the Machine chooses the ISCSI-B as (Recommended) by the ESXi DRS Storage
Click Finish to start deployment
19

From Recent Task you can see the Task been Deployed
20

Finally the Machine created under the Cluster and in the Summary page you see the Storage (Storage Cluster)21.PNG

;D

Converting a Physical Server to VMware Machine (P2V)

By Root

VMware vCenter Converter transforms your Windows- and Linux-based physical machines and third-party image formats to VMware virtual machines, So
Bayan Senur whom is the manager of Jaguar & Land Rover Contact Center have a recording server that almost crashing and there is no enough storage on server and she need that space so the best thing is to move it to Virtual environment were we can add space and back up the system without worrying any more

I have the EXE in my folder so lets get to it1

2
Choose Next
3

4
Select agree to the terms
5
Choose the default folder to save the installation
6
I choose Local Installation
7
i checked the box to join the VMware which is optional
8
Now select Install to start the instalation
9

10
Select Finish to run the Converter11
First step Select Convert Machine option
12
Now select the machine option
in my case my machine is powered on
then enter the detail of machine IP address (which is Jaguar Company Speechlog recording system ;D Sorry Bayan i had to test on something ) and username and password for the machine
13
The Agent will be deploy to the machine remotly
14
you can check if the Agent been deployed by going to Control Panel – Program and Feature
15
Now next step is select the Infrastructure that im using which is VMware infrastructure then Enter the IP Address of the vCenter with the admin login16
Next step is to chose the Datacenter were you want the machine to be17
then you choose the cluster and host that you will be installed on and the VM version
18
you can see there is an (X) error showing on the Data to Copy option and as you see the F: Drive have 368 G which bigger than our Host 19
Select Advanced 20
i made sure that i will not use the F drive in this process But in real life you need to have a bigger HD
21
and i made the C Drive as Thin
22
Also an optional i change the vCPU23
In Advanced i made sure to remove any system restore point so it will not utilize more space
24
Press Finish
25

26
Converting process will start 27
and its completed
28
you can check the job process
30

31
Now Lets check our vCenter32
Select Host and Cluster
33
and here under the Host that we choose earlier our Speechlog-PC Machine34
i will use the credential to loginΒ  35
;D
36
Thanks to an easy Converting

Vmware Affinity

By Root

in the last blog β€œVMware DRS” i show you how to migrate machine automatically and this was the result, it moved my VM Machine β€œWindows 10-A” & β€œWindows 10-B” to the ESXi host β€œ192.168.208.210”
8
but what if i do not want those two machines to be together and i want β€œWindows 10-A” & β€œWindows 10” to be together and β€œWindows 10-B” to be far away from β€œWindows 10-A” and not share the same host.
well there is one solution β€œAffinity and Anti-Affinity”
so if you go also to your Cluster – Related Objects -Virtual Machines
1
Okay lets adjust the component so we can see the host of each Machine2
Add the Host Field
3
As you can see here
Windows 10 on host (192.168.208.209)
Windows 10-A on host (192.168.208.210)
Windows 10-B on host (192.168.208.210)4
lets create first rule that will join Windows 10-A & Windows 10 Together
so lets go to Cluster – Manage – Settings – DRS Rules
5
Add a new Rule – Choose a Name
Select to Keep Virtual Machine Together
Now Add the Machine
6
I choose Machines:
Windows 10
&
Windows 10-A
7
Now Choose OK
8
as you can see if you highlight the rule it will show you the machine affected by that rules 9
Now if you go back to Cluster – Related Object – Virtual Machines
you can see that Machine Windows 10 Joined the other Machines and now become hosted by host 192.168.208.21010
and you can see the Task Detail here11
As i remembered we mention that we want β€œWindows 10-B” to be far away from β€œWindows 10-A”
so lets add another rule and this time we choose to (Separate Virtual Machines)
12
Lets choose Machines Windows 10-A & Windows 10-B13
Now press OK
14
and if you highlight the Rule you will see the affected Machines15
and if we go to the Task we will see that Machine Windows -A is moving from host 192.168.208.210 and since there is a rule to keep Windows10-A and Windows 10 together in that case also Machine Windows 10 will be moving to the other host
16
and Yup both machine now faaaaaar away from Windows 10-B
and both of Windows 10 & Windows 10-A hosted on 192.168.208.20917

Okay now we finish with VM to VM Relationship
what if i want to Keep a specific VM tagged to a specific Host
Here we go to a new thing called : DRS Group
20
Add a DRS Group and choose a name
and choose a Type should be VM DRS Group
21
First Select the VM Machine and i selected Windows 10-B
Note: make sure you dont select the wrong VM cause it will cause an issue since you have another rule that separate Windows 10-A from Windows10-B
22
and its added
23

24
Now Add another DRS Group and choose a name and Type should be Host DRS Group25
and select the Host needed
26
and then press OK
27

28
Now go back to the DRS Rule and add a rule
Type: Virtual Machine to a Host
and select the VM DRS Group and Host DRS Group that you created
29
and if you highlight the rule you will see the affected Machine30
Now you can see VM Windows 10-B moved to 192.168.208.209
an since there is an older rule that separate windows 10-A from Windows 10-B so the VM windows 10-A moved to host 192.168.208.210
also there is a rule that Join VM Windows 10-A & Windwos 10 together then the VM Windows 10 moved to host 192.168.208.210
i know that a really confusing but i suggest you read it couple of time and test it your self to get the matter
31
and that is the beautiful result
32
and you can go to the Cluster – Monitor – vSphere DRS – History to see the procedure 33

;D

Β 

Β 

Β 

VMware DRS (Distributed Resource Scheduler)

By Root

Hello Again
So in my earlier blog i manually migrate VM Machine from my first host to the second one, what if i want for my virtual machine to be moved automatically??? the Answer is:
DRS (Distributed Resource Scheduler)

lets start by the configuration but first if you notice all my machine under Host [192.168.208.209] nothing under [10.1.1.32]or[192.168.208.210]
so before we start the earlier two blog is very important to be establish first for VMware DRS to work
VMotion
Shared Storage
Right Click myΒ  Datacenter – New Cluster2
Give it a name and check the box DRS [Turn on] and you can choose the Automation Level and here i will show you the Fully Automated. most of the admin prefer the Partially automated as the VMware will give you suggestion and you could follow or not or Manual were an admin give suggestion3
Second step is i will drag my hosts under the Cluster4
and it will ask me what to do with the VM and i choose my first option and press Ok5
and automatically it start moving the VM from under my host 192.168.208.209 to other Hosts
6
and the end result as you can see my 3 Virtual Machine moved under my biggest host [192.168.208.210]
7
and if you go to the cluster – vsphere DRS tab – History
you see the time and date those machines moves
(Wow i cant believe i wrote this blog in 2018 and never shared it, dont blame me i was chasing pal alto certificate)8
and also you can see the CPU Utilization9
and select the VM to see each Utilization 10

Β 

;D

Β 

Β 

Β 

Β 

Migrate VMs with VMware vMotion

By Root

vMotion enables live migration of VM machines from one Host to another with no impact on the Daily operation But Let me tell you this
Before migrating a virtual machine with vMotion, ensure that your hosts and virtual machines have the same network card & share the storage believe me you don’t want your machine to come with different IP AddressΒ  ;D

So Similar to how we did earlier when we add a Storage in the last blog we need to add a VMkernel specific for vMotion
in your Home Dashboard go to Host and Cluster1
Select your Host – Manage – Networking – Virtual Switches – Add Host Networking
2
Choose VMkernel Network Adapter
3
Choose a New Standard Switch
4
Click on the + Sign to add a network card5
Select the card you want to use6
Press Next 7
Here we will Check the Box for vMotion Traffic8
Give a static IP Address to the VMKernel9
Press Finish10
Now it’s created we are ready to move to the next step11

Now as you can see my VM Machine (Windows 10) is located under my Host 192.168.208.210 and using my ISCSI Storage (ISCSI-A)
30
Right CLick on the Machine and Select Migrate
20
Now i have the option either to change the Host of the Machine or Change the Datastore or Both
since in my last blog i added an External storage then i will change Both31
I choose to move it to the Host and the compatibility check sign is successful
(the red sign Most of the time memory size give a red sign you have to take care about it but this is just a lab) 33
Now choose the storage you want to move to 34
It’s better to choose the Recommended option35
Select Finish36
and you can see your Machine is Moving in the Recent Task
37
And Walla your Machine Moved under host 192.168.208.209 38
and if you go down you can see the storage informationΒ  which show ISCSI-B39

;D

Clone your perfect Virtual Machine

By Root

Cloning

okay i know
Same face, Different Hair style and Different dress
its like i created a copy of my self
Guess what!!
VMware have the same Capabilities called (Cloning)
Cloning Feature allow you to create a copy of your perfect Virtual Machine instead of repetitively creating a VM from scratch over and over

So this is how you can do it
Select your Perfect VM Machine1
Right Click and choose – Clone to Virtual Machine
2
Select a name to your new machine and choose a Datacenter3
Select which Host you want to put your VM in4
Select the Storage5
I will not go in detail of Edit the Machine file but for a better practice you need to do it6
Press Finish7
you can Monitor the recent task while the machine is been created
8
and just like that your machine is created9.PNG
Of course you need to change the IP Address to save your self from Conflict IP Address and PC Name cause we did this clone without operation system customize

10.PNG

;D

Β 

How to Add ISCSI Storage to VMware ESXi

By Root

When i start my road to VMware in 2013 this is the subject that kill my head and i got the help from a friend of mine so the thanks here goes to Mohammed Hadi Bafaqeer
164

ISCSI Storage is one of the best solution for VMware Design cause you cant depend on the Storage of the server in case the server crashed all your data crashed and you cant retrieve it and also it can help you in enabling feature like Vmotion

so lets start configuring
in Home Page – choose β€œHosts and Clusters”
2
Select the Host3
Go to Manage tab – Networking – Virtual Switch 4
Choose to Add host networking5
Select the VMKernel Network Adapter 6
I use the same vSwitch since I have only one network interface in my server that is up now.
I suggest to have a separate network vSwitch for Storage1.PNG
Put name to it and leave the rest for default and no need to enable any Services11
It better to select a static IP but since this is a lab i let it Automatically obtain an IP from DHCP12
Finish
2
and you can see your vSwitch0 when you highlight it it show the Storage3

now Second Step
go to the host – Manage – Storage – Storage Adapter –
+ Software ISCSI Adapter15
Press OK
16
Now highlights the ISCSI Storage Adapter
Select tab Target – Add18Put the IP Address of you Storage
Mine is 192.168.200.100 press Ok19
Now the Target is added20Now I will associate the VMKernel Adapter with it
Select Network Port Binding – +21Select the Storage VMKernel Adapter that I configure in the beginning of the blog
4.PNG
It is Added and show status Not Used5Click In Rescan icon to refresh the page and 24

25
And it change from Not used to Last Active
6Now Third Step is to add Datastore
Select Host – Related Objects tab – Datastores –
Choose to create a new datastore27
Select the Location28
Choose the Type29
Choose a datastore name90
and select the Version31
ok here i only chooses to use 50 Gig of my 93 Gig 91
Then hit Finish92
as you can see the storage been added under my ESXi host 192.168.208.21093.PNG
and if i go to my second host 10.1.1.23 i will see the same shared Storage
94
Now i want to increase my Storage cause of the 50 Gig is not enough and i want to utilize my whole storage
in my Home Page go to Storage
100
Then go to select the storage i create
ISCSI-A – Manage – Settings – General – Increase 101
Select the Device102
Use the free space103
Increase to the size you wish 104
And simply it increase now hit finish105
and as you can see it change from 50 Gig to 93 Gig106Now lets Create a Virtual Machine to be inside that storage
1
Choose to create a virtual Machine2
Choose the Datacenter3
Select the host4
and now you choose the storage you create earlier5
Choose the compatibility version6
And select the Guest family
i am about to install WindowsΒ  ;D7
ALmost finish i will just select my ISO file8
Windows 10 CD yessssssssss9
Hit Next10
and that it’s press Finish11
Power on the Machine12
open console to see the procedure
13
and proceed with he installation16
And that it is
install the windows on our new storage20

Β 

;D

Integrate VMware vCenter Single Sign-On (SSO) with Active Directory

By Root

Single Sign-On (SSO) is a part of vCenter Installation and important step in Authentication and Authorization
once you install vCenter you would have a β€œvSphere.local” Domain in your server, it would be better if you could integrate your existing Microsoft Active Directory (AD) environment with your organizational structure of groups and users.

So before we start with the configuration i will login with my Domain User and check that i can see anything (vCenter, Datacenter or Hosts)
10
And as you can see under my vCenter there is nothing of my Datacenter or Hosts
12.PNG
So to start as my luck i added my server to a domain already in my Earlier Blog
so to complete the steps here and add give permission to users
Go to Administrator – Single Sign-on – users and groups
1
so to give a permission for my self
From drop down i can change the β€œvsphere.local” to β€œmynaghi.com”
2
i put in the search my name so it will not list the whole organization
3
and if you go under Adminstration – Single Sign-on – Configuration – identity Sources

you see from were you get your configuration
for my case i already added my server to the domain4
so to configure the user and give him access so in Home Page
vCenter – vCenter Servers – Then Select the VC-CCIEROOT.Mynaghi.com
then click on β€œManage Tab” – Permission – +
5
Select the Assigned role as Administrator
6
I change the Domain to β€œMynaghi” and in the Search bar i put my name and Click Add 7
Now I press OK8
As you can see now it show under the permissions9
Now let me login using my Domain Username & Password again
10
and as you can see i can see under the vCenter my vCenter Servers, My Data Center and My Hosts11

;D

Β 

Β 

VMware vCenter Server Appliance 5.5 (vCSA)

By Root

Helooooo
in my last Blog i show you how to install VMware vCenter on Windows Platform, well that is a history cause VMware decide to let go of it after vCenter 6.5 and complete with Linux. Yes linux virtual appliance running Linux and comes as an OVF and i download it to my Desk
So what i will show you is installation of vCenter Server Appliance 5.5

1
so let proceed with the installation
2
i login to my Host and
File – i choose to deploy OVF Template3
Browse to the location of my OVF5
Choose Next and it show detail of my OVF6
Choose a Name to my Machine and press Next7
Select the storage were i will install my machine to 8
I choose Thin Provision 9
Last press Finish10
Wait till Machine been Deployed
11
And finally Successfully Deployed
12
As you can see my machine been Deployed on my Host so i Turn it on by press the power13
Choose the VMware vCenter Server Appliance14

15
And it finish and it show the link for my vCenter Server which giving to me by my DHCP Server
https://192.168.208.59:5480
17
go to my Firefox Browser and type the vCenter URL
https://192.168.208.59:5480
18
Choose Advanced and make an exception 19
Now login to my vCenter using The initial default user name and the default password
username: root
Password: vmware20
First thing Accept the EULA21
Choose to configure the default settings22
And press start23
It will take time but then press Close25
And then you can see the Summary Page
26
Go to network Tab – Address
to change your configuration from DHCP to static 27
Type the required IP Address and Netmask
and Save your settings28

29
Press Refresh30
Go to vCenter Server Tab – Time tab
and Choose VMware Tools Synchronization and Save Settings
This gives you the option to synchronize the time of the guest OS with the ESXi host32
Then go to Database Setting and choose embedded33
Now to test the SSO Settings first we need to stop the Server
Go to vCenter Server Page – Summary
and press Stop front of the Server
34A
Now go to SSO Tab and set the password of the Administrator and press (Test Settings) and it may take little time and then it as you see it show Operation was Successful34
Now when you press Save it will show this warning
its okay just press OK

35
And again the Operation was Successful
36
Now go back to Summary page and start the Server Again37
now go to your Explorer and browse to the ip address of the vCSA
https://192.168.208.59:9443
and accept the warning38
now login with the
username: Administrator@vsphere.local
Password: you choose in the SSO39
And just like that it finally installed40

VMware vCenter 5.5

By Root

The Management King
well i show you in the last blog how to Install VMware ESXi 5.5
Imagin if you have multiple ESXi machine its nonsense to go to each machine and manage it, well today i will introduce The VMware vCenter which will help you to manage all your ESXi hosts from a centeral place and also it will introduce you to so many feature later on.

you can download it from VMware page but When vSphere 5.5 was released, 19 September 2013, its end of support date was also published.

So first there is two Option for vCenter installation either a windows installation or Server Appliance, This is a Windows installation so first thing make sure your server is joined to the domain and next step is installing of .Net Framwork on my Windows server
Let begin i have the exe in my D Drive

1
i will start the installation and choose to accept the License Agreement
2

3
and the installation is complete
4
now i attach the CD to my PC and will proceed with the installation5
I will choose the simple installation
which will install the main 4 item:
vCenter Single Sign-on
vSphere Web Client
vCenter Inventory Service
vCenter Server6
Press Next7
and then i will accept the license agreement8
and here you find that the server already joined and DNS is resolved successfully
check the box and press Next
9
Choose a password for your user
the default user for vCenter is (Administrator@vsphere.local)10
choose a name for your first site
11
Press Next
12
Choose where to save your installation file13
here is your configuration so simply press Install14

15
it may take so much time and it could hang so just when this error show just choose NO16
Accept the SSL Sha1 fingerprint17

18

19
since this is a lab and i dont have a license key i will just press Next20
Since this is my lab and i dont have an Existing Database i will choose to install SQL
21
i will use my windows login 22
Check those ports and then press next23
i choosed here small since its only a lab24
Press Next25
Press Yes26

27

28
The SQL Server installation start and it may take time
29
Press Finish
30
and the installation of all 4 items is done
31Now lets go to the Web
https://192.168.200.250:9443/vsphere-client/
50
Allow the Adobe flash to run51
Now login to the web client using the Administrator username and Password
Username: administrator@vsphere.local
Password: *********
70
and here is our Getting started Page71
click on Home Tab and you can see all your beautiful Option
72
you know what lets not stop here and proceed with adding our ESXi host.
So First Let Add a Datacenter and Name it Jamjoom since that is the branch im working on
so from the Home Page go to
vCenter – vCenter Servers
1
Now on the vCenter Server Right Click – New Datacenter2
Name it Jamjoom
3
now if you see the Datacenters filed become 1
5
Now Click on the Data Center and it will lead me to the Datacenter Page were i can Right Click and Add new Host6
Put the IP Address of your ESXi Host and press Next1
Put the username and password of your ESXi 8
Accept the Security Alert for the SHA 1 thumbprint9
And as you see it detect the server hardware and vendor and model
2
Now click next to accept the Evaluation Mode (dont look at the expire date i created this blog earlier as part of the series ;D)
11
Press Next
12
Choose the Datacenter location for this machine13
Now press finish
3.PNG
and you can see the running task
15
and it added
Also i can login to the vCenter through the vSphere Client and see my Machine
28
choose to ignore
29
and as you see here that is your Datacenter (Jamjoom) that you created in the earlier step
13
also i will show you here to add a host through vSphere Client14
put the IP Address of the Host ESXi and also in the same step you will put your login username and password then press Next15
now accept the SHA1 thumbprint
16
and also it detect the Host vendor and Model and version17
Oh that cool i have a license on that server
lets not tell my manager about itΒ Β  ;D18
and i will not choose to Enable Lockdown Mode so i press Next 19
Choose the Datacenter Location20
and Finish21
and that all it’s 22

And just like that we had two subject in one blog, installed the vCenter and add host it

;D

Install VMware ESXi 5.5

By Root

The Subject that i should write about long time ago
well i have a long Road Map for this Tech and its a never ending journey:
β€’ Install VMware ESXi 5.5
β€’ VMware vCenter 5.5
β€’ VMware vCenter Server Appliance 5.5 (vCSA)
β€’ Integrate VMware vCenter Single Sign-On (SSO) with Active Directory
β€’ How to Add ISCSI Storage to VMware ESXi
β€’ Clone your perfect Virtual Machine
β€’ Migrate VMs with VMware vMotion
β€’ VMware DRS (Distributed Resource Scheduler)
β€’ Vmware Affinity
β€’ Converting a Physical Server to VMware Machine (P2V)
β€’ VMware Storage DRS
β€’ VMware High Availability
β€’ VMware Fault Tolerance
β€’ VMware 5.5 Configuring vCenter Server Linked Mode (Single Console Multiple vCenter)
β€’ Upgrade VMware vCenter 5.5 to 6.0
β€’ Upgrade ESXi 5.5 to 6.0 using Update Manager
β€’ VMware 6.0 Configuring vCenter Server Enhanced Linked Mode
β€’ VMware vMotion Cross vCenter 6.0
β€’ VMware vSphere Auto Deploy
β€’ Migrating vCenter Server 6.5 for Windows to vCenter Server Appliance 6.7
So i show in my earlier blog How to Debloy CUCM in ESXI Now i will show you how to install that VMWare ESXi from the scratch
so first you need to have a CD of the ESXi which can be downloaded from their web site
https://my.vmware.com/web/vmware/details?productId=352&downloadGroup=ESXI550

Then Burn that ESXi image to CD and inseart in the Machine and it will start loading1

2
Then it will appear a welcome message Just Press (Enter) Continue3
it will Ask you to Accept the End User License Agreement (EULA)4
it will start to Scan the Devices in your system5
Then Press (Enter) Continue to choose the Desk you need to install the ESXi on6
Then Choose the Language and Press (Enter) Continue7
it will promptΒ  you for Password
type your password and confirm it8
now Just press (F11) Install to start the installation
10
And it will start 11
Now your CD Room will eject and will ask you to Reboot the System so
Press (Enter) Reboot12
The System will reboot and will come up Again13

14
and finally your machine is up and you can see the http://0.0.0.0
so you need to configure your IP Address15
Press (F2) to configure your Machine16
it will ask you for the password that you earlier configured17
now go to (Configure Management Network) 18
then go to IP Configuration19
Select to Set Static IP Address
and fill the Filed
i Choose 192.168.208.209 as my ESXi IP Address
and press OK to confirm
1
now when you go back it will ask you to restart the Management Network
just press (Y) Yes
21
just to make sure an extra step try to test the reachability
go to Test management Network22
fill the Address that you want to ping
im trying to ping 192.168.208.1 which is my Gateway
and Press (Enter)OK
2
and it ping went smoothly
3
now let me go to VMware vSphere Client and put the IP Address of my ESXi and the name and Password of my ESXi and press Login
4
Click Ignore for the Certificate5
And here is my Lovely Machine 6.PNG

And here to a new road of technology

;D

Conference Now

By Root

CUCM 11 New Feature
replacing the present Meet-Me feature
well let me tell you, finally i got the approval from Management to upgrade our CUCM and since then i have to read alot to see which new feature i have and one of the newest is Conference Now
i show you earlier how to configure Meet-Me Conference so today i will show how to configure the Replacement for that feature, and You can now set a PIN to the Meet-Me feature, making it more secure Similar to Webex
So i Download CUCM 11 ISO File and i will configure this in the 60 Days Demo License
and as you can see the home page look different
a
Login with my Username and passwordb
and here show the System is operation on demo license
don’t worry about it
the feature will work on it
1
First go to Call Routing Tab – Conference Now2
Enter the Conference Now Number3
Then go to Media Resource – Interactive Voice Responses4
Make Sure the IVR is registered to the CUCM5
i will Change the Device Pool and Location to my Site (Jamjoom)6
Now go to Media Resource – Announcement 7
Here i can check the All the Default Announcement and as you see the First couple of Announcement is belong to Conference Now Feature and i could change it too for a custom recording 8
Now go to User Management – User/Phone Add – Feature Group Template9in the Default Group Template select the Box – Enable End User to host Conference Now10
now go to Configure End User under User Management Tab11
Configure the Self-Service User ID for the End User12
Select the Primary Extension13
The Last Most Important Step is to Enable the Box under Conference Now and make sure the Meeting Number is the same as the Self-Service user ID
and to make sure your Conference is Secure configure the Attendees Access Code14
like that your configuration is Complete
to check the number allowed for Conference is the same like Meet-me feature
go to Service parameter – Choose the server and Call Manager service15
and As you see you can Adjust everything here16

Now lets Check the Video for testing the Conference Now Feature

Β 

IMG_8670

πŸ’Ύ

πŸ’Ύ

πŸ’Ύ

πŸ’Ύ

Video Conference

By Root

This is the Cisco IP Phone Biggest Feature of all

Video Conference is one of the Major thing in Business were Some Employee reside in another City and you can save time and Money with Video Conference and for Some Business an MCU is not an Option.

The Best thing for it to work You don’t need TelePresence or Meeting Server, All what you need is a PVDM3 Modules weather itΒ  PVDM 3-128 or PVDM 3-265 in your Router and Configure the Conference in the IOS Similar like you do the Normal Conference i already Explain it in an Earlier Blog

I will be configuring Video Conferencing for Cisco 8941 IP Phone and 2 of 9971 IP Phones.

So Let Start Configure the IOS

first i Set the DSP reservation for voice related services Integer is a percentage which is 60 in this Example, That Leave me with 40% to video resources

1

Then Configure the Video Conference Profile

Its Important toΒ  Define the conference-participants parameters and Maximum Sessions so I Define how Many Parties Per Conference and I define Also the maximum sessions

3

Now the SCCP Configuration Part

i Define my Call Manager

2

and here i Associate the Video Conference Profile to the SCCP Group

4

Now the CUCM Part

Go to the Media Resource – Conference Bridge – Add New

5

ThenΒ  Go to Media Resource – Media Resource Group – Add new and Select the Video Conference Resource that you Just Configure

6

ThenΒ  Go to Media Resource – Media Resource Group List – Add New and Select the Media Resource group

11

Finally Assign the Media Resources Group List to the Device Pool

12

Now make a Call to from Phone A (7156) to Phone B (4119) then i Add by Using the Conference Button https://i2.wp.com/www.cisco.com/c/dam/en/us/td/i/200001-300000/250001-260000/255001-256000/255303.eps/_jcr_content/renditions/255303.jpg and Add Phone C (2131) and Press the Softkey Conference and Just Like that you have a Video Conference

you can watch the Video in this Link
or you can see it in the video below

Note. Cisco release a Feature Deprecation Announcement for Video Conferencing and Transcoding Using PVDM3 on ISR G2 Product Bulletin Feature Deprecation Announcement for Video Conferencing and Transcoding Using PVDM3 on ISR G2 Product Bulletin were saying β€œThis feature will be disabled with Cisco IOS Software Release 15.5(3)M” so in case you want to use it Youre going to have to roll back to an older release.

videconference

πŸ’Ύ

πŸ’Ύ

πŸ’Ύ

πŸ’Ύ

Ad Hoc Conferencing

By Root

Conference Cant get Any EasierΒ  ;D

I already explain in earlier blog the other Conference Feature Meet-me and in my Believe Ad-Hoc is the Advanced feature of Conferencing

in Ad-Hoc the Initiator of the Conference which is the Controller would have theΒ  ability to view the List of the Other Parties, to Remove Some of the Parties. Also you can provide thisΒ  Feature to the other parties to have same capabilities of the controller

First just like Meet-Me you need to have conference resources available on you router before you can use any conference features i already explain how to configure a Conference Bridge in earlier Blog Media Resource Group

no other configuration needed

so to start conference first i will go to My Cisco 8941 phone and Make call for the First Parties which in my example is extension 7188

Untitled

After the first parties answer then I Press the Conference Button

Conference Button.png

on the 8941 and Call Second Parties extension number 9059

IMG_6697

IMG_6702

After 9059 answer then press Conference Softkeys to Add him toΒ  the Conference

IMG_6705

And it’s now everyone join theΒ  Conference and you can add as many user that your Conference Resource can support

You can view the List of Parties by press View Detail Softkey

IMG_6707

Detail

Also you can select a user and remove him from the Conference

IMG_6709.JPG

its a really great feature and user will not have to go through System Administrator to ask for a Number to call like Meet-me Conference were you need it

to adjust your conference to protect your self from toll fraud you can configure the call to be terminated once the controller drop the call

Go to System – Service Parameter – Select the Server and Choose the service (Cisco CallManager ) then go to Clusterwide Parameters (Feature – Conference)

Drop Ad Hoc Conference : When Conference Controller Leaves

10

Also if i want to other Parties non-Controller to View List of Conference parties and Remove other Parties i will go to System – Service Parameter – Select the Server and Choose the service (Cisco CallManager ) then go to Clusterwide Parameters (Feature – Conference)

Advanced Ad Hoc Conference Enabled : True

20

Also you can increase number of Parties to join conference, the default value for this Clusterwide Service Parameter is 4.

;D

Meet-Me Conference

By Root

So i got request from one of the Top Manager in Jaguar Land Rover to have a way to make a conference in his phone for Daily basis

will conferencing one of the most important things in any Enterprise this days,Β  it save traveling and timing and get to the point ASAP.
Cisco made the implementation of conference easier with Meet-Me Conference so let me guide what you will do when a user Ask you to get to a meeting

So lets go to the Configuration part

First requirement is to have conference resources available on you router before you can use any conference features i already explain how to configure a Conference Bridge in earlier Blog Media Resource group

so after that go a head to Call Routing – Meet-Me Number/Pattern – Add New
Choose a unique Number Ex.: 9876 and partition

1
in case you have a custom Softkey template Then Add the Meet-Me Softkey to the Off-Hook state
(another option is to configure the Meet-me as a button)
Go to Device – Device Settings – Softkey Template – Add new
i named it (Meet-Me)
2
Then Go to on the right corner to Configure Softkey Layout
then select the state Off-Hook from drop down
and Move the Meet-me to the Selected Softkeys and Save
3
Now go to the phone wereΒ  you need to initiate the Meeting and Assign the New Softkey template to it which we configure
4So to Procedure
go to the Phone to initiate the Meeting
while the phone inΒ  off hook state press softkey meet-me and press the Number which we configure earlier 9876 which is Meet-me Directory number
IMG_6689
After that put the Meet Me unique number 9876IMG_6690
and Like that you enter the Conference RoomIMG_6691
now go the other Parties and Let them just call 9876 simply like they dial any directory number
2.JPG
and Walla they Enter to the Conference Room3.JPG

and that’s a wrap

**the meet me can hold as many Parties as your resource can support**

Palo Alto Site-to-Site VPN

By Root

OMG one of the best last moment for me in 2018 was last October when me and the Crew attend GITEX the world of technology in Dubai (United Arab of Emirate)

1

IT’S THE BIGGEST & BOLDEST TECH SHOW IN MENA & SOUTH ASIA

attendees from 120+ countries and global media outlets in unpacking the big conversations and latest solutions around AI, blockchain, robotics, cloud and other mega trends, as GITEX takes you on a multi-sensory experience of Future Urbanism across 21 halls with 4,000 exhibitors across 24 sectors.

and here im going to tell you my new article

So Let me tell you, in my years in network i have never implemented a Site-to-Site VPN and i mean never ever in any product wither Cisco, Juniper or Palo Alto

so i spend reading the Last Couple of days reading and study about it and Thanks to My Mentor Mr.Keith barker from CBT Nugget https://www.cbtnuggets.com/trainers/keith-barker he Got His own way to Make the most Difficult thing Easier than you can imagine.

you can find his Palo Alto video in this Link https://www.cbtnuggets.com/it-training/palo-alto-networks-firewall

So Let’s Start, i have 2 Site

One with Palo Alto VM Machine and the Second Site i have Cisco Router 2811

I put Simple IKE Phase 1 and Phase 2

IKE 1

DH Group: group1

Encryption: aes128

Authentication: sha1

Lifetime: 5 Minute (300 seconds)

IKE 2

IPSEC Protocol: ESP

DH Group: group1

Encryption: aes128

Authentication: sha1

Lifetime: 5 Minute (300 seconds)

So First Create a VPN Zone Like i Show you in the First Blog

go to Network – Zones – Add new

999.png

Then create the tunnel interface

Go to Network – Interface – Select the Tunnel tab – Add new

I Choose number 1 and i have one virtual Router and Select the Zone (VPN)

1

Give the Tunnel an IP Address under the IPV4 tab (10.1.1.40)2

Now Lets Create the Phase 1

go to Network – Network profile – IKE Crypto – Add new

i Configure it as my scenario

DH Group: group1

Encryption: aes128

Authentication: sha1

Lifetime: 5 Minute (300 seconds)

3

After that i create the IKE Gateway

Go to Network – Network profile – IKE Gateways – Add new

Select the WAN interface and Choose static for my Peer sinceΒ  i know the IP Address and Put the Pre-shared Key (ccieroot)

4

go to Advanced tab to Select th IKE Crypto profile and Choose the IKE Crypto for IKE1 i Created Earlier5

Now to IKE2 Configuration

Go to Network –  Network profile – IPSec Crypto – Add new

and Same like IKE1 we will follow out Scenario

IPSEC Protocol: ESP

DH Group: group1

Encryption: aes128

Authentication: sha1

Lifetime: 5 Minute (300 seconds)

6

After that i will Configure the IPSec Tunnel

Go to Network – IPSec tunnel – Add new

Select the Tunnel interface, IKE Gateway and IPSec Crypto profile7

Now i Create a Static Route to Site 2 LAN

Go to Network – Virtual Router – Select Our Router – Edit – Static Route Tab – Add new

type the Destination of Site2 LAN and Select your Tunnel 1 and Type Site2 Tunnel Interface IP Address as My Next hop

8

Last Part of Palo Alto is to Configure Security Policy Rule

Go to Policies – Security – Add new Choose a name and Rule type Universal also Interzone could work8a

Choose Source as the Tunnel Interface Zone which was (VPN) Zone8b

Select my Destination As (LAN) so Ping from Site2 to me Work Perfectly8c

and Choose Action as Allow

22

Again do the Same to My Palo Alto user in Site1 to Allow their Ping to Reach Site2

19

Source as LAN

20

Destination As VPN21

Now if you go to Network Tab – IPSec tunnel you will See the Status is (RED)9

So Lets Start now in Cisco Side To Turn that light Off

First i Configure my Public Interface which Happen to be My FastEthernetΒ  0/0 and My Loopback which my Internal Network

10

Next i Configure my IKE Phase 1 which Same Configuration to IKE1 in Palo Alto

Dont get scare ifΒ  you show Run and you Don’t See group1 in the Configuration ;D

11

and Configure the Key Password and my Peer Address12

After that i Configure my IKE Phase 213

and Configure my IPSec Profile14

Then i Configure my Tunnel Interface15

and Last but not Least i Configure my Route to Site 1 LAN16

and now when i get back to my Palo Alto i see the Status turn Green17

Also you can check the status on the Router

900

Now i ping from my Router to Palo Alto LAN Interface and it’s Work Perfectly

18

i Also Login by my PC and i Ping the loopback and ti work perfectly23

;D

Palo Alto Captive Portal

By Root

Well let me tell you what happen this week
I saw one of our work mate login in his private Laptop to internet and download is so high and his user don’t show in the monitor page.

So there is a feature available in hotel and Internet Cafe and its a great feature to control who is going and coming and sometimes to which website
This Feature Called Captive portal

let me guide you in the configuration
the requirement 1, 2 & 3 available in earlier blog you can click in each component and it direct you to the page
1-LDAP
2-Authentication Profile
3-Certificate
4-Certificate Profile
5-Enable Captive Portal
6-Captive portal policies

So start from Step 4 to create a certificate profile
Go to Device – Certificate Management – Certificate profile – +
Choose Name and Select the User Domain
then under the CA Certificate Add your Cert that Created in Earlier Blog
50

60

1
Then Go to Device – User Identification – Captive Portal Settings – Edit
Make Sure to check Enable Captive Portal
Choose the Authentication Profile That we Created in the Earlier Blog
and Choose Mode Redirect
and in the Filed of Redirect Host put our LAN IP 192.168.250.250 so all traffic forward to that IP2
Now Lets Create a Captive Rule
Go to Policies – Captive Portal – +
Choose a Name
3
Then Select the Source as Inside4
Select your Destination as the Outside WAN5
After that select Your Service as HTTP and HTTPS also you can add a URL Category if you want to strict the Captive Portal to specific web sites
6
Choose the Action web-form 7
Last thing go to the Management Profile and make Sure you check the Response Pages so the user would be able to receive it
Got o Network – Network Profiles – Interface Mgmt – edit my Profile which i created in an Earlier Blog
8
Now lets go to the user PC and Open a browser to google Web Site
as you can see it direct me to 192.168.250.250 in URL
Click on Continue to this website (not recommended)
10
It will ask you for your Username and Password
I will put my LDAP Authentication Username and password20
Now it Login me30
and Walla im there40

Β 

Note: in the newer version of Palo Alto Captive Portal Policy is Called: Authentication Policy and Web-form is changed to : default-web-form

;D

Blocking Youtube Using Palo Alto URL Category

By Root

Youtube
The Bandwidth Killer
to be honest i learn a lot from youtube whether cisco configuration or paloalto or even other things
but during work hour many user using youtube to hear songs, watch a movie trailer which kill the internet bandwidth so i explain earlier how to block facebook using APP-ID
but Youtube APP-ID is little diffrent cause it depend in google-base which will forbid google website too
so URL Category may save the Day
this remind me of Microsoft TMG

So first let create a URL Category
Go to Objects – Custom objects – URL Category – add new
(Youtube)
Add URL (www.youtube.com) Also you can add more (*.youtube.com)
1
now we create a security policy
Go to Policies – Security – add new (Stop Youtube)
2
Select the Source Zone (inside) and the Source Address (My Laptop IP Β Address)
3
Select the user aysar.mohamed (Me)4
Select the Destination as my Outside Interface5
Select any in Application tab6
well here we go
in Service/URL Category we select the (Youtube) Category that we create earlier7
put the Action to deny8
now when i try to open Youtube i got the deny messgae ;D9
As you can see from the log i got the (Reset-both ) Action in rule of Stop youtube 10a

;D

Β 

Blocking Facebook or Facebook Chat Using Palo Alto APP-ID

By Root

First i have to apologize cause this going to be a long Trip and it my fault i didn’t research it will but to deny an SSL traffic which used by facebook first you have to read what inside it, in another word (Decrypt it)

So i’m here rewrite the article again and just add the Decryption of the traffic before it forward to the intended site
First we need to create a Certificate on Firewall
Choose a name, Common name and Check the Certificate Authority
and the Certificate Attributes then Click Generate

1
Now Select the Cert to Edit and Check the Box
Forward trust Certificate
Forward Untrust Certificate
trusted Root CA
22
Then Export the Certificate as (PEM)
2
Choose Place to Save it
3
and as you see it download it in my Download Folder
4
Second i will go to my laptop to import in
Go to Tools – Internet Option – Content – Certificates5
Go to trusted Root Certification Authorities Tab – import6
Press Next
7
Browse to my Certificate8
Choose to place it in the Trusted Root Certification Authorities9
Press Finish
10
it will give you a security warning just press yes11
and import is successful
12
you can check it under the Trusted Root Certification Authorities Tab
13
Now get back to Palo Alto and Configure the Decryption Polocies
Go to Policies – Decryption – Add14
since this is a lab i will Choose Any as the Source
15
Also Choose Any as the Destination 16
i can Adjust under URL Category but since this is a lab i will configure it as Any17
Under option Tab i select the Action as Decrypt and Type SSL Forward Proxy18
Now i Check Gmail and here its Secure from my PA-CCIEROOT which is my Palo alto Common Name20
Also my facebook is Secured 21

;D

Now to the Part that everyone kept ask why Aysar it aint working
your article is worng
will i hope it work now

So as i said earlier unless you work in Marketing then you don’t need any Social Website
so Aysar Mohamed (ME) is an IT guy and i want my self to do IT Work and stop playing around the Facebook (i am sure my manager agree inΒ  this point)so let’s do it

First go to Monitor – Logs – traffic and as you can see it full by Facebook logs by Aysar and it depend on one Application (facebook-base)

1
So let go to Policies – Security – add new (Stop facebook)91
Select the Source Zone (Inside) and Source Address (My Laptop IP Address)3
Select my user (Aysar.Mohamed)4
Select the Destination my outside interface5
then here choose the application (facebook-base) which appear in my logs90
Now Choose action to deny
92
Make sure to move this rule to the top
7
As you can see now i cant open my facebook at all and it give me this error7a
and if you go back to the logs you will see the action (reset-both)8

Now what if i want Aysar to view his Facebook but don’t want him to Chat with Anyone
Easy go back to my (Stop facebook) Policy change the APP-ID to (facebook-chat) and save9
some application can’t just stop by choosing the APP-ID you need to select also what it depend on
so highlight the rule and go to the application tab and choose facebook-chat and right click and choose (Value) to see what its Depends on.
so for facebook-chat it depends on
facebook-base
mqtt
Now If i select facebook-base it will also block facebook page Also
so here the trick
10
Add only mqtt
11
Then in my Second Rule (Aysar Allow) i will add to Alow the facebook-base12
under Application i will only add the facebook-base13
Now i can go to my facebook but as you can see my Chat is Dark (Unable to connect) 15
and as you can see in the Logs it block the facebook-chat14

;D
(let me just note this it only worked with me cause the Decryption was in the Palo Alto earlier)

Happy Friday Everyone

Palo Alto High Availability

By Root

Down Time is not Acceptable in Any Environment
And here were the term High Availability comes to play.

To Configure the high availability in Palo Alto you need to have Two Links in each device, one for the Control Link (HA1) and one for Data Link (HA2)
both Palo Alto Device Exchange a hello message and a Heartbeat through the Control Link (HA1). if any of that not receive the Backup Palo Alto Peer will Assume that the Active Peer is Down and Take Control
(Note. this Scenario is on Active/Passive Mode)
be Aware that Both Palo Alto Device should have the Prerequisite:
1- Same model
2- Same interfaces
3- Same PAN-OS
4- License

well i’m working here on PAN-OS 7.0.1
My Active Palo Alto IP Address: 192.158.208.222
My Passive Palo Alto IP Address: 192.168.208.111

So i Show you earlier how to configure Palo Alto from scratch in the earlier Blog
Now I add extra Network card for the (HA1) & (HA2)
So to Configure the Palo Alto interface
Go to Network – Interface – Select interface
Ethernet 1/3 will represent HA1
Ethernet 1/4 will represent HA2
1

2
Now to Peer Configuration
so i Give the Active Peer IP Address
192.168.209.140 (HA1)
192.168.209.142 (HA2)
and for the Passive Peer
192.168.209.141(HA1)
192.168.209.143 (HA2)
Go to Device – High Availability – General Tab – Setup settings
Enable HA and choose a Group ID and fill the Peer IP Address and choose the mode
3
Then go to Control link (HA1 Configuration) and Choose my ethernet 1/3 as the HA1 and put the IP Address 192.168.209.140 and Netmask
4
After that i go to my Data Link (HA2) and Enable the Session for Synchronization and Put the IP Address i choose earlier 192.168.209.142 and Netmask and Gateway and for my Transport i select IP
5
Now to Election setting and to make Sure that 192.168.208.222 is the Active one i have to Put a Lower Priority
The Default is 100 so i Configure it to 90 and select Preemptive and heartbeat Backup
6.png
now go to Dashboard Tab – widgets – System – and Select HIGH Availability
so i can see the status in the Dashboard
7
and as you can see the status is so red
9
Now in the Other Peer i need to Configure the Same Interfaces for HA1 & HA2 and same configuration for HIGH Availability except the IP Addressing and for Election Setting i will just keep it the default
and then go Back to the Active Peer 192.168.208.222Β  and you will see the HA1 & HA2 turn to Green and now choose to Sync to Peer
10.png
It will Ask you to Overwrite Peer Configuration just Select yes
11
And now All our Configuration is Synchronized
13
Go to Passive Peer and you will See the Local Peer is the Passive
and the Active is 192.168.208.222
14
if you check the Passive Network interface you find it’s Red 15
And now to Test it i will pingΒ  8.8.8.8 Non Stop and power off the Active Peer16
and as you can see it just took only 3 request timeout which less than 6 second and user will not notice itqqq
and if you check the System log in Dashboard you will see your passive peer notice the HA1 Control Link Went Down and the Passive become the Active
20
And our Red Interfaces Become Green21

;D

Β 

❌