M$ Surface, SSD's, and secure wiping

As you may know securely erasing SSD’s is not the same as traditional rotating hard drives; largely due to TRIM, reserve cell, and a few other technologies.  Thus traditional tools, such as DBAN, will not work.  Many people are using tools made for SSD’s that write “0’s” on all of the drive.  Parted Magic being one of the most talked about.

Beyond that, each drive manufacture makes utility software for their drive, one of the drive features is to basically shock each cell on the drive making it blank.  The key being, EACH manufacturer.  To make matters worse, some of these are OEM’ed, so the support changes.  Microsoft Surface and Lenovo use Samsung drives, however the Samsung tools do not work, and Samsung offers no support.  Same story with Crucial drives.

I found a 3rd party tool called PartedMagic (maker of G-Parted (which is awesome free partitioning software)).  It was an inexpensive purchase, it does allow one to save a log file of the drives erased, it does both spinney & non-spinney drives.  I have had a few machines not like the Linux boot environment, some of those machines simply didn't like booting off of a 64gb USB drive, but didn't mind a 4gb <shrug>.

Lenovo has a bootable CD/USB image that should work, I haven't tested it yet.
Lenovo SSD erasure page

The HP Folio’s
http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04582531
Mine worked a bit different than what the webpage said, perhaps it is a BIOS revision thing?

-hit Esc to get to Startup Menu
-F10 BIOS Setup
-tab to get to Security menu
-Hard Drive Tools
-Secure Erase

Micro$oft does have a tool for the Surface.   I downloaded it, built a bootable USB drive, and tried it on a busted one, however I don’t know what it is doing since the screen is shot, and the external display only works in Windows.

https://technet.microsoft.com/en-us/itpro/surface/microsoft-surface-data-eraser

FWIW there are other Surface Pro specific tools:
Cisco_EAP_Supplicant_Installer_v1.zip
Surface_Data_Eraser_Installer_v3.1.9.msi
Surface_Deployment_Accelerator_v_1.96.0405.msi
Surface_Diagnostic_Toolkit_v1.1.8.0.zip
SurfaceDockUpdaterSetup.msi
SurfaceUEFI_Configurator_v1.0.25.0.msi

SurfaceUefiManagerSetup.msi
No comments:

Hardware hoarder

Picked up a new toy!  I figured it was a decent deal since 4tb NAS drives are $125~150 each.

Pair of 4tb Seagate NAS drives
4gb DDR3 sodimm
Intel Atom D2550 @ 1.86GHz
ASRock AD2550R/U3S3 Mini ITX Server Motherboard
Chenbro Mini-ITX Home/Small Business NAS Server Chassis Case SR30169 w/ PSU


The specs on the motherboard say it will do only 4gb of DDR3 ram, however the previous owner had a single module in there.  I put a pair of 4gb modules in there and it saw all 8gb!  Unfortunately it recognizes the pc3-12800 as pc3-10600 but whatever.  The case holds has four drive trays, that can hold either a 2.5 or 3.5" drive in each drive sled.  There is also an internal 2.5" drive tray.

In comparison to my FreeNAS ITX build it has a way slower CPU (cpu mark of 667 vs 1740), only takes 8gb vs. 16gb of ram, consumes less power 10-watts vs. 17-watts.  Six ports and PCI-E on the AsRocks VS. four SATA ports and PCI on the Gigabyte.

For kicks and grins I installed VMware ESXi v5.5.  It complained a few times during install.  Surprisingly it did complete and run! It even saw the NIC and the 3gbps SATA controller, not the 6gbps (no surprise).  This CPU doesn't have Intel-VT so I cannot run 64bit OS's.

Eventually I will make it into a NAS4Free or Windows Storage server or something to be used for backups.

Installed Windows 7 just for testing....Ignore the graphics rating as Intel GMA3600 video card drivers aren't loaded (by the way, there doesn't seem to be Windows 64bit drivers).
Interesting that Seagate 4tb NAS drives (5400rpms 64mb cache) outperform the HGST 1tb (7200rpm 32mb cache).





***update: so I benchmarked the 2nd HGST 1tb SATA drive in this system and if come in around 85 mbps according to ATTO vs. 130ish.....  Probably not advisable to but these two in the same RAID.  I suspect that drive is going to die at some point.

1 comment:

VMware: Vsphere Data Protection woes

I decided to install VMware's VDP, went to MyVMware.com and downloaded it.  I was presented with the option to download v5.8.  So download the OVA, installed, configured, and did a few backups.

Then it was decided to upgrade the vCenter Appliance, from 5.5u1 to 5.5u3.  The compatibility matrix said all was good.  After the vCenter upgrade, VPD would not work any more.  "An attempt made to backup a client failed because no data was found that matches the type of data the job was configured for."  Turns out VDP v5.8 isn't compatible with vCenter u3.
https://communities.vmware.com/thread/543418?start=0&tstart=0
Uggg...  Okay let's upgrade VDP, but MyVMware.com doesn't list a newer version.  Googling for it however yields that v6.1 out, and gives links to downloads.

Ok, download the latest and greatest v6.1.2.  Note to do an inplace upgrade, one must download the ISO, attach it to the VDP appliance.  Also note one must also make a VMware snapshot before the upgrade.  When launching the update process it just sat there forever spinning its wheels.  Turns out that one cannot upgrade to v6.1.x; the version of SUSE Linux it is built on had a major version shift and there isn't an inplace upgrade.  So download the 6.0.2 ISO, attach, upgrade.
http://blogs.vmware.com/virtualblocks/2015/09/24/upgrading-to-vdp-6-1/

After upgrading to VDP v6.0.2.4 I still have the same error message.  Still working on this...

https://communities.vmware.com/thread/542344

No comments:

Restoring Active Directory user & Exchange accounts

For reasons I won't go into here.  I had to restore a person's account who left the company over a year ago, two months ago, that account was finally deleted.  Whatever....

Active Directory Recycle Bin in Windows 2012 AWESOME!
https://blogs.technet.microsoft.com/canitpro/2014/07/28/step-by-step-restoring-a-deleted-object-via-active-directory-recycle-bin/

As expected it restored the person's email account, great!  Next went to restore the person's email which was archived off to a PST.  Shouldn't be a problem.
http://www.msexchange.org/articles-tutorials/exchange-server-2013/management-administration/managing-pst-import-export-process-exchange-server-2013-part1.html

Except it was a problem!  I couldn't import the PST, in fact I could not use OWA or Outlook to get into this person's email account.  Also errors showed up in Exchange Admin Center.  After much digging around we deleted the person's account in Exchange, recreated it, then things started working.  Turns out that the default AD retention is 90 days, however in Exchange it was only 30 days.  Since the deletion happened roughly 60 days ago, Exchange got confused.

No comments:

I/O Benchmarks, VMware, RAIDs, & SATA vs SAS

The need for more space and less power consumption in my home lab has arisen.  I pulled out a RAID 5 array composed of four 15k 146gb SAS drives in favor of a RAID1 array composed of two Western Digital 2tb Red NAS drives.  This server would now have a 256gb SSD, a RAID1 WD 1tb Enterprise drives, and a RAID1 2tb Red drives.  The hope is that the slightly faster Enterprise SATA drives and the decent RAID card would be sufficient, and the NAS drives should be fine for data.

I ran some benchmarks; this time I ran them with a larger data set, as the 512mb cache on the RAID card throws off benchmarks.  We need to test the drive arrays, not the RAID card cache.







four drive RAID5 146gb 15k SAS

two drive RAID1 1tb WD Entperise SATA

two drive RAID1 1tb WD Red NAS SATA

I am really surprised that WD Red NAS drives out performed the WD Enterprise (WD1003FBYZ) drives.  Both are 64gb cache, the Reds are 5400~7200 rpm (Intelipower) and the Ent. are 7200rpm.
No comments:

I/O Benchmarks, VMware, SSD's, & 6gbps SATA

I have been a big fan of sticking a SSD drive into VMware hosts for a long time.  Using Host Cache (where the ESXi host will use the SSD for it's swap file location), and redirecting the VM swap file to also be on SSD.  In my home lab I upgraded from a Corsair  Force90gb SDD purchased back in 2012 to a Crucial M4 256gb.  A bit more room, and I figured a 3+ year newer drive might have some performance gains......turns out not really.






I also picked up a cheap SATA 6gbps controller hoping that might help pick up some more speed...turns out ..meh...not really.  ALSO, most SATA controllers are not supported by ESXi v5.5 and newer.  I had to take advantage of a community hack to get it to work:
http://www.v-front.de/2013/11/how-to-make-your-unsupported-sata-ahci.html

No comments:

VMware local disks needs WriteBack Cache

When using VMware servers and local hard drives, make sure one uses a battery backed cache card.

What an operating system does when it wants to write to a drive, is it waits for confirmation from the drive/controller to make sure the data is written before it sends more data (write-through).  This is VERY SLOW.  Windows gets by this by doing some creative caching that eats up system RAM; where as VMware, relies solely on the hardware.  The alternative is write-back, where the drive write confirmations are done by the controller, the data is cached while waiting for the disk to actually write it, and the OS continue to sends more data.  In a way it is kinda sorta like TCP vs. UDP.

Just to test this...I have an HP Proliant ML310 with four 250gb 7200rpm SATA drives in a RAID 10 configuration; the RAID controller is a SmartArray P212.  Vmware v5.5 is installed.  The test VM is a Win7 x86 machine w/ a single CPU and 4gb of ram.

This image, the VM on is on the RAID...baseline, as you can see the performance is dismal.

This image, I turned on the cache that is on the hard drives (the hard drive cache, not the RAID card cache).

This image is the VM on a single SATA 160gb drive connected to the systems board's SATA controller.  Notice how a single drive is significantly faster.

This image is with a 512mb battery backed cache installed on the RAID card.

No comments:

Desktop VM Optimization

Running Windows7,8, or 10 as a VM whether it be VDI or just a VM the OS is bloated and wasteful.  VMware has a fling that helps this, (VMware flings are items created by VMware but are not fully supported).  TheVMware OS Optimization tool analyses a VM and compares it to a list of best practices for optimizing resources.

https://labs.vmware.com/flings/vmware-os-optimization-tool


No comments:

VMware 6.0 U1 & NetApp upgrade random thoughts...

One of the downfalls of v6 is that the “Storage Views” tab is gone…..which I used primarily to identify stale VMware snapshots.  The alternative is to use PowerCLI:
http://kb.vmware.com/selfservice/microsites/search.dolanguage=en_US&cmd=displayKC&externalId=2112085

OR I found this handy tool:

http://www.robware.net/  Among many other nice things, it does give a nice single pain to view all VM's that have snapshots.

Do you have an email domain with only two letters?  IE bob@AB.com?  If so configuring email alerts is an issue.  Setting the email address with a two letter domain name will error out via the WebClient.  It works fine via the C-Sharp client.

VMware VCenter v5.1 Update 1 will not work with Windows 2012r2; it must be update 3, VMware-VIMSetup-all-5.1.0-2308386.

The web client is light years better than v5.5 or 5.1.  IMHO it still needs work.  Logging on to it takes too long, it still drags, I find myself opening a couple of windows to the same vCenter to get the same info that I would normally get with the thick client.  The Web-Integration piece, is HUGE, the download is something like 100mb, I thought this was supposed to be a lightweight-client?

One of my machines had a problem with the Web-Integration services, it would install, but not register.  Even after installing it, the prompt to install it would show up on the logon page.  The solution was to download a slightly newer version of the client from vmware.com.

If one ever has SRM or any other tabs not showing up, restart the Vmware vCenter Web Service.
I have experienced where many options not showing up using a domain administrator account, but yet the options where all there using administrator@vsphere.local.   Chances are permissions got messed up.  Fortunately I had two sites to do a stare and compare between.




The NetApp Virtual Storage Console, is HORRIBLE!!

-There is no real c-sharp plug in, when one clicks on the plug in the C-sharpe client, it gives a message saying that the webclient must be used.
-SnapMirror jobs cannot be modified if a two character email domain is used.  The work around it to edit an XML file.
-The plug in often fails, and requires a bunch of tinkering to re-register it.  See https://vcenterfqdn/MOB
-SnapMirror backup jobs, there is only three statuses used, failed, successful, or completed with errors.  If one wants to dig deeper consult the email logs.

.....work in progress......
No comments:
Subscribe to: Posts (Atom)