NAS3 SSD Upgrade

This week NAS3 got a storage upgrade from 128GB SSD’s to 500GB SSDs. NAS3 is my SSD NAS which is used for hosting virtual machines.

NAS3 has been running with the 128GB SSD’s for many years now. In fact I paid more for the 128GB SSD than I did for the 500GB SSD. However that was exactly my reasoning for waiting so long to upgrade. NAS3 is not intended to be a performance beast since it’s limited to 1Gbps networking. It would literally be a waste to use high end SSDs in this machine.

Choosing an SSD is sometimes a difficult decision. You have to weigh the performance, cost, and endurance (quality) of the drive. Especially so in a NAS or RAID environment where SSD’s “total bytes written” or “TBW” endurance rating will become a factor.

I paid $90/each CDN for five Crucial MX500 500GB 3D NAND SATA 2.5 Inch Internal SSD – CT500MX500SSD1(Z).

I don’t like using a parity RAID with SSD’s because you will wear them out faster, but in this case I simply don’t care. I would rather have a little redundancy with the trade off of a faster wear rate. Considering the old 128GB SSD’s have been running in RAID5 for many years now as well, from my experience it’s not a big issue.

In RAID5 the disks give me 1.81 TB of usable SSD space. Compared to about 477 GB before. So big upgrade in comparison.

This upgrade should last a few years at least. The next storage upgrade for the SSD side will be getting rid of the ancient Thecus N5550’s and replacing them with a Synology NAS. But that’s a future wish-list.

Hope you enjoyed reading. If so please drop a like or share.

Adding a SSL Certificate to Untangle Firewall

Untangle SSL not working? A small hack here for those that might be struggling adding a third party signed certificate to their Untangle firewall.

Using self-signed certificates isn’t a problem. However when you try to add a trusted third party certificate to Untangle using the GUI it doesn’t work.

The GUI doesn’t seem to add the intermediate SSL certificate to the chain which causes the certificate to be broken and sometimes even a very broken Apache.

Continue reading…

Using Cloudflare Firewall to Secure WordPress

If you’re using Cloudflare for your website you might not realize the security protections that it can offer.

Using the free package you get access to setup up to five active firewall rules. On the Pro plan this goes up to 20 active firewall rules. The Pro plan also includes the Web Application Firewall (WAF) which will greatly improve security if you are not using any other type of WAF for your website.

What can we use these firewall rules for in a practical sense with WordPress?

  • Restrict access to wp-login.php
  • Restrict access to /wp-admin/
  • Block WordPress XML-RPC xmlrpc.php

On the free plan the easiest win is to implement 3 rules for the above. This will greatly reduce your outside attack surface.

Continue reading…

Serverless WordPress

Can it be done? Yes. Is it practical? No.

That is so far what my conclusion is at the time of this writing. I was looking again at the web tier for the vSkilled website. I want to ideally run the website serverless, but without ditching WordPress. Like many others I use WordPress as the back end CMS. It’s a powerful platform that can do almost anything you’d like within reason. I don’t really want to give that up just for the sake of a serverless architecture.

While that sounds like it should be possible – it’s really not ideal. There are services out there that help with this process, like Shifter and Hugo. But it’s not truly a serverless WordPress environment. How it works is by hosting a temporary WordPress website then when you’re done editing, converting the entire site to static content.

Continue reading…

VMware vCenter 6.7 U1: Windows to VCSA Upgrade and Convergence

Today we will be talking about the VMware vCenter 6.7-U1 (Update 1) upgrade process. I recently had an opportunity to work with a enterprise customer to upgrade their VMware environment. In this post we will be going through the upgrade process and my thoughts. VMware 6.7 U1 is a major upgrade that includes the fully featured HTML5 client. For full details on what’s new please see: https://blogs.vmware.com/vsphere/2018/10/whats-new-in-vcenter-server-6-7-update-1.html

I will start by saying bravo to the VMware team for this release. For the first time I actually felt comfortable abandoning the good ol’ “fat client” (the legacy C# client). Many of VMware’s customers, in my experience, were intentionally lagging behind on older versions of vCenter to keep a cold death-grip on the fat client because they refused to be force-fed the flash client that we all know and despise. The HTML5 client is a worthy successor. It’s fast, it looks good, its organized better, and it even has a dark mode. It’s obvious they took feedback from the community, hired the right developers who understood their target audience, and put out a great product. The upgrade and migration process is also done very well.

After a few weeks of the VCSA and HTML5 client baked into the client environment it’s obvious that some things are still missing, like exporting events, from the HTML5 client but I would expect these to be eventually added. There also appears to be some lag to the recent tasks list in larger linked environments. I’ve also seen a few UI bugs with adding permissions and modifying sDRS configuration.

One issue I’ve seen on multiple VCSA’s so far is that the database “archive” (disk 13) will constantly fill up causing the VCSA to show up as degraded within the dashboard. You will be greeted with the error message “File system /storage/archive is low on storage space. Increase the size of disk /storage/archive.” There is very little documentation on this but apparently this is expected behavior despite the warnings and rational I don’t quite understand yet. This didn’t stop me from increasing the disk size (KB2126276) slightly. [2019-04-12: This issue is now fixed by VMware.]

Continue reading…

vSphere 6.7 U1 now released

On October 17, 2018 VMware announced that vSphere 6.7 Update 1 is now available. The new HTML5 client is now ‘Fully Featured’ which means that you can use the HTML5 client for all administration and configuration of vSphere; including Auto Deploy, Host Profiles, VMware vSphere Update Manager (VUM), vCenter High Availability (VCHA), network topology diagrams, overview performance charts, and more.

I am personally excited to see the HTML5 client become the primary client as I much prefer using it over the flash client. One of the more interesting features included in this release is the vCenter External to Embedded Convergence tool. Since embedded PSC is the recommended deployment model for vCenter Server this tool allows you to migrate to an embedded PSC without having to nuke-and-pave your entire vCenter installation.

The Content Library also got some much needed love from the VMware development team as it now supports two more new file formats; allowing templates and OVA files. This makes the Content Library much more functional. The lack of VM templates was a major caveat of the Content Library to the point of making it practically useless for some VMware customers. So this change is a welcome one to say the least.

New Features

  • vCenter High Availability (VCHA)
    • We redesigned VCHA workflows to combine the Basic and Advanced configuration workflows. This streamlines the user experience and eliminates the need for manual intervention of some deployments.
  • Search Experience
    • We revamped the search experience. In this version of the vSphere Client, you can now search for objects with a string and filter the search results based on Tags/Custom attributes. You can also filter the object lists in the search even further. For instance, you can filter on the power state of the VMs etc., You can save your searches and revisit them later.
  • Performance Charts
    • You can pop the performance charts into a separate tab and zoom in on a specific time in the chart. We also added overview performance charts for datacenters and clusters.
  • Dark Theme
    • Dark theme has been one of the most requested features for the vSphere Client so we’re introducing a Dark mode setting. Support for the Dark theme is available for all core vSphere Client functionality and implementation for vSphere Client plugins is in progress.
  • Alarm Definitions
    • We greatly simplified the way you define new alarms, particularly in how you create rules for trigger conditions.