The value of virtualization

From time to time I think that we all sometimes overlook the value of virtualization. I know that I do, and it came home to me today. We have a problem with storage, it seems we can’t get enough! Over the summer we migrated from an older 7TB fiber channel SAN, to a new 13TB iSCSI SAN. Since then we have watched as more and more of our storage has been consumed. We hit a crisis mode this past weekend when the 3.5TB lun we had allocated for user data, quite literally filled up. Feel free to yell at me for not being more mindful or more proactive, it’s a crazy situation and I don’t know if I had to do it over, I would make the same choices.

Since we run a Storage Server cluster we run a report, and based on those we can tell you based on file ownership who our top consumers are. Needless to say the same handful of users are typically on top. In particular one user’s consumption ballooned by maybe 300%, their data quite literally occupied 1/6th of the entire 3.5TB! After going back and forth about possible solutions, we decided that the data should remain on the server, but be moved to a different lun. The only problem is none of our other luns had enough space to handle that amount of data, so we had to extend one of our luns. In case you’re curious about how long it took to extend, I started the process yesterday morning and it was still going when I left last night, but was done when I got in to my office this morning.

The fun part is what happened next. From Microsoft, presenting iSCSI luns to a server as dynamic volumes is not supported. From experience we can confirm that it is very painful, especially on reboots. Carson tracked that down one day while I was on vacation, I don’t think he’s documented that so I’ll bug him. All of the luns on our cluster are Basic disks, and as you know you cannot extend a basic disk. That is unless you know how to work DiskPart! We used this tool early on when we were troubleshooting computer imaging issues, and one of the nifty things it can do is extend the size of a disk.

We are just a trifle leery of fiddling with the drives on the cluster since it’s in production and at the core of most of the services we provide. This is where virtualization steps in, thankfully we implemented a VMware cluster a few years ago, and most of our server infrastructure is now virtualized. I have a machine, which I named “Schmoopy”,  that I tend to abuse quite regularly so Carson pointed out that you can extend the size of a virtual disk from the VMware interface.

So we fired up the VMware Infrastructure client, browsed to Schmoopy and added a disk. Keep in mind this was all done while the server was running. We verified that the disk showed up in Disk Management, we then initialized the basic disk and formatted it. Back in the VMware interface we then changed the size of the disk from 8GB to 20Gb, Schmoopy reported that it now had a chunk of free space at the end of the newly created disk. We fired up the command line and followed the instructions from an article we found on the Windows IT Pro website. We then went back to Disk Management and verified we had a newly available 20GB drive. The process went just as smoothly on the production server and the user’s data took the rest of the day to move!

It was most certainly the highlight of our day, and like I said earlier, it really made me aware of how valuable virtualization can be for everything we as IT Pro’s do!

Extending a Virtual Disk on the MD3000i

We purchased our new iSCSI SAN this past summer and one of the important features for us was the ability to resize a lun as needed. The Dell MD3000i gave us that capability, while not in the best format, it does have a rather extensive CLI.

The CLI tools are only available to you if you install the management software on your computer. Once you have that installed, it might be a good idea to add the following to your PATH statement, it makes things easier.

C:Program FilesDellMD Storage Managerclient;

From that point on it is rather straightforward, first you will need to connect to your array:

SMCLI fqdn.of.yourarray

Then to avoid being kicked out of the CLI everytime you type something wrong you may want to execute the following command. You should note that all commands MUST end with a semicolon.

set session errorAction=continue password=”Array Password”;

Once you are logged in it’s a simple matter of knowing which set of commands to use. Depending on the version of array you have you may need to make some changes, but it should look something very similar to the following:

set virtualDisk [“Name of Virtual Disk”] addCapacity=1TB;

This command would increase the capacity of your viurtal disk by 1TB. This is assuming you have 1TB unused to add, if not you will need to add additional drives or enclosures to your array. I’m providing links to the documentation for both your sake and my own.

Finding Enabled User Accounts

I was recently notified that one of the computers that we’re responsible for had been compromised by Torpig. The way I understand it is the user launches a website that might be a part of a phishing scam, and the software gets dropped on their computer. Once installed it searches through the computer and transmits usernames, passwords, social security numbers, account numbers and the like up to a group of servers on the internet.

The security group on campus, ITSO, discovered that on a handful of Windows XP machines that were compromised with Torpig, that the HelpAssistant account was enabled. It seems that on an XP machine where the user has admin privledges that account gets enabled and is how Torpig works it’s magic.

Using that bit of magic I created the following script, EnabledAccounts.vbs, which is basically an AD searcher script. It works through Active Directory looking for computers to connect to. Once it finds one, it gets a list of user accounts, from that list it looks for a specific account, HelpAssistant, in this instance, once found it checks to see if it’s enabled.

If the account is found and the account is enabled it outputs a simple line:

HelpAssistant account enabled on: Desktop-PC1

By no means would I consider this the answer to tracking down Torpig on your network, but it worked for us. Additionally you can use this script to determine if any account is enabled that should be disabled.

Good luck and enjoy!