Known is a Drop; Unknown is an Ocean

Tuesday, June 2, 2009

How to run Remote Desktop Console using command line

If you may wan to run Desktop Console from a batch file, for example RDC over VPN, you can use mstsc /v:servername /console command.

Mstsc

Creates connections to terminal servers or other remote computers, edits an existing Remote Desktop Connection (.rdp) configuration file, and migrates legacy connection files that were created with Client Connection Manager to new .rdp connection files.

Syntax

mstsc.exe {ConnectionFile | /v:ServerName[:Port]} [/console] [/f] [/w:Width /h:Height]

mstsc.exe /edit"ConnectionFile"

mstsc.exe /migrate

Parameters

ConnectionFile

Specifies the name of an .rdp file for the connection.

/v:ServerName[:Port]

Specifies the remote computer and, optionally, the port number to which you want to connect.

/console

Connects to the console session of the specified Windows Server 2003 family operating system.

Starts Remote Desktop connection in full-screen mode.

/w:Width /h:Height

Specifies the dimensions of the Remote Desktop screen.

/edit"ConnectionFile"

Opens the specified .rdp file for editing.

/migrate

Migrates legacy connection files that were created with Client Connection Manager to new .rdp connection files.

Remarks

You must be an administrator on the server to which you are connecting to create a remote console connection.
default.rdp is stored for each user as a hidden file in My Documents. User created .rdp files are stored by default in My Documents but can be moved anywhere.

Examples

To connect to the console session of a server, type:

mstsc /console

To open a file called filename.rdp for editing, type:

mstsc /edit filename.rdp

Monday, June 1, 2009

Technical differences between VMware ESXi and ESX

I have spent some time with looking for more details about VMware ESXi compared to VMware ESX. I summarized the main differences in this article but I think it's not complete. There have to be more features missing in ESXi because of service console removal. So, what next did I discover?

ESXi is supported on smaller set of certified hardware because it is standalone system and it doesn't depend on RHEL service console which provides drivers for other hardware.

You can manage ESXi with RCLI on Linux or Windows platform but Virtual Infrastructure client is more comfortable and easier to use. Further, if you deployed ESXi without Virtual Infrastructure licence, RCLI will have read-only access only. The drawback of VI client is that it is available for Windows platform. The solution may exist in using Wine emulator but the installation isn't as straightforward as on Windows plartform. The Wine application database contains this entry about VI client installation but I haven't tried it yet.

You can manage your ESX server directly via serial cable but ESXi is missing this feature.

ESXi kernel is missing jumbo frames support in TCP/IP stack which allows to send larger frames out onto physical network. It can help to achieve higher throughput with NFS or iSCSI protocols.

ESXi doesn't support NetQueue technology which is boosting 10G Ethernet performance.

Finally, VMware in cooperation with Mellanox Technologies supports Infiniband host channel adapters on ESX. ESXi is missing it.

QoS on the PIX/ASA – Part 3:Priority Queuing

The security appliance supports two kinds of priority queuing - standard priority queuing and hierarchical priority queuing. Let’s configure each in this third part of our blog.

Standard Priority Queuing

This queuing approach allows you to place your priority traffic in a priority queue, while all other traffic is placed in a best effort queue. You can police all other traffic if needed.

Step 1: Create the priority queue on the interface where you want to configure the standard priority queuing. This is done in global configuration mode with the priority-queue interface_name command. Notice this will place you in priority queue configuration mode where you can optionally manipulate the size of the queue with the queue-limit number_of_packets command. You can also optionally set the depth of the hardware queue with the tx-ring-limit number_of_packets command. Remember that the hardware queue forwards packets until full, and then queuing is handled by the software queue (composed of the priority and best effort queues).

pixfirewall(config)# priority-queue outside

pixfirewall(config-priority-queue)#

Step 2: Use the Modular Policy Framework (covered in Part 2 of these blogs) to configure the prioritized traffic.

pixfirewall(config-priority-queue)# exit

pixfirewall(config)# class-map CM-VOICE

pixfirewall(config-cmap)# match dscp ef

pixfirewall(config-cmap)# exit

pixfirewall(config)# class-map CM-VOICE-SIGNAL

pixfirewall(config-cmap)# match dscp af31

pixfirewall(config-cmap)# exit

pixfirewall(config)# policy-map PM-VOICE-TRAFFIC

pixfirewall(config-pmap)# class CM-VOICE

pixfirewall(config-pmap-c)# priority

pixfirewall(config-pmap-c)# exit

pixfirewall(config-pmap)# class CM-VOICE-SIGNAL

pixfirewall(config-pmap-c)# priority

pixfirewall(config-pmap-c)# exit

pixfirewall(config-pmap)# exit

pixfirewall(config)# service-policy PM-VOICE-TRAFFIC interface outside

pixfirewall(config)# end

Hierarchical Priority Queuing
This queuing approach allows you to shape traffic and allow a subset of the shaped traffic to be prioritized. I have cleared the configuration from the security appliance in preparation for this new configuration. Notice with this approach, you do not configure a priority queue on the interface. Also notice with this approach the nesting of the Policy Maps. 
pixfirewall(config)# class-map CM-VOICE
pixfirewall(config-cmap)# match dscp ef
pixfirewall(config-cmap)# exit
pixfirewall(config)# class-map CM-VOICE-SIGNAL
pixfirewall(config-cmap)# match dscp af31
pixfirewall(config-cmap)# exit
pixfirewall(config)# policy-map PM-VOICE-TRAFFIC
pixfirewall(config-pmap)# class CM-VOICE
pixfirewall(config-pmap-c)# priority
pixfirewall(config-pmap-c)# exit
pixfirewall(config-pmap)# class CM-VOICE-SIGNAL
pixfirewall(config-pmap-c)# priority
pixfirewall(config-pmap-c)# exit
pixfirewall(config-pmap)# exit
pixfirewall(config)# policy-map PM-ALL-TRAFFIC-SHAPE
pixfirewall(config-pmap)# class class-default
pixfirewall(config-pmap-c)# shape average 2000000 16000
pixfirewall(config-pmap-c)# service-policy PM-VOICE-TRAFFIC
pixfirewall(config-pmap-c)# exit
pixfirewall(config-pmap)# service-policy PM-ALL-TRAFFIC-SHAPE interface outside
pixfirewall(config)# end

Verifications for Priority Queuing
These verification commands can be used for both forms of priority queuing. Obviously, you can examine portions of the running configuration to confirm your Modular Policy Framework components. For example: 
pixfirewall# show run policy-map
!
policy-map PM-VOICE-TRAFFIC
 class CM-VOICE
  priority
 class CM-VOICE-SIGNAL
  priority
 class class-default
policy-map PM-ALL-TRAFFIC-SHAPE
 class class-default
  shape average 2000000 16000
  service-policy PM-VOICE-TRAFFIC
!
Another example:
pixfirewall# show run class-map
!
class-map CM-VOICE-SIGNAL
 match dscp af31
class-map CM-VOICE
 match dscp ef
!

To verify the statistics of the standard priority queuing configuration, use the following:
pixfirewall# show service-policy priority
Interface outside:
  Service-policy: PM-VOICE-TRAFFIC
   Class-map: CM-VOICE
      Priority:
        Interface outside: aggregate drop 0, aggregate transmit 0
    Class-map: CM-VOICE-SIGNAL
      Priority:
        Interface outside: aggregate drop 0, aggregate transmit 0

You can also view the priority queue statistics for an interface using the following:
pixfirewall# show priority-queue statistics outside
Priority-Queue Statistics interface outside
Queue Type         = BE
Tail Drops         = 0
Reset Drops        = 0
Packets Transmit   = 0
Packets Enqueued   = 0
Current Q Length   = 0
Max Q Length       = 0
Queue Type         = LLQ
|Tail Drops         = 0
Reset Drops        = 0
Packets Transmit   = 0
Packets Enqueued   = 0
Current Q Length   = 0
Max Q Length       = 0
To verify the statistics on the shaping you have done with the hierarchical priority queuing, use the following:
pixfirewall# show service-policy shape
Interface outside:
  Service-policy: PM-ALL-TRAFFIC-SHAPE
    Class-map: class-default
      shape (average) cir 2000000, bc 16000, be 16000
      (pkts output/bytes output) 0/0
      (total drops/no-buffer drops) 0/0
      Service-policy: PM-VOICE-TRAFFIC

Signaling should be extended with DSCP CS3. A comment to “show service-policy priority” would be that the output counters don’t really differentiate among classes, here is how it looks in production environment, it is 7.2.4 BTW and all works fine:

asa-chicago(config)# sh ver | in Ver
Cisco Adaptive Security Appliance Software Version 7.2(4)
Device Manager Version 5.2(4)

asa-chicago(config)# sh run class-map
!
class-map Voice-Signal-cs3
description CUCM voice and control traffic
match dscp cs3
class-map Voice
description CUCM voice and control traffic
match dscp ef
class-map Voice-Signal-af31
description CUCM voice and control traffic
match dscp af31

asa-chicago(config)# sh run policy-map VoicePolicy
!
policy-map VoicePolicy
class Voice
priority
class Voice-Signal-cs3
priority
class Voice-Signal-af31
priority
class class-default
!
asa-chicago(config)# show service-policy priority

Interface outside:
Service-policy: VoicePolicy
Class-map: Voice
Priority:
Interface outside: aggregate drop 0, aggregate transmit 3472296
Class-map: Voice-Signal-cs3
Priority:
Interface outside: aggregate drop 0, aggregate transmit 3472296
Class-map: Voice-Signal-af31
Priority:
Interface outside: aggregate drop 0, aggregate transmit 3472296