Archive

Posts Tagged ‘Server’

Securing your Microsoft Exchange 2010 Server / services with an SSL Certificate

May 11th, 2011 No comments

Exchange 2010 has definitely simplified the process of applying SSL certificates to your mail services such as Outlook Web Access/App and Exchange ActiveSync. No more muddling about with IIS is required and you can do everything via the Exchange Management Console (GUI) too. I’ll also list a cmdlet at the end for generating a CSR if you wish to go the Exchange Management Shell way.

Exchange Management Console steps:

 

  • Open the Management Console and from the summary / home tab click on “Manage databases”. Now on the list in the left of the Management Console, select “Server Configuration”, then in the list of Actions on the right look for “New Exchange Certificate” and select this.

 

 

  • A wizard will popup and you can begin setting up your new Certificate Signing Request (CSR). Fill in a Common / Friendly name for the certificate. I used the same name as would be used for the actual certificate itself so that I can easily identify it.

 


 

  • Continue the wizard. I won’t be using a wildcard certificate so I will leave the “Enable Wildcard Certificate” selection unchecked.

 

 

  • The next section allows you to select the services you want to use with your SSL / describe the Exchange configuration for the CSR that we are going to generate. Expand out the sections and you’ll see that some are pre-populated for you. Check over this information and tick any services that you want to use. I want this SSL certificate for Outlook Web App and Exchange ActiveSync for mobile devices, so I checked the options for “Outlook Web App is on the Internet” and “Exchange Active Sync is enabled”. In each of those cases, I entered the A name record for the services (The external name used to connect to the services) – i.e. mail.shogan.co.uk – this is important and it is what your SSL certificate will be securing, so double check that it is correct.

 

 

  • Continue by entering some administrative / contact details for your company, choosing a location to the save the CSR request file, then finishing the wizard off. Now, go to your SSL provider’s site and purchase a new SSL certificate. I am using a basic SSL123 certificate in this case from Thawte.

 

  • Go through the steps of purchasing the certificate, and you’ll get to a point where they ask you for the CSR – paste the exact text of your CSR generated in Exchange’s Management Console into the CSR text box on the website and get your certificate ordered. When it is approved and emailed back to you, save the .cer certificate file on your Exchange server.

 

  • Go back to the management console, select “Server Configuration”, select the certificate under the “Exchange Certificates” tab and in the Actions view on the side, select “Complete Pending Request”. Browse for the completed SSL certificate your certificate issuer sent you and finish by completing this wizard.

 

 

  • You now just need to highlight the certificate under “Exchange Certificates” once again, and under the “Actions” panel, click “Assign Services to Certificate”. In this wizard, select your relevant Exchange server name, then click next. On the next screen, select “Internet Information Services”, then “Next”. Check the summary page looks correct then finish the wizard.

 

Your SSL certificate should now be configured and ready for use. Browse to the URL of your Outlook Web App service via https. You should find that you don’t get a certificate warning, and clicking the security icon in your web browser to view the site certificate should show that it is valid and providing encryption.

 

Generate a CSR using the Exchange Management Shell.

 

You can also generate a CSR using the cmdlet below. Just substitute the relevant values with your own. Be sure you aren’t putting any incorrect values in when using this though as you don’t have a nice GUI to explain things to you as you do with the Exchange Management Shell.

 

Set-Content -path “C:\mail_shogan_co_uk” -Value (New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName “c=gb, s=London, l=London, o=Shogan.tech, ou=IT, cn=mail.shogan.co.uk”  -PrivateKeyExportable $True)

 

The above cmdlet will save the CSR file to C:\mail_shogan_co_uk. You would then copy and paste the text of that file into your SSL certificate provider’s site as part of your SSL purchase process. The cmdlet uses some values that will need to be unique to your organisation – here are the value explanations of parts of the above cmdlet:

 

c = country code
s = city
l = province/state
o = organisation name
ou = organisational unit
cn = common name the SSL certificate is to be provided for

The cmdlet won’t give you any output if it works correctly, but you’ll be able to see the CSR in the Exchange Management Console if you refresh it at this stage.

That is basically it – the steps above should help you secure some Exchange services such as OWA or ActiveSync with an SSL certificate from a trusted authority.

 

SQL Server 2008 – Change Tracking

March 11th, 2011 No comments

I have recently started studying for some Microsoft SQL Server exams (in particular 70-432). In order to reinforce some of the information, I thought it would be a good idea to blog about some of the features of SQL Server 2008 I learn about. This post will be on the built in mechanism for Change Tracking.

Change tracking is a relatively lightweight functionality that associates a version with each row in a table which has had CHANGE_TRACKING enabled on it.

By using this mechanism, it should be easy to read the version number when data is read from the database, and when it comes to writing data back, this version number can be checked to see if it has changed or not, allowing your application to determine whether it is safe to write data back or not, depending on how you handle the situation.

Once the CHANGE_TRACKING option has been enabled for a database, you can choose which tables in the database change tracking information is kept for.

Two other options can also be used. Namely CHANGE_RETENTION, which allows you to specify how long change tracking information should be captured for, and AUTO_CLEANUP, which allows change tracking information to automatically be cleaned up.

If anyone has any extra information or can clarify any of the above points, then please feel free to add a comment 🙂

Manage VMware Server 2.0 with Virtual Infrastructure Client instead of the Web UI

July 22nd, 2010 No comments

I personally find the Web UI a little slow for managing VMware Server 2.0 on my home lab and also prefer to use an interface more like the one I use at work when managing our vCenter and ESX hosts. So here is how to use the VMware Infrastructure Client to manage VMware Server 2.0. For this to work, ensure you use an older version of the Infrastructure Client. The one that comes with ESX 3.0 / 3.5 hosts seems to work well. The newer vSphere Client doesn’t work and gives you an error message when you try to login.

1. Grab a copy of the Virtual Infrastructure client and install it on the machine you are accessing your VMware Server Host from. I had trouble finding a download link, so I needed to pull it off an old ESX 3.5 host.

2. Install the client, then run it. At the login prompt enter the full web UI address of your VMware Server Host in the IP Address / Name section. So if you were trying locally on your host, you could enter https://localhost:8333 or from a remote machine use the IP address in the format https://x.x.x.x:8333

3. Enter your user name and password and hit “Login”. This should load up your VMware Server 2.0 server in the infrastructure client. Enjoy!

Allow ICMP / ping response on a Windows Server 2008 or 2008 R2 machine

June 25th, 2010 1 comment

A very quick blog post today, seeing as though I have run this command on about 4 or 5 new servers I have deployed today. To allow a server to respond to incoming ICMP traffic (ping) you can issue the following command in the command prompt. Do this as an administrator of course!
netsh firewall set icmpsetting 8

Your machine should now respond to pings. You can also do this via the Windows firewall GUI but I find the command to be the quickest and easiest way of achieving this.

Backblaze storage pods – excellent value for money storage in the datacenter

October 17th, 2009 No comments

I know this is old now, but a while back I came across this blog post by the company Backblaze. They detail how they build these custom “storage pods” that get rack mounted in their datacenter for online storage. In their post, they show how using this method they manage to save tons of money that would have been otherwise spent on Amazon S3 storage, EMC / Dell or Sun solutions. Each storage pod can be looked at as one building block of a much larger storage solution.

I think this design is great and if I had the space / resources I would defintely attempt one of these as a project for myself. To quote their site, the storage pods contain the following hardware:

“one pod contains one Intel Motherboard with four SATA cards plugged into it. The nine SATA cables run from the cards to nine port multiplier backplanes that each have five hard drives plugged directly into them (45 hard drives in total).”

Here is a youtube video showing the design of one storage pod.

Read up more at Backblaze blog

My workspace and hardware zen

October 16th, 2009 No comments

Everyone has their own relax or zen area where they like to spend time getting away from reality and de-stressing. One of mine just happens to be the same place where I get a lot of work done – my main gaming platform and home office area! Since we moved into our new flat, I found that there wasn’t much space to set up my PC. Last weekend I whipped out the old jigsaw and sliced a couple of inches off the side of my PC desk in order to get it to fit into this corner.

I then decided to neaten up and organise everything a bit to enhance my working conditions when I do work from home. I made a “ghetto” iPhone dock out of the packaging the phone came in, using the plastic dish the phone is cradled in. I cut out a small area at the bottom for the iPhone connector to fit in, then routed the cabling into the box itself, which sits diagonally in the lid of the box, flipped upside down. The cable then comes out the back and plugs in to the power socket behind my desk. This keeps the cabling nice and neat and I just plonk the phone down into the dock when I get home for a charge. I don’t need a USB connection to the PC as I have SSH enabled via a jailbreak – I therefore use Wifi access and WinSCP or SCP from Putty to transfer files between PC and phone.

Behind this is my touch sensitive desk lamp, in front of the dock is my work IP phone which connects up to our VOIP server. Then we have my main PC which consists of the following: Asus P45 P5Q motherboard, E8400 3.0GHz Core2Duo CPU overclocked to 3.6GHz in Summer and 4.0GHz in Winter. 4GB OCZ DDR800 RAM running at DDR1000 speeds and an ATI HD 4870 graphics card which has a custom flashed bios which overvolts the GPU and applies a generous overclock. I used to have a nice quiet watercooling loop in the PC, but sold it recently and went back to air cooling. I plan on doing another Watercooling build soon and will hopefully post the process and worklog here when I do. The other peripherals consist of a Dell 24″ LCD (1920×1200), G15 Keyboard and Logitech MX518 mouse.

I use this PC for just about everything – all my PC gaming, Web browsing, a little bit of programming and Virtualisation (On top of Windows 7 Professional it is running VMWare Server 2.0) with a variety of guest VMs that I use for testing and practising various Windows and Linux server technologies.

Other hardware I have lying around is an old Dell Poweredge 2U server which I run VMWare ESX 3.5 and a Dell Optiplex machine running uBuntu 8.04, with VMWare Server 2.0 for linux and a guest VM operating system running on top of that which runs uBuntu Server 9.04 and this very website.

Anyway here are a few photos of my nice clean new workspace.