Embed Size (px)
Citation preview
Neumont UniversityDan Taylor – IS Capstone
Project Horus
Installation and ConfigurationVersion 1.0
For Official
Use Only
P a g e | 1
Contents1.0 Introduction...........................................................................................................................................3
1.1 Change Log............................................................................................................................................3
2.0 Installation and Configuration of ESXi....................................................................................................4
2.01 Creation of a bootable USB Drive....................................................................................................4
2.02 Installation of ESXi...........................................................................................................................4
2.03 Configuration of ESXi per Project Horus Environment.....................................................................4
3.0 Connecting your server(s) to a Dell Compellent SAN.............................................................................5
3.01 Connecting to the vSphere Client....................................................................................................5
3.02 Adding a Software iSCSI Adapter to a server...................................................................................5
3.03 Configuring a Software iSCSI Adapter..............................................................................................5
3.1 Adding Software iSCSI Adapters to the SAN..........................................................................................5
3.12 Creating a Storage Volume..............................................................................................................6
3.13 Adding the Server HBAs to a Volume...............................................................................................6
3.2 Uploading to the SAN............................................................................................................................7
4.0 Installation of Windows Server 2012 R2................................................................................................7
4.01 Creating the vCenter Virtual Machine.............................................................................................7
4.02 Mounting an ISO from a SAN...........................................................................................................8
4.03 Configuring Windows Server 2012 R2.............................................................................................8
4.1 Installation of vCenter...........................................................................................................................8
5.0 Virtual Networking................................................................................................................................9
5.01 VDS Implementation........................................................................................................................9
5.02 Port Groups.....................................................................................................................................9
5.03 Host Networking (Physical Adapters)..............................................................................................9
5.04 Host Networking (VMkernel Adapters)..........................................................................................10
6.0 Create an Active Directory Server........................................................................................................10
6.01 Create the Virtual Machine and Install Windows Server 2012 R2.................................................10
6.02 Installing Active Directory..............................................................................................................10
6.03 Configuring Active Directory..........................................................................................................11
7.0 Adding End-Users................................................................................................................................11
7.01 Creating a Template.......................................................................................................................11
7.02 Deploying from a Template...........................................................................................................12
P a g e | 2
7.03 IP Configurations for End-Users.....................................................................................................12
8.0 Installing the Spector 360 and SMTP Server........................................................................................13
8.01 Pre-Installation Setup....................................................................................................................13
8.1 Installing the SMTP Server Feature......................................................................................................15
8.11 Installing the Feature.....................................................................................................................15
8.12 Configuring SMTP..........................................................................................................................16
8.21 Installing Spector 360....................................................................................................................19
8.22 Configuring Spector 360 Control Center........................................................................................19
8.23 Configuring Spector 360 Dashboard..............................................................................................21
9.0 Continued Management......................................................................................................................21
P a g e | 3
1.0 IntroductionThe contents of this document are only to be viewed by those with sole authorization from the creator of this document. Any unauthorized individuals viewing this document could potentially face charges under 18 U.S. Code § 1905. This document is subject to change and will be maintained through a change log documenting what had changed per each instance.
1.1 Change LogVersion # Name Changes Made Sections Added/Modified
1.0 Daniel Taylor Initial implementation of Change Log. All changes made at this point will be documented here.
Initial Construction of Document
P a g e | 4
2.0 Installation and Configuration of ESXiThis section will cover the installation and configuration process of the virtualization operation system known as ESXi per the environment that Project Horus was implemented into. Specifically, this guide will focus on ESXi 5.0.
2.01 Creation of a bootable USB DriveGiven that most servers in the industry do not have CD or DVD drives, a few options exist for installation, though this guide will only focus on installing ESXi via a bootable USB Drive. First, acquire a copy of ESXi 5.0 or newer from VMWare. Next, download the (free and open source) bootable USB creation software “Rufus”. With both Rufus and the correct version of ESXi downloaded, insert a blank USB flash drive (I went with a 32GB USB stick) into your computer and launch Rufus. Rufus will automatically detect the flash drive and set the file scheme to NTFS, which will need to be changed to VMFS for ESXi to function properly. Give the Volume Label a name. Under Quick Format Options, tick “Quick Format” and “Create a bootable disk using ISO Image”. Also make sure that the “Standard Windows Installation” radial button is ticked. Next to the “ISO Image” dropdown menu, click the disk icon and search for where you downloaded the ESXi ISO image. Finally, click Start.
2.02 Installation of ESXiOnce Rufus has finished creating the bootable ISO, safely eject your USB drive and plug it into a USB port on your server. Start your server. Once a boot menu appears, make sure to force the server to boot from USB and allow ESXi to install. The installation could take anywhere from 5 to 15 minutes, but make sure to press Enter to really start the installation. Follow the basic on-screen dialogue to accept the EULA and select on which disk to install ESXi. Set your ESXi password and finally the operating system will begin to install. Once installation has finished, the operating system will reboot and you can remove the USB drive from the server.
2.03 Configuration of ESXi per Project Horus EnvironmentConfiguration for the Project Horus environment is relatively simple on the ESXi side of things. Once your ESXi server is up and running, press F2 and enter your root password. This is the password that was set during initial installation of ESXi. Right away you’ll be greeted with a list of options that mostly center on system logs and network configurations. Press the down arrow until reaching Configure Management Network and press Enter. Press the down arrow again and you’ll be on “VLAN (optional)”; go ahead and hit enter and enter “10” as the value for your Management VLAN. Scroll down one more option and hit Enter on “IP Configuration”. Press the down arrow once to highlight “Set static IP. . .” and press Space. Change your IP Configuration to look like this:
P a g e | 5
Now hit Enter and move down to “DNS Configuration”, hit Enter and type in “8.8.8.8” for the Primary DNS Server. Leave the Alternate DNS Server blank and leave Hostname as “localhost”. Hit ESC, move down one option and restart the Management Network to ensure these changes take effect.
Repeat this process for any other servers that you have.
3.0 Connecting your server(s) to a Dell Compellent SANThis section will cover how to add Software iSCSI Adapters to a server and point them to a SAN running on 10.0.30.5 and 10.0.20.5 networks, as well as showing how to connect to the VMWare vSphere Client.
3.01 Connecting to the vSphere ClientAssuming you have the VMWare vSphere Client, connect to one of your servers using the IP you assigned it during the configuration of ESXi, with a username of “root” and the same password you assigned it during installation of ESXi.
3.02 Adding a Software iSCSI Adapter to a serverOnce logged in to the vSphere Client, click on the server on the left hand side of the screen, then click on Configuration. A new panel will appear showing a list of configuration options available. We want to choose Storage Adapters. After clicking on Storage Adapters, click on Add and choose “Software iSCSI Adapter”. The adapter will automatically be added, and your screen should look like this:
3.03 Configuring a Software iSCSI AdapterWith the configuration of the SAN already in place, all we have to do is configure the adapter itself to point to the SAN and mimic an actual iSCSI adapter. On the Details section of the Software iSCSI Adapter, click on Properties followed by Dynamic Discovery. Click the Add button and add both 10.0.20.5:3260 and 10.0.30.5:3260. No other settings need to be changed or added.
3.1 Adding Software iSCSI Adapters to the SANPer the environment of Project Horus, the SAN Management IP is 10.0.0.9. Navigate to the SAN Management IP of your environment. Once logged in, right click the “Servers” tab and click “Create Server Folder”. Name it whatever you’d like, the Server Folder Name used for Project Horus is “Dan’s Data [Project Horus]”. Next, right click that Server Folder and click “Create Server Cluster”. A window will appear. On that window, click “Create New Server” and you should see the Software iSCSI Adapters
P a g e | 6
of your servers available to be added to your server cluster. If the Software iSCSI Adapters are not visible, skip this step section and return after completing §5.0 Virtual Networking.
3.12 Creating a Storage VolumeStill logged in to the SAN Management interface, right click the Storage tab on the left and click “Create Volume”. Allot a space for the volume in GB or TB and click Continue. Do not set any Replay Profiles. This will exponentially increase the amount of space used on the SAN. Click Continue, followed by “Create a New Folder”. Give the folder a name and put your volume inside of this folder. Name the volume and click continue. Lastly, click Create Now. You should now have a new Volume inside of a named folder, like so:
3.13 Adding the Server HBAs to a VolumeOnce your Volume has been created, right click it and click “Map Volume to Server”. You should now see the three servers you added earlier appear as available servers for the Volume to be added to, as well as the Cluster containing them. Map the Volume to the Server Cluster and it will automatically be added to the server(s) as well. You should now see something like this under the Mapping tab of one of your servers:
P a g e | 7
3.2 Uploading to the SANNow that you’re fully connected to the SAN, go back to the vSphere Client and click on the Configuration tab, then click on Storage. You’ll see at least two Datastores there, one for the local hard drive(s) of your server and one for the SAN. Right click the SAN and click “Browse Datastore”. There will be a row of buttons on the top of the new window that pops up, click on “Upload files to the datastore” and then click “Upload File”. From here, you can upload the Windows Server 2012 R2 and Windows 7/8.1 ISOs that are used throughout Project Horus. The upload process can take anywhere from 15 to 30 minutes, and can even go longer than that depending on your bandwidth. If §3.1 Adding Software iSCSI Adapters to the SAN is incomplete, upload your ISOs to your server’s local hard drive until completing §5.0 Virtual Networking.
4.0 Installation of Windows Server 2012 R2This section will cover the installation and configuration of Windows Server 2012 R2, and will require the use of the VMWare vSphere Client.
4.01 Creating the vCenter Virtual MachineSince you’re still logged in to the vSphere Client, right click the host and left-click on “New Virtual Machine”. Choose Typical for the Configuration Type and click “Next”. Enter the name of what you want this Virtual Machine to be (“vCenter Server” per Project Horus) and click next. Once prompted for a Storage Device, choose the SAN that you added earlier. If the SAN is not available, consult §14 “SAN Connectivity Errors” of the Troubleshooting document.
At this point, you’ll be prompted to choose a Guest Operating System and will want to choose “Microsoft Windows Server 2012 (64-Bit)” for all servers.
Note: End-User VMs must be made using either Windows 7 (64-Bit) or Window 8.1 (64-Bit) for this environment.
Only one NIC is necessary for the vCenter Server. After clicking “Next”, you’ll reach a prompt to set the Virtual Disk Size and its provisioning. Set the disk space to 65GB Thin Provisioned, like so:
Click “Next” and make sure to tick the box that says “Edit the virtual machine settings before completion”, then click “Continue”.
P a g e | 8
4.02 Mounting an ISO from a SANNow that you’re able to edit the Virtual Machine Properties, click on “New CD/DVD (adding)” and tick the radial button that says “Datastore ISO File”, followed by “Browse…” Click on the SAN and navigate to where you saved the Windows Server 2012 R2 from the earlier section: Uploading to the SAN (§3.2). Lastly, click Finish and start the Virtual Machine. Run through the on-screen dialogue for installing Windows Server R2 2012. To control the Virtual Machine, left click on it in the left-hand panel and then click on “Console” on the center panel. Additionally, make sure to install the GUI of Windows Server 2012 R2, rather than the Core. Once installation has finished, allow the server to install ALL Windows Updates. No additional configuration is necessary as of yet.
4.03 Configuring Windows Server 2012 R2Now that the server has been fully installed and operational—that is, installation of Windows Server 2012 R2 and Windows Updates have finished—configuration of the IP can take place. Navigate to the Network and Sharing Center to change adapter settings. The IPv4 Configuration of the vCenter Server should look like:
4.1 Installation of vCenterMount the vCenter ISO to your vCenter Server VM and run through the Simple Install Wizard. Follow the On-Screen Instructions and choose to install SQL Express along with vCenter if prompted to do so. Adjust the Web Client IP:Port from “10.0.2.40:443” to “10.0.2.40:9443”. From this point forward, this guide will use language and screenshots from the vSphere Web Client.
P a g e | 9
5.0 Virtual NetworkingThis section will cover the first transitions from the vSphere Client to the vSphere Web Client as well as transitioning from the Virtual Standard Switch (VSS) to a Virtual Distributed Switch (VDS) and will cover the port groups necessary for Project Horus.
5.01 VDS ImplementationLog in to the vSphere Web Server (10.0.2.40:9443) and click on the “vCenter” tab, followed by the “Networking” tab on the left panel. You may or may not have to create a new Virtual Distributed Switch. If you do, follow the remaining steps. If you do not, skip to §5.02 Port Groups.
Right click Datacenter and click “New Distributed Switch”, give it a name and make sure it’s something relevant. Click “Next” and make sure that your VDS version number is 5.5.0. Lastly, disable Network I/O Control and do not create a default port group. The number of uplinks can remain four.
5.02 Port GroupsNow that a VDS has been created, right click it and left click on “New Distributed Port Group”. There are Four (4) port groups in total that must be created, and for the sake of brevity they are listed below:
Name Port Binding Port Allocation # Of Ports VLAN TypeDPortGroupVLAN10 Static Elastic 11 VLAN 10
SAN VLAN 20 Static Elastic 4 VLAN 20SAN VLAN 30 Static Elastic 4 VLAN 30Production Static Elastic 18 VLAN 84
5.03 Host Networking (Physical Adapters)Right click your VDS and click “Add and Manage Hosts”. Because this is a new environment, click “Add hosts”. Add all of the servers that are available (unless your specific environment deems otherwise). Click Next through everything else and simply add the Hosts. Right click your VDS again and click “Add and Manage Hosts” once more, except this time choose “Manage host networking”. Select all of your attached hosts and choose to manage both the physical adapters and the VMkernel adapters. Keep vmnic0 on vSwitch0 and add the other three NICs to the DSwitch, one NIC for Uplinks 1, 2, and 3 respectively. Your physical network adapters should look like the image below. Click Next.
P a g e | 10
5.04 Host Networking (VMkernel Adapters)Because there are four Port Groups, there will need to be four VMkernal Adapters for each host. The below screenshot shows a sample of what the Production VMKernel Adapter (vmk4) on 10.0.1.24 would look like following Troubleshooting §2.0 Network Topology:
6.0 Create an Active Directory ServerThis section will cover the installation of the Active Directory Role and the configurations used for Project Horus.
6.01 Create the Virtual Machine and Install Windows Server 2012 R2 Log in to the vSphere Web Server (10.0.2.40:9443) and create a new VM using the same steps as before. This time, rather than clicking on the Virtual Machine itself, most common controls can be done from a right-click menu on the Virtual Machine. Right-click the Virtual Machine and click “Open Console”. A new tab will open in your web browser.
6.02 Installing Active DirectoryOnce the Windows Server itself is up and running following the on-screen dialogue, open Server Manager and click “Add New Roles and Features”. Navigate through the on-screen dialogue until reaching the “Server Roles” section. Tick “Active Directory Domain Services” (AD DS) and accept any dependencies that will also have to be installed. Click Next and Install once you reach the final installation dialogue. Allow the AD DS role to fully install, follow the on-screen dialogue and restart if necessary.
P a g e | 11
6.03 Configuring Active DirectorySince most of the configuration of Active Directory was handled during installation, only a few crucial steps remain uncompleted. First, change the IPv4 Configuration to resemble what is below:
Next, navigate back to Server Manager and click on the DNS label on the left panel, then right click your server and click on DNS Manager. Now right click on “Reverse Lookup Zones” and click “New Zone”. Forward Lookup Zones have already been populated thanks to Active Directory Domain Services. Leave the radial buttons the way they are and click “Next” until reaching “Network ID:”- Fill this value in with “8.8.8” so that the gray value below comes out to be “8.8.8.in-addr.arpa”. Then click “Next” and allow only secure dynamic updates. Finish creating the reverse lookup zone and you’re done.
7.0 Adding End-UsersThis section will cover the creation of a Template End-User VM using the vSphere Web Client as well as adding end-users to the Active Directory Domain and configuring them with static IPs.
7.01 Creating a TemplateIn the vSphere Web Client, right click one of your hosts (a server) and create a new VM. Run through the process as usual, with Windows 7 or Windows 8.1 as the user operating system. Run through the Windows installation dialogue as you would any other OS installation. Once the installation has finished, navigate to C:\Windows\System32\Sysprep and execute sysprep.exe. Tick the optional box to Generalize the Sysprep. The VM will shut down after Sysprep has finished. Once the VM is shut down, navigate back
P a g e | 12
to the vSphere Web Client, right click the VM and click “Clone to Template…” Give the template a name, a server to reside on, and attach it to the SAN and click Finish. For the remaining End-Users you wish to add, simply right click the template and click “Deploy VM from this Template…”
7.02 Deploying from a TemplateSimilar to creating the template, deploying the template is just as simple. Select a server for the VM to run off of, attach it to the SAN, and tick the “Power on virtual machine after creation” option. The VM will deploy and have all of the same settings as the Template, all that will be needed is entering a Serial Key for Windows 7 or 8.1, depending on the Template’s OS.
7.03 IP Configurations for End-UsersFirstly, make sure that all users being added to this project are added to the Active Directory Domain previously created. Add them to the Domain by pressing the Windows key and right clicking “My Computer”, followed by “Properties”. Click Change and add the domain like so:
Next, adhere to the following list for End-User IPs using CIDR notation*:
User Category IP Configuration Project Horus IPsWorkers 10.0.84.2X/24 10.0.84.20; 10.0.84.21
Exploders 10.0.84.3X/24 10.0.84.30; 10.0.84.31Slackers 10.0.84.4X/24 10.0.84.40; 40.0.84.41
CIDR notation equivalents are as follows: /24 equals 255.255.255.0
P a g e | 13
8.0 Installing the Spector 360 and SMTP ServerThis section will cover the installation and configuration of the Spector 360 Server as well as the SMTP Server which will both be ran on the same VM per Project Horus. Go ahead and make a new VM with two NICs for this and load it up with Windows 2012 R2. One NIC will be used for the Active Directory domain, with another for internet connectivity
8.01 Pre-Installation SetupBefore we get in to the actual installation of Spector 360 and SMTP, there’s a couple things that need to be handled first. Since Active Directory has already been set up and is functional, we’ll want to add this new server to the AD Domain. Open the Server Manager and click on “Local Server”, followed by “Domain”, and change this domain to be the same as your Active Directory domain. Per the Project Horus environment, the domain is “BigBrother.net”, as previously exemplified. Once the Domain is changed, Windows will prompt you to restart. Don’t do that just yet. Next, change the server’s IP address to match the pre-determined IP scheme, with an IP of 10.0.84.11, as seen below:
Also make sure to add IP Configuration settings for the secondary NIC that will be allowing internet access, as seen on the following page:
P a g e | 14
Finally, some ports must be opened for the SMTP server to function properly inside of the BigBrother domain. Add an Inbound Rule allowing ports 25, 465 and/or 587 if you choose to use TLS over SSL, as seen in the screenshot below:
Now go ahead and restart the server, logging in with the Active Directory Administrator credentials once doing so, something like:
P a g e | 15
8.1 Installing the SMTP Server FeatureThis section will cover the installation and configuration for SMTP per Project Horus.
8.11 Installing the FeatureTo send any email from Server A to Server B, SMTP must be installed. Open the Server Manager and click “Add New Roles and Features”. Run through the on-screen dialogue until reaching the “Select features” icon. Refer to the below screenshot:
Allow SMTP to install and restart if necessary.
8.12 Configuring SMTP To configure SMTP on Windows Server 2012 R2, open the Internet Information Services (IIS) 6.0 Manager, as seen below:
P a g e | 16
Note that you want to select Internet Information Services (IIS) 6.0 Manager. The other one is only a manager for websites, not web services.
After that, right click on [SMTP Virtual Server #1]. You will get a screen similar to this, but the IP will be set to All Unassigned. Change that to be the IP of your internal network, which in this case is 10.0.84.11.
From there, click on the Access tab and then click on Connection. Add the same IP to be granted access to the virtual server, as shown below.
P a g e | 17
Repeat the same process for the Relay button just below Connection.
Finally, click on the Delivery tab and click on Advanced. Ensure that the Delivery window and Advanced Delivery windows look the same as the following two screenshots.
P a g e | 18
P a g e | 19
8.21 Installing Spector 360Once you have downloaded the Spector 360 Client from the email sent to you by SpectorSoft, extract it using WinZip, WinRar, or any other unzipping package (such as 7zip). Extraction can take anywhere from 2 to 8 minutes. After extracting it, execute the Spector 360 installation client located inside of the Spector 360 folder. You’ll then be prompted to enter your serial key; do so. Run through the Spector 360 installer until reaching the Options section. Click the “Custom” radial button followed by “Full” to ensure that all Spector 360 features and services are installed. You may be prompted to install a .NET Framework; click “OK” and allow the framework to install. Once the installation finishes, you will be prompted with the initial setup screen.
8.22 Configuring Spector 360 Control CenterThe first screen you’ll be presented with is the initial credentials setup screen. Fill these fields out to match the Active Directory Administrator credentials from before, and click Register. Click Register again and a web page will be brought up – enter your serial key into that web page where prompted and follow the on-screen instructions. You’ll receive an email with an attachment titled “Unlock Code.rtf”. Open that document and paste the contents into the Unlock Code field on the Registration window of the Spector Control Center. Click Unlock, followed by Ok.
The “Add New Computers” wizard will appear. Click “Next”, and tick the radial button “retrieving the list of computers from Active Directory”. The Server will then query the Active Directory server for a list of all connected computers. Click “Next” once the querying has finished and add all of the computers that fall into the Active Directory Domain that was created earlier. Click “Next” once more and schedule installation of the Spector Recorder for these computers to be midnight on the day of installation with automatic updates for the Recorder, as demonstrated below:
P a g e | 20
Click “Next”, assign the Initial Profile to the added computers and click “Next” again. The Control Center will notify you that the computers being added will be restarted automatically once the Recorder has been installed. Make sure you have assigned a license to these machines. Click Finish.
Now that the computers have been added, navigate to the “Database” tab on the lower left side of the Control Center and click on “Create a full backup”. Click “Yes” and allow the client to run through the entire backup of the system. This could take anywhere from 5 to 30 minutes.
While that is running, navigate to the Event Alerts tab and click “Modify Email Alert Configuration”. Configure the Event Alert Email Configuration to resemble the screenshot displayed below:
Only use smtp-relay.gmail.com if you have a Google Apps account. Per this project, I did not have a Google Apps account so I used smtp.gmail.com which requires either SSL or TLS. As of this document, Spector 360 does not yet have a tick box for using TLS, though you can tick “Use SSL” and still use port 587 for TLS.
Now activate all of the Events located therein. To do this, click on an event and then click “Modify”. Click the radial button “Active” on the first page you see. Now, add the Alert Operator for your Email by clicking on “New Alert Operator”. Give the operator a name and an email, as seen below. Repeat this for all other events.
P a g e | 21
8.23 Configuring Spector 360 DashboardLog in to the Spector 360 Dashboard with your Windows Credentials and navigate to the Management tab followed by the “Alert Profiles” tab on the left panel. Click on “Email Configuration” on the top of the window and make it the exact same as the Control Center’s configuration. Enable all events.
Next, click on the User Groups tab. Right click the center of the screen and click “New”. Add all of your End-Users to a group simply titled “End-Users”. Do the same thing for your Administrators and title them “Administrators”. You should then have two groups, one titled “End-Users” and one titled “Administrators”, as seen below:
Click on “Computer Groups” and click “New” again. Add your End-User VMs as one Computer Group, and add your servers to another “Computer Group”. Give them the same names as the User Groups.
9.0 Continued ManagementNow that all services and servers have been set up correctly, return to the Spector 360 Control Center and click on the “Recording” tab. If the users have all had their Recorder installed, you should see all of your added computers displayed in a list with the Client & UI installed and in a Recording state. Add your users to the End-Users group and your Servers to the Administrators group, as seen below:
With that in place, all configuration is finished. All end-users and Administrators will now be recorded in the default work hours from 9:00am to 5:00pm with their activity split up into their user groups.
