The Mac Mini VMware ESXi 5 Server – Part 2 (Installation). January 1. 0th, 2. Paraguin. This is Part 2 of the Mac Mini VMware ESXi 5 Server. If you want to read about the research and decision making involved in getting to this point, please refer to Part 1 in the previous blog post. As we also like to skip the fluff and get to the hardcore details, we’re going to jump right in with the installation of VMware ESXi 5. Build 4. 69. 51. 2 (Released in 8/2. We also tried this and it worked on a previous VMware ESXi 5. Build 4. 41. 35. 4. Definitely feel free to link to this as we like sharing the knowledge as well.[Update for quick links 1/3. To make linking to the other pages easier…. What we used: Mac Mini Mid 2. ![]() 3 thoughts on “ How to install.NET Framework 3.5 on Windows Server 2012 and Windows Server 2012 R2 ” WASEEM January 22, 2017 at 4:42 pm. I USED GUI STEP AND IT.
We picked this because mostly because of the Quad Core i. Note: After reading through most of the Apple documentation, the hard drives can be linked with software raid on Mac OS X, but software raid isn’t really an option for VMware ESXi. We recommend a backup plan to be ready since one dead hard drive could be a really bad day if you get too dependent on these systems. Upgraded Memory – Though Apple says it maxes out at 8 gb. We found that Corsair CMSO1. GX3. M2. A1. 33. 3C9 (2 x 8. G) tested fine based on the Newegg comments. We must warn those willing to go outside of the specifications Apple has set and say we’re not at fault if you lose your warranty! For this tutorial, we’re doing it with the stock 4 gb to show that it works. The Mac Mini VMware ESXi 5 Server – Part 2 (Installation) January 10th, 2012 // 10:16 pm @ Paraguin. This is Part 2 of the Mac Mini VMware. Apple Super Drive – Since the Mac Mini 2. You can choose to use a USB drive, but we didn’t want the hassle of trying to get it to install off USB as formatting 4 or 8 gb flash sticks is a pain to wait. USB Keyboard and Mouse – We are using standard Windows keyboard and 2 button mouse. DVI connection to monitor – Yes, you’ll need a monitor with DVI if you want to use the HDMI – DVI connector that the Mac Mini 2. CD burner with a PC or Mac that is currently working in order to burn VMware ESXi 5 ISO (register at VMware for free) and a NIC driver disc. Network cable – You’re going to be happy when this works on the network, but in the mean time you’ll need it to verify it actually works. Step 1: Burn the VMware ESXi ISO to a CDHere’s the link to the VMware v. Sphere Hypervisor (ESXi) download page. The basics are: Click on Download, create / sign in to VMware, download the ISO, and burn to a CD. If you need further assistance than this, you’ll probably in over your head with VMware basics. Step 2: Download the updated Broadcom NIC Driver (VMware Site)So, this is the elusive driver. As many of you may notice the release dates of the Build 4. Broadcom Net. Xtreme I Gigabit driver via VMware are nearly identical in August 2. ISO. We must say, this was a true pain to find as we had to install VMware ESXi on the Mac Mini first, figure out the driver version, and then determine how to find an updated driver and patch it. “Colin. Ng” and all those who found that the NIC driver wasn’t working, shouts out to you for throwing out the pointer and here’s the gift back to you guys. Again, here’s the download link: VMware ESXi 5. Driver CD for Broadcom Net. Xtreme I Gigabit Ethernet Driver – 3. From i. Fix. It, this driver also appears in the Mac Mini 2. The file download is small so it should download quick. Step 3: Burn the Broadcom NIC Driver to a CDYes, we burned that Zip file to a CD as well since we’ll show you in the following instructions on how to mount it and use it. Plus we have to make use of that Super. Drive we bought. Some of you may know how to slipstream it, but we decided to just go it manually and are more than happy to link it to your blog with how to slipstream it into one smooth install process. ![]() Step 4: Connect the Super. Drive to the Mac Mini 2. Start the installation. Plug the Super. Drive into the Mac Mini. Load the VMware ESXi installation CD into the Super. Drive. This goes without saying, but you’ll also need the keyboard, mouse, network cable, monitor, and power plugged in as well. Hold down the letter “C” on the keyboard while powering on the Mac Mini. This will kick it to start booting from the Super. Drive. You should see the VMware ESXi screen from the CD load up and then boot into the setup screens. Step 5: Install VMware ESXi 5. So for those who just want to see how the installation works, we’ve detailed it with the camera to ensure this is real and how we did it. Continuing from Step 4, the system will be loading the CD and you should see the following load screen. Next after the CD has been copied on the Mac Mini. Then the VMware setup will start up. The prompt to Welcome you to the ESXi 5. Installation will begin. Hit the Enter key to continue. After reading the EULA and agreeing to it, click on < F1. Continue. The drive selection will appear. We selected the first drive in the array to install ESXi. Hit the Enter key to continue. The system will ask you to confirm the drive selection. Hit the Enter key to continue. Select the keyboard layout that works the best for you. Hit the Enter key to continue. Enter a root password. Also confirm the password. Hit Enter key to continue. Confirm the installation as the disks will get repartitioned. Hit the < F1. 1> key to start the installation. Note that this doesn’t mean you can’t go back and run the Lion recovery (it will still work). The installation will start as you watch the progress bar. Once installation is complete, a screen will appear stating that a reboot is required to complete it. Hit the Enter key to reboot the system. Step 6: Configure Network and Test. The system has booted up at this point. You should be able to see the VMware screen that informs you to hit < F2> in order to go into the configuration. After hitting the < F2> key, a prompt for the root password will appear in order to access the configuration and run the network tests. On the menu screen that appears, you will want to select “Configure Management Network”From here, you can click on “IP Configuration” in order to update it to a static IP or adjust the DHCP settings (We prefer static since it’s a test VM ecosystem, you are probably building a DC and DNS server in the VMs)Here’s the screen as it appears by default but allows you to change from DHCP to static. Hit the Enter key to confirm the entries. Going back to the “System Customization” screen. Click on the “Test Management Network“. As you can see from the screen shot that the network ping tests fail on our test network. Our goal here was to show you how it is not working and this is expected behavior. Step 7: Enable ESXi Shell. After verifying that the network tests have failed, the next part is to enable the ESXi shell. This will allow us to be able to update the NIC driver now. Go to the “System Customization” screen again and select “Troubleshooting Options“. Hit the Enter key on at least the first option Enable ESXi Shell. After hitting enter the text should change to Disable ESXi Shell as seen in the screen shot. That is how you know the ESXi Shell has been turned on. In order to get to the actual shell. On you keyboard, hit the ALT+F1 keys together. You should be sent to the shell. Log in with the username: root and the password that you set during the installation. You will be presented a command prompt after logging in. Step 8: Update the Broadcom NIC driver. The following are the commands of how to mount the CD from the Super. Drive, copy the driver over to the local system, update the driver on the system, and then reboot. Please follow these instructions carefully as they need to be done in a specific order for this to work properly. As a reference, we got this information on how to mount a CD- ROM from virtually. Ghetto – VMWare Scripts & Resources. Also, to find the instructions on how to update the driver, we pieced it together from another blog from Emulex: Installing or Updating Emulex Drivers on VMware ESXi 5. Load the VMkernel module: vmkload_mod iso. Mount the CD: vsish - e set /vmk. Modules/iso. 96. 60/mount $(esxcfg- mpath - b | grep “CD- ROM” | awk ‘{print $1}’)Make a temp directory: mkdir /tmp- brcm- driver. Copy the TG3*. zip file to the temp directory: cp /vmfs/volumes/mpx. XXXXXXXX/TG3. 31. ZIP /tmp- brcm- driver. Change directories: cd /tmp- brcm- driver. Unzip the ZIP file: unzip TG3. ZIPList the directory contents: ls - al. Copy the offline_bundle zip to /var/log/vmware: cp tg. This above step is very important otherwise you will get an error when you try to execute the command to install the driver!!! Bit. Locker Full Disk Encryption With Windows Server 2. R2 on VMware ESXi 5. In the medical setting in which I work, we have an ethical and a legal obligation to protect patients’ data using a variety of means. Among the many business processes and technical methods, we include various types of encryption. When talking about encryption, we’ll often use phrases like, “encrypted in transit” and “encrypted at rest.” Encrypting content in transit involves technologies like SSL, denoted most obviously when you place an https in front of a web hyperlink in your browser. But today, as the headline implies, we’ll eventually focus on a particular type of encryption for data at rest, where it’s stored on disk. But first an overview. Full Disk Encryption. Generally speaking, full disk encryption is one of my favorite tools. While a computer running full disk encryption remains in the hands of an authorized user with the appropriate boot- up password, the system is as useful as it would be otherwise, save for a performance toll that is often imperceptible on today’s hardware. There’s little need to think about manually encrypting specific file content, as everything written to the system is automatically and seamlessly encrypted. If the system later falls into the hands of an unauthorized user, particularly once it has been powered off, the data is inaccessible for all practical purposes. When I lost a Lenovo Think. Pad to a residential burglary in 2. Various Implementations. For many Linux distributions, implementing LUKS (Linux Unified Key Setup) disk encryption is as simple as checking an ‘Encrypt’ checkbox during installation. Your operating system will be encrypted from the beginning, having never written anything other than a small boot partition (containing only the operating system kernel) in unencrypted form. With Apple File. Vault and Microsoft Bit. Locker, however, disk encryption is configured after the operating system installation is complete. Today we’ll install Windows Server 2. R2, and then implement Bit. Locker after the fact. Trusted Platform Module. Microsoft’s Bit. Locker likes to rely on a hardware feature called Trusted Platform Module (TPM) version 1. It’s not mandatory, but historically it’s been a pain to get along without it. With Windows Server 2. R2, for example, servers that didn’t have TPM required that the encryption key be stored on a USB flash drive. This becomes a problem in today’s data centers, where the majority of servers run atop VMware or a similar virtualization layer. There’s no way to pass TPM functionality from the underlying physical hardware through to a virtual machine. The limitation becomes obvious when running VMware’s High Availability (HA) and Distributed Resource Scheduler (DRS) tools, which routinely move virtual machines from one physical host to another at a moment’s notice. There was one way to get around the requirement to use either a TPM or a USB flash drive with Bit. Locker in Windows Server 2. R2, but it required a compromise analogous to taping your house key to the outside of your front door. Better to use a 3rd- party solution. Fortunately, with Windows Server 2. R2, we can implement Bit. Locker full disk encryption on a virtual server using a boot- up password that’s not stored with the server, and is known only to authorized administrators. We should note that Windows Server 2. VMware ESXi prior to version 5. Finally, let’s get started. Within The v. Sphere Client. I’ll begin by defining my new virtual machine on which I plan to install Windows Server 2. R2. When given the choice of Guest Operating System, I’ll be sure to sure to select Microsoft Windows Server 2. For today’s example, I’ll use 2 virtual CPU sockets, 8 GB of RAM, the default SCSI controller, and I’ll create two virtual drives, sized 6. GB and 1. 00 GB, for use as an OS and a data partition respectively. I’ll later set my CD/DVD drive to point to an ISO image of the Windows Server 2. R2 installation media, and set it to Connect at power on. Windows Server 2. R2 Base Installation. Systems Administrators responsible for the installation, security and support of Windows Server are typically very familiar with performing a vanilla Windows installation. For the sake of keeping an already long post manageable, I’ll skip the how- to of a basic Windows setup. On a modern server hardware platform, the whole thing can be performed in about the same amount of time as it takes to read a definitive list of steps. It’s surprisingly fast when compared with prior versions of Windows. For purposes of this article, I installed Windows Server 2. R2 with the GUI console and otherwise default settings. After that, I installed the VMware Tools, gave the server a desired name, set my timezone, enabled Remote Desktop, installed Windows Updates and set the firewall as desired. Finally, I created as drive D a basic disk containing an NTFS partition utilizing that 1. GB data drive that I’d defined using the v. Sphere Client earlier. Now we have the Windows Server 2. R2 platform on which we’re ready to configure Bit. Locker. Installing the Bit. Locker Feature. Launch Server Manager from the shortcut near the left end of the Taskbar at the bottom of the screen. From Server Manager, click on Add roles and features. A Wizard will launch. Click Next at the Before you begin pane (if shown). Select Role- based or feature- based installation, followed by Next. Choose Select a server from the server pool, and then highlight your machine in the list below. Then click Next. You’ll be presented with a list of Server Roles, some of which could be active, depending on what you may have chosen to install previously. Rather than selecting a new role, simply click Next. Now you’re presented with a list of Features. Click on the box next to Bit. Locker Drive Encryption. A pop- up will reveal a list of additional dependencies which will also be installed. Click Add Features. Now back at the wizard, click Next. If you wish, highlight the checkbox to Restart the destination server automatically if required. Then click Install. The install will take a few seconds. If you didn’t choose an automatic restart, you should manually reboot when prompted. Group Policy Change. Given that we don’t have TPM support on our virtual machine, we’ll need to make a local Group Policy change to allow using Bit. Locker without it. While we’re modifying Group Policy, we’re going to upgrade our cipher strength and make other changes as well. Though the following steps target our individual machine, similar policy could be applied to an Active Directory organizational unit, or even a whole domain. Navigate to Start > (down arrow) > Run, and launch the following command: gpedit. Use the arrow symbols to expand the tree under Local Computer Policy as needed. You’ll want to navigate to: Computer Configuration \ Administrative Templates \ Windows Components \ Bit. Locker Drive Encryption. Select Choose drive encryption method and cipher strength. Turn the policy to Enabled, and choose the method AES 2. Hit OK when done. Now navigate to subfolder \Fixed Data Drives. Select Enforce drive encryption type on fixed data drives. Turn the policy to Enabled, and choose the type Full encryption. OK when done. Now navigate to Bit. Locker Drive Encryption \Operating System Drives. Select Require additional authentication at startup. Turn the policy to Enabled. Select Allow Bit. Locker without a compatible TPM. Leave the settings below it in their default state, allowed but not required. Click OK when done. At the same level in the tree, also select Enforce drive encryption type on operating system drives. Turn the policy to Enabled, and choose the type Full encryption. OK when done. Turning On Bit. Locker. Launch Control Panel via the Start menu. Change the view to Large icons if it isn’t already, so that all options are presented. Launch Bit. Locker Drive Encryption. Focusing on our operating system drive first, Bit. Locker should be off at this point. Click on the option to Turn on Bit. Locker. Your system will run a quick diagnostic check. When it doesn’t discover a TPM, it will give you two alternatives. Choose Enter a password. Enter your desired Bit. Locker drive encryption password twice, and then click Next. You’ll be asked to back up your recovery key. Choose Save to a file, and store it in a network location known to be secure. It won’t let you save the recovery key to the drive you’re encrypting, nor can you continue without saving it somewhere. When prompted with the option to Run Bit.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
October 2017
Categories |