Angelo’s blog

I wanted to install Windows Server 2008 on some of our servers (Dell PowerEdge 2850′s and 2950′s), but I soon ran into some problems. The DRAC4 in the 2850′s is enormously s-l-o-w, and on the 2950′s, the Windows Server 2008 setup does not recognize the virtual DVD drive that comes with the DRAC5. Joy. I only want to do installations over the network or DRAC’s, because the servers I’m testing on are in our datacenter, 150km away. And I just want to play around for a hobby, not being in a car half the evening to sit in a loud server room flipping cd’s

Finally, I installed Windows Server 2008 inside a ESX Server virtual machine (works like a breeze, very fast installation), and I installed WDS (Windows Deployment Services), to enable network installations of Windows Server 2008. It really looks nice, and hell of a lot easier than when I last played with RIS, about 4-5 years ago!

I installed the 2850 quite fast over the network (boot from PXE enabled network card, press F12, and off you go), but the 2950 gave me some headaches. It would boot of PXE, but then the installer whould stop, showing only an error: WdsClient: An error occurred while starting networking: a matching network card driver was not found in this image. Please have your Administrator add the network driver for this machine to the Windows PE image on the Windows Deployment Services server.

After googling, I found out I could do shift+F10 to get a console window, and the ipconfig command showed me that the setup was only recognizing the add-in Intel NIC’s, not the onboard Broadcom NIC’s (which are the only ones connected right now).

So I googled and tried for a few hours, and finally, I got to integrate the Broadcom drivers into the boot.wim boot image. (User ‘ozymandeus’ gave the answer in this topic.)

I download the RIS drivers for the Broadcom Netxtreme II from their site. Watch it, the RIS drivers are under a seperate header on the download page. In the following example, I extracted the two files to c:\bc.

On the WDS server, I downloaded and installed the Windows AIK (1GB download, mount with daemon-tools). In the WDS console, I exported the boot image (I only have a x64 boot image) to c:\boot.wim.

I mounted the image to an empty directory, c:\ff.

> imagex /mountrw c:\boot.wim 1 c:\ff

Add the drivers to the image:

> peimg /inf=c:\bc\b06nd.inf c:\ff

Unmount and commit the changes:

> imagex /unmount /commit c:\

Then, I did the same for image 2 in the boot.wim file:

I mounted the image to an empty directory, c:\ff.

> imagex /mountrw c:\boot.wim 2 c:\ff

Add the drivers to the image:

> peimg /inf=c:\bc\b06nd.inf c:\ff

Unmount and commit the changes:

> imagex /unmount /commit c:\

Then, I replaced the boot.wim file in the WDS console, I booted my 2950, and tadaaaa! Installing!

My firewall/asterisk/mail scanner is a Compaq Deskpro EN/SFF, a very small Pentium III 500 box, with 256MB RAM and a 13GB ATA disk. I am very happy with it, since it scans inbound and outbound email all day using amavisd-new, spamassassin and ClamAV, and at the same time I can call through asterisk without a glitch. And it also runs OpenVPN server, DHCP server, BIND, NTP daemon, IPv6 tunnel, PF firewall with QoS, etc. And all that with only 30W power consumption! On auction sites, they go for around 25-30 EUR a piece. You don’t get a Cisco router with that flexibility and features for that price

The thing that annoyed me, was the fact that the disk made an annoying high-pitch sound. I could replace it with another drive, perhaps a 2.5″ laptop harddisk, to reduce the noise, but eventually, I decided to go for a CF-card. The CF thing was kind of new to me, but after reading for a while, it looks like the CF card with an adapter just shows up as an IDE disk, and that’s it, bootable and all.So I went out and bought a CF to IDE adapter and an 8GB Sandisk CompactFlash Extreme III card. The adapter is quite cool, you can mount it in a floppy bay, or you can mount it at the back of you PC between the PCI slots, so you can just eject the card from the back or the front. (Well, looking up the product I bought on John’s site reveals more similar adapters to me, I think afterwards this adapter would have been cheaper, even though I’m not sure if it would fit in the small form factor PC.)

I installed the card, and after some fiddling with cables and jumpers, FreeBSD saw it as my second disk. I then stopped all network services, created a new slice on it and created partitions/labels with sysinstall. I then did a dump/restore to copy the partitions from the old disk to the new disk. After that was done (took quite a while, played some CoD4 while waiting), I rebooted the machine using only the CF card, fixed the missing /tmp filesystem, and rebooted again, and that’s it, the machine was op and running again! The only way to tell it’s running is the light on the front of the machine, because it’s now dead silent

And the performance is not as bad as I thought. I used diskinfo to do some simple and naive tests. The old disk (12407MB <Maxtor 91301U3 FA570480> at ata0-master UDMA33) has seeks time of up to 22ms, and a tranfer rate of up to 24MB/s. The new disk (7815MB <SanDisk SDCFX3-8192 HDX 4.03> at ata1-master WDMA2) had seek times of under 0.5ms, and a steady transfer rate of 15MB/s. The CF card feels fast and snappy as well, probably because of the low seek times..

Now this is cool.. No more need for an USB stick, I can run this program on my Windows Mobile 5 phone, and it emulates a generic mass storage device.

So I can just plug it into any PC running Mac OS, Windows, Linux, etc, and they think it’s just an USB stick, and I can copy files from and to my phone’s memory card.

I just used it to transfer a file from a Windows Vista box to a server running Solaris 10. I wanted to transfer a package with network drivers, but I did not want to burn a cd with 1,5MB of data. I lost my USB stick, but now I always have one in my pocket

Download here (free registration required)

This week, I ordered a Cisco 1131AG access point on Ebay, at 2/3 of the price.. I got the product because it’s a cisco (support, robustness, etc), and because of the extra range. And this one even looks fabulous! Guess who it’s inspired by

One thing I noticed as I received the AP, is that the circle around the Cisco logo lights up! It’s green when no one is connected, and blue when someone is. (And all kinds of colours in between I haven’t figured out yet, didn’t read the manual all the way through)

As usual with cisco, it has so many options, that you can easily drown in them, and you really need to know what you are doing. In the menu is a ‘express setup’ as well, but it does not satisfy my needs (wpa without radius). The box ships with radios disabled, and as soon as I enabled one, I was up and running. Took me some extra time to get it running with WPA, as I want to use pre-shared key authentication. (don’t want to set up certifates for 2 users, and without a radius server). I had it up and running, but then I got the problem that the AP would not pass DHCP reply packets.. Must have done something wrong.

So I set it to factory defaults again this morning and set it up according to this user’s instructions, and I was up and running again in a few minutes.

I set it to WPA2 only to be secure (WPA/TKIP is flawed or can be hacked as well), and my mac worked immediatly. My girlfriend, who uses Windows XP and the Windows tools to manage the wireless network card on her laptop, had to install the WPA2 update manually (it’s not an automatic update, and requires genuine valiadation!), and after that, it connected as well, and worked perfectly.

update: seems the DHCP reply packet issues is not solved yet. If I reboot my laptop it gets an ip, but when I suspend and resume, I don’t get an IP from my DHCP server. The DHCP server is SENDING the package though, I see in the sniffer. And the laptop is getting ipv6 router advertisements. Hmm.. Looks like the AP is eating the DHCP reply packets.. grrr..

At work, we have some workstations varying in age between 4 years and 4 months. But when is a workstation written off? We have the default policy of writing a PC off after 3 years, but what if the PC is still working like a charm?

 To have some extra numbers to take into consideration, I wanted to create a speed rating that would define the performance of a PC in a single number. I searched for quite some time to find a decent benchmark that would run on any PC (or server), and eventually, I cooked something up.

I downloaded the knoppix cd to boot from in text mode (type ‘knoppix 2′ at the boot screen) on each PC, download the script below, and run it.

It downloads and compiles ubench and seeker. Ubench is a tool that does some mathematical calculations, and benchmarks the CPU and memory. I then use hdparm to get the maximum sequential read in MB/s, then I run seeker to get the number of seeks per second, and the average access time in milliseconds. I run all these tests 3 times, to make sure one isn’t off.

I enter all data in an Excel sheet, and create a rating for the disk, by averaging the 3 disk numbers (using the PERCENTRANK function to place them on a scale from very bad to very good). I then create a average between the scaled CPU/Mem rating (60% weighed) and disk rating (40% weighed) to create a final ranking score on a scale from 0 to 100. Still have to find out the exact weights though, but the rating gives a global idea of the system’s performance.

# angelo@hongens.nl 2007/5/14
#SET VARIABLE TO CORRECT DISK!
DISK=/dev/sda

#download and compile ubench
cd ~
wget http://www.phystech.com/ftp/ubench-0.32.tar.gz
tar xzf ubench-0.32.tar.gz
cd ~/ubench-0.32
./configure
make

#download and compile seeker
wget -O ~/seeker.c http://www.linuxinsight.com/files/seeker.c.txt
gcc -O2 ~/seeker.c -o ~/seeker
rm ~/seeker.c

~/ubench-0.32/ubench
hdparm -t $DISK
~/seeker $DISK

~/ubench-0.32/ubench
hdparm -t $DISK
~/seeker $DISK

~/ubench-0.32/ubench
hdparm -t $DISK
~/seeker $DISK

Last week, I got a 250GB FreeCom USB2 harddisk at work. We were going to ship the disk to a customer, and the customer would send it back, with confidential data on it. Usually, I’m not that paranoid, but I like to keep my customer’s mission-critical confidential data secure, especially if I’m shipping the disk using normal low-cost shipping service. With TPG Post here in the Netherlands, it’s not that uncommon for packages to just go missing.. And even if it doesn’t go missing, I still don’t trust all postal service employees..

A logical thing to do, was to create a TrueCrypt volume on the disk, and place the data in that volume. I wanted to convince my customer that TrueCrypt is not only a secure, but also a fast tool to secure data.

The funny thing is, I couldn’t find any basic benchmarks on USB2 disks, let alone in comparison to encrypted volumes. So I created a volume myself, and benched it with ATTO Disk Benchmark.

This is the disk attached to my Dell Optiplex GX620 (Dual Core 2.8GHz, 2GB RAM). I didn’t tune anything, just plugged the disk in the back of my computer, and went ahead. The disk is formatted as one big NTFS volume.

Then I created a 100GB TrueCrypt volume, using default AES. Took a while to format the volume, but that’s not the strange considering the fact that a 100GB of data has to written. After that I mounted the volume, and did the same test:

Reads perform at 63%, and writes perform at 69% of the speed on the unencrypted volume, looking at big files. In this case, my client’s data consists of one huge file. In my opinion, these rates are quite acceptable, and I feel confident to tell my customer that this solution is ‘fast’ as well.