VMware Consolidated Backup Installation:
1. Downloaded VMware Consolidated Backup 1.1 Update 1 - VMware-vcb-118380.exe
2. Downloaded Integration Module Integration for Symantec Backup Exec for Windows Servers - Backup Exec for ESX 3.5 Update 2 - VMware-veritas-backupexec-integration-102898.zip
3. Downloaded Virtual Machine Backup Guide Update 2 Release for ESX Server 3.5, ESX Server 3i version 3.5, VirtualCenter 2.5 - http://www.vmware.com/pdf/vi3_35/esx_3/r35u2/vi3_35_25_u2_vm_backup.pdf
4. Install VMware-vcb-118380.exe on Backup Excec 12 server.5. Unzip VMware-veritas-backupexec-integration-102898.zip, open README-backupexec.html and follow instruction.
Some process description:
What actually VCB and Integration Module does - it temporary mount a VM(s) on BE media server drive (VCB proxy in VMware terminology). This mount point use very little space, so it is almost no consideration for the size of disk partition what you will use for mounting. After what BE backup VM(s) through the mount point, you do not need to have BE Agent on VM to backup it. Recent version of VMware tools (installed on a VM) gives VCB ability to backup using Windows VSS provider.
Troubleshooting:
1. Be sure you have environmental variable: VCBBASE=C:\Program Files\VMware\VMware Consolidated Backup Framework , if not you will need to run install.bat from C:\Program Files\VMware\VMware Consolidated Backup Framework\backupexec again - actually it is all what this batch does.
2. Play with selection list entries - they a little bit tricky, but follow the README-backupexec.html instruction and your judgement.
Wednesday, October 01, 2008
Setup secure TSL communication
Setup secure (TSL) communication with an external company (Exchange 2003 server)
Task list:
Collect information about the external company
Acquire public certificate for the Exchange server (we can use same as we using for OWA access – but it should be public)
Setup firewall to permit SMTP access to the Exchange server.
Setup a dedicated Virtual SMTP server for communication with the external company.
Setup a SMTP connector to the external company
Test the communication.
Collect information about the external company
We need to collect next information for the task:
The company SMTP Domains (all info and IP addresses here and below will be bogus – only for example): Nobody.com
Inbound IP addresses: mail1.nobody.com – 148.168.1.2; mail2.nobody.com – 148.168.2.2
Setup firewall to permit SMTP access to the Exchange server
It is straight forward thing, for example for PIX:
Create NAT mapping:
static (inside,outside) 146.82.131.230 192.168.1.5 netmask 255.255.255.255
0 0
Create firewall rules:
access-list outside_access_in permit tcp host 148.168.1.2 host 134.82.131.230
eq smtp
access-list outside_access_in permit tcp host 148.168.2.2 host 134.82.131.230
eq smtp
Where 134.82.131.230 public address of your SMTP server (We will create it by Exchange System Manager), and 192.168.1.5 is LAN address.
Setup a dedicated Virtual SMTP server for communication with the external company.
We need to create just a standard SMTP server here on dedicated IP address (different for default SMTP).
Here you need to enter your public certificate in, use the “Certificate” Tab.
Here you can enter your exchange server public name (exactly like in your public certificate).
Setup a SMTP connector to the external company
If we did not have connectors before, we will need to create two connectors first will pointed to default SMTP Virtual Server and second to Virtual Server (NOBODY) which we created during the project.
Address space for MAIN connector should be “*” and cost should be higher then for NOBODY:
This connector will route all mail except for nobody.com domain.
Second connector will looks like this:
And address space (in my case it was 5 different domain names):
Here how to set TLS for sending e-mail to this external domain:
Test the communication
To test communication we need to be sure an e-mail message has TLS reference in the header, for example:
“Received: from source ([148.168.1.2]) (using TLSv1) by” – for mail from NOBODY company (inbound), and –
Received: from mail.mydomai.com ([146.82.131.230])
by gromsgia01i.nobody.com (8.13.8/8.13.8) with ESMTP id m3FG0WVe026377
(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT)
Task list:
Collect information about the external company
Acquire public certificate for the Exchange server (we can use same as we using for OWA access – but it should be public)
Setup firewall to permit SMTP access to the Exchange server.
Setup a dedicated Virtual SMTP server for communication with the external company.
Setup a SMTP connector to the external company
Test the communication.
Collect information about the external company
We need to collect next information for the task:
The company SMTP Domains (all info and IP addresses here and below will be bogus – only for example): Nobody.com
Inbound IP addresses: mail1.nobody.com – 148.168.1.2; mail2.nobody.com – 148.168.2.2
Setup firewall to permit SMTP access to the Exchange server
It is straight forward thing, for example for PIX:
Create NAT mapping:
static (inside,outside) 146.82.131.230 192.168.1.5 netmask 255.255.255.255
0 0
Create firewall rules:
access-list outside_access_in permit tcp host 148.168.1.2 host 134.82.131.230
eq smtp
access-list outside_access_in permit tcp host 148.168.2.2 host 134.82.131.230
eq smtp
Where 134.82.131.230 public address of your SMTP server (We will create it by Exchange System Manager), and 192.168.1.5 is LAN address.
Setup a dedicated Virtual SMTP server for communication with the external company.
We need to create just a standard SMTP server here on dedicated IP address (different for default SMTP).
Here you need to enter your public certificate in, use the “Certificate” Tab.
Here you can enter your exchange server public name (exactly like in your public certificate).
Setup a SMTP connector to the external company
If we did not have connectors before, we will need to create two connectors first will pointed to default SMTP Virtual Server and second to Virtual Server (NOBODY) which we created during the project.
Address space for MAIN connector should be “*” and cost should be higher then for NOBODY:
This connector will route all mail except for nobody.com domain.
Second connector will looks like this:
And address space (in my case it was 5 different domain names):
Here how to set TLS for sending e-mail to this external domain:
Test the communication
To test communication we need to be sure an e-mail message has TLS reference in the header, for example:
“Received: from source ([148.168.1.2]) (using TLSv1) by” – for mail from NOBODY company (inbound), and –
Received: from mail.mydomai.com ([146.82.131.230])
by gromsgia01i.nobody.com (8.13.8/8.13.8) with ESMTP id m3FG0WVe026377
(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT)
Subscribe to:
Posts (Atom)