Well, although it is just a draft, so many ah bengs out there felt uneasy with the idea of BCPM drafted by MOSTI. For me, if this is going to raise my stake, professionalism of I.T industry in Malaysia, why not! In the real world, every one have to accept, if not many, there were some Gov critical project’s been done before by this ah bengs. The quality is the main concerns here and their dirty shits are every where. And you know what… those qualified professionals normally become a scape goats for this ah bengs when problem happened… Am sick of this..

Source

It’s been a week now since me and my colleagues went for vForum event which has been held in Singapore. Although I ONLY managed to join a few technical sessions, it was absolutely an outstanding event. I can see from my colleagues face that they are really passionate and some of them even have got chance to visit all VMware Partner Booths such as Hitachi, Dell Drobo, Veeam & etc. But seriously, I felt something was missing in the event. Probably it’s because there was nothing new has been shared by VMware partners or perhaps, the were too many uncles/auntie in the event

p/s: Don’t forget to attend today vSeminar at Bandar Utama (url).

As I’ve mentioned it here, now VMware have come with the patch which will resolve the issue. Test it out..

The complete bulletin of of ESX 4.1 Update 2 has been released. As per VMware, you cannot consider any ESX 4.1 as Update 2 unless you completely upgrade it with this bulletin. Source Sighh … Time to upgrade my customers ESX.

As we know that SSH by default will use port 22 but it is possible to change it to another port when required. Below are the steps need to be taken when I want to change it from port 22 to 2200. The steps can be divided to four parts. First, we need to do some changes on the Network service. Second is the SSH configuration. Then firewall and the last part is rc.local so that the changes is persistent after reboot.

1.Network Service:

This is where all valid network services should be listed including SSH. Just locate SSH service and change both TCP and UDP ports to port 2200.

2. SSH Configuration:

Go to SSH directory (/etc/ssh) and open sshd_config file using vi editor. Change the port to 2200.

3. ESXi Firewall:

Go to Firewall directory (/etc/vmware/firewall) and create new ruleset configuration file eg. ssh.xml as below.

Then refresh the firewall with this command “#esxcli network firewall refresh“.  You can check the new firewall state with this command “#esxcli network firewall ruleset rule list | grep sshnew”

4.Persistent Changes

a. Copy sshnew.xml from /etc/vmware/firewall to one of available datastore (eg.datastore1)

#cp /etc/vmware/firewall /vmfs/volumes/datastore1
b. Open /etc/rc.local file and then add below lines,

#Create custom SSHNEW rule
cp /vmfs/volumes/datastore1/ssh.xml /etc/vmware/firewall

#Refresh Firewall Rules
/sbin/esxcli network firewall refresh

ariyossss

athlon_crazy

Just want to share something basic about firewall in ESXi 5.0. By default the firewall has been configured to block all incoming or outgoing connection for ESXi 5.0 except for some default services. You can make some changes but a very limited in security profile configuration (host -> configuration -> security profile -> firewall).

This firewall configuration file (Rule Set Configuration File) for default services (service.xml) can be found in /etc/vmware/firewall folder. It’s read only file (444) and we are not allow to touch even though after we chmod it to 755(operation not permitted). As per VMware the configuration file should be installed using VIB package and the file will be loaded automatically.

The other thing that you must know is, firewall command which can be used in ESXi “esxcli”. We can load, refresh, set and etc with the command. Please go read the documentation for the details.

To include your custom firewall, I advise you to create your new Rule Set Configuration file in firewall folder and load it via esxcli command “#esxcli network firewall refresh” manually after you create it. I will write a tutorial on how to change your SSH default port by creating a new rule set configuration later.
ariyossss

athlon_crazy