Citrix NetScaler Source IP Mode - "Use Source IP"

By default, NetScaler load balancing traffic flow is
Source IP (client) --> Virtual Server IP — NetScaler — SNIP —> Web Server

The web server sees the NetScaler’s SNIP as the source IP of the traffic. To let the web server sees the client IP address, enable “Use Source IP” under System, Settings, Configure Modes, check Use Source IP.

However, some issues should be noted when enabling “Use Source IP”

• TCP multiplexing will be disabled
  • TCP multiplexing allows the NetScaler appliance to have one connection to the webserver for all clients traffic
  • Eliminate the web server to manage the open & close connection
• The default gateway on the web servers should be set to the NetScaler’s SNIP
  • When the web servers see the client source IP, they will look at their default routing table for the return traffic, instead of returning the traffic to the NetScaler
  • When the web servers try to connect to a TCP connection with the client, the connection will be dropped by the client
• Alternative to enable Use Source IP
  • In general, I would recommend not to use USIP
  • Use inject HTTP header option to allow the NetScaler to inject the source IP header into the HTTP request (more information will be provided in the future post.)

What is SHA1

SHA1 (Secure Hashing Algorithm 1) is a hashing algorithm to generate the digital signature (hash) of a document. The signature verifies who created the document (the signer) and that the document wasn’t altered. SHA1 is not an encryption algorithm. Examples of encryption algorithm are AES, DES, RC4, etc.

SHA1 is phasing out by the web browsers (Microsoft, Mozilla, Google) starting on January 1, 2016. The SSL certificate signed by SHA1 should be replaced with a new one signed by SHA2.

To check the SSL certificate on a web server, use

• http://sha1affected.com
• https://www.ssllabs.com/ssltest/

NetApp "HA GROUP ERROR: DISK/SHELF COUNT MISMATCH ERROR" Troubleshoot

We received an alert “HA GROUP ERROR: DISK/SHELF COUNT MISMATCH ERROR” from the NetApp filer (Model V3240, OS Version 8.1.2 [7-Mode]), one from each node in the NteApp cluster . The alert does not include much information which node has the problem or what goes wrong. It turns out that a disk in one of the nodes start failing. Here are some steps to help to identify the failing disk.

• Option 1: Search CF-Monitor.txt (inside body.7z file attached in the alert) for “Mismatched disk”, and run disk show <disk_device_id>
• Option 2: run disk show -v and look for “FAILED” disk
• Option 3: run sysconfig -d and look for “Not available” under Disk Vital Product Information column
• Option 4: run aggr status -r (or vol status -r) and look for “Maintenance disks”

Apple OS X Window Management Application

Windows 7 or later has the built-in shortcut to arrange / snap windows - Windows key + Arrow key. OS X does not have this kind of shortcut. A few third party applications are available to fill the gap (see the list below). I tested ShiftIt. It does not have the complete features like other paid apps, but it’s completely free and offers the similar keyboard shortcuts like Windows 7.

ShiftIt’s default keyboard combination is Control + Option + Command + Arrow key.

Other windows management applications

• Spectacle: free app
• Divvy
• SizeUp
• Hyperdock
• Flexiglass
• Cinch
• BetterSnapTool
• Moom

Apple MAC Keyboard Shortcut Key

Comparing with the Windows keyboard, the Apple MAC keyboard is missing some useful keys. This post collects the shortcut keys I learned, and will be updated as I know more. These keys are tested under OS X El Capitan, version 10.11.1.

• Fn + F11: hide / unhide opened windows; = Show Desktop shortcut in Windows
• Fn + Left Arrow: = Home (works in Microsoft Word, but does not work in OneNote)
• Command + Left Arrow: = Home (works in both Microsoft Word and OneNote)
• Fn + Right Arrow: = End (works in Microsoft Word, but does not work in OneNote)
• Command + Right Arrow: = End (works in both Microsoft Word and OneNote)
• Delete: = Backspace in Windows
• Fn + Delete: = Delete in Windows

This Apple document includes many keyboard shortcuts
https://support.apple.com/en-us/HT201236

This How-To Geek article includes some keyboard shortcuts
http://www.howtogeek.com/188530/a-windows-users-guide-to-mac-os-x-keyboard-shortcuts/

Install ESXi Host Update from Command Line

The easiest way to install ESXi host update is via Update Manager. However, if you don’t have Update Manager installed in the environment (e.g. the lab), or Update Manager does not have the access to the Internet, installing the update via the command line is quiet handy.

Follow the instruction on this VMware KB. The following is a short summary.

1. Find the needed update by comparing the build number on the host with this site web or this VMware KB
2. Download the ESXi update for the VMware patch portal. Normally it’s a ZIP file.
3. Upload the ZIP file to the local storage on the host
4. Power off the VMs on the host or migrate to another host
5. Put the host in the maintenance mode
6. Enable SSH on the host
7. SSH to the host
8. Run esxcli software vib update -d /vmfs/volumes/DataStore/DirectoryName/PatchName.zip
   if it’s a VIB file, run esxcli software vib update -v /vmfs/volumes/DataStore/DirectoryName/PatchName.vib
9. Verify the update is installed, esxcli software vib list
10. Run reboot
11. Exit the maintenance mode

Markdown Tables Generator

As I mentioned in my last post, I start using StackEdit, instead of Windows Live Writer, to post updates on my Blogger site. One of the functions I want to test in StackEdit is to add tables in the post.

It’s very easy to insert a table in Windows Live Writer. And I can even prepare a table in Excel, then copy/paste in Windows Live Writer and post in Blogger. The format of the table mostly maintains on the post.

The following table is from one of my previous post. The table is originally created in Excel. When using the Blogger web editor to make the table readable, I need to paste it in Word, reformat the column width to fit the width of my blog (after a few reposts), save it as “Web Page, Filtered” htm file, open the htm in Notepad, and copy/paste the HTML codes to Blogger.

StackEdit doesn’t have the “built-in” GUI tool to add a table. Fortunately, the Markdown Tables Generator exists. I copy the table from Excel, use File –> Paste table data to generate the markdown, click “Copy to clipboard”, and paste them in StackEdit. Let us see how it looks. Except the grid border line not showing, the rest of format looks right.

Access Method	Lockdown Mode Disabled	Normal Lockdown Mode	Strict Lockdown Mode
vCenter	Yes	Yes	Yes
Direct Console access (DCUI) with root	Yes	Yes	No
Direct Console access (DCUI) with account (local account only) defined in DCUI.Access advanced option for the host	Yes	Yes	No
Direct Console access (DCUI) with accounts in Exception User list for lockdown mode & administrative priviledge on the host (if the ESXi host is joined an AD domain, only AD account; if the ESXi host is not joined an AD domain, local account)	N/A	Yes	No
vSphere Client directly to ESXi with root	Yes	No	No
vSphere Client directly to ESXi with account (local account only) defined in DCUI.Access advanced option for the host	No	No	No
vSphere Client directly to ESXi with accounts in Exception User list for lockdown mode & administrative privilege on the host (if the ESXi host is joined an AD domain, only AD account; if the ESXi host is not joined an AD domain, local account)	N/A	Yes	Yes
PowerCLI / CLI to ESXi with root	Yes	No	No
PowerCLI / CLI to ESXi with account (local account only) defined in DCUI.Access advanced option for the host	No	No	No
PowerCLI / CLI to ESXi with accounts in Exception User list for lockdown mode & administrative privilege on the host (if the ESXi host is joined an AD domain, only AD account; if the ESXi host is not joined an AD domain, local account)	N/A	Yes	Yes