AWS-AMAZON2013. 4. 4. 15:30

AMAZON VPN 구성 (Adding a Hardware Virtual Private Gateway to Your VPC)

출처 : http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.html

AMAZON VPN 구성

Adding a Hardware Virtual Private Gateway to Your VPC

By default, instances that you launch into a virtual private cloud (VPC) can't communicate with your own network. You can enable access to your network from your VPC by attaching a virtual private gateway to the VPC, creating a custom route table, and updating your security group rules.

You can complete this process manually, as described on this page, or let the VPC creation wizard take care of many of these steps for you. For more information about using the VPC creation wizard to set up the virtual private gateway, see Scenario 3: VPC with Public and Private Subnets and Hardware VPN Access or Scenario 4: VPC with a Private Subnet Only and Hardware VPN Access.

Although the term VPN connection is a general term, in the Amazon VPC documentation, a VPN connection refers to the connection between your VPC and your own network.

Topics

For information about how you're charged for using a VPN connection with your VPC, see the Amazon VPC product page.

Components of Your VPN

A VPN connection consists of the following components.

Virtual Private Gateway

A virtual private gateway is the VPN concentrator on the Amazon side of the VPN connection.

For information about how many virtual private gateways you can have per region, as well as the limits for other components within your VPC, see Amazon VPC Limits.

Customer Gateway

A customer gateway is a physical device or software application on your side of the VPN connection.

For a list of customer gateways that we have tested with Amazon VPC, see Amazon Virtual Private Cloud FAQs.

VPN Configuration Examples

The following diagrams illustrate single and multiple VPN connections. The VPC has an attached virtual private gateway, and your network includes a customer gateway, which you must configure to enable the VPN connection. You set up the routing so that any traffic from the VPC bound for your network is routed to the virtual private gateway.

When you create multiple VPN connections to a single VPC, you can configure a second customer gateway to create a redundant connection to the same external location. You can also use it to create VPN connections to multiple geographic locations.

Single VPN Connection

VPN layout

Multiple VPN connections

Multiple VPN layout

VPN Routing Options

When you create a VPN connection, you must specify the type of routing that you plan to use. The type of routing that you select can depend on the make and model of your VPN devices. If your VPN device supports Border Gateway Protocol (BGP), specify dynamic routing when you configure your VPN connection. If your device does not support BGP, specify static routing. For a list of static and dynamic routing devices that have been tested with Amazon VPC, see the Amazon Virtual Private Cloud FAQs.

When you use a BGP device, you don't need to specify static routes to the VPN connection because the device uses BGP to advertise its routes to the virtual private gateway. If you use a device that doesn't support BGP, you must select static routing and enter the routes (IP prefixes) for your network that should be communicated to the virtual private gateway. Only IP prefixes that are known to the virtual private gateway, whether through BGP advertisement or static route entry, can receive traffic from your VPC.

We recommend that you use BGP-capable devices, when available, because the BGP protocol offers robust liveness detection checks that can assist failover to the second VPN tunnel if the first tunnel goes down. Devices that don't support BGP may also perform health checks to assist failover to the second tunnel when needed.

What You Need for a VPN Connection

To use Amazon VPC with a VPN connection, you or your network administrator must designate a physical appliance as your customer gateway and configure it. We provide you with the required configuration information, including the VPN preshared key and other parameters related to setting up the VPN connection. Your network administrator typically performs this configuration. For information about the customer gateway requirements and configuration, see the Amazon Virtual Private Cloud Network Administrator Guide.

The following table lists the information that you need to have so that we can establish your VPN connection.

Item How Used Comments  

The type of customer gateway (for example, Cisco ASA, Juniper J-Series, Juniper SSG, Yamaha)

Specifies how to format the returned information that you use to configure the customer gateway.

 

Internet-routable IP address (static) of the customer gateway's external interface.

Used to create and configure your customer gateway (it's referred to as YOUR_UPLINK_​ADDRESS)

The value must be static and can't be behind a device performing network address translation (NAT).

  

(Optional) Border Gateway Protocol (BGP) Autonomous System Number (ASN) of the customer gateway, if you are creating a dynamically routed VPN connection.

Used to create and configure your customer gateway (referred to as YOUR_BGP_ASN).

If you use the wizard in the console to set up your VPC, we automatically use 65000 as the ASN.

You can use an existing ASN assigned to your network. If you don't have one, you can use a private ASN (in the 64512–65534 range). For more information about ASNs, see the Wikipedia article.

Amazon VPC supports 2-byte ASN numbers.

  

Internal network IP ranges that you want advertised over the VPN connection to the VPC.

Used to specify static routes.

  

Configuring Two VPN Tunnels for Your VPN Connection

You use a VPN connection to connect your network to a VPC. Each VPN connection has two tunnels, with each tunnel using a unique virtual private gateway public IP address. It is important to configure both tunnels for redundancy. When one tunnel becomes unavailable (for example, down for maintenance), network traffic is automatically routed to the available tunnel for that specific VPN connection.

The following diagram shows the two tunnels of the VPN connection.

Using Redundant VPN Connections to Provide Failover

As described earlier, a VPN connection has two tunnels to help ensure connectivity in case one of the VPN connections becomes unavailable. To protect against a loss of connectivity in case your customer gateway becomes unavailable, you can set up a second VPN connection to your VPC by using a second customer gateway. By using redundant VPN connections and customer gateways, you can perform maintenance on one of your customer gateways while traffic continues to flow over the second customer gateway's VPN connection. To establish redundant VPN connections and customer gateways on your network, you’ll need to set up a second VPN connection. The customer gateway IP address for the second VPN connection must be publicly accessible and can’t be the same public IP address that you are using for the first VPN connection.

The following diagram shows the two tunnels of the VPN connection and two customer gateways.

Dynamically routed VPN connections use the Border Gateway Protocol (BGP) to exchange routing information between your customer gateways and the virtual private gateways. Statically routed VPN connections require you to enter static routes for the network on your side of the customer gateway. BGP advertised and statically entered route information allow gateways on both sides to determine which tunnels are available and reroute traffic if a failure occurs. We recommend that you configure your network to use the routing information provided by BGP (if available) to select an available path. The exact configuration depends on the architecture of your network.

Setting Up the VPN Connection

Use the following procedure to manually set up the VPN connection. Alternatively, you can create the VPC and subnets and complete the first four steps in this procedure using the VPC wizard. For more information, see Implementing Scenario 3 or Implementing Scenario 4.

This procedure assumes that you have a VPC with one or more subnets, and that you have the required network information (see What You Need for a VPN Connection).

  1. Create a customer gateway.

    1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

    2. In the navigation pane, click Customer Gateways, and then click Create Customer Gateway.

    3. Specify the routing type and the static IP address for your customer gateway device, and then click Yes, Create.

  2. Create a virtual private gateway and attach it to the VPC.

    1. In the navigation pane, click Virtual Private Gateways, and then click Create Virtual Private Gateway.

    2. Click Yes, Create when prompted.

    3. Select the virtual private gateway that you just created, and then click Attach to VPC.

    4. In the Attach to VPC dialog box, select the VPC from the list, and then click Yes, Attach.

  3. Add a route to the route table and enable route propagation.

    1. In the navigation pane, click Route Tables, and then select the route table that's associated with the subnet; by default, this is the main route table for the VPC.

    2. On the Routes tab in the details pane, if you are using static routing for your VPN connection, add the static route used by your VPN connection in the Destination box, and then click Add.

    3. On the Routes tab, enter the IP prefix for your customer network in the Destination box, select the virtual private gateway ID in the Target list, and then click Add.

    4. On the Route Propagation tab in the details pane, select the virtual private gateway associated with the VPC from the list, and then click Add.

      Note

      If you configured your VPN connection to use dynamic routing and you've enabled route propagation, the BGP advertised routes from your customer gateway won't appear in the route table unless the status of the VPN connection is UP.

  4. Add rules to the security group to allow SSH and RDP access from your network. For more information about adding inbound rules, see Adding and Removing Rules.

    1. In the navigation pane, click Security Groups, and then select the default security group for the VPC.

    2. On the Inbound tab in the details pane, add a rule for inbound SSH access and a rule for inbound RDP access to the group from your network, and then click Apply Rule Changes.

  5. Create a VPN connection.

    1. In the navigation pane, click VPN Connections.

    2. Click Create VPN Connection.

    3. In the Add VPN Connection dialog box, do the following, and then click Yes, Create:

      • Specify the IP address for your customer gateway.

      • Select one of the routing options based on whether your VPN router supports Border Gateway Protocol (BGP):

        • If your VPN router supports BGP, select Use dynamic routing (requires BGP).

        • If your VPN router does not support BGP, select Use static routing. In the IP Prefix box, specify each IP prefix for the private network of your VPN connection, and then click Add.

  6. Configure the customer gateway.

    1. In the navigation pane, click VPN Connections.

    2. Select your VPN connection, and then click Download Configuration.

    3. Give the configuration information to your network administrator, along with this guide: Amazon Virtual Private Cloud Network Administrator Guide. After the network administrator configures the customer gateway, the VPN connection is operational.

  7. Launch an instance into the subnet.

    1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

    2. In the navigation pane, click Instances.

    3. Click Launch Instance.

    4. On the Create a New Instance page, click Quick Launch Wizard and follow the directions. Specify a name for your instance, choose a key pair, select an AMI, and then click Continue.

    5. Click Edit Details, select Launch into a VPC under Instance Details, specify a subnet, and then click Save Details.

    6. Review the settings that you've chosen. Make any changes that you need, and then click Launch.

Testing the End-to-End Connectivity of Your Instance

After you set up your VPN connection and launch an instance, you can test the connection by pinging the instance. You just need to use an AMI that responds to ping requests. We recommend you use one of the Amazon Linux AMIs. If you are using instances running Windows Server, you'll need to log in to the instance and enable inbound ICMPv4 on the Windows firewall in order to ping the instance.

Important

You must configure any security group or network ACL in your VPC that filters traffic to the instance to allow inbound and outbound ICMP traffic.

You can monitor the status of your VPN connections using the Amazon VPC console or by using the Amazon EC2 API/CLI. You can view information about your VPN connections, including its state, the time since last state change, and descriptive error text.

To test the end-to-end connectivity

  1. After the instance is running, get its private IP address (for example, 10.0.0.4). The Amazon EC2 console displays the address as part of the instance's details.

  2. From a computer in your network that is behind the customer gateway, use the ping command with the instance's private IP address. A successful response is similar to the following:

    PROMPT> ping 10.0.0.4
Pinging 10.0.0.4 with 32 bytes of data:

Reply from 10.0.0.4: bytes=32 time<1ms TTL=128
Reply from 10.0.0.4: bytes=32 time<1ms TTL=128
Reply from 10.0.0.4: bytes=32 time<1ms TTL=128

Ping statistics for 10.0.0.4:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),

Approximate round trip times in milliseconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

You can now use SSH or RDP to connect to your instance in the VPC. For more information about how to connect to a Linux instance, see Connect to Your Linux Instance in theAmazon Elastic Compute Cloud User Guide. For more information about how to connect to a Windows instance, see Connect to Your Windows Instance in the Amazon Elastic Compute Cloud Microsoft Windows Guide.

Replacing Compromised Credentials

If you believe that the tunnel credentials for your VPN connection have been compromised, you can change the IKE preshared key. To do so, delete the VPN connection, create a new one using the same virtual private gateway, and configure the new keys on your customer gateway. You also need to confirm that the tunnel's inside and outside addresses match, because these might change when you recreate the VPN connection. While you perform the procedure, communication with your instances in the VPC stops, but the instances continue to run uninterrupted. After the network administrator implements the new configuration information, your VPN connection uses the new credentials, and the network connection to your instances in the VPC resumes.

Important

This procedure requires assistance from your network administrator group.

To change the IKE preshared key

  1. Delete the VPN connection. You don't need to delete the VPC or the virtual private gateway.

    1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

    2. In the navigation pane, click VPN Connections.

    3. Select the VPN connection and click Delete.

    4. In the Delete VPN Connection dialog box, click Yes, Delete.

  2. Create a new VPN connection.

    1. On the same VPN Connections page, click Create VPN Connection. Notice that your virtual private gateway and customer gateway are already selected.

    2. Select one of the routing options based on whether your VPN router supports Border Gateway Protocol (BGP). If you are unsure, see Amazon Virtual Private Cloud FAQs.

      • If your VPN router supports Border Gateway Protocol (BGP), click Use dynamic routing (requires BGP).

      • If your VPN router does not support BGP, click Use static routing. In the IP Prefix box, enter each IP prefix for your network, and then click Add.

    3. Click Yes, Create.

      Launch the wizard

  3. Download a new customer gateway configuration, which your network administrator must implement. This new configuration replaces the previous gateway configuration that used the old IKE preshared key.

    1. Select the VPN connection that you just created, and then click Download Configuration.

    2. Select the customer gateway's vendor, platform, and software version, and then click Yes, Download.

      Configuration download dialog box

    3. Save the text file and give it to your network administrator, along with the Amazon Virtual Private Cloud Network Administrator Guide.

Deleting a VPN connection

If you no longer need a VPN connection, you can delete it.

Important

If you delete your VPN connection and then create a new one, you have to download new configuration information and have your network administrator reconfigure the customer gateway.

To delete a VPN connection

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, click VPN Connections.

  3. Select the VPN connection and click Delete.

  4. In the Delete VPN Connection dialog box, click Yes, Delete.

If you no longer require a customer gateway, you can delete it. You can't delete a customer gateway that's being used in a VPN connection.

To delete a customer gateway

  1. In the navigation pane, click Customer Gateways.

  2. Select the customer gateway to delete and click Delete.

  3. In the Delete Customer Gateway dialog box, click Yes, Delete.

If you no longer require a virtual private gateway for your VPC, you can detach it.

To detach a virtual private gateway

  1. In the navigation pane, click Virtual Private Gateways.

  2. Select the virtual private gateway and click Detach from VPC.

  3. In the Detach from VPC dialog box, click the VPC list, select the VPC to detach, and then click Yes, Detach.

If you no longer require a virtual private gateway, you can delete it. You can't delete a virtual private gateway that's still attached to a VPC.

To delete a virtual private gateway

  1. Select the virtual private gateway to delete and click Delete.

  2. In the Delete Virtual Private Gateway dialog box, click Yes, Delete

'AWS-AMAZON' 카테고리의 다른 글

aws centos 6.3  (0) 2016.06.02
Amazon 클라우드 서비스 (AWS)에 대한 소개  (0) 2015.11.16
AWS EC2의 ROOT 계정 활성화, 패스워드 설정, 패스워드로 로그인 활성화  (0) 2015.08.12
AWS LINUX SSH 접속  (0) 2015.02.16
Posted by 배움나눔
Cacti2013. 3. 29. 18:31

Cacti / Windows Memory 그래프 나타내는 방법

 

출처 : http://blog.naver.com/PostView.nhn?blogId=pcbman75&logNo=70042373129&parentCategoryNo=&categoryNo=&viewDate=&isShowPopularPosts=false&from=memoPostView

1. Cacti가 설치된 리눅스에 ssh로 로그인후

2. vi 편집기로 아래 파일의 4~50번째 줄에 있는 아래 내용을 편집

   vi /var/www/html/scripts/ss_host_disk.php

   Code: 아래 부분을 찾아서 주석 처리 해준다.

   변경전 :    if ($arr2[$i] > 100000)   

   변경후 : /*   if ($arr2[$i] > 100000)    */

재시작 후 완료

'Cacti' 카테고리의 다른 글

SPINE: Poller[0] FATAL: Connection Failed, Error:'1040', Message:'Too many connections' (Spine thread)  (0) 2013.05.27
CACTI Data Template  (0) 2013.05.10
cacti http to https login redirection  (0) 2013.04.08
Cacti로 MySQL 모니터링 및 튜닝 포인트  (2) 2012.05.29
cacti 설치  (0) 2012.05.29
Posted by 배움나눔
Windows2013. 3. 28. 12:07

Install Windows Components from Command Line

출처 : http://itknowledgeexchange.techtarget.com/network-administrator/install-windows-components-from-command-line/

Install Windows Components from Command Line

Windows XP and Windows Server 2000 / 2003 have a built-in utility called the System stand-alone Optional Component Manager (sysocmgr.exe) to programmatically add or remove Windows components. Running sysocmgr.exe with no parameters will display the usage. The most basic command line is:

%windir%\system32\sysocmgr.exe /i:%windir%\inf\sysoc.inf This parameter (/i:) is always required and specifies the location of the master inf (%windir%\inf\sysoc.inf). When run it simply displays the Windows Components Wizard. Therefore the above command can be used as a shortcut directly to the Windows Components Wizard.

The real power of sysocmgr is in unattended mode. Additional parameters control the user interface, handle restarting, and control which components are added or removed by way of a standard Windows unattended answer file. Sysocmgr only looks in the [Components] and [NetOptionalComponents] sections, so the answer file can be specifically for component management or reused from a Windows unattended installation. Some components have their own unattended answer file sections, which are also parsed.

The following example uses an answer file (/u:) named ocm.txt in the temporary directory (%temp%\ocm.txt), suppresses any necessary restart (/r), and displays no user interface (/q):

%windir%\system32\sysocmgr.exe /i:%windir%\inf\sysoc.inf /u:%temp%\ocm.txt /r /q

The following example answer file adds the Simple Network Management Protocol (SNMP) service and configures the agent settings:

[NetOptionalComponents]
SNMP = 1

[SNMP]
Contact_Name = Michael Khanin
Location = Canada

Service = Physical, Applications, End-to-End

Community_Name = Public
Traps = server1.thesystemadministrator.com, server2.thesystemadministrator.com

Send_Authentication = Yes
Accept_CommunityName = Public:Read_Only
Any_Host = No
Limit_Host = server1.thesystemadministrator.com, server2.thesystemadministrator.com

Tips:

  • Sysocmgr can only be run by users with local administrative rights. It can be combined with runas, e.g.,

runas /user:admin “%windir%\system32\sysocmgr.exe /i:%windir%\inf\sysoc.inf”

  • Make sure that the target system has the Windows installation source available. The following registry values must point to a source to which the administrative user has access (e.g., if a network path, a local administrator account may not be able to access it):


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup]
“SourcePath”=”c:\\windows\\i386″
“Installation Sources”= … (REG_MULTI_SZ value)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion]
“SourcePath”=”c:\\windows\\i386″

'Windows' 카테고리의 다른 글

netlogon 로그 오류 코드  (0) 2013.06.04
Raid Controller Driver 설치 ( 구 서버 )  (0) 2013.05.08
Windows에서 디스크 용량 보기 명령어  (0) 2013.01.09
windows server 2008 제품군별 기능 차이  (0) 2013.01.02
net advfirewall firewall 사용 방법  (0) 2012.11.20
Posted by 배움나눔
Ubuntu2013. 3. 15. 14:37

리눅스 계정 관리 (adduser, usermod, userdel)

출처 : http://mintnlatte.tistory.com/entry/리눅스-계정-관리-useradd-usermod-userdel

 

(1) 계정 생성
: 사용자 계정을 새롭게 생성한다.

● 명령어
  adduser [계정명]

- 패스워드 / 사용자 정보를 추가로 입력할 수 있다.


(2) 계정 검색
: 생성된 계정에 대한 정보를 검색하고, 수정한다.

● /etc/passwd : 사용자 인증에 필요한 계정 정보

 

- beloved_test : 사용자 계정
- x : 비밀번호
- 1002 : 사용자 ID (0 : 관리자, 1~499 : 시스템계정, 500~ : 일반 사용자 계정)
- 1002 : 그룹 ID
- administrator : 계정정보(comment)
- /home/beloved_test : 홈 디렉토리
- /bin/sh : 로그인 쉘

● /etc/shadow : 사용자 인증에 필요한 암호 정보(암호화)

- beloved_test(Login Name) : 사용자 계정

- $6$98WfRq5~(Encrypted) : 패스워드를 암호화 시킨 값
- 15394(Last changed) : 1970년 1월 1일 부터 패스워드가 수정된 날짜의 일수를 계산
- 0(Minimum) : 패스워드가 변경되기 전 최소사용기간
- 99999(Maximum) : 패스워드 변경 전 최대 사용기간
- 7(Warn) : 패스워드 사용 만기일 전에 경고 메시지를 제공하는 일 수
- Inactive : 로그인 차단 일 수(캡쳐화면에서는 설정되지 않음)
- Expire : 로그인 사용을 금지하는 일 수(캡쳐화면에서는 설정되지 않음)
- Reserved : 사용되지 않음


(3) 계정 수정
: 계정명을 받아 옵션에 적용된 값의 지정, 계정정보를 변경

● 명령어
  usermod [옵션] [계정명]

● 옵션
-c : 사용자 이름, 정보 수정
-d : 사용자 계정 홈 디렉토리 위치 수정
-e : 사용자 계정을 지정된 날짜에 삭제
-f : 패스워드 만기된 후 계정 영구 삭제 기간
-u : 사용자 ID 퍼미션
-s : 사용자의 로그인 쉘 지정

-G : 사용자가 기본 그룹 이외, 다른 그룹에 추가

(ex 1) 사용자 계정에 comment로 administrator 라는 정보를 추가


(ex2) 사용자 계정에 expire day로 2012년 2월 25일을 설정


(4) 계정 삭제
: 생성했던 사용자 계정을 삭제

● 명령어
  userdel [옵션] [계정명]

● 옵션
  -f(Force) : 파일이 사용자 소유가 아니더라도 강제로 삭제
  -h(Help) : 도움말
  -r(Remove) : 홈디렉토리와 메일 저장소 삭제(모든 계정관련 폴더 파일 삭제)



(4) 계정 권한 수정
: 파일이나 디렉토리에 대한 권한 설정과 같이 계정도 권한 설정이 가능하다.

● 설정파일 경로
  /etc/adduser.conf

- DIR_MODE 수정(초기 755)
ex) 750으로 수정 시, 이후 생성되는 계정은 750 권한을 갖는다. (소유자:7 / 그룹:5 / 전체:0)
      따라서, root와 동일그룹을 제외한 타 계정의 접근을 거부할 수 있다.

'Ubuntu' 카테고리의 다른 글

ubuntu root resize  (2) 2016.06.13
우분투(Ubuntu) 에서의 계정생성 (adduser & useradd)  (0) 2013.03.15
Posted by 배움나눔
Ubuntu2013. 3. 15. 14:34

우분투(Ubuntu) 에서의 계정생성 (adduser & useradd)

출처 : http://mintnlatte.tistory.com/257

 

■ 우분투에서 계정을 생성하는 명령어는 2가지가 있다.


(1) 계정생성
: debian 계열(우분투)의 경우 useradd / adduser 모두 사용할 수 있지만, 차이는 있다.

● useradd : 순수 계정만 생성해주고, 기본 셸인 sh가 할당된다. (홈 디렉토리 / 패스워드 등을 따로 설정 해 주어야함.)
● adduser : 계정생성 및 비밀번호 와 사용자 정보를 입력받아 계정을 생성하고, 사용자가 설정한 기본 셸을 사용자의
                   셸로 지정해 주고 홈 디렉토리도 만들어 준다.


(2) useradd 명령으로 계정 생성

- useradd로 계정을 생성 시 계정은 생성 되었으나, 홈폴더는 생성되지 않는다.

- 패스워드 또한 따로 등록 해 주어야 한다.


(3) useradd 옵션
  -c (Comment) : 패스워드 파일에 사용자 설명 추가
  -d (Home) : 디렉토리 위치 지정
  -e (Expiredate) : 지정된 날짜에 사용자 계정 삭제
  -f (Inactive) :  패스워드 만기된 후 계정 영구 삭제 기간
  -u (User ID) : 사용자 ID 퍼미션
  -s (Shell) :  사용자의 로그인 쉘 지정
  -n (Mode) : 사용자가 계정 추가 기본 모드를 지정하지 않을 시
  -G (Groups): 사용자가 기본 그룹 이외, 다른 그룹에 추가
  -m (Move) : 홈 디렉토리를 지정할때 사용합니다. (-d 옵션과 쓰임)
  -M (No create home) : 홈 디렉토리를 만들지 않는다.

: -m 옵션으로 홈폴더가 만들어 졌고, -c 옵션으로 계정에 administrator라는 정보를 추가


(4) adduser 명령으로 계정 생성
: adduser 명령을 통한 계정 생성은 이전 포스팅 자료 참고
  2012/02/24 - [[ Linux ]/Command] - 리눅스 계정 관리 (adduser, usermod, userdel)

'Ubuntu' 카테고리의 다른 글

ubuntu root resize  (2) 2016.06.13
리눅스 계정 관리 (adduser, usermod, userdel)  (0) 2013.03.15
Posted by 배움나눔
H/W - SERVER2013. 2. 20. 12:35

HP RAID Card vs Dell RAID Card

출처 : http://blog.wizcns.com/2012/04/hp-raid-card-vs-dell-raid-card.html

HP RAID Card vs Dell RAID Card

< HP P410 Raid Controller >

- BBWC (Battery Backed Write Cache) :
  전원이 나갔을 때 BBU(Battery)의 전원으로 캐시메모리(DRAM)의 정보를 유지하기 때문에 BBU의 전원이 방전되기 전에 전원 연결이 다시 되지 않으면 Data loss 가 발생한다.

- FBWC (Flash Backed Write Cache) :
 전원이 나가면 Power Cap 의 전원으로 캐시메모리(DRAM)의 데이터를 내장된 플래시 메모리에 저장하며 데이터 유지를 위한 더이상의 전력이 필요하지 않다.(플래시 메모리에 저장) 전원이 연결되면 플래시 메모리의 데이터를 다시 캐시메모리로 복사하여 데이터를 복구한다. BBWC의 장점을 보완한 기술로 BBU 교체가 필요없어 유지보수에 대한 비용 발생하지 않는다.


< Dell H700 / H800 Raid Controller >

 - 배터리로 캐쉬 보존
   컨트롤러의 BBU/TBBU에 포함된 리튬 이온 배터리는 캐쉬 메모리에 있는 데이터를 보호할 수 있는 저렴한 방법입니다. 컨트롤러가 정전 또는 시스 템의 부적절한 종료가 발생되었을 때 캐쉬 메모리에 있는 데이터가 존재하 는 경우 , 전원이 복원되거나 배터리가 고갈될 때까지 캐쉬 데이터를 보존 하기 위해 배터리 전원이 사용됩니다 . 1 년의 제한적 보증 조건 하에서 , 배 터리는 보증 기간 동안 정상 작동 조건에서 최소 24 시간의 백업 전원을 제 공합니다 . 배터리 수명을 연장하려면 섭씨 60 도 이상의 온도에서 배터리 를 보관하거나 작동하지 마십시오.

- 비휘발성 캐쉬 (NVC)로 캐쉬 보존
  NVC 모듈을 사용하면 컨트롤러 캐쉬 데이터를 배터리 백업이 제공해줄 수 있는 24시간보다 장기간 영구적으로 저장할 수 있습니다 . 컨트롤러가 정전 발생시 또는 부적절한 시스템 종료 중 캐쉬 메모리에 데이터를 포함 하고 있는 경우 , 전원이 복원되고 시스템이 부팅될 때까지 배터리에 있는 소량의 전원을 사용하여 남아 있는 비휘발성 플래시 저장소로 캐쉬 데이터 를 이동시킵니다 .
Posted by 배움나눔
Windows2013. 1. 9. 11:22

Windows에서 디스크 용량 보기 명령어

출처 : http://pantarei.tistory.com/918

1. dir 명령을 사용하면 사용가능한 용량이 나온다.

> dir | findstr 남음
               2개 디렉터리   6,948,356,096 바이트 남음


2. 찾아보니 fsutil 이라는게 있다.

> fsutil volume diskfree E:
사용 가능한 공간(KB): 1119924224
전체 공간(KB): 20971528192
사용 가능한 빈 공간(KB): 1119924224


그래도 부족하다.

3. NTFAQ에 원하는 내용이 있다.
- df.vbs

Set oWMIService = GetObject("winmgmts:")
Set oLogicalDisks = oWMIService.InstancesOf("Win32_LogicalDisk")

'Wscript.Echo "Filesystem Size Used Available Use%"
Wscript.Echo "Filesystem    Size          Available"

For Each oLogicalDisk In oLogicalDisks
    Wscript.Echo oLogicalDisk.DeviceID & "            " & oLogicalDisk.Size & "   " & oLogicalDisk.Freespace
Next

Set oLogicalDisks = Nothing
Set oWMIService = Nothing


- df.bat

@echo off
CScript E:\bin\df.vbs //NoLogo


 

> df
Filesystem    Size          Available
C:            20971528192   1120002048
D:            20971528192   16167817216
E:            38072369152   6948356096
F:


[todo] \t 로 제대로 정렬되게 할 것

'Windows' 카테고리의 다른 글

Raid Controller Driver 설치 ( 구 서버 )  (0) 2013.05.08
Install Windows Components from Command Line  (0) 2013.03.28
windows server 2008 제품군별 기능 차이  (0) 2013.01.02
net advfirewall firewall 사용 방법  (0) 2012.11.20
Windows Server 2008 Active directory 설치 실패  (0) 2012.06.01
Posted by 배움나눔
Windows2013. 1. 2. 13:22

windows server 2008 제품군별 기능 차이

출처 : 꼬알라의 하얀집 (http://blogs.technet.com/b/koalra/archive/2008/01/21/windowsserver-2008.aspx)

Windows Server 2008 각 에디션별로 지원 기능 및 하드웨어에 대한 최대 가용치가 조금씩 다릅니다.

해당 내용에 대해 포스팅해드립니다. 거의 확정적이지만, RTM이 되었을 때, 조금 변경될 수도 있습니다. 일전에 언급해드린 적이 있습니다만, Windows Server 2008은 Hyper-V를 내장한 Windows Server 2008 with Hyper-V 버전과 이를 내장하지 않은 Windows Server 2008 without Hyper-V 버전으로 출시됩니다. With Hyper-V 버전의 경우에는 당연히 x64 버전만 출시되며, Without Hyper-V 버전의 경우에는 x86과 x64, IA64를 출시합니다.

또한 Windows Server 2008은 Windows Server 플랫폼중 마지막으로 x86(32-bit)를 지원하며, 차후 출시되는 모든 Windows Server 플랫폼은 x64나 IA64만 지원할 예정입니다.

Technologies

Windows Web Server 2008

Windows Server 2008 Standard

Windows Server 2008 Enterprise

Windows Server 2008 Datacenter

Windows Server 2008 for Itanium

CPU Sockets ? x86

4

4

8

32

 

CPU Sockets ? x64

4

4

8

64

 

CPU Sockets ? IA64

 

 

 

 

64

RAM - 32-bit version

4 GB

4 GB

64 GB

64 GB

N/A

RAM - 64-bit version

32 GB

32 GB

2 TB

2 TB

2 TB

Hot Add Memory

 

 

X

X

X

Hot Replace Memory and Hot Add/Replace Processor

 

 

 

X

X

Failover Cluster Nodes ? x86

 

 

8

8

 

Failover Cluster Nodes ? x64

 

 

16

16

 

Failover Cluster Nodes ? IA64

 

 

 

 

8

Fault Tolerant Memory Synchronization

 

 

X

X

X

Cross-file Replication (DFS-R)

 

 

X

X

X

Network Access Service Connections (RRAS)

 

250

Unlimited

Unlimited

2

Network access Service Connections (IAS)

 

50

Unlimited

Unlimited

 

Terminal Services Connections

2

250

65,535

65,535

2

Advanced Identity Management Features

 

 

X

X

 

AD Federation Services

 

 

X

X

 

Advanced Certificate Services

 

 

X

X

 

Certificate Authority Web Proxy

 

 

X

X

 

Network Device Enrollment Service

 

 

X

X

 

Online Responder Service

 

 

X

X

 

Media Server

Basic

Basic

Full

Full

 

Hyper-V (virtualization)*

 

X

X

X

 

Quick Migration

 

 

X

X

 

Host Clustering of Virtual Images

 

 

X

X

 

Virtual Image Use Rights

1 VM

Host + 1 VM

Host + 4 VMs

Unlimited

Unlimited

Notes:
* Hyper-V is only available on x64 versions of Windows Server 2008.

 

'Windows' 카테고리의 다른 글

Install Windows Components from Command Line  (0) 2013.03.28
Windows에서 디스크 용량 보기 명령어  (0) 2013.01.09
net advfirewall firewall 사용 방법  (0) 2012.11.20
Windows Server 2008 Active directory 설치 실패  (0) 2012.06.01
Windows 2008 R2 서버 이벤트로그 메일 보내기  (0) 2012.05.08
Posted by 배움나눔
Windows2012. 11. 20. 14:58

net advfirewall firewall 사용 방법

http://social.technet.microsoft.com/Forums/ko-KR/isaserverko/thread/58a02324-fb88-4c33-a678-460827c7ae5e

 

질문

 

Vista이상의 상위 버전 윈도우에서는 netsh firewall 대신에 netsh advfirewall firewall 명령어를 사용을 추천 합니다.

 

대답

 

1.     프로그램 허용

 

a.     netsh advfirewall firewall add rule name=”My Application” dir=in action=allow program=”C:\MyApp\MyApp.exe” enable=yes

 

b.     netsh advfirewall firewall add rule name=”My Application” dir=in action=allow program=”C:\MyApp\Myapp.exe” enable=yes remoteip=157.60.0.1, 172.16.0.0/16,LocalSubnet profile=domain

 

2.     포트 허용

 

a.     netsh advfirewall firewall add rule name=”Open Port 80” dir=in action=allow protocol=TCP localport=80

 

3.     허용된 프로그램과 포트 룰 제거 하기

 

a.     netsh advfirewall firewall delete rule name=”rulename” program=”C:\MyApp\MyApp.exe”

 

b.     netsh advfirewall firewall delete rule name=”rulename” protocol=udp localport=500

 

4.     ICMP 설정 하기

 

a.     netsh advfirewall  firewall add rule name=”ICMP Allow incoming V4 echo request” protocol=icmpv4:8,any dir=in action=allow

 

b.     netsh advfirewall firewall add rule name=”All  ICMP V4” protocol=icmpv4:any,any dir=in action=allow

 

 

5.     로깅 설정

 

a.     netsh advfirewall set currentprofile logging filename %systemroot%\system32\LogFiles\Filewall\pfirewall.log

 

b.     netsh advfirewall set currentprofile logging maxfilesize 4096

 

c.     netsh advfirewall set currentprofile logging droppedconnections enable

 

d.     netsh advfirewall set currentprofile logging allowedconnections enable

 

 

 

6.     방화벽 On/Off

 

a.     netsh advfirewall set currentprofile state on

 

b.     netsh advfirewall set currentprofile state on
netsh advfirewall set currentprofile firewallpolicy blockinboundalways,allowoutbound

 

c.     netsh advfirewall set domainprofile state on
netsh advfirewall set domainprofile firewallpolicy blockinbound,allowoutbound

 

d.     netsh advfirewall set domainprofile state on
netsh advfirewall set private profile state on

 

 

7.     방화벽 설정 초기화

 

a.     Netsh advfirewall reset

 

 

8.     특정 서비스 허용

 

a.     netsh  advfirewall firewall set rule group=”File and Printer Sharing” new enable=yes

 

b.     netsh  advfirewall firewall set rule group=”remote desktop” new enable=yes

 

c.     netsh  advfirewall firewall set rule group=”remote desktop” new enable=yes profile=domain

 

d.     netsh advfirewall firewall set rule group=”remote desktop” new enable=yes profile=private



적용 대상

 

Windows Vista

Windows 7

Windows 2008

Windows 2008 R2

'Windows' 카테고리의 다른 글

Windows에서 디스크 용량 보기 명령어  (0) 2013.01.09
windows server 2008 제품군별 기능 차이  (0) 2013.01.02
Windows Server 2008 Active directory 설치 실패  (0) 2012.06.01
Windows 2008 R2 서버 이벤트로그 메일 보내기  (0) 2012.05.08
windows NTP 시간 동기화  (0) 2012.05.03
Posted by 배움나눔
Windows2012. 6. 1. 14:54

Windows Server 2008 Active directory 설치 실패

출처 : http://www.sqler.com/457632

 

 

WindowServer 2008R2 서버에 Active directory를 설치 하는 중에 오류가 발생하여 원인 분석을 해달라는 요청을 받았습니다.
첨부로 받은 파일이 app.evtx, setuplog.evetx와 msinfo.nfo 그리고 C:\windows\debugs 폴더의 에러 로그 였습니다.
시스템 이벤트 로그가 없어서 조금 아쉬웠습니다만....

우선 원인 분석을 위해 우선 err 유틸을 통해 C:\windows\debugs 의 dcpromoui.001 파일에서 확인 된 80070BC9오류코드를 확인하였지만 별 내용이 없어서 해당 서버에서 실행 중인 서비스들을 확인하였습니다.

Remote registry 서비스가 disable 되어 있는 것이 눈에 띄더군요.......ㅋㅋ

[환 경]
Windows server 2008 R2 EE

[증 상]
admin 권한이 있는 사용자로 로그온 후 Active direcotry 설치를 위해 dcpromo 명령어 실행 하면 아래와 같은 오류 메시지와 함께 설치가 실패 됨

C:\windows\debugs\폴더 아래 dcpromoui.001 로그 확인결과 아래와 같은 에러가 발생 함

dcpromoui 748.6C4 001F 13:09:32.478 Failed to get install state
dcpromoui 748.6C4 0020 13:09:32.478 HRESULT = 0x80070BC9
dcpromoui 748.6C4 0021 13:09:32.493 HRESULT = 0x80070BC9
dcpromoui 748.304 0022 13:09:32.493 HRESULT = 0x80070BC9
dcpromoui 748.304 0023 13:09:32.493 Enter GetErrorMessage 80070BC9
dcpromoui 748.304 0024 13:09:32.493 MessageBox: Active Directory 도메인 서비스 설치 관리자 : Active Directory 도메인 서비스 파일이 설치되었는지 확인하지 못했습니다. 오류: 요청한 작업이 실패했습니다. 변경 내용을 롤백하려면 시스템을 다시 부팅해야 합니다.
dcpromoui 748.304 0025 13:09:33.258 Exit code is 64

1926E6354ECB897A22221C

[원 인]

Remote Registry 서비스가 Disable 되어있기 때문입니다.

20358B344ECB8A2E1CF812

 

[조치 방법]

Remote Registry 서비스를 자동 시작으로 변경 후 시스템을 다시 시작 합니다.

그런데 왜 Remote Registry가 Disable 되어 있으면 Active Direcotry 가 설치 되지 않는지 궁금하지 않을 수 없습니다. 궁금한 부분을 해결하기 위해서 googling을 하다가 아래 블로그를 통해서 그 이유를 알게 되었습니다.

Dependence of DCPROMO on Remote Registry Service
https://atherbeg.wordpress.com/tag/remote-registry-service/

 

참고로 실제 제 머신(windows server 2008R2)에서 remote registry 서비스를 disable 한 후 dcpromo를 실행하니 위와 동일하게 오류가 발생 하였습니다.

그리고 시스템 이벤트에서 아래의 오류도 확인이 되었구요..ㅋㅋ

Log Name: System
Source: Service Control Manager
Date: 11/22/2011 8:53:35 PM
Event ID: 7001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MyLaptopV2
Description:
The DFS Namespace service depends on the Remote Registry service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Event Xml:
< Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<Data Name="param1">DFS Namespace</Data>
<Data Name="param2">Remote Registry</Data>
<Data Name="param3">%%1058</Data>
</EventData>
< /Event>


dcpromo 실행 후 DFS Name space 서비스가 시작 되어야 하는데 Remote registry 서비스에 종속성이 있어서 해당 서비스가 정상적으로 실행되지 않았기 때문인 것 이었네요....^^

14456C494ECBA165071AB3




[참고 자료]
Best Practice Guide for Securing Active Directory Installations and Day-to-Day Operations: Part

http://technet.microsoft.com/en-us/library/bb727065.aspx

Known Issues for Installing and Removing AD DS
http://technet.microsoft.com/en-us/library/cc754463(WS.10).aspx

Failed to install active directory domain services binaries. The error was : The requested operation failed. A system reboot is required to roll back changes made.
http://social.technet.microsoft.com/Forums/en-US/winserverPN/thread/cbc865b8-930a-4e40-8900-4b0904b45a6d/

감사합니다.^^

'Windows' 카테고리의 다른 글

windows server 2008 제품군별 기능 차이  (0) 2013.01.02
net advfirewall firewall 사용 방법  (0) 2012.11.20
Windows 2008 R2 서버 이벤트로그 메일 보내기  (0) 2012.05.08
windows NTP 시간 동기화  (0) 2012.05.03
at.exe Schedule a command  (0) 2012.05.03
Posted by 배움나눔

티스토리툴바