Home » cloud

Tag: cloud

Cloud Hosting With Multiple Proxy Servers

Scenario

A customer had a requirement for Cloud Hosting With Multiple Proxy Servers and wanted to send some traffic direct to the internet (host or url whitelist), some hosts or urls to one proxy in their cloud hosting and some traffic via another proxy in another peered network in their cloud hosting.

Solution

Our solution in the end was simple but it does required endpoint configuration (the browsers needs to point to the pac file in order for this to work – this was configured via AD GPO for the AppStream instances in Amazon Web Services as the AppStream instances were domain joined.)

This is also supported on Windows and Mac Endpoints via the proxy autoconfiguration file.

This means we can whitelist traffic to the internet, we can send other url or hosts specific matches to various internal proxy servers and for all else we can return a proxy server that doesnt exist and if it points to 127.0.0.1 its a very quick ‘failure’ response.

The response message to the clients is not perfect (users receive ‘The Proxy Server is not responding’) but as a simple working solution this was considered tolerable.

Windows > Configure it in Internet Explorer

Internet Explorer pac file configuration
Internet Explorer pac file configuration

Mac > Configure it in Network Settings

Mac automatic proxy configuration
Mac automatic proxy configuration

PAC File Configuration

function FindProxyForURL(url, host) {

// If the hostname matches, send direct.
if (shExpMatch(host, "*.microsoft.com") ||
shExpMatch(host, "*.google.com"))
return "DIRECT";

// If the hostname matches, send direct.
if (shExpMatch(host, "*.myotherwebsite.com") ||
shExpMatch(host, "*.myotherwebsite2.com"))
return "PROXY internal.squid.proxy:3128";

// If the hostname matches, send direct.
if (shExpMatch(host, "*.myotherwebsite3.com") ||
shExpMatch(host, "*.myotherwebsite4.com"))
return "PROXY internal.squid.proxy2:3128";


// DEFAULT RULE: All other traffic, use below proxies, in fail-over order.
return "PROXY 127.0.0.1:8081";

}

Citrix Cloud Connector Installation Unsuccessful on Windows Server 2016

Scenario

After multiple attempts to install the Citrix Cloud Connector software we continued to receive even after mutiple reboots.

Installation was unsuccessful. See below for details.
A system restart is pending. The system must be restarted before any products can be installed.

Solution

Simple delete / clear the windows registry entry in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations

 

Brief Comparison of AWS and Azure – IaaS

Introduction

This article was created as a very quick reference between the Amazon’s AWS EC2 and Microsoft’s Azure. There was little in the way of scientific tests carried out, it is purely a list of observations during the testing so these results below are personal opinion / experience only. You should carry out your own scientific testing and ensure that your design and chosen platform meet all the requirements for your business need!

Summary

I find that I typically read these articles like this for the summary only and then read the ‘explanation’ (if I can be bothered!) so with that in mind here is the summary / findings below first, then it is up to you if the rest is worth it!

I personally believe that Azure offers a more simple, friendly (almost familiar) interface to quickly spin up and use cloud based VM’s, however even though the AWS solution seemed more complicated initially, from the initial investigations it has a few more options for flexibility (firewall rules, Private networking etc, VM Images etc.

Regardless of the console used or how the VM’s are deployed it ultimately comes down to VM performance. On both platforms the VMs operated as if they were local and were as quick as each other. In fact most applications opened quicker than locally (I.E Office etc) everything was snappy and ‘near instant’,

Choosing the VM / cloud / IaaS solution is easy so how about integrating it with your existing network? The users data? The users files? The business applications? The users home drive? Personalised settings, favourites? Email etc… This is where the most of the effort, expense and time must be spent so the cloud transition happens automatically and seamlessly for the users and is a winning solution overall.

If I had to personally spend my money and was looking at this for a hybrid cloud solution, server replacement or possibly even DaaS with a very simple setup and easy console I would choose the Azure platform, particularly because of the other offerings around Office 365, One drive, and remoteapps over RDP (Seamless published apps)

Amazon Web Services – AWS EC2

After registration (and providing credit card details and verifying a valid answerable phone number) and logging in you first notice that console is busy and confusing.

As part of the 12 months trial we are offered Windows 2012 R2 server. Plenty of other options to configure like Virtual private networking etc – but I just wanted the quickest VM setup in the shortest amount of time.

Login security of the VM (once provisioned) required a few more steps as you need to create key pairs (pem certificate) then use that pem file to decrypt the password of the VM once its provisioned, however connection to the VM was as simple as downloading an RDP file. There were quite a few other options that would be confusing for ‘non I.T’ savvy users (firewall rules, RDP ports etc)

The instance provisioning and login was quicker than Azure by a couple of minutes. ICMP was allowed with pings out to 4.4.4.4 (google DNS server) at around 6ms from the selected availability zone (AZ). (us-west-2 – only US was selectable during provisioning)

Moving VMs between the availability zones the VM needs to be shutdown and an AMI (Amazon Image) created and then a new VM deployed from another availability zone on that image.

Internet speeds were ridiculously quick but varied greatly depending on the time the tests were run. The trial wasn’t restricted in anyway and on the machine you can literally do whatever you want out of the box. The AWS VM was registered and activated online without any errors or faults.

The configuration of AWS seems more flexible with a myriad of other IT Admin options provided if not initially more complicated and confusing. The VM setup and deployment worked without any error, glitch, or problem and the performance of the VM was snappy responsive and as an end user would come to expect from a local desktop or server.

Microsoft Azure

The console and the configuration of the Windows trial VM, was quite a simple experience.

Login with Microsoft LIVE credentials; provide credit card details, provision instance of VM. The provision to actual login time was slower than that of AWS by around 2 minutes. Connection to the VM was immediate and as simple a downloading an RDP file and providing the original credentials I set during provisioning.

Weirdly during testing of the VM Google ads and the Google site continued to default to Japanese though the server locale was set to US and the Availability Zone was West Europe? Doing a lookup on the external IP address came up as a US based IP address so this was left unexplained.

ICMP out from the VM was blocked so was unable to perform a simple ping latency test. There are quite a few discussions online around this and it seems that it snot yet possible to open it (AWS was more flexible form this point of view)

The Azure management console (manage.windowsazure.com) is far cleaner and simpler to find the right ‘buttons and tools’ than that of the AWS though there are still a number of options and details to get your head around. The entire design of the console feels more like a Windows 8 type page.

Moving VMs between the availability zones doesn’t seem to be as simple as right click ‘move’ however there is a great article here on how to do it.

There is a management portal (portal.azure.com) which seems to be Microsoft’s single pane of glass approach to Azure and it is fantastic, intuitive, simple, and has everything you want to know about your cloud based estate available in a typical Windows 8 ‘tile’ style.

The Windows VM was super quick and snappy, but, rather ironically, during testing Windows reported that it wasn’t activated, nor could it be activated (possibly due to the trial?)

The site is transparent and upfront about its charges and costs the majority of which can be found under the billing section of the portal.

Via my MacBook RDP client there was also integration and configuration for Azure RemoteApps (aka Office 2013 published seamlessly over RDP) though the initial setup of remote app took well over 25 minutes, and launching of the apps was actually slow and rather tedious so more investigation and time required to review this one appropriately.

The Availability Zones at the time of writing are:

Aside from the small annoyances with the configuration of the VM, the console and portal for management of the Azure stack is fantastic and the performance of the VM was snappy, responsive and as an end user would come to expect from a local desktop or server.

Comparison Table

Comparison Table AZURE AWS
Desc Details Details Notes
Setup time for subscription to begin 02:30 01:00  Account Provision time
Timing VM Deployment to login Deploy Deploy Connect icon available after start – but obviously server not yet ready
01:20 VM start 00:52 – Running
03:30 running (provisioning) 02:41 – Password ready
07:00 – Logon to desktop 03:30 Logon to desktop
09:50 – Finished 04:01 Finished
Responsiveness of desktop 9/10 9/10  Both equally as good – rated purely on personal feel
Internet connectivity speed See Below Table for connectivity See Below Table for connectivity  Results varied greatly
Availability zones West Europe  US-West-2
Store / Console ease of use 9/10 7/10 The Azure Console is fantastic, sleek and similar to Windows 8 Look and feel.
The AWS Console looks a little dated, and is confusing with so many options in your face.
Trial Offers 30 Days 12 Months
Ease of connectivity to VM Easy – Direct RDP Easy – Direct RDP
Youtube over RDP! 6/10 6/10 Surprisingly quick on both servers, if not majorly compressed and a bit laggy.

Internet Speed Tests

Internet Speed tests AWS     AZURE  
Ping Down (Mbps) Up (Mbps) Ping Down (Mbps) Up (Mbps)
speedtest.org 1 4.6 35.71 40.07 53.52
speedtest.org 2 9.74 20.83 41.87 56.42
speedtest.org 3 4.18 26.32 38.81 37.25
Ave 6.173333333 27.62 Ave 40.25 49.063333
speedtest.net 1 26 712.62 280.79 151 3.75 1.29
speedtest.net 2 17 701.18 949.91 146 6.61 9.82
speedtest.net 3 18 693.65 950.95 148 194.64 27.16
Ave 702.4833333 727.21667 Ave 68.33333333 12.756667

 

Tested VM Configuations

Tested Configurations  Azure AWS 
OS Windows Datacenter 2012 R2 Windows Datacenter 2012 R2
CPU 2 1
RAM 1.75 1
Disk configs C drive of 110gb C Drive of 30GB Azure temp drive blurb
Advertised Internet connectivity No Limit Low to Moderate
Data persistent YES YES Folder exists and remains across reboots.
Pricing HERE HERE
Other Services / Images / VMs Huge list of preconfigured VMs, Images and templates Huge list of preconfigured VMs, Images and templates
Simple Integration with other Vendor Services YES – easy plug into one drive, Office 2013 Remote app, Office 365
Approx costs PH in $USD $0.09 USD A1 Windows Tier $0.018 USD Windows T2 micro The Windows Pricing seems much simpler and easier, though AWS have far more granulatiry and control*These are the machines that were offered as part of the free trial. They were not selected as an exact like for like.

 

 

 

 

Building Citrix Cloud Platform on CentOS for my Home Lab

Build Citrix Cloud Platform Server on CentOS
NOTE: this document is a first draft – this was a quick setup in a dev environment where the host, management and NFS services were all on the same box. I got it working, hopefully this helps anyone else trying to do the same.

‘#’ = type in and then run this command
‘FILE=’ = Edit this file in the listed location
ERROR: if you get this error try the following listed steps.
SELECT: = option to choose when offered list or running install script

Download CENT OS from CentOS mirror – http://mirrors.kernel.org/centos/6/
Do initial GUI config and then
Log into the box and do the following step by step

FILE= /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=52:54:00:B9:A6:C0
NM_CONTROLLED=no
ONBOOT=yes
BOOTPROTO=none
IPADDR=172.16.10.2
NETMASK=255.255.255.0
GATEWAY=172.16.10.1
DNS1=8.8.8.8
DNS2=8.8.4.4

#chkconfig network on
#service network start

ERROR:RETNETLINK answers: File Exists – #service network restart

FILE= /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
172.16.10.2 srvr1.cloud.priv

#hostname –fqdn
ERROR: check the above command returns the FDQN not an unknown error – if unknown
FILE= /etc/sysconfig/network – set the hostname to be that in your /etc/hosts file (ensure they match)

#service network restart
#setenforce 0

FILE= /etc/selinux/config
SELINUX=permissive

#yum –y update
#yum –y install ntp
#chkconfig ntpd on
#service ntpd start

START DIFFERENCES (xenserver vs apache cloud stack)
FILE= /etc/ntp.conf
server 0.xenserver.pool.ntp.org
server 1.xenserver.pool.ntp.org
server 2.xenserver.pool.ntp.org
server 3.xenserver.pool.ntp.org

download cloudstack platform 3.0.6-rhel6.3.tar.gz to the VM from mycitrix.com
mount the centOS DVD back to the VM that you used to install the device (according to citrix literature – this is required though it was never really called)

#mount –t iso9660 /dev/cdrom /media

Create local REPO
FILE= /etc/yum.repos.d/centosdvd.repo
[rhel]
name=rhel6
baseurl=file:///media
enabled=1
gpgcheck=0

# tar xzf Cloudstackplatform3.0.6-rhel6.3.tar.gz
# cd Cloudstackplatform3.0.6-rhel6.3.tar.gz

INSTALL THE CITRIX CLOUDPLATFORM MANAGEMENT TOOLS
# ./install.sh
SELECT: M
# service rpcbind start
# service nfs start
# chkconfig nfs on
# chkconfig rpcbind on

INSTALL CITRIX CLOUD MANAGEMENT DATABASE INTO MYSQL
#./install.sh
SELECT: D
FILE= /etc/my.cnf (/etc/mysql/my.cnf)
innodb_rollback_on_timeout=1
innodb_lock_wait_timeout=600
max_connections=350
log-bin=mysql-bin
binlog-format = ‘ROW’

#service mysqld restart
# mysql –u root
#mysql> SET PASSWORD = PASSWORD(‘password’);
mysql> GRANT ALL PRIVILEGES ON *.* TO ‘root’@’%’ WITH GRANT OPTION;
mysql> exit
#service mysqld restart
# iptables -I INPUT -p tcp –dport 3306 -j ACCEPT

FILE= /etc/sysconfig/iptables
-A INPUT -p tcp –dport 3306 -j ACCEPT

SETUP MYSQL CLOUD MANAGEMENT SCHEMA
# cloud-setup-databases cloud:@localhost –deploy-as=root:
#cloud-setup-management

SETUPNFS
# mkdir -p /export/primary
# mkdir -p /export/secondary

FILE
# vi /etc/exports
/export *(rw,async,no_root_squash)
# exportfs –a

FILE= vi /etc/sysconfig/nfs
LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
RQUOTAD_PORT=875
STATD_PORT=662
STATD_OUTGOING_PORT=2020


FILE= /etc/sysconfig/iptables
-A INPUT -m state –state NEW -p udp –dport 111 -j ACCEPT
-A INPUT -m state –state NEW -p tcp –dport 111 -j ACCEPT
-A INPUT -m state –state NEW -p tcp –dport 2049 -j ACCEPT
-A INPUT -m state –state NEW -p tcp –dport 32803 -j ACCEPT
-A INPUT -m state –state NEW -p udp –dport 32769 -j ACCEPT
-A INPUT -m state –state NEW -p tcp –dport 892 -j ACCEPT
-A INPUT -m state –state NEW -p udp –dport 892 -j ACCEPT
-A INPUT -m state –state NEW -p tcp –dport 875 -j ACCEPT
-A INPUT -m state –state NEW -p udp –dport 875 -j ACCEPT
-A INPUT -m state –state NEW -p tcp –dport 662 -j ACCEPT
-A INPUT -m state –state NEW -p udp –dport 662 -j ACCEPT

# service iptables restart
# service iptables save

FILE= /etc/idmapd.conf
Domain = company.com

TEST NFS SHARES
# mkdir /primarymount
# mount -t nfs :/export/primary /primarymount
# umount /primarymount
# mkdir /secondarymount
# mount -t nfs :/export/secondary /secondarymount
# umount /secondarymount

Download the system template
/usr/lib64/cloud/common/scripts/storage/secondary/cloud-install-sys-tmplt -m /export/secondary -u http://download.cloud.com/templates/acton/acton-systemvm-02062012.qcow2.bz2 -h kvm -F

https://issues.apache.org/jira/browse/CLOUDSTACK-2758
chmod 777 catalina.out

REBOOT

DONE

Connect to http://IPADDRESS:8080/client

Login as: admin
Password: password

(if this doesn’t work – use #cloud-set-management again from the command line to reset)