Brocade FOS 9 GUI

How to Enable Brocade FOS 9 Web Tools

This guest post is brought to you by Armin Kerl, if you fancy trying you hand at blogging check out our guest posting opportunities.

Great News:

Starting with Brocade FOS 9.0 the Web Tools now use only HTML and no more Java is needed. FOS 9 is supported for most 32GB Switches and you can Update from v8.2.1d or v8.2.2a or later. So, I have Updated four new HPE SN3600B (Brocade G610) Switches from 8.x to 9.0, but there is no Web Tool.

What’s the Problem?

First, there is no default https Certificate, we must generate one. (HTTP interface is no longer available)

seccertmgmt show -all

Certificate Files:

--------------------------------------------------------------------------------------------------------------------

Protocol   Client CA                 Server CA                 SW                        CSR     PVT Key Passphrase

--------------------------------------------------------------------------------------------------------------------

FCAP       Empty                     NA                        Empty                     Empty   Empty   Empty

RADIUS     Empty                     Empty                     Empty                     Empty   Empty   NA

LDAP       Empty                     Empty                     Empty                     Empty   Empty   NA

SYSLOG     Empty                     Empty                     Empty                     Empty   Empty   NA

HTTPS      NA                        Empty                     Empty                     Empty   Empty   NA

KAFKA      NA                        Empty                     NA                        NA      NA      NA

ASC        NA                        Empty                     NA                        NA      NA      NA

Now we generate a https Certificate, starting with FOS 8.1.x there is a simple command:

seccertmgmt generate -cert https -type rsa -keysize 2048 -hash sha1 -years 10

Or use the menu:

seccertmgmt generate -csr https
Certificate Files:

--------------------------------------------------------------------------------------------------------------------

Protocol   Client CA                 Server CA                 SW                        CSR     PVT Key Passphrase

--------------------------------------------------------------------------------------------------------------------

FCAP       Empty                     NA                        Empty                     Empty   Empty   Empty

RADIUS     Empty                     Empty                     Empty                     Empty   Empty   NA

LDAP       Empty                     Empty                     Empty                     Empty   Empty   NA

SYSLOG     Empty                     Empty                     Empty                     Empty   Empty   NA

HTTPS      NA                        Empty                     Exist                     Empty   Exist   NA

KAFKA      NA                        Empty                     NA                        NA      NA      NA

ASC        NA                        Empty                     NA                        NA      NA      NA

You should see the Web Tools in your Browser, like this:

Brocade FOS 9 GUI

But not for me, I get only a Blank White Page with no Login for all Switches. Wasting several Hours with search and Google for a Solution. Finally, I found the Problem: All my Browsers have a non-English GUI.

If you dig into the Release Notes there is a Note: Web Tools only supports the US English language setting in an internet browser. Setting to other language may result in Web Tools showing a blank Page.

Change setting and here it is:

Armin Kerl

Richard ArnoldLeave a comment
Cloud volume backup veeam

Cloud Volumes Backup

The major announcement from HPE Discover Virtual for storage was Cloud Volumes Backup. Cloud Volumes Backup enables a method for storing your backup data in the cloud, this can be natively using HPE storage and RMC or using existing backup solutions such as Veeam and CommVault.

The drive to protect data is arguably stronger than ever but increased complexity including;the volumes of data, the location of data and increased security requirements make the process increasingly complex. Let’s look at how Cloud Volumes Backup can help with some of these challenges

Scaling

One of the key advantages of the cloud from day one has been scaling. The need for complex planning, multiple years ahead and costly upfront purchasing is removed. Targeting data to the cloud offers almost limitless capacity for growth.

The same is true with Cloud Volumes Backup. When you create a cloud volume you do not specify the size, this is not a requirement. Cloud Volumes are created without a set size and just grow as required on demand. 

The process to create a cloud volume is quick and simple.  Create the volume in the Cloud Volume portal, present to the target and then use as a backup target in your software. We have previously discussed Cloud Volumes in detail if you wish to read further into the background of this technology.

Cloud Volumes backup can be used with RMC:

Cloud volume backup hpe

Or as a target with existing backup software such as Veeam:

Cloud volume backup veeam

As well as the removal of complex planning this allows dynamic scaling, so for example during a period of intensive testing more backup copies could be held and then reduced as the need is no longer required.

A backup target without capacity limits also allows systems to be fully protected and for the correct length of time. I have unfortunately seen backup retention and choice of systems to backup in the real world driven by capacity constraints, for example backups only held on disk for a short number of days.

Mobility

Data mobility i.e. the capability to store data not only with different cloud providers but in many different regions around the world gives great flexibility but also increases the challenge of backups. Things were certainly much easier when you had a simple on-site data centre with all data held locally.

Cloud volumes are co-located or located nearby the cloud providers data centre, to provide the best performance. This gives the opportunity to select a cloud volume backup matching your cloud provider and region to enable the best backup performance.

Alternatively you could do the opposite whereby you choose a Cloud Volume Backup target with a different cloud provider. This could be for reasons of resiliency or more likely to enable the data to be available in another environment for test and dev.

Although data can be held in multiple locations, and multiple cloud providers by using Cloud Volumes it enables multiple sources to be backed up with a single tool without impacting performance. Since Cloud Volumes are co-located or nearby cloud providers data centres.  

Cost

All IT organisations are driven by the need for a cost-efficient solution. Cloud Volumes backup assists in a number of ways.

There is no need for a rip and replace. Cloud Volumes Backup works in tandem with existing backup products such as Veeam, CommVault etc. This means that there is no need for additional capital investment. Another advantage is re-skilling is unnecessary since the IT department can still use backup software it is familiar with.

Cloud volumes are consumed in a typical cloud fashion where you are charged for what you use. This means you can scale up and down dynamically as required. There is no need for large upfront capex expenditure.

Another key consideration is data egress charges. This is charges you would incur if you needed to use any of the backup data, i.e. pulling the data from the cloud to your local data centre. Cloud volumes backup eliminates this with no egress charges.

Security

The security of data is key to any organisation.  Data is encrypted both in flight and at rest.

Data is protected from ransomware by effectively isolating it from attack.

Further Reading

Introducing HPE Cloud Volumes Backup Chalk Talk

Cloud Volume Backup podcast

Tech Unplugged Coverage

Richard ArnoldLeave a comment
ransomware veeam

Ransomware tips from VeeamON

I attended the Veeam Ransomware session at VeeanON.  I picked up some useful tips so thought I would share my notes from the session. Credit for all the information to Rick Vanover,Dave Kawula, Brett Hulin.

ransomware veeam

Background

  • Data is key to all businesses
  • Must protect data and therefore the business from threats including ransomware

Prevention

Three pronged approach, not just technical considerations:

  • Education of users and administrators
  • Backup and recovery implementation
  • Remediation plan

Attack methods

Ransomware attacks occur in three most common ways:

  • RDP compromise, number one method of ransomware attack
  • Email phishing, second most common attack method. Surprising I would have thought this was the most frequent
  • Software vulnerabilities

Veeam Data Labs

Allows testing patches and quick recovery

  • ON demand sand box – restore not directly into production for safety
  • Sure backup and sure replica – boot VM in virtual lab and test before re-introducing to production
  • Secure restore – Mount backup for AV scan before restore

Ultra-Resilient Backup

Safest option is to have an ultra-resilient backup.  This could be air gapped, immutable or offline. For example:

  • Tape
  • Immutable backups e.g. S3 – Backup onsite to performance tier then have policy tier to cloud storage which can be S3. Policy can be set for an immediate copy of data or an archive of the oldest data. Based on Scale Out Repositories
  • Veeam Cloud Connect + Insider protection. Insider Protection provides an additional data copy that can only be access with a call to support to make it visible

Brett Hulin General Tips

  • Establish a DR site. Cloud or physical
  • If possible run Veeam replication to this secondary site
  • Have your DR plan documented
  • Understand your recovery order
  • Involve multiple people
  • Consider licencing implications of being at fail-over site
  • Establish chain of command before an incident

Brett Recovery Tips

  • Shut down servers to prevent further infection
  • Consider when attack occurred and which backups and replicas are therefore clean
  • Recover servers without network and check with AV before re-enabling network
  • Recover infrastructure servers, e.g. AD first
  • Force password resets
  • Have multiple restore copies at recovery site. So can recover from different times
  • Have an air gapped backup e.g. tape

Other tips I picked up from the Veeam Ransomware guide at the Veeam resource library:

  • Veeam server ensure it has no internet access
  • Accounts as much separation as possible
  • Tight file permission on datastore shares
  • Veeam servers require 2FA for RDP access
  • Prepare early

Richard ArnoldLeave a comment