Dataon S2D-3212 HyperConverged Cluster

Updated 27. feb

We have been testing Storage Spaces Direct for a while on our Ebay cluster. We have been running development and some production systems. As the 2nd exchange node, a mediation server and our vmm server.

We have been looking to replace our current Hyper-V solution that consist of HP BL465c G8 and  BL490 G7 blade servers attached to HP P2000 G3 MSA over iscsi. This has been slower and slower as we have setup more virtual machines. This was a 12 disk shelf with 11 disks active with one spare. One 15k disk gives about 170 iops, giving a whopping 1870 iops on max speed. On normal load it would use about 1200-1500  IOPS so not a lot of spare IOPS. We had one pr cluster.

Most of you know what S2D(Storage Spaces Direct) is, if you don’t go look at Cosmos Darwin’s post over at Technet to get some good insight about S2D.

What i am going to focus on in this blog is the new Dataon HyperConverged server. Back at Ignite 2016  Dataon released there first offering the S2D-3110 all flash solution pumping out 2.6 Million IOPS in a 1u form factor. Read more

Setup VPN to use MFA with NPS Extension

In this blog post i will show you how to setup a Microsoft VPN connection with the new NPS Extension for Azure AD MFA.

This is new service that the Microsoft NPS team just released, that adds an Extension to the Windows Network Policy Server.

When using the NPS extension for Azure MFA, the authentication flow includes the following components:

This is copied from https://docs.microsoft.com/nb-no/azure/multi-factor-authentication/multi-factor-authentication-nps-extension

  1. NAS/VPN Server receives requests from VPN clients and converts them into RADIUS requests to NPS servers.
  2. NPS Server connects to Active Directory to perform the primary authentication for the RADIUS requests and, upon success, passes the request to any installed extensions.
  3. NPS Extension triggers a request to Azure MFA for the secondary authentication. Once the extension receives the response, and if the MFA challenge succeeds, it completes the authentication request by providing the NPS server with security tokens that include an MFA claim, issued by Azure STS.
  4. Azure MFA communicates with Azure Active Directory to retrieve the user’s details and performs the secondary authentication using a verification method configured to the user.

The following diagram illustrates this high-level authentication request flow:

Authentication flow diagram

Read more

DPM 2016 Backup failes when creating a new backup of virtual machine with generic error

A week ago i got an email that one of our Virtual Machines latest backup had failed and was in an inconsistent state.

So  tried to do a synchronization but that did not help. Then i tried removing the backup and adding it again. Now it would say it was ok, but it had only backed up 79MB. So i did a new synchronization and it failed with a Replica is Inconsistent and the error msg in the logs where

Read more

How to replace a NVME Caching device on a Storage Spaces Direct Cluster

After my initial failure of replacing a NVME Caching card and hitting a bug in the 2016 version i was on, i replaced another one today. As we where starting our cluster out with Intel 750 drives, and these NVME PCIe cards only have 70gb of write’s pr day. So i decided to replace them with the Intel DC P3600. The first failed as can be seen here.

Read more

Configuring Fortigate 5.4 firewall with Azure Site to Site Tunnel

Hello Everyone

Thought i should write a small post about setting up a Site to Site VPN between Azure Resource Manager and a Fortigate Firewall on 5.4.

Important thing to notice here. Use Route Based VPN Type on the Azure Virtual Network Gateway for this.

I used this guide to setup our Azure IPsec tunnel from Microsoft. I recommend using there guides when it comes to azure setup. Combine these with other relevant guides. Make sure they have been recently.

Read more