HP
Now that we have the basics configured its time to setup the first SSID (shown here as OSA-WiFi). This SSID will be used for Windows computers that are domain joined, this could be desktop PCs with wireless adapters as well as laptops and tablet PCs with built in wireless.
To complete this section you will need a Windows Server with the Network Access Protection role installed on it as well as a valid SSL assigned to it (the SSL cert must be ‘in date’ as otherwise your clients won’t connect to the network). If you don’t have a valid SSL certificate issued by a 3rd party you can use this guide here which shows you how to use the Active Directory certificate services to provision your own – http://www.windowsnetworking.com/articles-tutorials/windows-server-2008/Setting-up-Wi-Fi-Authentication-Windows-Server-2008-Part1.html.
One of the great things about using this kind of authentication in a domain environment is that you don’t need to manage individual passkeys for your clients (in a school it can be a massive time saver if you have a class set of 30 new laptops to roll out) as all the settings required to connect can be pushed down via Group Policy Object.
Network Access Protection Server
First to be setup is the Windows Network Access Protection Server; this server hosts a service called RADIUS which receives authentication requests from the HP MSM and then checks the credentials (in this case the fact that the computer wishing to connect is indeed a member of the Windows Active Directory Domain) against Active Directory and in turn allows/prevents the client from connecting to the network.
HP MSM
Now that we have the backend service together its time to get the HP MSM Controller to use the RADIUS/NAP server and present a SSID to the clients.
Group Policy Setup
As previously mentioned by using this Wireless authentication model you can easily pass out the settings to your domain joined Windows Computers without having to manually tap in a passkey on each machine. Ok so maybe it take a while to setup and maintain but in the long run shouldn’t we be nice to our technicians and get them doing something more important?
In the next part of this guide I’ll look at the setup of the Apple Mac wireless network as well as give you some pointers on how to get Bonjour packets to traverse between your Windows Wireless and Apple Network (great for the modern craze of Airplay).
Its VLANs time! In this part of the guide I am going to look at the VLAN configuration required to get all of this up and running. For the whole setup we have the following VLANs being used-
172.16.8.0/21 – VLAN 2 Services which includes 172.16.8.4 as our Windows DHCP server, 172.16.8.39 as the Wireless Controller and 172.16.15.254 as the Smoothwall firewall
172.16.24.0/21 – VLAN4 APs just a DHCP range (powered by Windows Server) that the APs sit in, once they have their first IP address it gets converted to a reservation
172.16.72.0/21 – VLAN10 Windows clients another DHCP range (powered by Windows Server)
172.16.104.0/21 – VLAN14 Apple clients another DHCP range (powered by Windows Server)
172.16.128.0/21 – VLAN17 BYOD clients another DHCP range (powered by the Smoothwall firewall)
172.16.136.0/21 – VLAN18 Public clients just one more DHCP range (powered by Windows Server)
Windows Server
The Windows DHCP server serves up IP addresses for various services as listed in the screen shot below.
Core switch configuration
The core switch provides Layer 3 routing (required to get VLANs to talk to each other) and also houses the Wireless Controller as an expansion module. The Smoothwall firewall actually sits on a separate switch in this configuration which can be found on port number K8.
Edge switch configuration (includes Smoothwall Firewall)
The edge switch config below shows how the switch talks back to the Core switch and which VLANs the Smoothwall sits in.
HP MSM Controller
This next part shows how the IP configuration is setup on the HP MSM wireless controller; click through the screen shots for more info.
HP MSM Access Points
This time its the turn for the access points, again just click through the screen shots.
In this series of posts Im going to look at the technical setup required for providing 4 different SSIDs each on its own network (using VLANs) which provides wireless services for a variety of services.
For each of the networks I am looking to achieve something specific-
- OSA-WiFi – Domain joined Windows devices, served by computer authentication with the settings deployed through Group Policy
- OSA-MacWiFi – Domain joined Apple devices, WPA2-PSK with a Bonjour gateway to finish it all off to allow anything on this network to talk to our AirServer installation
- OSA-BYOD – ‘Bring your own device’ network for staff and students – as easy as possible to connect to using the Smoothwall 802.1x features
- OSA-Public – A regularly changed WPA2-PSK key (I did consider single use keys but then worked out it would need a lot of keys generated for when we have 100+ visitors!) to be used by visitors
To accomplish this I shall be using the following infrastructure components
- 1x HP MSM765zl Mobility Series Controller (housed in a HP 8212 Layer 3 Switch)
- 60x HP MSM460 Wireless Access Points (there are a few HP MSM466s in there for good measure as well)
- HP ProCurve wired infrastructure – a mixture of various Layer 2 switches with 1Gbit to the client and 10Gbit to the core
- 1x Windows Server 2012 running DHCP for 3 of the SSIDs (running as a virtual machine)
- 1x Windows Server 2012 running Network Access Protection to serve as a RADIUS server (running as a virtual machine)
- 1x Smoothwall UTM 1000 series Firewall/Web filter appliance
Before you go further… an understanding of DHCP on Windows Servers, VLANs (ideally on HP ProCurve) and Smoothwall Firewalls will greatly aid following this series of posts! In addition I’m sorry if this guide seems a little disjointed – hopefully with time I’ll work out a way to tidy it up.
PRTG is by far my favoured tool for monitoring IT infrastructure. With its built in sensors you can check the PING time for a server, check that windows services are up and running or with a little tweaking monitor paper trays in a MFP (and so much more).
A recently discovered feature for me is the sFlow monitor. This tracks in near real time the flow of different types of data (e.g. SMTP/HTTP/FTP/DNS lookups) that flow through network infrastructure.
In my case the entire network is built on HP ProCurve layer 2/3 switches which makes for pretty easy setup.
To follow this guide you will need
- The IP address of your PRTG server (in my case 172.16.8.27)
- Admin access to your PRTG console and a ‘device’ setup for your switch
- Admin access to your switches through Telnet/SSH (I use PuTTY to administer my switches through Telnet)
- 5 minutes
So now that I have all of this extra info what am I to do with it? Well with the sFlow sensor setup you can…
- See if your network infrastructure is experiencing bottlenecks…
- …and if so where the bottleneck is and what kind of data is causing it (e.g. large file transfers)…
- …and see what clients are causing it.
In this series I am going to be looking at how PCI-E SSDs can be used with VDI, I’ll be covering the hardware in use, the user experience and also why I believe PCI-E SSDs to be the best option to get your virtual desktops running as fast as possible. Continue reading
After posting about how having lots of RAID cache has a positive impact on local disk VDI I thought it best to mash together a little guide on how to get this cache setup so here it is!
All screen shots are from a HP DL385 G7 server – other HP server models may have a different UI but the idea will be the same.
For the past few days I’ve been doing a little performance testing to see just how much an influence RAID cache makes when provisioning Virtual Desktops.
The test was to create 20 virtual desktops and see how long it takes to get the first one spun up and ready for use and then to see how long it took to get all of the desktops ready for use.
The tests were conducted using-
Citrix XenServer
Citrix VDI-in-a-Box
HP DL385 G7 Server
8 core 2.0ghz HE AMD Opteron Processor
44GB DDR3 RAM
4x15k SFF 72GB SAS 6Gbs HDDs
HP P410i RAID Controller (1Gb cache)
the results (all times in mins and seconds) were-
For a while I’ve been wondering just how well a PCI-Express Solid State drive would work inside a standard off the shelf rack mounted server. Finally I have been given the chance to find out and as it turns out everything works quite nicely.
The solid state in question is a OCZ Revo Drive 3 x2 240GB (from Novatech) and the server is a HP DL165 G7. Both the SSD and the server have the latest BIOS updates and although initially the server didn’t boot past POST after a little tweaking (inside the BIOS of the server) I got everything to work along quite nicely.
Sufficed to say the performance is astonishing even when compared against a RAID array of 15k SAS drives but then again that’s nothing to be surprised about given the SSDs ability to randomly read data from anywhere on the drive without having to wait for a mechanical spinning disk to catch up. Continue reading
I am a self admitted strong fan of HP server hardware and in this video I’ll give you a tour around one of our servers at work.
There is one little error in the video about ‘common slot power supplies’ – although the DL165 G7 is a great bit of kit the power supply isn’t of the new HP common design and so can’t be changed with ones from more advanced servers (e.g. the DL385 g7).
For more information on the HP DL165 G7 server visit the HP website using this link.
This is old news really but either way HP have updated a number of server models to include the new AMD Opteron 62xx processor series.
The beefiest of all being the Opteron 6282SE which comes with 16 cores each packing 2.6ghz of clock speed. Naturally this kind of speed comes at a high TDP (in this case 140W) especially when compared to the highly conservative Opteron 6128HE (8 core 2.0ghz) which chews through a TDP of just 85W. Continue reading
Has this page helped you? Was it worth the cost of a Coffee? If so click here to donate £4.00 to the myworldofit.net coffee fund via PayPal.