Data Deduplication

So, I’ve been playing with storage lately. Mainly, because I’ve been planning on moving my HyperV files to a faster drive due to some poor performance. While looking for solutions, I cam accross the idea of data deduplication.

Now, why is data deduplication an attractive idea here? Because it stores specific ranges of data only once. While this may not be important to most, I store a VM of each Windows operating system (Vista and Server 2008, and up) This is a lot of duplicate data being stored on the data.

In fact, Microsoft estimates that you can save 80-95% space. That is a significant savings. In practice, I’m seeing about 75% savings. That means that I can reliably use a single SSD drive to host HyperV.

Additionally, Microsoft estimates that you can get about 70-80% saves for “distribution shares”. Specifically shares used for installers and updates. If you’re planning on rolling out WSUS, it maybe a great idea for the storage used for the updates, as it could save a considerable amount of space (in theory).

However, accessing the data can be rather intensive, and can be fairly slow on a spinning hard drive, especially when copying a lot of data from the drive. That means that if you want to use Data Deduplication, you need to use Storage Spaces, RAID or an SSD. Something that will (potentially) be much faster than a normal hard drive.

Additionally, Data Deduplication is only supported on Server 2012, Server 2012R2 and Storage Server 2012R2.  This is as the built in feature, as 3rd party implementation could be used on any supported OS.

However, this means that it is not supported on Windows Server 2012R2 Essentials, the operating system that I am using.  This means that it’s not available by default, and requires both access to Windows Server 2012R2 Standard/Datacenter for the files, and hacking the feature in.

I’ll cover that later if there is demand (or if I feel like adding it).

Posted in X:Files Edition

Unexpected Downtime

Because I was trying to install a new graphics card on my server… It BSODed at some point and damaged system files.

I’m running Server 2012 R2 Essentials, so it’s a domain controller. Somehow the file system got corrupted and prevented LSASS from loading. This is a key part of Windows and “bad things happen” if it can’t load right or is terminated.

Specifically, I was getting a “2e2″ BSOD from the system. I was able to get into the “Directory Services Recovery Mode” option. This is basically a safe mode for Active Directory.

Due to a couple of issues, I suspected a disk error. I was right. Ran a chkdsk on the system and it started booting just fine!!

 

Just wanted to post this for anyone else that ran into this weird BSOD.

Posted in Announcements

An Exercise in Frustration: Fine Tuning the Web Filter in Sophos UTM

Everything up til know regarding the Web Filter has been a cake walk by comparison. I’m not saying it’s been easy, but fine tuning the web filter, adding exceptions and the like is going to be the hardest part of this by far.

I’m going to cover some of the basic services that you’ll need here, and maybe a bit of how to troubleshoot to identify future issue. But this part will cover the part that has caused me the most frustration and the most time.

Unfortunately, not every website, platform or app supports the Web Filter, even when you have the CA Certificate installed. In fact, some programs store the CA Certificate store outside of the OS, making it problematic.

Read more ›

Posted in Networking Tagged with: , , , , , , , , , , , , , , ,

An Exercise in Frustration: Setting up Web Filter Certificates in Sophos UTM

By now, you may be tired of looking at the web filter stuff. However, we’ve only just gotten started.

Right now, the filtering may be enabled, but chances are that you are seeing certificate errors for every HTTPS website your visiting. To fix that, we need to use a Signing CA Certificate. This will be used to re-encrypt the HTTPS traffic. But not only does that need to be installed into Sophos, but you must also install it into each and EVERY client that will be accessing the internet behind the router.

Well, for the most part.

Since a lot of people looking at this guide will be from the Home Server communities, chances are that you’ll have a server that is also a Certificate Authority (CA).

Read more ›

Posted in Networking Tagged with: , , , , , , , , , , , , , , , , ,

An exercise in frustration: Setting up Web Filtering on Sophos UTM

Overall, Sophos is a great platform. And part of what adds to that greatness is the web filtering options. By default, it gives a bunch of options that can be filtered out by default. However, most of these are suited for a business setting, but it definitely works well of the home environment. In fact, it features an inline download scanner virus scanner.

However, because of it’s complexity, and that some programs may not like what it is doing, it is one feature that may require the most amount of tweaking to get everything working just right.

First thing first here: If you’re not willing to spend hours reading logs and testing out rules just to get everything working just right, and not willing to listen to your wife or significant other to bitch because they can’t access Facebook/YouTube/Hulu or whatever iOS/Android game of the week for a few hours…..

Then set the HTTPS service to “URL Filtering” and not “Decrypt and scan”, or just turn off the Web Filter feature altogether. Read more ›

Posted in Networking Tagged with: , , , , , , , , , , , , , , , , , , , , , , , ,

Installing Sophos UTM

Well, I apparently missed doing this. And there are some important steps here, because the installation for Sophos UTM isn’t as turn key as it could be.  There are some specific things you have to do before it’s up and running 95%.

So lets cover that.

Read more ›

Posted in Networking Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Port Forwarding with Sophos

Previously, I’ve covered a lot about Sophos and why I love it. The last post was about the firewall, and how to let services through to the outside world. Being able to access these services is a pretty important aspect, and is why I covered that first.

However, this time, I’m going to be covering Port Forwarding, also known as NAT (Network Address Translation). This is just as important, especially for us “home server” guys, as this is how you configure the router to allow you to access internal resources (such as a website) from external sources (aka, the outside world, and how you’re reading this).

Read more ›

Posted in Networking Tagged with: , , , , , , , , , , , , , , , ,

Learning to use Sophos’ Firewall

Previously I talked about, well how awesome the firewall and intrusion countermeasures in Sophos are. And I didn’t get to how to actually configure them because of the shear amount of content I covered.

This time, we’re going to walk through how to add services to the firewall, and how to lock down or allow traffic through Sophos (your firewall). This includes how to enable Sophos to do the normal “Consumer Router firewall” stuff, as some people are “too lazy*” to set this up properly.

Read more ›

Posted in Networking Tagged with: , , , , , , , , , , , , , , , , , , ,

Sophos and a Draconian Firewall

As I said previously, I am going to talk more about Sophos and my adventures with it.

The first part that I need to address is Sophos’ firewall. It’s beyond awesome. But the phrase “draconian” is an absolutely accurate description. During the initial setup wizard, Sophos ask you what services you want to allow by default. The default services it configures Remote Access (RDP, VNC, etc), Instant Messaging, VoIP, Email and Web Surfing. You can select any combination of these services

Read more ›

Posted in Networking Tagged with: , , , , , , , , , , , , , , ,

Adventures with Sophos

Due to some issues lately, I’ve taken the excuse to upgrade the hardware on my network.

Specifically, my pfSense box now refuses to boot (CF Card isn’t taking any new flashes apparently), and my Linksys router is on the way out. By on the way out, I mean that turning on QoS causes the system to overheat and lock up. Frequently and quickly.

This is left me in need new hardware, as I host a number of services off of my network. This blog included. That means that I need something that works, and works well. I’d been using pfSense, but it had left me wanting. It worked pretty well, but it wasn’t pretty and it wasn’t remotely simple to configure things. Especially more advanced features.

Since I was going to be upgrading the hardware and re-installing anyways, I took the opportunity to check out some of the available router/UTM solutions out there. The list is kind of small, unfortunately.

m0n0wall: A great simple router OS. However, it’s heavily Linux oriented and I don’t have the time or inclination to learn an OS just to provide a firewall and NAT and maybe more.
pfSense: This is what I had been using, but experiencing some weird issues with. May have been hardware related. However, the OS and options just felt lacking or like they took too much time and effort to get working right. Not turn key even remotely.
Untangle: A great solution, with a lot of options. Very turn key. However, pretty much everything but NAT and a basic firewall requires a subscription. And not exactly a cheap one. Great for a SOHO maybe, but not for me. And the UI still looks very dated.
Smoothwall Express: Spent about five minutes with this. It’s a glorified DD-WRT install. Or at least that is how it felt. Very plain and basic. Both in the UI and functionality. And no expansion to speak of. Avoid. At all costs.

Then I got to Sophos. It has a “Home” version mostly due to it’s roots as “Astaro”. But don’t let that fool you. It’ very light weight, incredible powerful, and looks incredibly polished. The WebUI is just phenomenal. It looks like something out of this decade.  However, as with most things with a lot of power, it’s very complicated to setup and use. Very. Because there isn’t a lot of great documentation or even a “real” getting started guide to speak of, for somebody that’s not a networking professional, setting this up initially may be tricky.

However, after spending half an hour or so just hammering at it, I managed to figure out how to setup Sophos, enable port forwarding and a few other things. A bit over 24 hours on Sophos, and I have to say that I’m not just impressed, but ecstatic about the software. It’s everything a tinkerer could hope for.

 

As I figure out how to use Sophos, I plan on releasing a series of blog posts on how to setup and configure it to work with my network, the way that I want.

First up? Talking about about Sophos’ awesome firewall.

Posted in Networking Tagged with: , , , , , , , ,