Using USB devices on Windows under VMware ESXi (Aladdin Hardlock)

VMware is quickly becoming the best way to run servers of all kinds and now that ESXi is free we're going to continue to see more and more functions moved onto a virtualized platform. Recently I've been working on a project for one of my customers which involves installing software for their Trumpf metal working equipment and ran into a small issue that I was able to overcome.

In short, this hardware requires the use of a USB dongle or "Hardware key" in order to run (this is an anti-piracy feature). The problem with ESXi is that you are not able to pass a USB device through to a virtual machine. Thankfully, a handful of companies have created Networked USB Hubs such as the Belkin F5L009. Everything immediately worked by plugging this in.... well, sort of :)

The issue that occurs inside of a VMware server is when you install Windows there is no USB root devices found so Windows does not install the proper USB support files. In this case, it's only a single file, USBD.SYS, that is missing.

1- Connect your USB hub to your network
2- Install the Belkin client software as the instructions explain
3- Ignore any new hardware wizards that occur.
4- Locate a USBD.SYS file. Often times you can find this on the same machine but, if needed, look on another Windows machine or in the i386 folder on your Windows installation CD. Copy this file to C:\windows\system32\drivers\
5- Reboot the virtual machine
6- Once the machine reboots, complete installation of your software, hardlock drivers, or any other USB device that you connect. Everything should function as intended and you have a little box that holds physical USB ports for your virtual machine.

Some notes on my installation.

* If you are using an Aladdin Hardlock USB key, you can most likely find new drivers on Aladdin's Hardlock Page.

* My Belkin Network USB Hub is running firmware version 1.2.0

* I found it's extremely handy to dedicate the USB hub to a single machine and to tell it to auto connect new devices. This literally makes the box just like real USB ports on the virtual machine. There are lots of options to play with as far as sharing devices to other specific machines but I did not play with any of that.

* Auto-connecting Hardlock keys is essential if you are running some type of server. If you tell your key to only connect manually your software may start before you mount the USB device and a pissed off program would likely ensue :)

* There are a few vendors that make an identical product but, from my research, I found that the Belkin is about 1/3 of the cost of most of them and also has some additional features. Digi makes a product that many people are using with VMware since it's marketed as being compatible with VMware but you will spend lots of money for that sentence -- and that's really all it is because this type of a device really has NO interaction with VMware at all since its a physical device communicating directly with your virtual machine on the network.

Reference Link

System Rescue CDs

I just wanted to put a little note here because I was reminded tonight of 2 very good rescue CDs that I have used in the past and I highly recommend to anyone who has a broken system (Linux, Windows, and I think even Mac).

The first and primary CD that I carry in my arsenal when I go on jobs is SystemRescueCD. This Linux distro is based on GenToo -- but fear not as there is no knowledge of GenToo required. The CD boots and detects just about any hardware you can throw at it and has a lot of VERY useful tools for recovering data and fixing stuff. The kernel has NTFS support built into it and the distro includes ntfs3g. There are also tools that rival (and maybe beat) PartitionMagic. It's also extremely handy for booting a system in a data center and letting a customer access the machine remotely (great for remote hands type services) as it includes setup scripts for networking and for starting sshd.... so you could walk even the most novice (ok, not all, I'll admit) techs. They also now have a PPC distro which theoretically will let you recover even MaxOS systems -- but I havent had the opportunity to try this yet.

You definately don't want to be without this CD if you do any kind of computer services. You'd be amazed at how handy it is.

Link:

• http://www.sysresccd.org/Main_Page

The second CD is the same similar idea but it's based on Debian with an Ubuntu kernel. The name of this one is Kanotix. The advantage this CD has over SysRescueCD is that it allows you to apt-get applications on the fly. It also has a slightly different hardware driver selection but you'll probably find it has the majority of what you need. I'm definately a synaptics fan but this is still only my second choice for recovering systems because I think SysRescueCD definately has the streamlining down and makes quick tasks remain just that: quick tasks.

This is still something that you want to keep in your arsenal. There have been a few situations where SysRescueCD didn't cut it for me and I pulled out Kanotix and it worked fine. It's also handy if you have some advanced stuff that you need to work on since you can easily apt-get utilities that you may need.

Link:

• http://kanotix.com/changelang-eng.html

Reference Link

Time Zone Updates

http://tf.nist.gov/general/dst.htm

Thanks to the all-knowing official-type people, they have made the world a better place by making us start DST three weeks early. Apparently none of these people realize that

1> This DOES NOT change the amount of daylight we have so their energy saving reason is mute

2> Computers have been programmed a certain way for years.... We should have anticipated the whole Y2K thing because its a numerical science... we COULDNT have anticipated whack-jobs changing the way our world runs.

At any rate, almost all of my servers and workstations updated flawlessly including Windows, Mac OSX, and Linux machines. A few, however, didnt -- mostly because they weren't running any type of automatic updates.

For my MythTV system (Debian based -- should work the same on other debian/ubuntu systems) I just downloaded a new tzdata deb file and installed it. Get the file from http://packages.debian.org/testing/libs/tzdata and then install it with "dpkg -i tzdata*"

I administer a RHEL4 machine (one of the last remaining -- someday it will become ubuntu, I swear) which did not do the update. Don't bother going to Red Hat's site... they step you through God knows what to accomplish something that really is not that hard.... oh, and God forbid their help page give you a link to the file -- you only get ease of use if you give them all your money. Anyway, get this file from rpmfind: ftp://rpmfind.net/linux/fedora/core/updates/6/i386/tzdata-2007c-1.fc6.noarch.rpm (yes, I am aware it's a fedora core rpm but it works quite well and you dont have to give Red Hat all your money). Once you have that file, run "rpm -i tzdata*" and once that completes, run "system-config-date" ... just reselect your timezone and exit and you're all set.

I don't see any reason why the above RHEL instructions won't work on other fedora, RHEL, or CentOS systems -- but I can't confirm.

Also, if you have a FreeBSD system, check this out: http://www.freebsd.org/cgi/cvsweb.cgi/ports/misc/zoneinfo/. I don't have any FreeBSD boxen but I found this link and figured I'd post it as well.

Mandrake/Mandriva users should be able to just do an update through urpmi ... but again, I don't have any of them boxens so I can't confirm :)

Windows: http://windowsupdate.microsoft.com"

Mac OSX:

• Go to the Apple menu
  
• Select Software Updates
  
• Look for "Daylight Savings Time" update
  
• Install it

Now I'm going to go enjoy my not-extra-hour-of-sleep.

Reference Link

Linking to QTSS media from a webpage

So when you're using a QTSS server the best way to deliver your content is using RTSP... the problem is that browsers on windows do not understand the rtsp:// protocol by default so your viewers will have to take a bunch of different steps to get it to run -- which isn't good.

After searching the web for an easy solution to this problem, I found a trick that is almost too easy. Simple create a text file with a .mov extension and include a single line in that file:

RTSPtextRTSP://server/file.ext

Whenever Quicktime loads that mov file, it will realize that it is directing it somewhere else and automatically load the content from that file name.

Reference Link

VPN for OSX and Windows with IPCop

I've found the easiest way to set up a VPN is to, first, use IPCop as your firewall/router. IPCop is an free linux distro that you boot the install CD and it automagically turns an old PC into a full function router and firewall.... It also has SNORT Intrusion Detection so you can download new IDS rules from snort.org and have it automatically filter traffic for spyware, intrusions, etc.

IPCop also has VPN services built in... the problem is: Windows is retarded. Windows does not behave the way standard VPN clients should so the easiest way to create a VPN is to use OpenVPN. There is a third party plugin at www.zerina.de that you can painlessly use to install an OpenVPN server. Put the tar.gz file on your IPCop box, extract it, and run the install script.... next thing you now, you have a configuration panel in your IPCop GUI (web configuration) to adjust the settings. All you need to do then is go to that panel, generate a certificate, and then generate certificates for each person that you want to access. Each person you will want to add as a roadwarrior (host to net) and then fill in a name for the connection and a password.

UPDATE 06/03/09 -- The latest Zerina installer package is restricted to IPCop version 1.4.18 but it does work on 1.4.21. All you need to do is edit the install script after unpacking and on line 46 you will see if [ ! "`echo $IPCOPVERSION | grep "1.4.18"`" ] -- just change that version number to 1.4.21 (current IPCop version as of this update). Follow everything else as normal

Once you add a connection and are back at the main OpenVPN Screen, click the first icon to the right of the connection to download a zip file that contains the certificate as well as a configuration file.

The best part is -- there are clients for Mac OSX and Windows that work painlessly. Here are the short howto's for each:

***WINDOWS***:

Step One:

Download the following file:
http://www.openvpn.se/files/install_packages/openvpn-2.0.7-gui-1.0.3-install.exe

Step Two:

Run that installation program and accept defaults for everything. Windows will warn you about a driver that has not passed the windows certification -- just click "Continue Anyway".

Step Three:

You will need a certificate generated if you have not received one already. The certificate will be contained in a zip file. There will be 2 files inside of that file and they will need to be put inside C:\Program Files\OpenVPN\config\ --- If you need to know how to do this, just double click the zip file and leave that window open. Then go to "My Computer" and select "Local Disk C:". Inside there you should see a Program Files folder. Open that and look for the OpenVPN folder -- then inside that look for the config folder. Open the config folder and then drag the 2 files from the zip file into this folder. Once they are in there, close all windows.

Step Four: Connecting

You're ready to connect to the VPN. In the tray by the clock in the lower right corner, you will see a new icon that will look like 2 computers with red monitors. The red indicates that you are not connected. Click the right mouse button on this icon and select "Connect" ... A window will pop up and ask you for your password. Enter your password and click OK. You will see the window do a bunch of stuff and then dissappear. You may or may not see a balloon window pop up saying you are connected.

Step Five: Use It


MACINTOSH OSX:

Step 1: Download Tunnelblick at http://www.tunnelblick.net/Tunnelblick-Tiger-2.0.1.dmg

Step 2: Open the DMG file to mount the image

Step 3: Run the "Tunnelblick-Complete.mpkg" file and follow the normal installation procedures

Step 4: Open finder and open the directory of your user name on the left side (usually the icon under the "desktop" icon). Open the "Library" folder. Create a new folder called "openvpn"

Step 5: Unzip the contents of your license file and place them in this new openvpn folder

Step 6: Rename the user-TO-IPCop.ovpn file to "openvpn.conf"

Step 7: You should see the tunnel icon on the menu bar next to the time. Click that icon and a menu drops down. Tell it to connect and it should ask you for your password (the password you gave your admin when creating your license file). You can save the password to your keychain file if you would like - but note this is less secure.

Step 7: If you see the "light at the end of the tunnel" in that icon, you are connected.

Links:

• IPCop
  
• ZERINA OpenVPN Plugin (for IPCop)
  
• Another good HOW-TO
  
• TunneBlick - OSX Client
  
• OpenVPN Client for Windows
  
• OpenVPN Homepage

Reference Link