MicroATX Home Server Build– Part 4

After a longish break, here’s the next installment! So the server has been in production now since last September, and is running very well. After the previous post, this is what’s happened:

  • Installed ESXi 6.0 update 1 + some post u1 patches
  • Installed three VMs: Openbsd 5.8 PF router/firewall machine, Windows Server 2016 Technical Preview to run Veeam 9 on and an Ubuntu PXE server to test out PXE deployment
  • Added a 4 port gigabit NIC that I got second hand

In this post, I’ll be writing mostly about ESXi 6.0 and how I’ve configured various things in there.

For the hypervisor, I bought a super small USB memory, specifically a Verbatim Store n’ Stay (I believe this is the model name) 8GB, which looks like a small Bluetooth dongle. It’s about as small as they get. Here’s a picture of it plugged in:

The Verbatim Store N Go plugged in
The Verbatim Store N Go plugged in

Using another USB stick created with Rufus, which had the ESXi 6u1 installation media on it, I installed ESXi on the Verbatim. Nothing worth mentioning here. Post-installation, I turned on ESXi Shell and SSH, because I like having that local console and SSH access for multiple reasons, one of them I’ll get to shortly (hint: it’s about updating).

Since I didn’t want to use the Realtek NIC on the motherboard to do anything, I used one of the ports on the 4 port card for the VMkernel management port. One of the ports I configured as internal and one as external. The external port is hooked up straight to my cable modem, and it will be passed through straight to the OpenBSD virtual machine, so it can get an address from the service provider. The cable modem is configured as a bridge.

The basic network connections therefore look like this:

Simple graph of my home network
Simple graph of my home network

After the installation, multiple ESXi patches have been released. Those can be found under my.vmware.com, using this link: https://my.vmware.com/group/vmware/patch#search. Patches for ESXi can be installed in two ways: either through vCenter  Update Manager (VUM) or by hand over ssh/local esxi shell. Since I will not be running vCenter Server, VUM is out of the question. Installing patches manually requires you to have a datastore on the ESXi server where you can store the patch while you are installing. The files are .zip files (you don’t decompress them before installation), and are usually a few hundred megabytes in size.

To install a patch, I uploaded the zip file to my datastore (in this case the 2TB internal SATA drive) and through SSH logged on to the host. From there, you just run: esxcli software vib install -d /vmfs/volumes/volumename/patchname.zip

Patches most often require reboots so prepare for one, but you don’t have to do it right away.

Update 2 installed on a standalone ESXi host through SSH
Update 2 installed on a standalone ESXi host through SSH

Edit: As I’m writing this, I noticed Update 2 has been released. I’ll have to install that shortly..  Here’s the KB for Update 2 http://kb.vmware.com/kb/2142184

A one-host environment is hardly a configuration challenge, but some of the stuff that I’ve set up includes:

  • Don’t display a warning about SSH being on (this is under Configuration -> Advanced Settings -> UserVars -> UserVars.SuppressShellWarning “1”)
  • Set hostnames, DNS, etc. under Configuration -> DNS and Routing (also made sure that the ESXi host has a proper dns A record and PTR, too; things just work better this way)
  • Set NTP server to something proper under Configuration -> Time Configuration

For the network, nothing complicated was done as mentioned earlier. The management interface is on vmnic0, vswitch 0. It has a vmkernel port which has the management ip address. You can easily share management and virtual machine networking if you want to, though that’s not a best practice. In that scenario, you would create a port group under the same vswitch, and call it something like Virtual Machine port group for instance. That port group doesn’t get an IP, it’s just a network location you can refer to when you are assigning networking for your VMs. What ever settings are on the physical port / vswitch / port group apply to VMs that have been assigned to that port group.

By the way, after the install of Update 2, I noticed something cool on the ESXi host web page:

Host..client?
VMware Host..client?

Hold on, this looks very familiar to the vSphere web client which has been available for vCenter since 5.1?

Very familiar!
Very familiar!

Very familiar in fact! This looks awesome! Looks like yet another piece that VMware needs to kill of the vSphere Client. Not sure I’m ready to give it up just yet, but the lack of a tool to configure a stand-alone host was one of the key pieces missing so far.

Host web client after login
Host web client after login

In the next  post I will be looking at my VMs and how I use them in my environment.

Relevant links:

https://rufus.akeo.ie/
http://www.verbatim.com/prod/flash-memory/usb-drives/everyday-usb-drives/netbook-usb-drive-sku-97463/
The Host UI web client was previously a Fling, something you could install but that wasn’t released with ESXi https://labs.vmware.com/flings/esxi-embedded-host-client
But now it’s official: http://pubs.vmware.com/Release_Notes/en/vsphere/60/vsphere-esxi-60u2-release-notes.html

Windows 10 Experiences

Prep work

Every single blog probably has a post like this, but I figured it’d be good to recount my Windows 10 experiences. For posterity reasons, if nothing else.

I was involved in the Windows Insider program for quite some time (since the 9000-series builds), and have run Windows 10 pretty happily in a number of physical and virtual machines. Among them, VMware Workstation 11, Virtualbox 4, and a Thinkpad T420s. All without major issues, even when it was still in the preview stage.

Updating my own workstation is another issue entirely, but I figured I would do it anyway, and fix any issues that might come up as they hit.

I started off performing a standalone full backup using Veeam Endpoint to an external USB drive, and moving the Veeam recovery media to that same external disk. This is a good practice in case everything blows up in your face. Using Veeam Endpoint, I could perform a bare metal recovery in the event of a total disaster, and return to my pre-upgrade state.

The plan was as follows: Update Windows 7 to Windows 10, wipe install and do a clean Windows 10 install. The reason behind this? During the upgrade phase, your Windows 7 (or I suppose 8/8.1) product key is converted to a Windows 10 key, and paired with some kind of hardware id, identifying your computer. One could try and install Windows 10 directly, and use the common key that seems to be the same on all machines that do the 7,8,8.1 -> 10  upgrade (for the Pro version, it’s: VK7JG-NPHTM-C97JM-9MPGT-3V66T), but they have reported that the install fails. This is probably because there is some backend magic that happens during the upgrade, which ties your computer to Windows 10.

So I started off getting the Windows 10 media using the Microsoft Windows Media Creation tool. I also saved the ISO to a USB drive where I could perform the full install later from. Some people have reported that starting the upgrade from the install media has been more successful than the “Windows Update” method. If you want to force your upgrade the Windows Update way, you can do the following:

  • Remove all files from the folder: ”WindowsSoftwareDistributionDownload”
  • Remove the folder ”$Windows.~BT” from the root of your system drive
  • Start an administrative command prompt and run ”wuauclt.exe /updatenow”
  • Open and run Windows Update from the control panel

The Upgrade

I however opted for the install media method which seemed to work fine. I mounted the ISO (using WinCDEmu if you want to know), and started setup.exe and followed the upgrade wizard. Everything proceeded basically without incident; except for a weird Razer Synapse install popup during the upgrade:

win10_razerKind of weird, and also tells me that explorer.exe is running somewhere in the background there (I thought it was basically in a “pre-windows” environment where it performs the upgrade before it starts any more advanced GUI elements). I was unable to install Razer Synapse (a program I had installed in Windows 7, which was therefore going over to the new Windows 10 world); it crashed with some error. I dismissed the window. It didn’t appear to bother the upgrade in any way. But funny none the less!

After the upgrade, I had a basically working Windows 10 environment with all of my Windows 7 software etc. Nvidia drivers were installed as part of the upgrade and they were of the correct version (which supports Windows 10). Nvidia’s own little control panel did offer me an upgrade to the same version, but was unable to install it. Somehow it didn’t detect that Windows had already installed the same version. I didn’t troubleshoot this further, as everything was working and I was going to do the clean install anyway. Razer Synapse also worked, but also didn’t detect that it was already installed and insistently popped up the same install wizard as in the picture above, but failed with an error. It’s already installed! Give up! 🙂

N.B. Do not proceed unless Windows tells you it is activated. You can also check your upgraded Windows 10 key using a tool like Magic Jelly Bean Keyfinder (or some other method you prefer)

The Clean Install

I wanted a completely clean environment, as I’ve had bad experiences with Windows upgrades since the 3.1 -> Windows 95 upgrade. Just trust me.

I had a bootable USB with the Windows 10 x64 Pro installation media on it. I was prepared to re-install all applications etc. And I had a backup of everything just in case. Boot the machine, perform a clean install from the USB drive. Enter the product key starting with VK7JG during installation, no issues here. Install went without incident. It might not even ask you for a key, apparently, since it was activated after the upgrade.

After install, I had one device with missing drivers (Asus Xonar DG soundcard); everything else worked “out-of-the-box”. Installed a bunch of my favorite programs, and so far, a week or so after upgrade, I still have not had any major issues.

Now, what I did do is disable all forms of tracking and “send information to microsoft”-type of settings. I’ll do another post on this. Basically, it seems to be really hard to get rid of everything tracking related, because some of the call home functions are hard coded and IP based, so a simple host-file block won’t work. You need to deal with it on a firewall level, but even then, some users are reporting funny issues with their computer when it can’t call home. Which is sad. But then again, the EULA probably states you don’t actually own Windows 10 or have any rights to it, and the upgrade is free, so whatever. Take my first born.

Sources:

Among others.. https://www.reddit.com/r/Windows10/comments/3f2rl2/windows_10_ultimate_upgrade_guide/
http://muropaketti.com/14-miljoonaa-paivitti-windows-10iin-vuorokaudessa-varattujen-paivitysten-jonon-purkuun-menee-viikkoja
http://muropaketti.com/windows-10-prohon-paivittaneet-jakavat-saman-geneerisen-tuoteavaimen

Build 10240: Did you get assigned a license/product key? from Windows10

 

Some of the privacy related stuff:

http://arstechnica.co.uk/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/
http://localghost.org/posts/a-traffic-analysis-of-windows-10   <—- Note that this looks very shady, I would take it with a metric fuck-ton of salt