my personal blog about systemcenter

Displaying Windows Performance Counters with Grafana and Influx DB with Windows Backeend

Categories: Grafana, Hyper-V, InfluxDB
Comments Off on Displaying Windows Performance Counters with Grafana and Influx DB with Windows Backeend

Matthew Hodgkins published a blog earlier this year showing how to setup grafana and influxdb on a ubuntu server to publish performance counters from windows

https://hodgkins.io/windows-metric-dashboards-with-influxdb-and-grafana / https://twitter.com/matthodge

Following his guide to make this below was very smooth , and this is a crude step by step on trying to replicate the feature set in Windows

image

Credit : Matthew Hodkins

I wanted to try out the same with a windows backend instead of ubunu , please note this is thrown in with a showel , paths/users/logs nothing is changed and running as user processes , will created a updated post just wanted to get the first parts working

Heading to https://www.influxdata.com/downloads/ to download Telegraf and InfluxDB

image

I installed a Windows Server 2016 downloaded InfluxDB and copied in the files to Program Files

image

Started the influxd , and 15 seconds later we have a default installed influxdb ready for use

image

On the same box i downloaded newest version of grafana http://grafana.org/download/

image

And started up the services

image

image

image

on the 2 hyper-v hosts used in the test i installed the telegraf clients and used the default performance counters it picked up , only change was adding the hostname where it should deliver the counters

image

Logging into Grafana with admin/admin

image

In Grafana go to datasources and add data source , select influxdb

image

add localhost:8086 for influx db and telegraf for database and a dummy username / password

image

And we know have a datasource we can use

image

In dashboards , select create new

image

Select Graph Style

image

It now creates a default view , double click on “Panel Title” and select edit

image

Delete the fake datasource and add our LocalInfluxDB as datasource

and select win_cpu / Percent_Processor_Time , and group by tag (host) , and to $tag_host

image

Setting Y-Max to 100 will show the util as 0-100 instead of the max load

image

Adding a thredshold to show warning/critical (V4 of Grafana supported alerting will get back to that in next post)

image

And the end result , cpu util displayed for the 2 hosts








Updating ATA to version 1.7

Categories: Active Directory, ATA, Security
Comments Off on Updating ATA to version 1.7

Microsoft is keeping the fast pace with update to the star of their “classic” AD security solution

image

So we saw version 1.7 drop yesterday

New Major Features are

· Role based access control.

· Windows Server core support.

· Reconnaissance using Directory Services Enumeration detection.

· Pass-the-Ticket detections enhancements.

Unusual Protocol Implementation detection enhancements

Link : https://support.microsoft.com/en-us/kb/3185481

Personally we are looking fwd to RBAC its a major improvement for the majority of our customers and highly requested

image

Starting the install , we are upgrading fra 1.6.1 , we have a few enviroments on 1.4 and there is NO direct upgrade to 1.7

image

At upgrade we can either upgrade the whole database or do a partial migration , we opted for partial as having ATA offline for a longer duration wasnt a option , the database is placed on SSD so its unlikely it will take a day but we will test that in another enviroment

image

Sucess

image

New UX for updating agent and improved progress indicator

And we now have a few new security groups

image

image

image

This now means we can give auditors access to the enviroment without handing them the keys to the kingdom Smile

ATA 1.6 Update 1 , Auto Update gateways

Categories: Uncategorized
Comments Off on ATA 1.6 Update 1 , Auto Update gateways

image

https://www.microsoft.com/en-us/download/details.aspx?id=52046

Microsoft have released the first update to version 1.6 a short while ago

image

This is the first update that can use the new auto update of gateways

image

We didnt have autoupdate enabled so all gateways want a update

image

Enable and Save Smile

image

and a few seconds later the gateway agents starts to update , and 5 minutes later here all agents are updated

Very Very Smooth Smile

Deploying Data Protection Manager in a dedicated domain

Categories: Active Directory, Data Protection Manager, Disaster Recovery, DPM, Hyper-V
Comments Off on Deploying Data Protection Manager in a dedicated domain

Data Protection and the ability recover data is key to keeping your job and your company alive.

The demo setup thats is going to be used in this post are

  • PROTECTDC01 Domain Controller in the PROTECT Forest
  • PROTECTDC02 Domain Controller in the PROTECT Forest
  • PROTECTDDPM01 Data Protection Manager Server in the PROTECT Forest
  • FABRICDC01 Domain Controller in the FABRIC Forest
  • FABRICDC02 Domain Controller in the FABRIC Forest
  • FABRICHV01-04 Hyper-V HyperConverged Instal
  • FABRICHVC01 Hyper-V Cluster with member FABRICHV01-04
  • WORKLOAD01-05 Virtual Workload in the FABRIC Hyper-V Cluster

As this is a test enviroment everything are stuck on one box.

For the real world deployment the FABRIC and PROTECT domain must be seperated , the whole point in this post will be if you for some reason get compromised in your FABRIC domain , you will still have access to the PROTECT domain and maintain the ability to recover your data.

This also means that in a larger enviroment you can easier seperate the roles so one team wont have access to both source and target of backup data

We do in the example log in interative on the fabric domain , so if the host is compromised before agent install the protect domain is going down the same path , so there is still some work to be done but beats having everything in one domain.

image

On the PROTECT domain setup DNS forwarders to the FABRIC domain

image

And in Reverse to get name resolution up and running up between the two forests

image

Setting up the trust

image

Setting up the trust

image

for this test forest-wide is used , tighter security can be used with selective authentication

image

On the 4 Hyper-V Hosts we add the DPM account from the protect domain


image

We then add the DPM agent to all Hyper-V hosts and run the

SetDPMServer –dpmservername protectdpm01.protect.azurestack.coffee  , this connects the Hyper-V host to the remote DPM server

image

On the data protection manager , we use Attach Agents

image

And we add the 4 Hyper-V hosts manually

image

And we now have all 4 servers

image

use credentials in the fabric domain or the dpm account to attach the agent


image

Sucess

image

Create a protection group browse to the VM’s and add them

And we can now backup from a dedicated domain from the Fabric domain



ATA 1.6 Unable to bind to the underlying transport , unable to access console

Categories: ATA, Microsoft Advanced Threat Analytics
Comments Off on ATA 1.6 Unable to bind to the underlying transport , unable to access console

On a recent Advanced Threat Analytics 1.6 install we got

Event 15005 HTTPEVENT

Unable to bind to the underlying transport for xxx.xxx.xxx.xxx:5985. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine.  The data field contains the error number.

After reboot and was then unable to access the webconsole of the ATA Center Install

Workaround for now set World Wide Web Publishing to delayed automatic start