Dec 26, 2014

Comparison : PPTP vs L2TP/IPSec vs OpenVPN



PPTP
L2TP/IPSec
OpenVPN
Background
A very basic VPN protocol based on PPP. The PPTP specification does not actually describe encryption or authentication features and relies on the PPP protocol being tunneled to implement security functionality.
An advanced protocol formally standardized in IETF RFC 3193 and now the recommended replacement for PPTP on Microsoft platforms where secure data encryption is required.
An advanced open source VPN solution backed by 'OpenVPN technologies' and which is now the de-facto standard in the open source networking space. Uses the proven SSL/TLS encryption protocol.
Data Encryption
The PPP payload is encrypted using Microsoft's Point-to-Point Encryption protocol (MPPE). MPPE implements the RSA RC4 encryption algorithm with a maximum of 128 bit session keys.
The L2TP payload is encrypted using the standardized IPSec protocol. RFC 4835 specifies either the 3DES or AES encryption algorithm for confidentiality. IVPN uses the AES algorithm with 256 bit keys. (AES-256 is the first publicly accessible and open cipher approved by the NSA for top secret information).
OpenVPN uses the OpenSSL library to provide encryption. OpenSSL supports a number of different cryptographic algorithms such as 3DES, AES, RC5, Blowfish. As with IPSec, IVPN implements the extremely secure AES algorithm with 256 bit keys.
Security weaknesses
The Microsoft implementation of PPTP has serious security vulnerabilities. MSCHAP-v2 is vulnerable to dictionary attack and the RC4 algorithm is subject to a bit-flipping attack. Microsoft strongly recommends upgrading to IPSec where confidentiality is a concern.
IPSec has no major vulnerabilities and is considered extremely secure when used with a secure encryption algorithm such as AES.
OpenVPN has no major vulnerabilities and is considered extremely secure when used with a secure encryption algorithm such as AES.
Speed
With RC4 and 128 bit keys, the encryption overhead is least of all three protocols making PPTP the fastest.
L2TP/IPSEC has a slightly higher overhead than its rivals due to double encapsulation. Comparable to OpenVPN under most conditions.
When used in its default UDP mode on a reliable network OpenVPN should perform better than L2TP/IPSec.
Ports
PPTP uses TCP port 1723 and GRE (Protocol 47). PPTP can be easily blocked by restricting the GRE protocol.
L2TP/IPSEC uses UDP 500 for the the initial key exchange, protocol 50 for the IPSEC encrypted data (ESP), UDP 1701 for the initial L2TP configuration and UDP 4500 for NAT traversal. L2TP/IPSec is easier to block than OpenVPN due to its reliance on fixed protocols and ports.
OpenVPN can be easily configured to run on any port using either UDP or TCP. To bypass restrictive firewalls, OpenVPN can be configured to use TCP on port 443.
Setup / Configuration
All versions of Windows and most other operating systems (including mobile) have native support for PPTP. PPTP only requires a username, password and server address making it incredibly simple to setup and configure.
All versions of Windows since 2000/XP and Mac OSX 10.3+ and most mobile operating systems have native support for L2TP/IPSec.
OpenVPN is not included in any operating system release and requires the installation of client software. The software installers are very user friendly and installation typically takes less than 5 minutes.
Stability / Compatibility
PPTP is not as realiable, nor does it recover as quickly as OpenVPN over unstable network connections. Minor compatibility issues with the GRE protocol and some routers.
L2TP/IPSec is more complex than OpenVPN and can be more difficult to configure to work reliably between devices behind NAT routers. However as long as both the server and client support NAT traversal, there should be few issues. In practice L2TP/IPSec has shown itself it be as reliable and stable as OpenVPN for IVPN customers.
Very stable and fast over wireless, cellular and other non reliable networks where packet loss and congestion is common. OpenVPN has a TCP mode for highly unreliable connections but this mode sacrifices some speed due to the ineffeciency of encapsulating TCP within TCP.
Client compatibility
  • Windows
  • Mac OSX
  • Linux
  • Apple iOS
  • Android
  • DD-WRT

  • Windows
  • Mac OSX
  • Linux
  • iOS
  • Android

  • Windows
  • Mac OSX
  • Linux
  • Android
  • IOS
  • DD-WRT (with the correct build)
Conclusion
Due to the major security flaws, there is no good reason to choose PPTP other than device compatibility. If you have a device on which neither L2TP/IPsec or OpenVPN is supported then it may be a reasonable choice. If quick setup and easy configuration are a concern then L2TP/IPsec should be considered.
L2TP/IPSec is an excellent choice but falls slightly short of OpenVPN's high performance and excellent stability. If you are using a mobile device running iOS (iPhone) or Android then it is the fastest to setup and configure as it is supported natively.
OpenVPN is the best choice for all platforms. It is extremely fast, secure and reliable. Additionally, the IVPN multihop network is only available when connecting via OpenVPN. The only minor downside is the requirement to install the software client but on most platforms this only takes a few minutes.


Iranian anti-censorship software ‘Simurgh’ circulated with malicious backdoor

Simurgh is an Iranian stand-alone proxy software for Microsoft Windows. It has been used mainly by Iranian users to bypass censorship since 2009. The downloadable file is less than 1 MB and can be downloaded within a reasonable amount of time even with a slow internet connection, which makes it convenient for many users in Iran. Simurgh runs without prior installation or administrator privileges on the computer and therefore, can be copied and used from a USB flash drive on any shared computer (i.e Internet cafes).

Simurgh is available for free download from its official website https://simurghesabz.net. After running the executable file, a user interface (see below) opens. When the user clicks “Start”, Simurgh will attempt to establish a secure connection. The web browser will then open a new window to provide users with a test page, confirming their secure connection originating from a different country.


Download PDF version

Click here to read an update to the post. (Last updated: May 30)

Click here to read the post in Farsi.

Click here to read media coverage on this post.

It has recently come to our attention that this software is being recommended and circulated among Syrian Internet users for bypassing censorship in their country. This information led to the discovery and analysis of a back-doored version of this software.

The malicious copy will install the Simurgh software, but will also install an undesirable backdoor on the victim’s computer. This software is distributed as “Simurgh-setup.zip” and is identifiable via the following md5 and sha256 hashes:

5e2a714fdfc2309af843056e8c5ae7d3 Simurgh-setup.zip
9c1a238d87e3bad41708c2e98f753442a224ed9df994e1a34083b2bf336047e5 Simurgh-setup.zip

When you unzip this file you are presented with Simurgh-setup.exe

379480c807812f3521466f7ff5ffa273 Simurgh-setup.exe
e20438a4cf90b67dab613451cc5b3bc35256413461dafdfc35425429d8d478df Simurgh-setup.exe

The installer from the most recent legitimate version of Simurgh looks like this:


Executing the malicious version starts an installation dialogue which looks like this:


In addition to creating a copy of Simurgh in:

C:\Program Files\Simurgh\Simurgh.exe

The malicious GUI installer drops 4 binaries in C:\windows\system32\drivers:

MSINET.OCX – 73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31
richtx32.ocx – 318cc48cbcfaba9592956e4298886823cc5f37626c770d6dadbcd224849680c5
shdocvw.dll – fdae6764d190bf265dbc2df352174ccdcc97b1680545e348f1ee1111b0808693
lsass.exe – 9320d247dd94f610f31037df8eda75fe79991f126d2e55d35a9532d09ff79896

The first three files are legitimate Microsoft system files which appear to be dependencies of the fourth, ‘lsass.exe’. This file is VB6 native code and is installed as an implant to allow persistent access to the victim’s computer and to provide data exfiltration capabilities.

As part of the installation the following registry entry is written which ensures the running of the Trojan on logon:

HKLM\software\microsoft\windows nt\currentversion\winlogon\shell explorer.exe C:\WINDOWS\system32\drivers\lsass.exe REG_SZ 0

On startup, ‘lsass.exe’ deletes ‘C:\WINDOWS\Media\Windows XP Start.wav’. This file is the ‘navigation’ sound in Explorer, IE, and other applications based on a common set of controls. Since ‘lsass.exe’ uses several of these controls, this is presumably done to prevent ‘clicking’ sounds during the operation of the implant. However, this will also lead to a lack of navigation sounds in other applications, where they would be expected.

In addition to ensuring persistence, ‘lsass.exe’ enumerates basic details of the system (IP address, hostname, victim username) and provides keylogging functionality. This binary contains three javascript files which are written out as the text files:

C:\WINDOWS\system32\win.txt
C:\WINDOWS\system32\1.txt
C:\WINDOWS\system32\2.txt

These act as basic HTML templates for data mined from the victim’s system (such as keystrokes). Processing of ‘win.txt’ renames it to ‘upl.htm’ which is then sent via HTTP post request to a remote site registered with a Saudi Arabian ISP.

If this Trojan is found to be installed on a computer one must consider all online accounts (E-mail, banking, etc.) to have been compromised and it is advised that all online passwords be changed as soon as possible. While this Trojan is detected by most anti-virus software as malicious, AV software cannot always be guaranteed to clean up an infected system and a full re-install is suggested.

This Trojan has been specifically crafted to target people attempting to evade government censorship. Given the intended purpose of this software, users must be very careful if they have been infected by this Trojan. Additionally, they should be cautious about installing software, especially circumvention software, from untrusted sources. Where possible, software should be downloaded from trusted official websites over HTTPS. If checksums or cryptographic signatures are provided by the software vendor, these should be checked prior to installation.

UPDATED: May 30, 2012

Media coverage
Since our report was published, the Simurgh team has taken several important steps to warn their users about this threat.

The Simurgh team warns their users directly on the website https://simurghesabz.net/ with a prominent message in Arabic, Farsi and English about the malicious versions of the software. They post MD5 checksums of the official binaries and malicious packages, as well as instructions for how to check MD5 checksums against downloaded software. If you use Simurgh you should immediately compare your installer against the checksums posted on the official site.

You can also find these checksums below:

Official binaries
– simurgh120.20100910.exe – 07855ead46bb15718ee73d513bdb9678
– simurgh120beta.20100326.exe – ddecf8ac6c96c148cc7c42183d25baa9

Malicious installer packages
– Simurgh-setup.zip – 5e2a714fdfc2309af843056e8c5ae7d3
– Simurgh-setup.exe – 379480c807812f3521466f7ff5ffa273
– Simurgh-setup.exe – 300b0d061dfb9c9c6d7bdeecc74169f1
– simurgh[homs-sin.ibda3.org].exe – c8c8817af66312cfcfcb1ddf952f9d98

As Sophos has pointed out in a recent blog post on Naked Security http://nakedsecurity.sophos.com/2012/05/29/spying-trojan-targets-iranian-web-surfers-dissidents/, the splash page that loads when Simurgh is initialized to show the users’ IP has been configured to warn users who may be compromised.


If you see a warning you should immediately run an antivirus program to remove the software or for greater assurance, reinstall your operating system.

In addition to the steps Simurgh has taken, we have made outreach to and notified the provider that was hosting the malicious version of Simurgh and they have now taken down the malicious package.

Psiphon : Local mobile phone users bypass billing as devs try to disable free Internet

MANILA - Psiphon, a free mobile app that’s available on Android, recently started trending on social media after some local users found a way to use it to gain free unlimited Internet access.

The users under local carriers Smart, Globe, and Sun Cellular have been using the mobile app to go online without incurring data charges, and have even managed to bypass the data caps that are supposed to limit those with unlimited mobile data subscriptions.

Psiphon continues to work even now, allowing users to browse the Web without load with the use of their tablets or smartphones.

Using the app couldn’t be simpler. You just download it and install it on your device, and you could be online browsing your favorite web sites free of charge within a few minutes — no technical knowledge required.

But all of this may soon come to an end. As we reported last week, Psiphon issued a statement to local users through one of their web sites, warning of an upcoming software update that will remove the ability to connect to the Internet for free.

Psiphon CEO and VP of Commercial Management Karl Kathuria sent us an e-mail to outline what really happened with Psiphon in this whole kerfuffle.

According to Kathuria, the previous Psiphon software update was intended to improve performance in certain areas, “making it harder to block the software and thus improving the experience for our existing user base.”

But shortly after the update, they noticed that Psiphon became “extremely popular” here in the Philippines.

The reason, according to reports sent to Psiphon and various social media postings, was that the app was being used not to bypass censorship but to bypass the billing paywall of local mobile providers.

So in the interest of making users use the app as intended, Psiphon will be updated soon to disable the free mobile Internet access.

Kathuria said in a statement, “Obviously, we intend to continue to make Psiphon available to everyone. Our next update will not stop Psiphon working in the Philippines, but it will prevent it being used for people to get free Internet connectivity.”

“The purpose of Psiphon is to bypass censorship,” Kathuria continued. “And we need to make sure that’s what it’s being used for.”

via interaksyon

Dec 22, 2014

Installing Windows 7 on VirtualBox Status 0xc0000225?

Today, after downloading a MS Windows7 Ultimate 64bit  edition I wanted to test it on a Virtual machine. I have VirtualBox installed on my PC so I give this a try to see if the .ISO I have downloaded is working and really a 64bit edition.

I created my new virtual machine and tried installing Windows 7 from my .ISO file but behold a glitch!


It says:
Windows Boot Manager

Windows failed to start. A recent hardware or software change might be the cause. To fix the problem:

1. Insert your windows installation disc and restart your computer.
2. Choose your language setting, and click "Next."
3. Click "Repair your computer."

If you do not have the disc, contact your system administrator or computer manufacturer for assistance.

Status: 0xc0000225

Info: An unexpected error has occurred.

The fix is real simple.

All you have to do is open the settings for your virtual machine:

System > Enable IO APIC


Save your new changes and launch the virtual machine again, everything will now run smoothly and you'll be able to install Windows 7.

Qnap Firmware Reflash / Recovery

Stuct At Booting When HDD’s Are Not Plugged In

If you cannot access the NAS after Step 3, please do the following:

  1. Turn off the NAS.
  2. Take out all the hard disk drives.
  3. Restart the NAS.
You will hear a beep after pressing the power button, followed by 2 beeps 2 minutes later. If you cannot hear first beep, Please contact your local reseller or distributor for repair or replacement service.

If you cannot Hear the two beeps, and Qnapfinder couldnt find your NAS, the NAS Firmware is Damaged. To fix this problem, please follow “Qnap firmware Recovery / Reflash” Documents for your device model.

If you couldn’t solve problem by yourself, Please contact your local reseller or distributor for repair or replacement service.

If Qnapfinder can find Qnap, fallow these steps;

1 – Download Putty software;

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

2 – Plug in all of your HDD’s with right order while device is still working. Dont restart Qnap yet. Check if all HDD’s are alright and recognized by Qnap. If any of HDD doesn’t recognized or size seems “0″, plug out that HDD.

3 – Log with putty by entering the Qnap IP / user name / password. (Username / Password: admin / admin. Port need to enter 22.)

Now enter these command down below; (Choose command from this screen and “copy” Then go to putty, just pr “pess right mouse button once. By this way, you can paste commands automatically)

# config_util 1 -> (it must say “mirror of root succeed”. if it gives “mirror of root failed” error, stop this step and request help from Qnapsupport.)

# storage_boot_init 1

# df

If dev/md9 (HDA_ROOT) appears full, please contact QNAP support team

# reboot

Now Qnap should reboot well. If you can reach Qnap interface after restart, check RAID system, and change broken HDD with a new one.

Dec 19, 2014

Windows Diskless with AoE Server Linux Distro

This is the new project for the community. A based Linux Distro ready-to-run for Diskless Server !
Windows Diskless with AoE Server Linux Distro

Main Features:
  • Simple DHCP Server configuration powered with a opensource project called "Opendhcpd Server"
  • MagicVolume with powered cool feature with Deduplicated FileSystem ! Now you can deploy more than 100 Windows diskless clients with ( for example ) a single SSD 128Gb Hard Disk, this feature is powered by opensource project OpenDedup.org !
  • Web Interface for Administration powered by opensource project Webmin;
  • Built-in ‘vblade‘ for easy export virtual disks (.vhd, .vmdk files)
  • Easy Windows Share access to Upload your Master Image directly to the MagicVolume;
Preview release for Download:

http://susestudio.com/a/UZQFsW/windows-diskless-with-aoe

Links:

- How to install the Distro
- The Server Specs
- Configure a Bond Interface
- The required Services
- The MagicVolume How-To
- The TFTP Server

How to view a website that has been deleted?

Sometimes, people delete their blog/website to protect their privacy.

For example, during Singapore Election, when Nicole Seah of NSP (National Solidarity Party) is nominated as a candidate, and she instantly becomes a public figure.

She starts protecting her privacy on Facebook, and deleted her personal blog to avoid public scrutiny. Her blog was originally at http://www.crappology.blogspot.com

http://classic-web.archive.org/web/20070713212452/http://crappology.blogspot.com/


With the help of Internet Archive, which archive ALL public webpages periodically, you can travel back in time to look at a website. Fortunately, her blog was archived in 2007 for us to take a look.

StarWind AoE Initiator

ATA-over-Ethernet Initiator for Microsoft Windows

ATA-over-Ethernet (AoE) is a network protocol designed for simple high-performance access to SATA storage devices over Ethernet. AoE does not rely on network layers above Ethernet, such as IP and TCP. It is more comparable to Fibre Channel over Ethernet than iSCSI.


AoE Initiator fully implements ATA-over-Ethernet client side protocol enabling you to connect to remote storage appliances such as Coraid®. AoE support enables connectivity to remote storage devices over a standard Ethernet network, regardless of where the device resides. With AoE Initiator and ATA-over-Ethernet, you can gain full access to a device anywhere on an Ethernet network, as though it were installed on a local machine.

Download StarWind AoE Initiator here

WinAoE Driver


WinAoE Driver is from http://www.winaoe.org

You should download this version because is already self sign files

Official Web Site: http://www.winaoe.org

Screenshots:

Game Disk Creation

To complete your Diskless Solution for you CyberCafé, you need a Game Disk !

Game disk is in fact a virtual disk. It’s a physical hard disk or just a partition on server. Game disk is almost used for game disk – on server, install games into this disk, on client side, you will get this disk and run games directly just like a local disk.
Of course, you can also use this function for other intentions.

The size of Game Disk will be very high.

We can create a Game Disk with VirtualBox to be a Master Image, after prepare all games, you can make multiples copies of this image to each Client (computer).

Note: On your Diskless Setup, need to exist one Game Disk per Client ( Computer );

Procedure
  • Creating a Game Disk
  • Export Game Disk with vblade
  • Install AoE Initiator
  • Attach Disk with AoE Initiator
  • Format Disk with Windows
  • Dettach Disk
  • Attach Disk on Master Client Machine ( image )
1 – Creating a Game Disk

With VirtualBox, open a settings from any Virtual Machine , and on Storage Section create a Disk.

Task 1 – Create disk

Task 2- Select format

Task 3 – Fixed Size

Task 4 – Set name and location

Task 5 – Finish

Task 6 – Wait the creation ( 10 minutes )

2 – Export Game Disk with vblade

Use vblade to export the AoE Targe.
vblade -b 400 1 1 "\Device\{value}" "d:\Master-Game-Disk.vhd"

3 – Install AoE Initiator

Download and install “Aoe Initiator” from StarWind Software.

The installation is simple, just Next, Next, Finish…

4 – Attach Disk with AoE Initiator

Attach the disk, set name and mark options.

5 – Format Disk with Windows

Open the “Disk Management Utility” from Windows and create a partition and format the Drive.

6 – Dettach Disk

Dettach the Disk;

7 - Attach Disk on Master Client Machine ( image )

Now attach the Game Disk on Client, install AoE initiator ! Your Game Disk is ready.

Install all games, after disconnect AoE Initiator and on server, multiply copies of game disk to other clients.

Note: After connect on disk, put the AoE Initiator icon on Startup of Windows to automatically map the new Game Disk on boot.

Note 2: Never connect exported disk with two or more AoE Initiators with differents machines at same disk simultaneously.
     

Control your vBlade’s Sessions with nice Interface

You can control your vblade sessions with a simple and nice interface to manage:

You can run the vblade session without a console with free “System Scheduler

Oficial website: http://www.splinterware.com/products/wincron.htm

Alternative Download Link: Ssfree.exe


and kill the process with “Process Explorer” from SysInternals Microsoft

Cache Write-Back

For cache write back feature you can use:

FancyCache is a supplementary software caching scheme that cooperates with system memory to provide data caching for volumes/disks. It improves system performance by transparently storing data into memory such that future requests for that data can be served faster. FancyCache caches data on a logical block basis (offsets within a volume/disk) while windows cache manager caches on a virtual block basis (offsets within a file).


FancyCache can also utilize the OS Invisible Memory which is wasted on 32-bit Windows when 4GB memory or more is installed.

Main Features
  • Supports LRU (Least Recently Used) and LFU (Least Frequently Used) cache algorithms
  • Supports caching strategies: Read/Write Caching, Read-Only Caching and Write-Only Caching
  • Supports Write-Through and Write-Deferred modes
  • Supports OS Invisible Memory and SSD (Solid-state Drive) as Level-II cache
  • Supports caching for volumes or entire disks
  • Supports TRIM command for SSD
  • Supports visual performance monitor
  • Supports cache plug and play
  • Supports basic and dynamic disks
  • Supports NTFS junction point
  • Supports volume/disk with proprietary file system
Website: https://web.archive.org/web/20131117170301/http://www.romexsoftware.com/en-us/fancy-cache/index.html

Download:

FancyCache Volume Edition: Download Sites

FancyCache Disk Edition: Download Sites

Coraid ZX NAS Combines ZFS and Scale-Out Ethernet SAN

Coraid Inc., developer of Ethernet SAN solutions with more than 1,500 customers, unveiled the ZX-Series family of NAS servers.


Designed for cloud, video and big data customers, this unified storage solution is powered by the Oracle Solaris ZFS file system combined with Coraid's EtherDrive technology to enable scalability, performance and operational simplicity.

"Organizations are increasingly challenged to provide predictable, cost-effective file performance in the face of uncontrolled data growth," said Carl Wright, EVP at Coraid. "By extending our product family to include a best-in-class NAS offering, Coraid can meet that challenge with a unified storage solution that takes full advantage of the scalability and performance of Ethernet SAN."

For Cloud, Video and Big Data Workloads

Capturing, storing and analyzing ever-larger sets of human- and machine-generated data stresses the scalability of legacy NAS systems. The ZX-Series is for processing large data sets such as consumer behavior analysis or HD and 3D video format editing because it provides the throughput and scale necessary to support accelerating data growth.

The ZX-Series delivers performance using read- and write-optimized flash caches and parallel 1Gb/10GbE connectivity.

By connecting to Coraid EtherDrive SRX arrays via ATA over Ethernet for a scale-out architecture, the ZX-Series scales performance to multi-petabyte capacity across a shared pool. The performance and scale is complemented by data protection and features including triple-parity RAID, redundant array of independent nodes (RAIN), active-active clustering, unlimited snapshots, deduplication and compression.

"Our research confirms that scale-out storage designs built on Ethernet align well with the evolving architecture of the virtualized data center," said Roger Cox, research VP at Gartner. "Functions such as hybrid storage pools, data deduplication and compression optimize storage utilization, thus reducing acquisition costs and improving TCO."

ZX-Series features include:

  • EtherDrive integration for multi-petabyte scalability and simplicity
  • Real-time analysis and diagnosis of performance to monitor and enforce service levels
  • Active-active cluster option for high availability
  • Data compression and in-line deduplication to improve storage efficiency
  • File-based snapshots, clones and replication for data protection
  • Automated storage hierarchy with hybrid storage pools (HSPs) containing DRAM, flash cache and HDDs to optimize performance
  • Seamless multiprotocol integration and secure data sharing between Microsoft Windows, Linux and Unix environments

Coraid

Coraid is High Performance and Low Cost Networked Storage

Coraid is redefining the fundamental economics of storage with Ethernet SAN solutions that provide enterprises of all sizes with flexible, high-performance, scale-out storage ideally suited to dynamic High Performance Computing, video, virtualization and cloud environments. The key is Coraid’s use of the advanced protocol ATA over Ethernet.

Business Benefits
  • Large amounts of shared storage at low prices.
  • Better performance than traditional storage technology.
  • Especially good for storing video and deploying Virtual Desktop Environments.
  • Over 1300 Satisfied Customers of Coraid including Ford and Disney.
  • New storage access technology means lower price and higher performance with better reliability.
Technical Features and Benefits
  • 5-8x Price/Performance advantage over Fibre Channel and iSCSI storage arrays.
  • CorOS™ parallel processing scale-out SAN operating system.
  • Distributed, modular architecture scales from a few Terabytes to Petabytes.
  • Automatic Load Balancing reduces bottlenecks; ideal for VMware environments.
  • Continuous RAIDShield™ testing fixes disk bad blocks; reduces drive failures.

New Technology Designed for Rapid Access at Low Cost (see above)
  • Layer-2 Ethernet
  • Less than $1,000/TB
  • Incredibly fast (>1,800 MB/s)
  • Plug-and-play configuration
  • Scale-out architecture
Better Than Traditional Fibre Channel or iSCSI Networked Storage (see above)
  • Expensive
  • Controller hurts performance
  • Complex to set-up and maintain
  • Difficult to scale

Simplified SAN Management

Coraid’s CorOS™ software provides the intelligence that enables rapid installation (minutes not hours), simple management, and RAID redundancy. The simplicity of EtherDrive Storage makes it easy to manage, because it’s easy to understand.

EtherDrive is a disk connected to your server via Ethernet. That disk may actually be a RAID volume, but it just looks like a local disk to the server. No need to learn complicated technology like Fibre Channel. Just add SAS, SSD or SATA disks to the EtherDrive Storage Appliance and you have all the space you want available for any server attached to the Ethernet SAN. It’s that simple.

Disruptive Price/Performance

Coraid’s EtherDrive® Ethernet SAN storage solutions deliver flexible, high-performance, scale-out storage designed from the ground up for simplicity and virtualization. EtherDrive® storage enables lower OPEX and 5-8x price performance advantage over legacy Fibre Channel systems.

How-To Diskless AoE – 09 Preparing a Real PC Lan Booting

To boot a real PC you should need to Convert a Windows installation to a .vhd, .vmdk or .img file, but in some cases you can use the VirtualBox Windows installtion to boot real machines ! So maybe you dont need to Convert.

The cases are if the NIC Card is recognized by operating system Windows XP/7/8 by default. Verify your onboard NIC and mark if that exists on default Windows drivers list. The CCBoot(r) Client have a PNP tool that list and collect the NIC Drivers from Windows system and put this nic drivers available to diskless boot.


See the CCBootPnP:


Click in the 3 buttons to apply the Drivers…  Now procedd to try boot your .vhd or .vmdk file from Diskless Server.

If Windows loading freeze,

 you need to Convert a real Installation, try this procedure:
Converting the Real PC with Windows installed ( apply to xp, 7, 8, etc…)

On PC Windows Station:
Task 1 – Download HDClone http://www.miray.de/products/sat.hdclone.html and install.
Task 2 – Download AoE Initiator http://www.starwindsoftware.com/aoe-ataoverethernet-initiator and install.
 
On Diskless Server:

Task 3 – Create a virtual disk with a required Windows size (that can support the actual partition size of your current Windows Station). You can use the graphical VirtualBox Manage to create .VHD 

Files, or use the ‘VBoxManage.exe’ tool.

If you running in a Windows Server with VirtualBox installed, you will have the VBoxManage.exe command:


example creating 25 Gb of disk:

On Windows:


On Linux Distro (version 0.0.15+):


Task 4 – on server export as a AoE target with vblade (Windows Server or Linux Distro method).

On PC Windows Station:

Task 5 - Use AoE Initiator from StartWind to connect to the exported aoe disk by Diskless Server, with  ”Automount the device” option unmarked.

Vblade tool from Windows Diskless Server exporting a disk:

The disk wil be connected:


Task 6 - Use HDClone — Clone hdd physical to virtual attached disk by AoE Initiator.


Task 7 – Validate the Conversion ( cloned ), initialize/activate the disk on ‘Disk Managment’ on ‘Computer Manager’, after Windows recognize the disk, view the disk by Windows Explorer.


Task 8 - Remove the physical HDD from PC Station and try to Boot From Diskless Server;

How-To Diskless AoE – 08 Editing with notepad++ the menu file ‘menu.lst’ of TFTP Root

Now its time to configure the Boot Menu of your Diskless Solution.

We already copy the necessary files to TFTP Root folder ( grldr, the new ipxe.iso and menu.lst) .

Open with Notepad++ the file ‘menu.lst‘.

Erase all the contents, copy and paste this code block above:

title === MENU BOOTS ===
()
title
()
title Windows 7 Diskless
map --mem (pd)/ipxe.iso (0xff)
map --hook
chainloader (0xff)

Now start, DHCP Server and TFTP Server and test the system with VirtualBox with a machine without disks.

Of course Boot from LAN:

Your menu will open:

Press <ENTER> and see the magic !


Select the respective option and go, your Windows Diskless will be booted.

Thats all ! Cya

To prepare a Real PC , go to Step 9