Creating a Site to Site VPN between your site and AWS

Out of the box you get 1 VPC with two networks.

1

You can create your own VPC with your own networks or you can use the ones provided.

In this example I am going to use the ones provided and I am going to go as far as I can to set up a vpn to my cisco router without actually committing to paying for the service.

First we need to create a customer gateway

From the VPC Dashboard navigate down to Customer Gateways. Then click Create Customer Gateway.

2

 

Add a name for the tag choose Static add the public IP address of your router. (If you do not know what the IP address is use google or IPchicken.com.)

Then click yes create

3

4

Virtual Private Gateway defines the routers at the amazon side.  

Click create Virtual Private Gateway.

5

Name the gateway and click yes create.

6

Attach to VPC

7

8

It takes a little while for this to happen.

Now Click on create VPN connection.

9

Create a name for the VPN add the static IP address and click Yes create.

This is also where you can view the costs of setting this up.

10

12

The VPN costs 5 cents US per connection hour this is at the end of November 2014.

13

This is the AWS side of the VPN setup the next step is to configure your side.

To do this  Click on Download configuration

14

Select the configuration closest to your router or firewall.

Click yes download and open the configuration with wordpad.

15

This is designed to be copied and pasted into the running configuration of your router.

if your router is not on the standard list of routers there is a generic option which gives you a list of configuration settings that you will configure on that router or firewall.

After this it is almost finished there is just one step to go. You need to go back to the routing table

16

Click edit. Then create a route to your private network.

17

After this you should be able to ping the server in your VCP subnet from computers in your private subnet and vica versa remembering that there may be firewalls and security groups that may need to be altered to make this happen.

 

 

 

Posted in AWS

How to create a screenshot and highlight text on a MAC

On a Windows 7 and onwards PC it is really easy to take a screenshot and highlight text using the highlighting pen found in Snapit. For a long time I have been trying to do that on a MAC. I finally found the answer this morning. I already new about “Command + Shift + 4” which lets you cut around the part of the screen that you want to take a snapshot then pastes the screenshot to your desktop. I could not figure out how to highlight text and I could not find a way to do it with preview or any of the other free programs that I tried.

 

So anyway this is how I learned how to do it.

Take a screenshot with “Command + Shift + 4” and open the picture with preview.

1

Now I am going to highlight the words “Gold Coast Area”

To do this I go to the top menu and select Tools > Annotate > Rectangle

2

A rectangle appears on your screen

3

You need to resize this to fit around the text you want to highlight and drag it to the correct position.

4

The next step is to adjust the translucency of the rectangle and shading and translucency of the shading.

You do this by clicking on border colour and fill colour in the menu bar.

5

Clicking on the border colour menu item give you a choice of colours

6

Click on  Show Colours to see more colours and an option for Opacity.

7

Scroll the Opacity slider until it looks visually correct.

Then close its window.

From here you can either leave it as it stands and save the changes or do the same thing for fill colour.

I am using green to make it visually different but normally I would keep it the same colour or empty.

8

And there you have it highlighted text.

 

 

 

 

Posted in MAC

Scheduling a task with PowerShell 3

The three components needs to schedule a job in PowerShell are:

New-JobTrigger
New-ScheduledJobOption
Register-ScheduledJob
New-JobTrigger and New-ScheduledJobOption can be run and assigned to a variable so that the output of both commands can be used in Register-ScheduledJob

 

NAME
New-JobTrigger

SYNOPSIS
Creates a job trigger for a scheduled job
SYNTAX
New-JobTrigger [-Once] [-RandomDelay <TimeSpan>] [-RepeatIndefinitely] [-RepetitionDuration <TimeSpan>] [-RepetitionInterval <TimeSpan>] -At <DateTime> [<CommonParameters>]

New-JobTrigger [-Weekly] [-RandomDelay <TimeSpan>] [-WeeksInterval <Int32>] -At <DateTime> -DaysOfWeek <DayOfWeek[]> [<CommonParameters>]

New-JobTrigger [-Daily] [-DaysInterval <Int32>] [-RandomDelay <TimeSpan>] -At <DateTime> [<CommonParameters>]

New-JobTrigger [-AtLogOn] [-RandomDelay <TimeSpan>] [-User <String>] [<CommonParameters>]

New-JobTrigger [-AtStartup] [-RandomDelay <TimeSpan>] [<CommonParameters>]
DESCRIPTION
The New-JobTrigger cmdlet creates a “job trigger” that starts a scheduled job on a one-time or recurring schedule, or when an event occurs.
To make the trigger logon you could use:

$trigger = New-JobTrigger -AtLogOn

To create a scheduled option

NAME
New-ScheduledJobOption

SYNOPSIS
Creates an object that contains advanced options for a scheduled job.
SYNTAX
New-ScheduledJobOption [-ContinueIfGoingOnBattery] [-DoNotAllowDemandStart] [-HideInTaskScheduler] [-IdleDuration <TimeSpan>] [-IdleTimeout <TimeSpan>] [-MultipleInstancePolicy <TaskMultipleInstancePolicy>] [-RequireNetwork]
[-RestartOnIdleResume] [-RunElevated] [-StartIfIdle] [-StartIfOnBattery] [-StopIfGoingOffIdle] [-WakeToRun] [<CommonParameters>]
DESCRIPTION
The New-ScheduledJobOption cmdlet creates an object that contains advanced options for a scheduled job.

$joboption = New-ScheduledJobOption -RequireNetwork -WakeToRun

To actually schedule the job you need to run

Register-ScheduledJob

NAME
Register-ScheduledJob

SYNOPSIS
Creates a new scheduled job.
SYNTAX
Register-ScheduledJob [-Name] <String> [-ScriptBlock] <ScriptBlock> [-ArgumentList <Object[]>] [-Authentication <AuthenticationMechanism>] [-Credential <PSCredential>]     [-InitializationScript <ScriptBlock>] [-MaxResultCount <Int32>] [-RunAs32] [-RunNow]       [-ScheduledJobOption <ScheduledJobOptions>] [-Trigger <ScheduledJobTrigger[]>]
[-Confirm] [-WhatIf] [<CommonParameters>]

Register-ScheduledJob [-Name] <String> [-FilePath] <String> [-ArgumentList <Object[]>]  [-Authentication <AuthenticationMechanism>] [-Credential <PSCredential>]                      [-InitializationScript <ScriptBlock>] [-MaxResultCount <Int32>] [-RunAs32] [-RunNow]      [-ScheduledJobOption <ScheduledJobOptions>] [-Trigger <ScheduledJobTrigger[]>]
[-Confirm] [-WhatIf] [<CommonParameters>]
DESCRIPTION
The Register-ScheduledJob cmdlet creates scheduled jobs on the local computer.
So now I am going to schedule a job that run get-service at logon

Register-ScheduledJob -Name “view services at logon” -ScriptBlock { Get-Service } -Trigger $trigger -ScheduledJobOption $joboption

1

Just to prove this works I have logged off and back on again.

2

Creating a functional domain using VPC in AWS

In this example I am going to create a functional domain called PDT.local it will have a Domain controller a Terminal server and a Member server which I will put on it’s own subnet. I will be allowing access only through the Terminal server from the internet and I will be using this server to connect to the other servers. In a production network I might do this differently but this is just an example.

My servers will be set up as following:

DC1.pdt.local 192.168.1.10

TS.pdt.local 192.168.1.11

MS.pdt.local 192.168.2.10

Step 1 Log on to the AWS console and select VPC

1

Click on the Start VPC Wizard

2

At the select VPC configuration wizard choose the option that suits you best I am choosing VPC with a Single Public Subnet.

Click Select.

Screen Shot 2014-11-13 at 11.55.59 am

Enter a master CIDR block in this case 192.168.0.0/16 and for the public subnet 192.168.1.0/24

 

Screen Shot 2014-11-13 at 12.10.08 pm

Click Create VPC

Screen Shot 2014-11-13 at 12.10.16 pm

The wizard then takes a couple of minutes to create the networking components.

When it is finished click on Subnets

Screen Shot 2014-11-13 at 12.16.44 pm

Then Create Subnet

Give the subnet a name tag select the correct VPC and the Availability Zone that you selected earlier and enter a CIDR block. In this case 192.168.2.0/24. This is the subnet where I will be putting the member server.

Screen Shot 2014-11-13 at 12.19.27 pm

The next step is to create Security groups there will need to be at least one for each subnet.

Screen Shot 2014-11-13 at 12.32.27 pm

Screen Shot 2014-11-13 at 12.35.38 pm

Now we need to create rules for the Security Groups.

Click on the Security group and go to the Inbound rules tab then click edit.

I am only going to configure inbound rules but if you need more granular control you can configure outbound rules too.

Screen Shot 2014-11-13 at 12.42.07 pm

Click on Edit.

Screen Shot 2014-11-13 at 12.45.58 pm

There is a nice feature here now where you get to choose the source security group from a pop up menu. I am going to give all access to the Member servers security group and port 3389 access from the internet. Normally you would lock this down to a specific IP address or range.

Screen Shot 2014-11-13 at 12.52.54 pm

For member servers I am locking it down to only traffic from the Domain Controllers Security group I am allowing all traffic but this could be made more specific.

Screen Shot 2014-11-13 at 12.56.06 pm

Now it is time to spin up the 3 instances two in the 192.168.1.0 subnet and one in the .2.0 subnet.

Go back into EC2 launch an instance The first one I am going to build is the Terminal Server as that is the one I am connect to the internet.

So just build an instance as normal only on the Configure Instance Details screen choose as follows.

select the 192.168.0.0 Network and the 192.168.1.0/24 subnet and for the internet facing server select enabled under the Auto-assign Public IP choice.

Screen Shot 2014-11-13 at 1.19.50 pm

Then just make sure it is in the correct security group.

Then build the other 2 instances taking care to put them in the correct security groups.

While the 3 instances are building I am going to create network interfaces so that I can assign my servers static IP addresses. Actually I am only going to do this for the Domain controller but in a production environment I would do this for all the servers.

So under the EC2 console navigate to Network interfaces

Screen Shot 2014-11-13 at 1.42.29 pm

Click Create Network Interface and enter a description, select the correct subnet, enter a private IP address and select the correct security groups for this interface.

Click yes create.

Screen Shot 2014-11-13 at 1.49.39 pm

Select the network interface and click attach.

And attach it to the Correct instance.

This server now has two network interfaces you can disable the network interface that has the dynamically assigned IP address from inside the server.

Now it is time to log on.

Screen Shot 2014-11-13 at 1.59.11 pm

go to the instance and click connect.

Having logged on the Terminal server I confirm that I can ping the other two servers and then I create RDP connections to them.

For the Domain controller I renamed it and disabled the adapter with the dynamic IP address.

I did the same for the member server and then for the Terminal Server.

Now for the Domain Controller I am going to add the Domain Services role and promote it to a Domain Controller.

Set a local admin password for the other two servers one that is easier to remember than the AWS assigned one or document the AWS assigned one.

The one last step that needs to be done before you can add the servers to the domain is to do an ipconfig /all find out the DNS server address go into the network adapter properties and change the primary DNS server to that of the Domain Controller and the secondary to the DNS server you discovered with ipconfig.

Screen Shot 2014-11-13 at 2.56.47 pm

then ping the fully qualified domain name of the DC and you should be able to join the domain.

One interesting point of note is that the Terminal server was not able to ping the DC by it’s  name until I added a statically assigned network adaptor. After that all three servers are on the domain and could be configured further.

Screen Shot 2014-11-13 at 3.26.42 pm

 

 

 

 

Posted in AWS

Taking a list from notepad and turning it into a CSV

This procedure reads a list that is written in notepad and turns the list into a CSV.

First create a list in notepad. There a many ways to do this you could copy something from Excel sometimes PowerShell and other utilities returns date in a way that is hard to use. Some of the ESX reports come to mind. Useful information but not in a form you can do anything with.

This is a list of colours I created in Notepad I am going to turn this into a CSV.

Screen Shot 2014-11-06 at 12.04.07 pm

First import them into PowerShell and Assign them to a variable

$colours = Get-Content “C:\Users\Administrator\Documents\colours.txt”

This take the contents of colours.txt and assigns it to the variable $colours

$coloursCSV = $colours -join ‘,’

$colours -join ‘,’ takes the contents of $colours and puts a ‘,’ in between the values

 

Screen Shot 2014-11-06 at 12.11.25 pm

 

 

Assigning a static IP address to a windows instance in AWS VPC

This is the procedure that I use to give Windows servers in AWS VPC a static IP address.

The first step create a security group that allows RDP and ping from my address

Go into the VPC dashboard navigate to Security Groups and click on Create Security Group.

1

Fill in the Create Security Group screen with a name tag and group name as well as a description. Then make sure the VPC option is for the correct subnet. Then click Yes, Create.2

Edit the security group by clicking edit.

3

Create rules allowing RDP and Ping to come from your source address.

to limit it to one IP address use 55.55.5.5/32. The slash 32 limits incoming traffic to that exact address.

4

Create a Network interface and assign it a static IP address.

From the EC2 Console go to Network interfaces and Click Create Network interface

11

Add a description, make sure it is in the correct subnet, assign an IP address (the first few are reserved so I like to start at 10), Click on the security group created earlier and click Yes, Create.

12

Create a Windows instance in the correct  VPC subnet and assign it to the Security group created previously.While the instance is building  attach the network interface.

Go into VPC Dashboard > Elastic IP’s and allocate a new address

6

Then click yes to allocate the address

7

Right click on the new public address and click associate

8

Choose Network interface to associate with and choose the network interface that corresponds to the static interface created earlier. And click yes associate.

9

Log on to the windows instance and disable the Ethernet adapter that has the dynamic ip address.

19

After this the server will only have one statically assigned IP address

Posted in AWS

Assigning a static IP Address to a Linux VPC Instance

When you create an instance with AWS by default it is assigned a DHCP address. This is not always a good thing and for more control over your environment it is a good idea for instances to get the IP address that you want. In this procedure I am going to spin up an instance of Ubuntu and assign it a static IP address.

I have already configured VPC with two subnets that are routed to the internet.

Step 1 is to create a security group in the VPC environment.

_1

 

I edited the rules to allow SSH and all ICMP from my computer.

Step 2 is to go into EC2 and create an Instance I use Ubuntu in this example.

1

2

3

Make sure it is in the correct subnet in this case subnet a.

This is really hard to reverse so it is a good idea to get this right in the first place.

4

5

6

Click to select existing security group

Choose the security group that was created in Step 1

7

Choose the one just created and click review and launch instance.

8

And click Launch

9

Select an existing key pair and click to Launch Instance

10

When you create an instance it gets a randomly assigned IP address. If you want more control a manual static address is a better idea.

To do this you need to create another network card which has a static IP and assign that with the instance.

 11

Navigate to Network Interfaces and click Create Network Interface

12

Add a description

Assign it to the correct Subnet

And type in a static IP address (1 is actually reserved so I used 172.31.1.10)

13

Next right click on the interface and click Attach

14

15

Select the instance that you want to attach the interface to.

Now the instance has the static network adapter attached.

However the linux instance does not know this yet.

Next you need to associate an elastic IP address this one needs to be associated with the network adapter that was created with the DHCP assigned IP address.

16

Navigate to VPC Dashboard > Elastic IPs and Allocate New Address

17

Click Yes Allocate

18

Select the public IP address and choose Associate Address

Under Associate With  select Network interface

19

20

Under Network interface select the interface that has the Dynamic Address not the one with the static address created earlier.

The reason for this is that the script that created the instance can set up the configuration files to point to that interface.

 21

Step 3 SSH into the Server

23

Doing ifconfig shows the first interface but proves that ubuntu does not even know about the other interface.

24

25

26

As you can see there is only one network interface configured eth0

This is how it is configured

27

A configuration file needs to be created for eth1 a quick way to do the is using cp to copy eth0 to eth1 and then modify eth1 with vi.

28

sudo  vi /etc/network/interfaces.d/eth1.cfg

29

Modify this to eth1 and change the comment to secondary interface.

It is fine that it says dhcp because this is a DHCP reserved address.

30

Now it is time to bring up the interface with:

sudo ifup eth1

31

The interface is up and it has the correct IP address.

Now the routing table needs to be modified.

32

As you can see the default route points to eth0 this need to be changed. So use the following command:

sudo ip route add default via 172.31.1.1 dev eth1 tab 2

33

sudo ip rule add from 172.31.1.10/32 tab 2 priority 200

34.JPG

Now go to elastic IPs  and associate the public address with the static interface

35

Associate it with the Network Interface connected to the Static IP address.

Now the server has a static IP address.

Posted in AWS

Configuring VPC without using the wizard

This procedure is how to configure Amazon’s Virtual Private Connect. I will be creating two subnets for subnet 172.31.1.0 and 172.31.2.0 then creating an internet gateway and setting up routing between subnets and the internet.

 

Open the AWS console and open the VPC Dashboard

1

View Your VPCs and Click Create VPC

Create a Name tag [Sydney Core Subnet (172.31.0.0/16)]

And Enter a CIDR block 172.31.0.0/16

2

And click Yes, Create.

Now it is time to create subnets

3

Click on Create Subnet

4

Type in a name for the subnet

Add it one of the availability Zones

And enter a subnet that falls within the addressing of core VPC subnet

5

Using the same process create Subnet b

6

This time I am using the -2b availability zone.

7

Now it is time to create an internet gateway.

8

Navigate to Internet Gateways and click Create Internet Gateway

9

Name the internet gateway and click Create

10

Click Attach to VPC

11

Click Yes Attach

12

As it stands the subnets can talk to each other from a routing point of view.

However neither can get to the internet.

So we need to create routes.

13

Click on Route Tables then Click on the Routes tab.

14

Click on Edit

15

Create a default route 0.0.0.0/0 and point it at the Internet Gateway which was just created

16

Click on save

17

This creates a default gateway for each of the subnets.

Posted in AWS

Killing unwanted processes

Script top kill unwanted processes

It is a good practise to know what processes should be running on your computer.

If you know what should be on your computer it is easier to stop processes that should not be running. This is a way I use to stop rouge processes.

First I get a list of what should be running. I do this by creating two files TrustedCompanies.txt and TrustedProcesses.txt.

To get the trusted companies I close all of the applications and use the following PowerShell command:

get-process |Where {$_.company –ne $Null} | select company -Unique

1

I then copy the companies and paste them into notepad.

Using that list I find all of the other processes

2

Then I go through that list and make sure these are genuine processes and I copy them to a file called TrustedProcesses.txt.

Then if I need to I can run the following kill script:

Get-Process |where {$_.Company -notin $comps} | Get-Process | where {$_.Name -notin $procs} | kill

3

And it is a good idea to run this with the –WhatIf option the first time you do this just to be sure.