Franske ITC-2300 Assignment: Difference between revisions
BenFranske (talk | contribs) |
BenFranske (talk | contribs) |
||
Line 30: | Line 30: | ||
==Virtualization Labs== | ==Virtualization Labs== | ||
===Proxmox VE Installation Lab=== | ===Proxmox VE Installation Lab=== | ||
Find instructions for the [[Proxmox VE Installation Lab here|Proxmox VE Installation Lab]]. | |||
===Proxmox VE Containers and Cluster Lab=== | ===Proxmox VE Containers and Cluster Lab=== |
Revision as of 01:00, 17 September 2020
Labs
You are responsible for completing ALL of these labs. You must submit a lab report (click for details about how to write these) for each topic. Each lab report is worth up to 20 points. This falls into the Labs/Homework category of your course grade.
Cloud Labs
Introduction to the Cloud
- Create an Azure Account Exercise
- NOTE: Do this through the Azure for Students page to get a $100 credit on your account. You will need a .EDU email account to do this. Find out how to get a .EDU address from Inver Hills if you don't have one setup yet.
- Manage Services in the Azure Portal: Work with Blades
- Manage Services in the Azure Portal: Use the Azure Portal
- Manage Services in the Azure Portal: Customize the Dashboard
- Core Cloud Services: Introduction to Azure
Using Azure Virtual Machines
- Create a VM Using the Azure Portal
- Create a Linux Virtual Machine in Azure
- Create a Windows Virtual Machine in Azure
- Manage Virtual Machines with the Azure CLI
Scaling Azure Virtual Machines
- Use Update Management on a virtual machine
- Use azure log analytics and schedule updates
- Explore Azure virtual networking
- Create an Azure virtual network
- Create an Azure VPN gateway
- Deploy a VM using an Azure Quickstart template
- Extend the Quickstart template to deploy a basic web site
- Add a data disk to a VM
- Resize a VM disk
Virtualization Labs
Proxmox VE Installation Lab
Find instructions for the Proxmox VE Installation Lab.
Proxmox VE Containers and Cluster Lab
- Open your network adapter properties on your host system and ensure any VirtualBox network adapters such as the VirtualBox Host Only Adapter are disabled.
- Connect the PCs in your pod to the ITCnet network
- Boot all your Proxmox VE Server systems
- Check the available container templates on your PVE server and make sure you have downloaded the latest Debian and Ubuntu system templates. Also download at least one of the Turnkey Linux appliance templates such as the Wordpress template.
- NOTE: If you have an incomplete list of container templates it's likely the case that your system was powered off when the auto-run script went to check the list of available templates. You can refresh this list manually from the PVE command line using information from the ProxMox Linux Containers page.
- After you have the containers downloaded go ahead and deploy a container based on the Ubuntu template, use DHCP addressing.
- Try using the Ubuntu container to see if it feels any different than a full Ubuntu VM.
- Create a Proxmox cluster for your pod. Do this on the proxmox node containing the most VMs (the ones you want to save) all other nodes will need to have their VMs wiped before joining the cluster.
- Add all of the PVE servers/nodes in your pod to your Proxmox cluster
- NOTE: You will need to remove all of the VMs on the node before you add it to the cluster
- Deploy a Debian container to a node in your Proxmox cluster, verify it is working
- Deploy a Wordpress server container to a node in your Proxmox cluster, verify it is working
- Try migrating one of your VMs from the last lab which is not powered on from one node to another node in the cluster and then powering up and verifying the VM still works
- Try migrating one of your Linux containers from one node to another node in the cluster (you will have to power it down) and then powering up and verifying it still works
- NOTE: We are unable to test online migration as Proxmox requires shared storage for online migration (this was also required by VMware until recent versions)
- Try modifying an existing container or VM by adding extra storage, in the form of an additional virtual disk, to the system
- Try cloning one of your VMs
- Safely shut down all your containers and VMs
- Safely shutdown your Proxmox VE server
- Ensure all your network connections are back to normal and you are connected to the campus network.
IP Addressing Information
Use the following information to correctly address your VMware systems:
Pod | IP Address | Use |
---|---|---|
1 | 172.17.144.50 | VCSA |
172.17.144.51 | ESXi-1 | |
172.17.144.52 | ESXi-2 | |
172.17.144.53 | ESXi-3 | |
2 | 172.17.144.54 | VCSA |
172.17.144.55 | ESXi-1 | |
172.17.144.56 | ESXi-2 | |
172.17.144.57 | ESXi-3 | |
3 | 172.17.144.58 | VCSA |
172.17.144.59 | ESXi-1 | |
172.17.144.60 | ESXi-2 | |
172.17.144.61 | ESXi-3 | |
4 | 172.17.144.62 | VCSA |
172.17.144.63 | ESXi-1 | |
172.17.144.64 | ESXi-2 | |
172.17.144.65 | ESXi-3 | |
5 | 172.17.144.66 | VCSA |
172.17.144.67 | ESXi-1 | |
172.17.144.68 | ESXi-2 | |
172.17.144.69 | ESXi-3 | |
6 | 172.17.144.70 | VCSA |
172.17.144.71 | ESXi-1 | |
172.17.144.72 | ESXi-2 | |
172.17.144.73 | ESXi-3 | |
7 | 172.17.144.74 | VCSA |
172.17.144.75 | ESXi-1 | |
172.17.144.76 | ESXi-2 | |
172.17.144.77 | ESXi-3 | |
8 | 172.17.144.78 | VCSA |
172.17.144.79 | ESXi-1 | |
172.17.144.80 | ESXi-2 | |
172.17.144.81 | ESXi-3 | |
9 | 172.17.144.82 | VCSA |
172.17.144.83 | ESXi-1 | |
172.17.144.84 | ESXi-2 | |
172.17.144.85 | ESXi-3 |
Default Gateway: 172.17.144.1 Subnet Mask: 255.255.255.0 DNS: 172.17.139.10
vmWare ESXi Installation Lab
- Open your network adapter properties on your host system and right click to "Disable" any VirtualBox network adapters such as the VirtualBox Host Only Adapter.
- Create a new VM in VMware Workstation with the following specifications. Be sure to save the VM to a location on the D drive outside of the CNT Files folder.
- 24GB RAM
- 350GB Hard Drive
- 2 CPUs
- Locate the ESXi Install ISO file (VMvisor Installer) in the D:\CNT Files\ITC 2300 directory and use it to start the installation
- Set the networking to "Bridged" and make sure you are connected to the ITC network.
- Set the root password on your ESXi system during the installation, it needs to be at least 7 characters. Be sure to write it down!
- Create another new VM in VMware Workstation with the following specifications. Be sure to save the VM to a location on the D drive outside of the CNT Files folder.
- 3GB RAM
- 25GB Hard Drive
- 2 CPUs
- Locate the Windows 7 Enterprise ISO file in the D:\CNT Files directory and use it to start the installation
- Set the networking to "Bridged" and make sure you are connected to the ITC network.
- Set the Administrative password on your Windows 7 Client system during the installation, be sure to write it down!
- Verify you have network connectivity between the Windows client system and all your ESXi systems.
- Shut down your Windows 7 Client, this will be used in a future lab.
- Browse to the ESXi system in a web browser on your host system.
- Login as the root user.
- Add a new account and give it administrative permissions to the ESXi system. Log out of the root account and in with the new user account.
- Create a new folder on the ESXi datastore for ISO files.
- Use a web browser on your host system to access the ESXi server's web interface.
- Log in to the "VMware Host Client" through the web interface using your new login credentials (not the root account)
- Upload the Linux Mint ISO file from the D:\CNT Files directory on your host system to the new ISO folder on the ESXi server datastore.
- Create a new VM on the ESXi system (not in VMware Workstation) where you can install the Linux Mint system.
- Complete the installation of Linux Mint as a VM on the ESXi host
- Safely shut down your ESXi server VM.
- Ensure all your network connections are back to normal and you are connected to the campus network.
- Remind your instructor to download a new VCSA image file to the CNT Files directory before next week, they expire every year!
vmWare vSphere vCenter Server Installation Lab
- Connect the PCs in your pod to the ITCnet network
- Open your network adapter properties on your host system and ensure any VirtualBox network adapters such as the VirtualBox Host Only Adapter are disabled.
- Boot your ESXi Server system
- Obtain static IP addressing information from the table above and change the IP address of each ESXi server in your pod to a unique static IP address.
- Boot your Windows 7 Client system
- Mount the vSphere vCenter Installer ISO (VCSA) found in the D:\CNT Files location on your Windows 7 Client system by attaching it to the Windows 7 VM virtual CD drive.
- Open the installer.exe file found in the vcsa-ui-installer\win32 directory of the CD image and click install to begin the installation process. If you're unfamiliar with the installation process you can refer back to your readings as well as a VMware walk-through.
- During the installation you will need to select one of your pod's ESXi servers to install the vCenter appliance onto. Only one VCSA installation per pod!
- Set a root password for your VCSA server during the installation process, be sure to write this down!
- When given the option you should install vCenter Server with an Embedded Platform Services Controller
- When asked about the appliance size choose a "Tiny" installation and "Default" storage size.
- Select the checkbox to enable "Thin-Disk Mode"
- Use the correct static IP address for the VCSA from the allocation you received for your pod and choose to synchronize time with the ESXi appliance host. The IP address should also be used as the system name.
- The first phase of the installation will take quite a while to complete. Once it is done you will be prompted to start stage 2
- Choose to synchronize time with the ESXi host and enable ssh access
- When creating a new SSO domain use "podX.local" (where X is replaced by your pod number) as your SSO Domain Name
- Set the site name to Pod-X (where X is replaced by your pod number)
- After the installation completes use your credentials (administrator@podX.local) to log in to the VCSA web client at the address provided.
- Note: You do not need to access the web interface through the Windows 7 client system. Because it's just a web interface you can connect from the browser on your host system or any other PC on the network.
- Spend a few minutes exploring the VCSA web client interface
- Create a new Datacenter and give it a name
- Add the all the ESXi hosts in your pod to the datacenter
- Create a few more VMs through VCSA on various different ESXi hosts. Use the ISOs in the CNT Files folder to install another copy of Mint into one, Windows 7 into another, and Windows 10 into another.
- NOTE: You will need to upload the ISOs to the datastore on the ESXi system which you are creating the VM on before you can install the systems.
- Safely shutdown all running VMs except VCSA
- Safely shutdown the VCSA appliance
- Safely shutdown all ESXi hosts
- Safely Shutdown Windows 7 Client System
- Ensure your system is reconnected to the campus network
vmWare vSphere Administration Lab
- Connect the PCs in your pod to the ITCnet network
- Open your network adapter properties on your host system and ensure any VirtualBox network adapters such as the VirtualBox Host Only Adapter are disabled.
- Boot all your ESXi Server systems
- Boot your VCSA VM Appliance using the ESXi web interface on the ESXi system hosting VCSA.
- Use the VCSA web interface to create a new VM which is running on an ESXi server OTHER than the one running VCSA (so more RAM is available) to install Windows Server 2016. You will need a VM with 2GB RAM and a 50GB hard drive.
- Complete the installation of Windows Server 2016 into the new VM. The ISO installation file for Windows Server can be found in "D:\CNT Files" Use "dc1" as the machine name.
- NOTE: Click the link that you do not have a key and install the standard version of Server 2016, this will give you a trial license.
- Add the Active Directory Domain Services role to the server. Use "podX-ad.local" (where X is your pod number) as the root domain name and "podX-ad" as the NetBIOS domain name.
- While the Active Directory role is installed and the domain controller promotion script is running (these will take some time to complete) continue through this lab.
- It's sometimes the case that you may have a malfunctioning web interface and need to start some critical VMs such as VCSA and some Active Directory servers only through the host command line interface. We'll simulate this setup by checking the status and powering on one of our Windows 7 or Linux Mint VMs through this host console.
- Use the host command line console on your ESXi machines to get a list of the VMs registered at each host.
- Use the host command line console on your ESXi machines to check the power status of one of your Windows 7 or Mint VMs (they should be off)
- Verify the VMs are off in the vCenter Server web client
- Use the host command line console on your ESXi machines to power on one of your Windows 7 or Mint VMs.
- Verify the VM is powering on through both the Use the host command line console on your ESXi machine as well as through the vCenter web interface.
- Another useful virtual machine task is to set certain VMs to automatically power on when the ESXi server powers on. Read the VMware KB article on the topic.
- Set the VCSA VM to automatically power on with the ESXi host.
- One benefit of the vCenter Server system is that you can migrate VMs from one ESXi host to another. First let's try this with a powered off virtual machine.
- Choose one of the powered off VMs on one of your hosts in the VCSA Web Client. On the summary tab check to see which host the VM currently resides on.
- Right click on it and choose migrate to open the migration wizard. You want to move both the compute (CPU/RAM) and storage (disk images) to a new host so make that selection.
- Select a different ESXi server and a datastore attached to that server and begin the migration.
- Once the migration is complete check that the VM shows it is on a different host and verify that it still powers up and works.
- An even more powerful tool is to be able to migrate VMs while they are running, this feature is called vMotion. Take the same VM and try the migration process again (back to the original host) while the machine is powered on.
- This may take quite a bit longer to complete so let's go back to our Windows Server setup while the vMotion magic is happening.
- It would be nice to have a single sign on for VMware vCenter Server users which is backed by our Active Directory domain so let's see if we can get that running.
- Follow the VMware instructions for adding a vCenter Server Single Sign-On identity source. You may also need to read the Active Directory Identity Source Settings.
- NOTE: You will need to know the Base DN for the users and groups in your Active Directory. A Base DN is a path to the location in Active Directory where something is stored (in this case user accounts and groups). You may need to do some research online and make some inferences to figure out what your Base DNs are.
- You are going to want to setup Active Directory as an LDAP server so that you don't need to join your VCSA system to your domain. Instructions for setting that up can be found here.
- NOTE: If you instead want to try joining your VCSA system to the domain and using Integrated Windows Authentiction see how to join the vCenter Server Appliance to an Active Directory Domain.
- Create a new user account in AD and try adding it as an administrator in vCenter Server.
- Try logging in with the new account in vCenter Server.
- Safely shutdown all running VMs except VCSA
- Safely shutdown the VCSA appliance
- Safely shutdown all ESXi hosts
- Ensure your system is reconnected to the campus network
Homework
Any homework assigned in the course will go here. This falls into the homework category of your course grade.
- Participate in an online forum discussion (typically 3 quality posts or more) of each topic on the CLASS server site. See forum posting page for details. (up to 10 points each topic based on quality)
Participation Activities
Any participation activities completed in the course will go here. This falls into the participation category of your course grade.
- For each topic you need to meet with the instructor at least once to check on your status and understanding of the topic. Each meeting will be worth up to 10 points.
- You will need to complete peer evaluations of all course projects, these evaluations will be worth 10 participation points total
Topic Assessments
You are responsible for completing an online assessment for each topic. These fall into the online assessments category of your course grade.
Other
You are also responsible for completing these things, see the course syllabus for category and weighting information.
- Online Final Exam
- Course Project
Course Project
The course project will take the place of the skills exam in this course and will allow you and your lab partner to continue to experiment with one of the topic areas covered in the course. You will need to present your project in a presentation/demonstration to the class which is expected to last 10 minutes.
The project should be related to one of the three topics covered in the course (VoIP, virtualization, and/or cloud). You may either expand on one of the tools that we used in the course or explore a different tool in the same topic area. Your project plan should be approved by the instructor. Remember that the project is 15% of your final grade so it is expected to be a substantial amount of work.
Grading
There will be two primary components to your grade for the project, a lab report and a presentation.
You will be turning in a lab report using the same format you have used for other lab reports in the class but it will be longer as this is a much more substantial project. Lab reports for this project should be about 4 pages long (single spaced) and include all the regular sections of a lab report (what you did, what problems you had, how you tested, and what you learned. The project lab report will be worth 100 points.
In addition you will receive a grade on a 10 minute presentation to the class. The presentation should be interesting, engaging, informative, and factually correct. It is a good idea to show off your actual work as much as possible (not just talk about it) so you are strongly encouraged to find a way to demonstrate something "live" during the presentation.
The presentation score is comprised of:
- Topic Content (30 Points)
- Was the topic appropriate for the course project? Was the content presented accurate and did it provide a good overview of the topic and the work done? Was the amount of work done appropriate for a large course project?
- Presentation Skills (30 Points)
- How well did the group do explaining the content? Were they able to adequately answer appropriate questions from the class? Was the presentation professional and well prepared?
- Engagement (20 Points)
- How well did the group engage the class in their presentation? This could include getting or asking questions of the class, using appropriate visual aids, etc. How well did the group express excitement and interest in the topic of their presentation?
- Overall Quality (20 Points)
- Did you learn something or get something clarified in your mind? Did you feel listening to this presentation was worth your time? Was this a "good" presentation? Are you interested to learn more about this topic having heard this presentation? Do you have a good understanding of how you could use this to solve future problems you come across?
Archived Labs
This section contains information about labs that have been used in this class in the past. You are NOT responsible for completing these labs.
Asterisk VoIP Labs
Introduction to VoIP Labs
- Use one of the Cisco 2811 routers and Cisco 3750 POE+ switches to create a segregated network for your VoIP environment. See these sample switch and router configurations (needs to be modified with correct IP addressing for your pod).
- Connect Fa0/0 on the router to the ITCNet switch and configure it with the same IP address used for your VCSA system in the VMware labs
- Setup Fa0/1.10 on the router as your "Internal VOIP Network" with an IP address of 192.168.10.1/24 on VLAN 10
- Setup NAT Overload (PAT) on the router with Fa0/0 on the outside and Fa0/1.10 on the inside
- Setup a DHCP server on the router on the 192.168.10.0/24 subnet with a default router of 192.168.10.1 and a DNS server of 172.17.139.10, exclude 192.168.10.1-192.168.10.20
- Connect Port Fa0/1 on your router to a Cisco 3750 POE+ switch on Port 24 and setup the port as a trunk port and VLAN 10 as an active VLAN on the switch, use 192.168.10.2 as the management IP for the switch on VLAN 10
- Move your PC to your "Internal VOIP Network" by connecting it to your switch on Gi1/0/1 configured as a VLAN 10 access port and ensure it gets a DHCP address and has working Internet connectivity
- Create a new Virtual Machine named "Debian Asterisk CLI" and Install Debian Linux
- VM Specs: 4GB RAM, 50GB HDD, Bridged Networking
- Install Debian Linux onto the VM
- Make sure you have a working Internet connection through your VoIP network to your host machine (and VM) before starting the installation
- Set a hostname of PodX-AsteriskCLI (replace the X with your Pod number)
- Be sure to choose an online mirror for packages or you won't be able to install packages from the Internet once your installation finishes
- Be sure to uncheck "Debian Desktop Environemnt" when asked about packages to install. (Press the space bar when this option is highlighted to uncheck it)
- You can save some time later if you check "SSH Server" when asked about packages to install. (Press the space bar when this option is highlighted to check it)
- On your Debian system set a static IP Address of 192.168.10.3/24 Default Router of 192.168.10.1 and DNS Server of 172.17.139.10
- On your Debian system comment out the CDROM source from /etc/apt/sources.list
- Install the Asterisk VoIP PBX using the Debian Package
- apt update
- apt install asterisk
- Install the tftpd-hpa package on your Debian system to enable it to be a TFTP server
- Install the openssh-server package on your Debian system to enable SSH access to it from your PC (and your partner's PC if they connect their PC to VLAN 10 on the switch as well)
- Install the sudo package on your Debian system and add your regular user to the sudo group on the system so the account has administrative command access
- NOTE: After this point you have everything needed to connect to your Asterisk system with SSH for configuration and file transfer (PuTTY and Filezilla). It's strongly suggested you connect to and work on your system over SSH from this point on instead of trying to use the VMWare Workstation console. Cut and paste support is much better in PuTTY than in the VM console and you and your partner can both be logged in from different PCs (if they are on your internal VoIP network) and working on things at the same time (as long as you aren't trying to edit the same file at the same time).
- Create a file XMLDefault.cnf.xml on your host PC with these contents and transfer it to the /srv/tftp/XMLDefault.cnf.xml location on your Debian system
- Download the Chan-SCCP driver with wget https://download.opensuse.org/repositories/home:/chan-sccp-b:/asterisk-16/Debian_10/amd64/chan-sccp_4.3.2_amd64.deb
- Install the Chan-SCCP driver with dpkg --install chan-sccp_4.3.2_amd64.deb
- Edit the /etc/asterisk/modules.conf file and disable loading of chan_skinny.so and enable loading of chan_sccp.so
- NOTE: Changes to which modules are loaded and not loaded need to be in the [modules] section of this file and not the [global] section
- Restart the Asterisk software. This can be done with the systemctl restart asterisk command.
- Open the Asterisk console on your Debian system asterisk -rvvvvvc
- Connect two Cisco IP phones to ports Gi1/0/2 & Gi1/0/3 of your switch
- After the phones boot and attempt to connect to your Asterisk server (you should see notifications of this in your Asterisk console window) use the sccp show devices Asterisk CLI command to see a list of the phones.
- NOTE: If one or more of your phones does not register it may be locked to a previous sever see the instructions for Clearing Cisco IP Phone Security Files
- Configure your two IP phones in the sccp.conf file.
- Setup one line button on each phone with a valid extension number for your pod. Assign these lines to the default context.
- NOTE: This requires putting a button line in for the phone device section as well as creating a line configuration section in the sccp.conf file.
- Connect to the Asterisk CLI and issue the reload command
- Verify you can successfully place a call to Extension 1000
- Modify your extensions.conf file to add the two phone extensions and allow calling between phones
- Test calling between phones
- Safely shutdown your Debian system, erase your switch/router configuration, and put away all equipment and cables. Be sure to note which phones you have so that next week you'll be able to get the same two phones.
Provisioning, Voicemail, and SIP Labs
Note: It's expected that you have done your readings before beginning this lab. The lab will outline the tasks to do and make helpful notes but the readings contain details about how to configure the various parts of this lab.
- Begin by setting up your network wiring, router, and switch in the same way it was setup for the previous lab
- Power on your Asterisk Server VM
- Ensure you have working dialing between your two phone extensions before continuing
Voicemail
- Create a new extension 2x99 which will call into the voicemail system and allow users to retrieve messages
- HINT: What file manages the dialplan? You'll need to edit this file and add a new extension which calls into the Voicemail application when a user dials that extension.
- Create voicemail mailboxes for your 2x01 and 2x02 extensions with the PIN set to 1234
- HINT: This is done in the voicemail configuration file. You will need to add two new extensions with PINs to this file. You don't need fancy features like email setup. Just a simple mailbox with a PIN is needed for each extension.
- Try accessing both voicemail boxes by dialing 2x99 and change the greetings on each voicemail box so that you can tell the two apart. Note that you will need to reload the dialplan and voicemail configurations in Asterisk after making the changes to them.
- Create and modify the required entries in your dialplan to send callers for both the 2x01 and 2x02 extensions to the correct voicemail box with the unavailable greeting if the call is not answered within 10 seconds. Note that you will need to reload the dialplan in Asterisk after making the changes to it before they take effect.
- HINT: You'll need to add more priorities to each extension. The first one will ring the phone for 10 seconds and the phone for the specified amount of time and then if it's no answered the second will send the call to the voicemail box and play the unavailable greeting.
- Test leaving and retrieving messages from both extensions.
- Enable and test the Message Waiting Indicator (MWI) for the phones in the SCCP configuration. See the sample sccp.conf file and the pages linked to from there for hints on doing this.
- NOTE: You may need to restart the Asterisk software on your VM in order to get the MWI lights to work. This can be done with the systemctl restart asterisk command.
SIP Phone Setup
- Configure port Gi1/0/4 on your switch the same way your other VoIP phone ports are configured
- Get an Asterisk A25 phone, mark it with your pod number on tape, and connect it to port Gi1/0/4 on your switch
- Use the menus on the phone to obtain the IP address for your new phone
- We will be manually provisioning the phone using the web interface so open a web browser on a PC attached to your VoIP network (for example your VM host PC) and browse to the IP address of the new phone. Login with the username admin and password 789
- Edit your pjsip.conf file as required to create a new transport, line, authentication, and AoR section to use on the phone at extension 2x03. See the sample pjsip.conf file for some hints. Note that after modifying the pjsip.conf file you will need to at least reload the pjsip configuration in Asterisk and if you are setting up your first transport you should restart Asterisk instead of just reloading the configuration. This can be done with the systemctl restart asterisk command.
- On the phone admin line settings webpage configure SIP Line 1 with the required user name, display name, authentication name, authentication password, SIP Proxy server address (the IP of your Asterisk server), and check the box to activate the line.
- Modify your dialplan to configure extension 29x3 to call your PJSIP line. Remember that you need to reload your dialplan to have this take effect.
- Create a voicemail box for 2x03 and enable support for MWI subscribe notifications in the PJSIP configuration file
- Modify the advanced SIP Line configuration webpage on the phone to enable "Subscribe for Voice Message" and set the Voice Message Number to 2x99
- Test leaving a voicemail for the new phone and ensure the MWI light blinks when there is a message.
- Modify the advanced Phone Settings -> Power LED settings webpage on the phone to enable the SMS/MWI function.
- Test leaving a voicemail for the new phone and ensure the power led comes on when there is a message.
Digium DPMA Phone Provisioning
- Sign up for an account on the Digium store and "purchase" a free DPMA key.
- Install the avahi-daemon and libavahi-client3 packages on your Asterisk server
- Follow the Digium instructions to download the registration program (be sure to use the 64 bit one!) as well as to download and install the DPMA module (again you want the 64 bit one for Asterisk version 16)
- NOTE: Make sure to get the current one for Asterisk Version 16. If you get one for a different version of Asterisk you will crash Asterisk when you try to load it.
- Configure port Gi1/0/5 on your switch the same way your other VoIP phone ports are configured
- Get a Digium D60 phone and label it with your pod number on tape. Do NOT connect it to the switch yet.
- Create a basic res_digium_phone.conf file for your phone with the correct MAC address and settings for a 2x04 extension. See the sample res_digium_phone.conf file for some hints.
- Create the required global entries in your PJSIP file for DPMA configuration use
- Create the required entries for the 2x04 line in your PJSIP, Voicemail, and dialplan configuration files as well.
- You probably want to restart the Asterisk software on your system again at this point to re-load all the configuration files and re-load all the modules. If you make further changes to configuration files make sure that the config file is reloaded by Asterisk so the changes are applied.
- Plug your D60 phone into the switch. It should find the Asterisk server and configure itself entirely in a similar way to the SCCP phones
- Test calling to and from the D60 phone as well as leaving and retrieving messages from the phone. Be sure to test the voicemail button on the phone to see an example of a visual voicemail application as well.
Cleanup
- Safely shutdown your Debian system, erase your switch/router configuration, and put away all equipment and cables. Be sure to note which phones you have so that next week you'll be able to get the same four phones.
T1 and PSTN Access Labs
Note: It's expected that you have done your readings before beginning this lab. The lab will outline the tasks to do and make helpful notes but the readings contain details about how to configure the various parts of this lab.
- Begin by setting up your network wiring, router, and switch in the same way it was setup for the previous lab
- Power on your Asterisk Server VM
- Ensure you have working dialing between your two phone extensions before continuing
T1 PSTN Access
In this activity we will configure your Asterisk server to contact the "PSTN" using a dedicated T1 PRI voice trunk to a telephone company. This would normally be a service which you would pay for incoming and outgoing (termination and origination) connections to the PSTN and which you would access over a dedicated digital T1 voice trunk.
- Get an ISDN PRI T1 connection from the "phone company" (your instructor) to your router. This will require connecting a T1 crossover cable to the correct port on the PSTN ISDN Switch Simulator.
- NOTE: Just like with a regular phone line coming in the wall you need to plug your Pod into the correct port on the PSTN ISDN Switch Simulator. This is not an IP network where you can plug in wherever you'd like. Pod 1 goes into the farthest right port on the PSTN ISDN Switch Simulator and pod numbers increase as you go to the left. Also, be sure to use a special T1 crossover cable for this connection.
- Update your router configuration to allow it to serve as an ISDN<->SIP gateway device which will convert ISDN T1 calls to and from SIP VoIP calls which can be routed by Asterisk.
- Update your pjsip.conf file to add the router as a SIP endpoint which can be used to place calls out to the PSTN or receive calls from the PSTN. Note that we specify the IP address for the router for incoming and outgoing calls instead of having the router register with a username and password to the PJSIP module.
- Modify your extensions.conf file to allow internal extensions to place calls out to the PSTN through the ISDNrouter SIP device (which will convert the calls to a T1 PRI trunk call) if the number begins with a 9 for an outside line.
- NOTE: You will want to think about all the different types of numbers someone could call and create dialplan rules in Asterisk to handle all of them. For some of these you will need to use pattern matching, for others like 911, you probably want to match the exact number for dialing timeout speed reasons.
- NOTE: Most states now require phone systems to allow people to dial 911 directly, without needing to dial 9-911 for an outside line. You should program your system to call 911 on the PSTN for BOTH 911 and 9-911.
- Try placing calls out to the PSTN
- Test at least the following types of calls:
- Local calls (both by dialing 7-digit numbers and 10-digit numbers)
- Long distance calls (calls to a different area code than the 510 area code, and which begin with a 1)
- Toll-free numbers (1-800, 1-888, etc.)
- Per-minute premium charge numbers (1-900)
- Emergency Services (911, 9-911)
- Directory Assistance (411)
- International Numbers (Numbers beginning with 011)
- Test at least the following types of calls:
- While you are placing test calls monitor the output from your router's console port, you should see the calls being placed over the T1 connection. You should also try placing calls and while the call is active running the show voice call status command on the router. Finally try turning on ISDN Q.931 debugging with the debug isdn q931 command before placing a test call. You should see the router dialing the phone number on the ISDN T1 connection to the PSTN as the call is being setup. Run undebug all on your router to disable the debugging.
- It's important to think about toll fraud and you should setup your dialplan (at least after initial testing) to restrict callers from places like elevators calling certain numbers. In Asterisk you can do this using a variety of different dialplan contexts. Follow the sample extensions.conf file instructions for dividing up your extensions into elevator/lobby/general staff/executive restrictions on calls. Put one of your extensions in each of these different contexts and verif the restrictions are working.
- Modify your extensions.conf file to allow calls FROM the PSTN to your internal phones (each extension has a phone number like 510555XXXX where XXXX is the extension number).
- Find another pod who has calling out to the PSTN working over their T1 and try placing calls from each pod to the other pod to verify incoming PSTN calls are working.
- NOTE: In our lab the SIP and T1 PSTN are separate PSTN networks and you cannot place calls between the SIP and T1 PSTN so the other pod must be using the same type of PSTN connection. In the real world there is only one PSTN so how you connect to the PSTN should not affect who you can call.
SIP PSTN Access
In this activity we will configure your Asterisk server to contact the "PSTN" using a SIP trunk to an ITSP provider. This would normally be a service which you would pay for incoming and outgoing (termination and origination) connections to the PSTN and which you would access over your regular Internet connection.
- Disconnect the ISDN PRI T1 connection from the "phone company" (your instructor) to your router.
- Update your router configuration to add a dedicated NAT address for incoming SIP calls from the ITC network which will pass the SIP traffic through to your Asterisk system.
- Update your pjsip.conf file to add the required registration, endpoint, aors, auth, and identity sections required to connect to your ITSP.
- Modify your extensions.conf file to allow internal extensions to place calls out to the PSTN through the sipPSTN SIP device (which is the connection to your ITSP) if the number begins with a 9 for an outside line. If you had a working T1 SIP gateway PSTN configuration this will just involve changing which endpoint those calls are being directed to.
- NOTE: You will want to think about all the different types of numbers someone could call and create dialplan rules in Asterisk to handle all of them. For some of these you will need to use pattern matching, for others like 911, you probably want to match the exact number for dialing timeout speed reasons.
- NOTE: Most states now require phone systems to allow people to dial 911 directly, without needing to dial 9-911 for an outside line. You should program your system to call 911 on the PSTN for BOTH 911 and 9-911.
- Try placing calls out to the PSTN
- Test at least the following types of calls:
- Local calls (both by dialing 7-digit numbers and 10-digit numbers)
- Long distance calls (calls to a different area code than the 510 area code, and which begin with a 1)
- Toll-free numbers (1-800, 1-888, etc.)
- Per-minute premium charge numbers (1-900)
- Emergency Services (911, 9-911)
- Directory Assistance (411)
- International Numbers (Numbers beginning with 011)
- Test at least the following types of calls:
- Verify all your toll-fraud preventions you had in place for calling out from various types of extensions to the PSTN for the T1 gateway are still working.
- Verify your extensions.conf file is still setup to allow calls FROM the PSTN to your internal phones (each extension has a phone number like 510555XXXX where XXXX is the extension number). If the calls from your ITSP are coming into the same context as the calls from your T1 gateway were there should be no changes required.
- Find another pod who has calling out to the PSTN working over the ITSP and try placing calls from each pod to the other pod to verify incoming PSTN calls are working.
- NOTE: In our lab the SIP and T1 PSTN are separate PSTN networks and you cannot place calls between the SIP and T1 PSTN so the other pod must be using the same type of PSTN connection. In the real world there is only one PSTN so how you connect to the PSTN should not affect who you can call.
Cleanup
- Safely shutdown your Debian system, erase your switch/router configuration, and put away all equipment and cables. Be sure to note which phones you have so that next week you'll be able to get the same four phones.
GUI Asterisk Configuration Labs
Note: It's expected that you have done your readings before beginning this lab. The lab will outline the tasks to do and make helpful notes but the readings contain details about how to configure the various parts of this lab.
- Begin by setting up your network wiring, router, and switch in the same way it was setup for the previous lab
Installing FreePBX
- Create a new Virtual Machine named "FreePBX"
- VM Specs: 4GB RAM, 100GB HDD, Bridged Networking
- The FreePBX ISO is already downloaded at D:\CNTFiles\ITC 2300\SNG7-FPBX-64bit-1904-2.iso
- Install "FreePBX (Asterisk 13) - Recommended"
- Use "Installation - Output to VGA" and the "FreePBX Standard" options
- Be sure to set the root password to something you will remember
- Login to the CLI as the root user to obtain the IP address and then visit that IP address in a browser on your host system or another system on your VoIP network.
- Create an "admin" user account
- Login and register/activate your FreePBX system
- In the Admin -> System Admin -> Network Settings page of FreePBX set a static IP Address of 192.168.10.3/24 and Default Router of 192.168.10.1
Configuring SIP Phones
- Connect your Digium A-25 phone to the network
- Add the required PJSIP extension in FreePBX for the phone
- Note: You will need to update the phone username/password and voicemail number (*97) configured on the phone. You should let FreePBX create a new user for the phone automatically (probably the extension number) and then use that username but the extension "secret" as the password on the phones
- Note: The version of Asterisk (13) running on FreePBX is a little buggy with PJSIP phones. If you have problems set the phone up as a CHAN_SIP phone instead. Note that PJSIP is probably already running on port 5060 so the CHAN_SIP phones will use port 5160 for SIP messages and you'll need to change that on the phone line configuration as well.
- Test calling yourself and leaving a message, MWI capability, and checking the message
Configuring SIP Trunks
- Correct the "External Address" under Settings -> Asterisk SIP Settings so that it correctly reflects the outside IP being forwarded to your FreePBX system through NAT (172.17.144.XX) which is your ESXi-1 IP address.
- Note: This will probably be auto-detected incorrectly because we're not actually using an ITSP on the Internet on our test network which is why we need to change this value.
- Create a new FreePBX PJSIP trunk pointed to the ITC SIP Phone Company (172.17.139.25) using your Pod credentials.
- Note: In addition to setting your username and secret you also need to set the "From User" on the advanced page of PJSIP trunk settings. THis should be set to the same username you use for registration to the ITSP.
- Create outbound routes for the different types of outside numbers you can call (emergency, premium, international, long distance, toll-free, local) which route the traffic out the SIP trunk to the ITSP
- Test calling out to all of these destinations and ensure they are working correctly.
- Create at least one inbound route for one of your 5105552XXX numbers and point it to your extension
- Test inbound calling by having another pod call you through the ITSP
- Note: If there is not another pod available when you need to test inbound calling you can setup another pod yourself (another router, switch, phones, and PC running FreePBX) that you can use for testing.
Configuring DPMA Phones
- Go to Connectivity -> Digium Phones and follow the instructions to install the DPMA module
- Reboot your FreePBX system to enable the DPMA module
- Create another PJSIP extension with voicemail
- Connect your Digium D-series phone to your VoIP network
- Select the new extension on the D-series phone to configure the phone with the extension
- Test calling between extensions, voicemail, calling out to the PSTN through the ITSP, and all other functionality configured so far
Configuring SCCP Phones
- Install Chan-SCCP following the instructions from your readings for FreePBX
- Restart your FreePBX VM
- Setup a phone, button, line, etc. in your sccp.conf file as we have done before
- Add a "Custom Extension" for the SCCP phone in FreePBX being sure to set a dial string for the SCCP device.
- Test calling between extensions, voicemail, calling out to the PSTN through the ITSP, and all other functionality configured so far
Cisco VoIP Labs
- CUCM Install & Chapter 8 Lab (One report for these)
- Chapter 9 Labs (One report for these)
- NOTE: You will not need to complete the Active Directory (LDAP) Integration lab
- Chapter 10 Labs (One report for these)
VoIP Lab IP Addressing and Extensions
You need to be assigned a pod number by the instructor. In the information below you will replace the X with your pod number.
NTP Network (Simulated WAN) Information
- You need to physically connect Fa0/1 on your router to the NTP switch. The NTP switch is shared by all students in the class and is also connected to the "Phone Company" router Fa0/1 interface. There is no special configuration on the NTP switch, just an empty configuration.
- The Fa0/1 interface on your router should be assigned IP 10.0.0.x/24
- The default route on your router should be 10.0.0.254 (and you should be able to ping that address).
- NTP on your router should be set to get time from 10.0.0.254
LAN Information
You will have 3 VLANs on the LAN side (Fa0/0) of your router.
VLAN Name | VLAN Number | Router Subinterface Addressing |
---|---|---|
Management | x1 | 10.x1.0.1/24 |
Data | x0 | 10.x0.0.1/24 |
Voice | x5 | 10.x5.0.1/24 |
So, for example IF YOU ARE POD 5 your data VLAN is number 50 and your IP address for the router subinterface on that VLAN is 10.50.0.1/24.
You will need to setup DHCP pools on the DATA and VOICE VLANs as well. These pools should provide IP addresses, the correct default-router for each VLAN and the DHCP Option 150 should be set to the address of your CUCM server (see below). You should exclude addresses .1-.10 from each VLANs DHCP pool.
On your switch you will need to create all three VLANs, set the port connecting to your router as an 802.1q trunk port, and set the remaining ports on your switch as access ports on the data VLAN with a secondary voice VLAN set (switchport voice vlan x5).
Your switch should have a management IP of 10.x1.0.2/24 on the management VLAN and a default gateway set to the IP of the router on the management VLAN.
CUCM Information
Your CUCM server should be assigned the IP address of 10.x0.0.5/24 (in other words host 5 on the Data VLAN). The default gateway for CUCM should be 10.x0.0.1 because that is the router interface on that VLAN. The NTP server for your CUCM server should also be the address of your router on the data VLAN (10.x0.0.1).
Note that NTP must be fully synchronized on your router before CUCM will allow you to complete the network addressing portion of the installation.
Phone Extension Information
Extension Range | First DID Number | CUC Pilot Number |
---|---|---|
2x00-2x99 | 5105552x00 | 2x90 |
So, for example if you are Pod 3 your extension numbers are 2300-2399, your first DID number is 5105552300 and your CUC Pilot number is 2390.
Phone Security Key Reset Procedure
The first time you try to register a used Cisco IP phone to a CUCM server it will likely fail. This is because when the phones register to a server they get a set of unique keys that will only allow them to register to that same server. These keys can be cleared out from the phone itself only (not from CUCM). The procedure is as follows:
- Press the "Settings" button on the phone
- Scroll down and select "Security Configuration"
- Scroll down and select "Trust List"
- Determine whether CTL and/or ITL files are installed on your phone (you will need to repeat this if both are set)
- Scroll down and select the installed CTL or ITL file you wish to remove
- Press "**#" on your phone to unlock the Trust List settings page
- Use the soft-key at the bottom of the screen to "Unlock" the CTL or ITL file
- Press the "more" soft key at the bottom of the screen
- Press the "Erase" soft key at the bottom of the screen
- Repeat if needed to clear the other (CTL or ITL) file from the Trust List settings page. Both should show "Not Installed" in order to register to a new CUCM server.
Storage Labs
FreeNAS Installation Lab
- Connect your PC to the ITC network
- Create a new VM for FreeNAS in VMware Workstation with the following specifications. Be sure to save the VM to a location on the D drive outside of the CNT Files folder.
- 12 GB RAM
- 32 GB Primary Hard Drive
- Quantity 3 - 100 GB Data Hard Drives
- Complete the FreeNAS installation onto the 32GB hard drive making note of your root password and using the same static IP address as your third ESXi server above using the installation ISO from your D drive.
- Boot into your FreeNAS system
- Access the web interface from your host PC (or another PC on the ITC network) and complete the Initial Configuration Wizard.
- Setup the data disks in a raidz1 pool
- See if you can get a Windows (SMB) share working and copy some files from your host PC D: drive onto the share. Refer to the FreeNAS documentation as necessary. Here are some hints:
- You need to create a FreeNAS user account and activate the "Microsoft Account" option for the user
- You need to create a location on your raidz storage pool for the 10 GB file share to exist on, you need to make sure that the user and group you want to have access to the files is the owner of this location (requires changing permissions)
- You need to create the SMB file share and point it to the storage location
- You can access a file share in Windows by opening a Run dialog box and entering \\ip.address.of.freenas\ opening your share, and giving the correct username and password when prompted
- NOTE: Because of changes in Windows 10 you will need to add the user account you log in to Windows 10 with to FreeNAS before you will be able to access the share from a Windows 10 system
- Safely shut down your FreeNAS VM
- Ensure your computer is reconnected to the campus network and you have a working Internet connection
FreeNAS iSCSI Lab
- Connect your PC to the ITC network
- Power on your FreeNAS VM
- Use a web browser on your host machine to access the configuration web site of your FreeNAS server.
- Access the Sharing -> Block (iSCSI) settings page and review the target global configuration parameters for iSCSI.
- Make a note of the Base Name, the other settings are not required
- Create a new iSCSI portal in FreeNAS to allow iSCSI connections on a certain IP address associated with your FreeNAS server.
- Given that we are working on a private network in a non-production environment we will not be setting up authentication or security on our iSCSI system so the Discovery Auth Method and Group can remain set to "None".
- Make a note of the portal Group ID
- Add an initiator to FreeNAS (really this is an access control list for initiators, the actual initiator is the system which will be accessing the iSCSI volume)
- Even without authentication it's possible to restrict iSCSI access to certain systems (initiators) by IP address or network address but because we'll be working today with an initiator with a dynamic IP we need to set up initiator access for ALL hostnames from ALL networks.
- Make a note of the Group ID number for this access control list
- Now create an iSCSI Target
- You must pick a target name such as "win7-drive" which is similar to a DNS host name, it will have the global base name automatically added to it.
- Set the portal group ID and initiator group ID to match the portal and initiators you just configured.
- Given that we are working on a private network in a non-production environment we will not be setting up authentication or security on our iSCSI system so the Auth Method and Authentication Group number can remain set to "None".
- At this point you have done most of the iSCSI configuration but it's not yet connected to any particular storage volume/disk/virtual disk. iSCSI calls these storage devices "extents" so the next step is to create an extent. There are two types of extents which can be created, device extents and file extents. Device extents are used if you want to make all of a physical hard drive or ZFS volume available through the iSCSI target. They offer better performance as they are essentially a remote drive but they have less flexibility as you need to dedicate an entire drive or ZFS volume to each target. File extents are like virtual hard drives for VMs, each one exists inside of a file stored on a physical drive so multiple targets can share the same physical drive or ZFS volume offering much more flexibility. The downside is that performance can be worse. For our simple test setup file based extents will provide more flexibility so we'll stick with those.
- Create a file based extent
- Set the path where you want the extent to be stored (remember this is a file based extent so we need to store the "virtual hard drive" file somewhere on one of the ZFS volumes on our server)
- Set the extent size to 2500 MB (2.5 GB)
- Now we need to associate the iSCSI target (think of this as the share) we previously created with the extent (where the data will actually be stored). This mapping is done in the "Associated Targets" tab of the iSCSI configuration.
- Start the iSCSI service in Services -> Control Services
- Power on your Windows 7 VM in VMware Workstation (not in ESXi) which you used to install vCenter Server.
- Use the built in iSCSI Initiator (search in the start menu to find it) to connect to the iSCSI target you have created on FreeNAS
- Once you have successfully connected the system to the iSCSI target it should show up as a secondary hard drive in the system just like any other hard drive would. Check in the Windows Disk Management control panel to find it and format the new iSCSI drive with NTFS and try storing some files on it.
- Now we're going to try to increase the size of the iSCSI "drive". It's safest to do this when the system is disconnected from the iSCSI target so the first step will be to shut down the Windows 7 VM.
- Try following the instructions in the FreeNAS documentation to grow the size of the file based extent LUN (basically increase the size of the virtual drive) from 2.5 GB to 5 GB.
- After increasing the size of the extent you either need to stop and restart the iSCSI service on FreeNAS OR delete the target and then re-add a "new" target with the same name and extent location so that the new size is recognized by the iSCSI process on the storage server.
- Power back on your Windows 7 VM and ensure you are reconnected to the iSCSI target.
- Check the target (iSCSI "drive") size in Windows explorer. Has it increased to 5 GB?
- Try checking in the Windows "Disk Management" control panel now. What you should see is the drive size has grown to 5 GB but the NTFS partition is still only 2.5 GB because that's what it was formatted as.
- There are two solutions to fixing this problem. First, you could re-format the drive but in that case you would loose any data on the drive. A better option, because NTFS supports it, might be to try and grow the size of the NTFS partition from 2.5 GB to 5 GB. See if you can figure out how to use Windows tools such as DISKPART to grow the size of the NTFS partition on the drive.
- Check to see that you haven't lost any of the files you tried storing on the iSCSI drive during the grow process.
- Download the CrystalDiskMark drive benchmarking software and install it in your VM.
- Run the CrystalDiskMark software on both your C: drive and your iSCSI drive in Windows 7 and compare the results. Because we have several layers of virtualization occurring and are using software based targets and initiators for the iSCSI side speeds are likely to be poor on both drives but you should get some idea of how you can compare local drives with iSCSI drives. There are also many other tools which can be used for benchmarking specific types of storage loads such as database transactions, I/O per second (IOPS), etc.
- If time allows configure another iSCSI target & extent on your own and try to get it connected and mounted on a Debian Linux VM.
- Safely shut down your Windows 7, Debian, and finally FreeNAS VMs
- Ensure your computer is reconnected to the campus network and you have a working Internet connection
Storage for Virtualization Lab
The following are key goals of this lab, this time we'll leave the specific instructions up to you to figure out. A suggestion though is to tackle the iSCSI work for both VMware and Proxmox first and then do the NFS work (but that's up to you):
- Get VMware vCenter connected to your FreeNAS server (using the FreeNAS server as a datastore) using BOTH an iSCSI share and an NFS share.
- HINT: Remember that FreeNAS is using the same IP as ESXi-3 so you should NOT boot ESXi-3 (or Proxmox-3) while working on this lab and also should not have VMware and Proxmox systems booted at the same time (because they also share IPs).
- Ensure you are able to create and migrate VMware VMs using the FreeNAS iSCSI and NFS storage
- Note: this doesn't mean migrating between two types of storage, this means migrating a VM instance from one host to another
- Get your Proxmox cluster connected to your FreeNAS server using BOTH iSCSI and NFS (different shares than you used for VMware)
- HINT: Shared iSCSI configuration in Proxmox can be a little tricky as it requires setting up an iSCSI connection and then LVM on top of that.
- Ensure that you are able to create and migrate Proxmox VMs and containers using the FreeNAS iSCSI and NFS storage.
- NOTE: Specifically you should be able to live migrate in Proxmox now that you have shared storage in place.
- Note: this doesn't mean migrating between two types of storage, this means migrating a VM instance from one host to another
- Ensure your computer is reconnected to the campus network and you have a working Internet connection before you leave.