Two virtual networks with different Address spaces in different cloud platforms.
A virtual machine in each virtual network.
In the following scenario,
AZURE V-NET
AWS-V-NET
Virtual network name
vnet-Azure
vnet-Aws
Address space
10.0.0.0/16
192.168.0.0/16
Subnet
su-1 (10.0.1.0/24)
su-1-aws (192.168.1.0/24)
Virtual machine
azure-server
aws-server
Private IP
10.0.1.4
192.168.1.214
Region
East-US
N.Virginia
Domain
akhil.com
–
Procedure :
Azure
Create a gateway subnet in the virtual network. //Â Home > Virtual Networks > Select the virtual network > Subnets > Gateway subnet
Specify the IP Address range > OK. Carry out the same procedure for the both networks.
Create Virtual network gateways for both the virtual networks, which acts as the gateway for the traffic incoming and outgoing.
Home > Virtual network gateways > Add > type a valid vng name (vng-azure) > select the virtual network (vnet-Azure) > make sure the region is same as that of v-net (vnet-Azure) > create a new public IP (pip-azure-vng) > review and create. Note : A valid amount of time is taken to get vng created.
AWS
Create a Customer gateway (cg-aws) that communicates with the Azure virtual network gateway.
VPC > Virtual private network > Customer gateways > Create customer gateway and mention public IP of the virtual network gateway (pip-azure-vng) as shown below.
Select the Virtual Private Gateway (vpn-aws) > Actions > Attach to vpc > Select the vpc > create.
Create the vpn connection in VPC (tunnel-aws-azure) > Virtual private network > site to site vpn connections > create vpn connection > select virtual private gateway (vpn-aws) > select customer gateway (cg-aws) > routing option (static) > mention IP CIDR (Azure) > create vpc connection.
Azure
Select the vpn connection (tunnel-aws-azure) > Tunnel details > copy IP of tunnel-1
Open Azure > Local network gateways > create local network gateway (lng-aws) > paste the public IP address of tunnel-1 > mention the address space of AWS-VNet (vnet-aws)
Create connection (aws-tunnel-1) between the cloud platforms in Home > Virtual network gateways > Select the virtual network gateway (vng-azure) > Connections > Add > vpn connection type (Site to Site (IPsec)) > select the local network gateway (lng-aws) > Paste the PSK obtained from downloaded text file
AWS
VPC > route tables > select the route table that is attached to the vnet > routes > edit routes > Add route > destination IP CIDR (that of Azure) > target virtual private gateway (vpn-aws)
Status of tunnel :
The status of the tunnel can be verified both in Azure and AWS cloud platforms
In Azure ; Home > Virtual network gateways > virtual network gateway (vng-azure) > Connections
In AWS ; VPC > Virtual private network > site to site vpn connections > select the vpn connection > tunnel details
Logon to the domain controller using domain Administrator credentials.
Server Manager > Tools > DNS > Expand the domain controller > Right click Forward Lookup Zones > New zone > Primary Zone > Next > new domain name (second.com) > Allow both non-secure and secure dynamic updates > Finish
Run command prompt as an Administrator and run the following commands.
cd C:\Windows
cd temp
rendom /list
Edit C:\Windows\Temp\Domainlist and rename old domain name (first.com) to new domain name (second.com) as shown below.
Save the file and run the following command in the previous opened command prompt session.
rendom /upload
Followed by the following command
rendom /prepare
Continue to execute the procedure with the following command
rendom /execute
Once the server gets restarted, the domain name will be successfully renamed to the new domain name (second.com)
Logon to the server using new domain credentials.
Rename the server full name if required in the control panel.
Azure Stack is Azure technology built on vetted hardware and distributed by approved vendors that bring Azure cloud technology into your data center. The vendors manage the hardware and the Microsoft manages the software.
Prerequisites :
Check for the prerequisites and considerations for the Azure Stack hub deployment here.
Make sure there are minimum 5 hard drives including OS disk (200 GB) with each 350 GB. (This can be achieved using smart array controller)
Deploy the OS only through Intelligence provisioning (best practice), which helps in proper installation of drives.
Make sure the attached physical/ logical disks can be pooled.
Azure stack deployment :
Download the Azure stack hub development kit installer.
Follow the registration process to download the installer on the server, where ASDK environment is going to be established.
Run the installer as the Administrator and browse for the location where to save the ASDK and download the ASDK.
After the completion of the download, run the installer and extract the files to a specified folder.
To download the installer, run the following powershell script
Once the above powershell script has been executed successfully, a powershell script has been downloaded in the defined local path, run the powershell script that has been downloaded as shown below.
A GUI will be prompted. Select Prepare environment and browse the previously downloaded CloudBuilder VHDX.
Click next to populate accordingly,
Category
Value
Username
Administrator
Password
*****
Computer Name
ASDK-1
Static IP configuration
Enable
Select the ultimate NIC adapter and click next.
Make sure the IP CIDR and the gateways are exemplary.
Once Completed > Next > Reboot Now.
Following reboot, disable the network adapters that are not in use to provide a clean path to the Azure Stack Development kit in Control Panel\Network and Internet\Network Connections.
Re-download the powershell script using following command and run the downloaded powershell script.
digiphinixstack.onmicrosoft.com (it should be primary domain)
Password
same as the local administrator
Select the NIC adapter and click next to crowd the network configuration details. (Time server IP : 216.239.35.0 ; DNS forwarder IP : 8.8.8.8)
Once Completed > Next > Deploy.
In about two minutes or so you’ll be asked to enter the credentials for a global administrator in your AAD directory, enter the credentials accordingly.
NOTE: The user credentials provided should be administrator of the Azure Active Directory tenant.
The deployment process will takes almost 8 to 9 hours, during which the host server will automatically reboot (approximately 1 hr 20 min ). Sign in as azurestack\AzureStackAdmin after the ASDK host restarts and password remains same as the host server.
After a successful completion of the deployment the message COMPLETE : Action ‘Deployment’ is shown as following,
Post-deployment :
Run the following powershell script for installing and configuring Azure powershell for ASDK.
Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted Get-Module -Name Azs.* -ListAvailable | Uninstall-Module -Force -Verbose Get-Module -Name Azure* -ListAvailable | Uninstall-Module -Force -Verbose #Install the AzureRM.BootStrapper module. Select Yes when prompted to install NuGet Install-Module -Name AzureRM.BootStrapper #Install and import the API Version Profile required by Azure Stack into the current PowerShell session. Use-AzureRmProfile -Profile 2019-03-01-hybrid -Force Install-Module -Name AzureStack -RequiredVersion 1.8.2
Download the Azure stack tools using following powershell script.
#Change directory to the root directory. cd \ #Enforce usage of TLSv1.2 to download the Azure Stack tools archive from GitHub Invoke-WebRequest -Uri https://github.com/Azure/AzureStack-Tools/archive/master.zip` -OutFile master.zip #Expand the downloaded files. Expand-Archive -Path master.zip -DestinationPath . -Force #Change to the tools directory. cd AzureStack-Tools-master
Portal access to Azure stack :
Register the local environment with the Azure.
AzS-ERCS01 is one of the virtual machines that is deployed during the process of ASDK deployment. This VM is responsible for the Connection establishment between Azure and ASDK host server.
Validate the VM AzS-ERCS01 using following powershell script before local environment registration with Azure.
Register the ASDK using following powershell script.
#Add the Azure cloud subscription environment name. #Supported environment names are AzureCloud, AzureChinaCloud, or AzureUSGovernment depending which Azure subscription you're using. Add-AzureRmAccount -EnvironmentName "<environment name>"
#Register the Azure Stack resource provider in your Azure subscription Register-AzureRmResourceProvider -ProviderNamespace Microsoft.AzureStack
#Import the registration module that was downloaded with the GitHub tools Import-Module C:\AzureStack-Tools-master\Registration\RegisterWithAzure.psm1
#If you have multiple subscriptions, run the following command to select the one you want to use: #Get-AzureRmSubscription -SubscriptionID "" | Select-AzureRmSubscription
#Register Azure Stack $AzureContext = Get-AzureRmContext $CloudAdminCred = Get-Credential -UserName AZURESTACK\CloudAdmin -Message "Enter the credentials to access the privileged endpoint." $RegistrationName = "<unique-registration-name>" Set-AzsRegistration -PrivilegedEndpointCredential $CloudAdminCred -PrivilegedEndpoint AzS-ERCS01 -BillingModel Development -RegistrationName $RegistrationName ` -UsageReportingEnabled:$true
Approximately around 10 min the following output is obtained confirming that the environment is registered successfully.
Redeem the activation key to C:\ using following command
$RegistrationResourceName = "<unique-registration-name>" #File path to save the activation key. This example saves the file as C:\ActivationKey.txt. $KeyOutputFilePath = "$env:SystemDrive\ActivationKey.txt" $ActivationKey = Get-AzsActivationKey -RegistrationName $RegistrationResourceName ` -KeyOutputFilePath $KeyOutputFilePath
This confirms that the activation key file is generated in C:\ .
Run the following powershell script to create an activation resource using the previously generated Activationkey.txt.
#Import the registration module that was downloaded with the GitHub tools Import-Module C:\AzureStack-Tools-master\Registration\RegisterWithAzure.psm1 $CloudAdminCred = Get-Credential -UserName AZURESTACK\CloudAdmin -Message "Enter the credentials to access the privileged endpoint." #This example uses the C:\ActivationKey.txt file. $ActivationKey = Get-Content -Path "$env:SystemDrive\Activationkey.txt" New-AzsActivationResource -PrivilegedEndpointCredential $CloudAdminCred -PrivilegedEndpoint AzS-ERCS01 -ActivationKey $ActivationKey
Your environment has finished the registration and activation process is returned as the output.
Sign in to the Azure Stack administrator portal using following URL in the local host https://adminportal.local.azurestack.external.
Congratulations in advance.
My hearty congratulations in successful deployment of Azure Stack Development Kit.
Install the DMA tool on the server and run as administrator.
Create New project with type Assessment.
Populate the fields as described below and create the project.
Project Name
A valid project name
Assessment type
Database engine
Source server type
Sql server
Target server type
Azure sql database managed instance
Click next to define the source sql server, define the server name and authenticate accordingly.
Add the required source databases that can be migrated to azure.
Start the assessment. (while this takes a quite good amount of time depending on the individual.)
Verify and rectify, if any feature parity or any compatibility issues. More database compatibility can be learned at aka.ms/dbcompat.
If everything is perfect upload to Azure Migrate and select the desired Azure environment (Azure) and connect to the Azure account for both feature parity and compatibility issues.
Select the created migration project in the Azure and upload.
Refresh the Azure migrate screen to update the details of data assessment.
Click on Accessed database instances to check the status of the database readiness.
Plunge into the on-premise sql server DMA tool and create a new project.
Populate the fields as shown below.
Create the migration by populating the fields.
Connect to the sql server and authenticate accordingly. (Enable the Trust server certificate).
Select the databases that needed to be migrated.
Connect to the target server (Sql database or sql managed instance) with default sql authentication (Enable the Trust server certificate).
Select the newly created database in the target server and generate the script.
Deploy the generated script and select the desired tabled to migrate the data.
Substantiation :
Once the data has been successfully migrated to the target server, connect to the target server from the local sql server and check the migrated data. The latency of the migrated sql database depends upon the region in which the target sql database or target sql managed instance is in.
A VPN Tunnel is an encoded connection or a encrypted path way between two different organizations or networks. This private tunnel can give an approach to cloak online activities.
Pre-requisites :
Two virtual networks with different Address spaces in different regions.
A virtual machine in each virtual network.
In the following scenario,
VIRTUAL NETWORK-1
VIRTUAL NETWORK-2
Virtual network name
v-net-1
v-net-2
Address space
10.0.0.0/16
192.168.0.0/16
Subnet
default (10.0.0.0/24)
default (192.168.0.0/24)
Virtual machine
cm-1
cm-2
Private IP
10.0.0.4
192.168.0.4
Region
East-US
Central-India
Procedure :
Create a gateway subnet in both the virtual networks. // Home > Virtual Networks > Select the virtual network > Subnets > Gateway subnet
Specify the IP Address range > OK. Carry out the same procedure for the both networks.
Create Virtual network gateways for both the virtual networks, which acts as the gateway for the traffic incoming and outgoing.
Home > Virtual network gateways > Add > type a valid vgn name (vgn-1) > select the virtual network (v-net-1) > make sure the region is same as that of v-net (v-net-1) > create a new public ip (pip-vgn-1) > review and create. Note : A valid amount of time is taken to get vgn created.
Create a second virtual network gateway (vgn-2) for the second virtual network (v-net-2) along side with public IP (pip-vgn-2) for the gateway in the similar process in the same region that of the virtual network (v-net-2).
Configuring VGN :
After successful creation of the virtual network gateways resources, go to the first virtual network gateway (vgn-1)
Home > Virtual network gateways > connections > Add.
Give a valid name and select the second virtual network gateway (vgn-2) and give a pre shared key as shown below.
The given shared key is used to establish connection from the other end.
Dive back to the second virtual network gateway (vgn-2) and establish a connection to the first virtual network gateway.
Home > Virtual network gateway > select the second virtual network gateway (vgn-2) > Connections > Add > create the connection with the same pre shared key.
Note : It takes a few minutes to get the status change from unknown to connected.
Configure the security rules :
Configure the security rules of the virtual machines such that the incoming traffic is allowed from the other virtual network as shown below (if required).
Similarly configure the security groups of other virtual machine to allow the required traffic from the other virtual network gateway.
Check the connection by pinging the private ip of the opposite virtual machine.
In the following scenario both the configuration and the process server is the same virtualized machine running on a VMWare. A configuration server does act as a communicator between the cloud (Azure) and the on-premise. While the process server act as the gateway for the data replication in the process of migration.
Setting up the configuration server
Download the Microsoft azure site-recovery configuration server file from here.
Import the downloaded configuration server onto the VMWare workstation.
Open the Azure site recovery configuration manager on the desktop and follow the onscreen commands starting with the server name.
Sign-in to the Azure account when popped up and restart the server for the changes to take affect.
On restart a setup wizard opens in the local browser of the configuration server.
Make sure the configuration server is connected to internet.
Configure the NIC by selecting the NIC to continue.
Create a recovery service vault in the azure account and note the details.
Sign in to the account and select the subscription along with the created recovery service vault.
Accept the third party license agreement and download and install the required third party pre-requisites.
Follow the on screen commands to configure vCentre server.
Add vCentre server and Add a virtual machine credentials manually as shown below and finalize the configuration.
Configuring configuration server
Dive back to the created recovery service vault in the azure account.
Recovery service vault > Site recovery > VMware machines to azure > prepare infrastructure > deployment planning (optional) > configuration server should automatically selected for the source configuration server. > Add a vCentre server > Define the target server as shown below > select the host account credentials that are given in the previous step > OK > next.
A good amount of time is taken by azure to contact the target server through configuration server.
Create a virtual network to ensure compatibility, under same subscription and region that of the recovery service vault.
Follow to the target settings where the created network should pop up under the subscription and the resource manager.
Create a new replication policy > define the policy name > change the values as shown below. These values can be changed as per the requirement, but will effect, how efficiently the storage is used.
Review the configuration and prepare the infrastructure.
Create a storage account in the same region that of the recovery vault for the server to get migrated and note the details.
Adding an on-premise server to migration
Recovery service vault > site recovery > enable replication (VMware machines to Azure​) > select the configuration server and the vCentre server > check the target environment is perfect > select the target server > select the credentials that are given during the initial configuration and select the created storage account > create the server name > select the replication policy > enable replication.
Make sure firewall is enabled in both the configuration server as well as the target server.
The process of replication takes a valid amount of time to get completed.
The status of the replication can be checked in recovery service vault > replicated items.
After a long time the server starts pushing data into the recovery service vault which can be confirmed by the status of synchronization.
Once the synchronization completed, run a test failover to validate the replication and disaster recovery strategy without any data loss and downtime.
Click on the replicated item (once the status changes to protected) > test failover > choose the latest recovery point and created vnet > OK.
The test failover automatically creates the virtual machine in azure and start the instance.
This can be confirmed by checking the virtual machines blade in azure.
Accessing vm in Azure
The migrated virtual machine still does not have a public ip, which should be assigned manually.
Search for public IP Addresses in the search tab > create a public IP in the same region.
Resource group (virtual machine) > search for network interface resource > ip configurations > click on the network interface > associate > choose the created ip in the drop out > save changes.
The public IP is assigned to the virtual machine but there are no security groups yet.
Search for network security groups in search tab and create a NSG for the virtual machine in the same region as of vm.
Open the created NSG resource > Network interfaces > Associate > select the Network interface of the virtual machine.
Open the required ports in the associated NSG, like RDP etc. to get access to the virtual machine.
A certain amount of time is taken by azure to allow access remotely. Get connected to the virtual machine with the same credentials.
Cleanup test failover
A simple process to delete the complete migration related resources including the migrated virtual machine.
The source domain and the key password need to be changed as per the requirement as shown below.
Copy the created key to the source domain controller (S-DC).
Step 2 :
Download and install PES (Password export server) onto the source domain controller (S-DC).
Choose the key that is created in the previous step, when it is required during the installation.
Enter the given password for the confirmation and to install.
Choose Log on as and enter the user credentials of Source Domain Administrator or Target Domain Administrator as shown below and restart the server (S-DC).
Start the password export server service manually in the services of source domain controller (S-DC)
Step 3 :
Add the target domain administrator (TD\Azureuser) in the Administrators (built-in) group of source domain (sd.com)
Similarly add source domain administrator (SD\Azureuser) in the Administrators (built-in) group of target domain (td.com)
Step 4 :
Open the ADMT tool in the target ADMT-Server (T-ADMT) and run the ADMT tool.
Right-click on the Active Directory Migration tool > User Account Migration Wizard > define the source and target domain details as shown.
Select users from domain > Add > type the user name > select the users > next > select the target OU > migrate passwords > target same as source > follow the onscreen commands with the required properties to complete the migration of users along with their passwords.
Migration process status will be changed to completed with no errors as the following.
Copy it to every windows host that need to be monitored.
Right click the executable file to install > check the check this box to accept the license agreement > Customize options > next > next > make sure Local system is enabled and click next > next > create the default administrative cred for the local server > Ip_Address of the deployment-server or the indexer and default 8089 port no. > next > install.
step-2:
In the deployment server (Indexer), open the splunk enterprise in the browser click Settings > Forwarder management > clients (UF-1 should be visible) > server class > Edit (Edit Clients) > UF-1 (in the include list) > preview > save.
step-3:
Download the splunk add on app for windows from here.
Extract the splunk app for windows infrastructure (Splunk_TA_windows) and create a local directory.
In the local directory create a conf file named inputs.conf with the following text.
# Copyright (C) 2020 Splunk Inc. All Rights Reserved.
# DO NOT EDIT THIS FILE!
# Please make all changes to files in $SPLUNK_HOME/etc/apps/Splunk_TA_windows/local.
# To make changes, copy the section/stanza you want to change from $SPLUNK_HOME/etc/apps/Splunk_TA_windows/default
# into ../local and edit there.
#
###### OS Logs ######
[WinEventLog://Application]
disabled = 0
start_from = oldest
current_only = 0
checkpointInterval = 5
renderXml=true
index = wineventlog
[WinEventLog://Security]
disabled = 0
start_from = oldest
current_only = 0
evt_resolve_ad_obj = 1
checkpointInterval = 5
blacklist1 = EventCode="4662" Message="Object Type:(?!\s*groupPolicyContainer)"
blacklist2 = EventCode="566" Message="Object Type:(?!\s*groupPolicyContainer)"
renderXml=true
index = wineventlog
[WinEventLog://System]
disabled = 0
start_from = oldest
current_only = 0
checkpointInterval = 5
renderXml=true
index = wineventlog
###### Forwarded WinEventLogs (WEF) ######
[WinEventLog://ForwardedEvents]
disabled = 0
start_from = oldest
current_only = 0
checkpointInterval = 5
## The addon supports only XML format for the collection of WinEventLogs using WEF, hence do not change the below renderXml parameter to false.
renderXml=true
host=WinEventLogForwardHost
index = wineventlog
###### WinEventLog Inputs for Active Directory ######
## Application and Services Logs - DFS Replication
[WinEventLog://DFS Replication]
disabled = 0
renderXml=true
index = wineventlog
## Application and Services Logs - Directory Service
[WinEventLog://Directory Service]
disabled = 0
renderXml=true
index = wineventlog
## Application and Services Logs - File Replication Service
[WinEventLog://File Replication Service]
disabled = 0
renderXml=true
index = wineventlog
## Application and Services Logs - Key Management Service
[WinEventLog://Key Management Service]
disabled = 0
renderXml=true
index = wineventlog
###### WinEventLog Inputs for DNS ######
[WinEventLog://DNS Server]
disabled = 0
renderXml=true
index = wineventlog
###### DHCP ######
[monitor://$WINDIR\System32\DHCP]
disabled = 0
whitelist = DhcpSrvLog*
crcSalt = <SOURCE>
sourcetype = DhcpSrvLog
index = windows
###### Windows Update Log ######
## Enable below stanza to get WindowsUpdate.log for Windows 8, Windows 8.1, Server 2008R2, Server 2012 and Server 2012R2
[monitor://$WINDIR\WindowsUpdate.log]
disabled = 0
sourcetype = WindowsUpdateLog
index = windows
## Enable below powershell and monitor stanzas to get WindowsUpdate.log for Windows 10 and Server 2016
## Below stanza will automatically generate WindowsUpdate.log daily
[powershell://generate_windows_update_logs]
script = ."$SplunkHome\etc\apps\Splunk_TA_windows\bin\powershell\generate_windows_update_logs.ps1"
schedule = 0 */24 * * *
disabled = 0
index = msad
## Below stanza will monitor the generated WindowsUpdate.log in Windows 10 and Server 2016
[monitor://$SPLUNK_HOME\var\log\Splunk_TA_windows\WindowsUpdate.log]
disabled = 0
sourcetype = WindowsUpdateLog
index = windows
###### Monitor Inputs for Active Directory ######
[monitor://$WINDIR\debug\netlogon.log]
sourcetype=MSAD:NT6:Netlogon
disabled = 0
index = msad
###### Monitor Inputs for DNS ######
[MonitorNoHandle://$WINDIR\System32\Dns\dns.log]
sourcetype=MSAD:NT6:DNS
disabled = 0
index = msad
###### Scripted Input (See also wmi.conf)
[script://.\bin\win_listening_ports.bat]
disabled = 0
## Run once per hour
interval = 3600
sourcetype = Script:ListeningPorts
index = windows
[script://.\bin\win_installed_apps.bat]
disabled = 0
## Run once per day
interval = 86400
sourcetype = Script:InstalledApps
index = windows
[script://.\bin\win_timesync_status.bat]
disabled = 0
## Run once per hour
interval = 3600
sourcetype = Script:TimesyncStatus
index = windows
[script://.\bin\win_timesync_configuration.bat]
disabled = 0
## Run once per hour
interval = 3600
sourcetype = Script:TimesyncConfiguration
index = windows
[script://.\bin\netsh_address.bat]
disabled = 0
## Run once per day
interval = 86400
sourcetype = Script:NetworkConfiguration
###### Scripted/Powershell Mod inputs Active Directory ######
## Replication Information NT6
[script://.\bin\runpowershell.cmd nt6-repl-stat.ps1]
source=Powershell
sourcetype=MSAD:NT6:Replication
interval=300
disabled = 0
index = msad
## Replication Information 2012r2 and 2016
[powershell://Replication-Stats]
script = & "$SplunkHome\etc\apps\Splunk_TA_windows\bin\Invoke-MonitoredScript.ps1" -Command ".\powershell\2012r2-repl-stats.ps1"
schedule = 0 */5 * ? * *
source = Powershell
sourcetype=MSAD:NT6:Replication
disabled = 0
index = msad
## Health and Topology Information NT6
[script://.\bin\runpowershell.cmd nt6-health.ps1]
source=Powershell
sourcetype=MSAD:NT6:Health
interval=300
disabled = 0
index = msad
## Health and Topology Information 2012r2 and 2016
[powershell://AD-Health]
script = & "$SplunkHome\etc\apps\Splunk_TA_windows\bin\Invoke-MonitoredScript.ps1" -Command ".\powershell\2012r2-health.ps1"
schedule = 0 */5 * ? * *
source=Powershell
sourcetype=MSAD:NT6:Health
disabled = 0
index = msad
## Site, Site Link and Subnet Information NT6
[script://.\bin\runpowershell.cmd nt6-siteinfo.ps1]
source=Powershell
sourcetype=MSAD:NT6:SiteInfo
interval=3600
disabled = 0
index = msad
## Site, Site Link and Subnet Information 2012r2 and 2016
[powershell://Siteinfo]
script = & "$SplunkHome\etc\apps\Splunk_TA_windows\bin\Invoke-MonitoredScript.ps1" -Command ".\powershell\2012r2-siteinfo.ps1"
schedule = 0 15 * ? * *
source = Powershell
sourcetype=MSAD:NT6:SiteInfo
disabled = 0
index = msad
##### Scripted Inputs for DNS #####
## DNS Zone Information Collection
[script://.\bin\runpowershell.cmd dns-zoneinfo.ps1]
source=Powershell
sourcetype=MSAD:NT6:DNS-Zone-Information
interval=3600
disabled = 0
index = msad
## DNS Health Information Collection
[script://.\bin\runpowershell.cmd dns-health.ps1]
source=Powershell
sourcetype=MSAD:NT6:DNS-Health
interval=3600
disabled = 0
index = msad
###### Host monitoring ######
[WinHostMon://Computer]
interval = 600
disabled = 0
type = Computer
index = windows
[WinHostMon://Process]
interval = 600
disabled = 0
type = Process
index = windows
[WinHostMon://Processor]
interval = 600
disabled = 0
type = Processor
index = windows
[WinHostMon://NetworkAdapter]
interval = 600
disabled = 0
type = NetworkAdapter
index = windows
[WinHostMon://Service]
interval = 600
disabled = 0
type = Service
index = windows
[WinHostMon://OperatingSystem]
interval = 600
disabled = 0
type = OperatingSystem
index = windows
[WinHostMon://Disk]
interval = 600
disabled = 0
type = Disk
index = windows
[WinHostMon://Driver]
interval = 600
disabled = 0
type = Driver
index = windows
[WinHostMon://Roles]
interval = 600
disabled = 0
type = Roles
index = windows
###### Print monitoring ######
[WinPrintMon://printer]
type = printer
interval = 600
baseline = 1
disabled = 0
index = windows
[WinPrintMon://driver]
type = driver
interval = 600
baseline = 1
disabled = 0
index = windows
[WinPrintMon://port]
type = port
interval = 600
baseline = 1
disabled = 0
index = windows
###### Network monitoring ######
[WinNetMon://inbound]
direction = inbound
disabled = 0
index = windows
[WinNetMon://outbound]
direction = outbound
disabled = 0
index = windows
###### Splunk 5.0+ Performance Counters ######
## CPU
[perfmon://CPU]
counters = % Processor Time; % User Time; % Privileged Time; Interrupts/sec; % DPC Time; % Interrupt Time; DPCs Queued/sec; DPC Rate; % Idle Time; % C1 Time; % C2 Time; % C3 Time; C1 Transitions/sec; C2 Transitions/sec; C3 Transitions/sec
disabled = 0
instances = *
interval = 10
mode = single
object = Processor
useEnglishOnly=true
index = perfmon
## Logical Disk
[perfmon://LogicalDisk]
counters = % Free Space; Free Megabytes; Current Disk Queue Length; % Disk Time; Avg. Disk Queue Length; % Disk Read Time; Avg. Disk Read Queue Length; % Disk Write Time; Avg. Disk Write Queue Length; Avg. Disk sec/Transfer; Avg. Disk sec/Read; Avg. Disk sec/Write; Disk Transfers/sec; Disk Reads/sec; Disk Writes/sec; Disk Bytes/sec; Disk Read Bytes/sec; Disk Write Bytes/sec; Avg. Disk Bytes/Transfer; Avg. Disk Bytes/Read; Avg. Disk Bytes/Write; % Idle Time; Split IO/Sec
disabled = 0
instances = *
interval = 10
mode = single
object = LogicalDisk
useEnglishOnly=true
index = perfmon
## Physical Disk
[perfmon://PhysicalDisk]
counters = Current Disk Queue Length; % Disk Time; Avg. Disk Queue Length; % Disk Read Time; Avg. Disk Read Queue Length; % Disk Write Time; Avg. Disk Write Queue Length; Avg. Disk sec/Transfer; Avg. Disk sec/Read; Avg. Disk sec/Write; Disk Transfers/sec; Disk Reads/sec; Disk Writes/sec; Disk Bytes/sec; Disk Read Bytes/sec; Disk Write Bytes/sec; Avg. Disk Bytes/Transfer; Avg. Disk Bytes/Read; Avg. Disk Bytes/Write; % Idle Time; Split IO/Sec
disabled = 0
instances = *
interval = 10
mode = single
object = PhysicalDisk
useEnglishOnly=true
index = perfmon
## Memory
[perfmon://Memory]
counters = Page Faults/sec; Available Bytes; Committed Bytes; Commit Limit; Write Copies/sec; Transition Faults/sec; Cache Faults/sec; Demand Zero Faults/sec; Pages/sec; Pages Input/sec; Page Reads/sec; Pages Output/sec; Pool Paged Bytes; Pool Nonpaged Bytes; Page Writes/sec; Pool Paged Allocs; Pool Nonpaged Allocs; Free System Page Table Entries; Cache Bytes; Cache Bytes Peak; Pool Paged Resident Bytes; System Code Total Bytes; System Code Resident Bytes; System Driver Total Bytes; System Driver Resident Bytes; System Cache Resident Bytes; % Committed Bytes In Use; Available KBytes; Available MBytes; Transition Pages RePurposed/sec; Free & Zero Page List Bytes; Modified Page List Bytes; Standby Cache Reserve Bytes; Standby Cache Normal Priority Bytes; Standby Cache Core Bytes; Long-Term Average Standby Cache Lifetime (s)
disabled = 0
interval = 10
mode = single
object = Memory
useEnglishOnly=true
index = perfmon
## Network
[perfmon://Network]
counters = Bytes Total/sec; Packets/sec; Packets Received/sec; Packets Sent/sec; Current Bandwidth; Bytes Received/sec; Packets Received Unicast/sec; Packets Received Non-Unicast/sec; Packets Received Discarded; Packets Received Errors; Packets Received Unknown; Bytes Sent/sec; Packets Sent Unicast/sec; Packets Sent Non-Unicast/sec; Packets Outbound Discarded; Packets Outbound Errors; Output Queue Length; Offloaded Connections; TCP Active RSC Connections; TCP RSC Coalesced Packets/sec; TCP RSC Exceptions/sec; TCP RSC Average Packet Size
disabled = 0
instances = *
interval = 10
mode = single
object = Network Interface
useEnglishOnly=true
index = perfmon
## Process
[perfmon://Process]
counters = % Processor Time; % User Time; % Privileged Time; Virtual Bytes Peak; Virtual Bytes; Page Faults/sec; Working Set Peak; Working Set; Page File Bytes Peak; Page File Bytes; Private Bytes; Thread Count; Priority Base; Elapsed Time; ID Process; Creating Process ID; Pool Paged Bytes; Pool Nonpaged Bytes; Handle Count; IO Read Operations/sec; IO Write Operations/sec; IO Data Operations/sec; IO Other Operations/sec; IO Read Bytes/sec; IO Write Bytes/sec; IO Data Bytes/sec; IO Other Bytes/sec; Working Set - Private
disabled = 0
instances = *
interval = 10
mode = single
object = Process
useEnglishOnly=true
index = perfmon
## ProcessInformation
[perfmon://ProcessorInformation]
counters = % Processor Time; Processor Frequency
disabled = 0
instances = *
interval = 10
mode = single
object = Processor Information
useEnglishOnly=true
index = perfmon
## System
[perfmon://System]
counters = File Read Operations/sec; File Write Operations/sec; File Control Operations/sec; File Read Bytes/sec; File Write Bytes/sec; File Control Bytes/sec; Context Switches/sec; System Calls/sec; File Data Operations/sec; System Up Time; Processor Queue Length; Processes; Threads; Alignment Fixups/sec; Exception Dispatches/sec; Floating Emulations/sec; % Registry Quota In Use
disabled = 0
instances = *
interval = 10
mode = single
object = System
useEnglishOnly=true
index = perfmon
###### Perfmon Inputs from TA-AD/TA-DNS ######
[perfmon://Processor]
object = Processor
counters = % Processor Time; % User Time; % Privileged Time; Interrupts/sec; % DPC Time; % Interrupt Time; DPCs Queued/sec; DPC Rate; % Idle Time; % C1 Time; % C2 Time; % C3 Time; C1 Transitions/sec; C2 Transitions/sec; C3 Transitions/sec
instances = *
interval = 10
disabled = 0
mode = single
useEnglishOnly=true
index = perfmon
[perfmon://Network_Interface]
object = Network Interface
counters = Bytes Total/sec; Packets/sec; Packets Received/sec; Packets Sent/sec; Current Bandwidth; Bytes Received/sec; Packets Received Unicast/sec; Packets Received Non-Unicast/sec; Packets Received Discarded; Packets Received Errors; Packets Received Unknown; Bytes Sent/sec; Packets Sent Unicast/sec; Packets Sent Non-Unicast/sec; Packets Outbound Discarded; Packets Outbound Errors; Output Queue Length; Offloaded Connections; TCP Active RSC Connections; TCP RSC Coalesced Packets/sec; TCP RSC Exceptions/sec; TCP RSC Average Packet Size
instances = *
interval = 10
disabled = 0
mode = single
useEnglishOnly=true
index = perfmon
[perfmon://DFS_Replicated_Folders]
object = DFS Replicated Folders
counters = Bandwidth Savings Using DFS Replication; RDC Bytes Received; RDC Compressed Size of Files Received; RDC Size of Files Received; RDC Number of Files Received; Compressed Size of Files Received; Size of Files Received; Total Files Received; Deleted Space In Use; Deleted Bytes Cleaned up; Deleted Files Cleaned up; Deleted Bytes Generated; Deleted Files Generated; Updates Dropped; File Installs Retried; File Installs Succeeded; Conflict Folder Cleanups Completed; Conflict Space In Use; Conflict Bytes Cleaned up; Conflict Files Cleaned up; Conflict Bytes Generated; Conflict Files Generated; Staging Space In Use; Staging Bytes Cleaned up; Staging Files Cleaned up; Staging Bytes Generated; Staging Files Generated
instances = *
interval = 30
disabled = 0
mode = single
useEnglishOnly=true
index = perfmon
[perfmon://NTDS]
object = NTDS
counters = DRA Inbound Properties Total/sec; AB Browses/sec; DRA Inbound Objects Applied/sec; DS Threads in Use; AB Client Sessions; DRA Pending Replication Synchronizations; DRA Inbound Object Updates Remaining in Packet; DS Security Descriptor sub-operations/sec; DS Security Descriptor Propagations Events; LDAP Client Sessions; LDAP Active Threads; LDAP Writes/sec; LDAP Searches/sec; DRA Outbound Objects/sec; DRA Outbound Properties/sec; DRA Inbound Values Total/sec; DRA Sync Requests Made; DRA Sync Requests Successful; DRA Sync Failures on Schema Mismatch; DRA Inbound Objects/sec; DRA Inbound Properties Applied/sec; DRA Inbound Properties Filtered/sec; DS Monitor List Size; DS Notify Queue Size; LDAP UDP operations/sec; DS Search sub-operations/sec; DS Name Cache hit rate; DRA Highest USN Issued (Low part); DRA Highest USN Issued (High part); DRA Highest USN Committed (Low part); DRA Highest USN Committed (High part); DS % Writes from SAM; DS % Writes from DRA; DS % Writes from LDAP; DS % Writes from LSA; DS % Writes from KCC; DS % Writes from NSPI; DS % Writes Other; DS Directory Writes/sec; DS % Searches from SAM; DS % Searches from DRA; DS % Searches from LDAP; DS % Searches from LSA; DS % Searches from KCC; DS % Searches from NSPI; DS % Searches Other; DS Directory Searches/sec; DS % Reads from SAM; DS % Reads from DRA; DRA Inbound Values (DNs only)/sec; DRA Inbound Objects Filtered/sec; DS % Reads from LSA; DS % Reads from KCC; DS % Reads from NSPI; DS % Reads Other; DS Directory Reads/sec; LDAP Successful Binds/sec; LDAP Bind Time; SAM Successful Computer Creations/sec: Includes all requests; SAM Machine Creation Attempts/sec; SAM Successful User Creations/sec; SAM User Creation Attempts/sec; SAM Password Changes/sec; SAM Membership Changes/sec; SAM Display Information Queries/sec; SAM Enumerations/sec; SAM Transitive Membership Evaluations/sec; SAM Non-Transitive Membership Evaluations/sec; SAM Domain Local Group Membership Evaluations/sec; SAM Universal Group Membership Evaluations/sec; SAM Global Group Membership Evaluations/sec; SAM GC Evaluations/sec; DRA Inbound Full Sync Objects Remaining; DRA Inbound Bytes Total/sec; DRA Inbound Bytes Not Compressed (Within Site)/sec; DRA Inbound Bytes Compressed (Between Sites, Before Compression)/sec; DRA Inbound Bytes Compressed (Between Sites, After Compression)/sec; DRA Outbound Bytes Total/sec; DRA Outbound Bytes Not Compressed (Within Site)/sec; DRA Outbound Bytes Compressed (Between Sites, Before Compression)/sec; DRA Outbound Bytes Compressed (Between Sites, After Compression)/sec; DS Client Binds/sec; DS Server Binds/sec; DS Client Name Translations/sec; DS Server Name Translations/sec; DS Security Descriptor Propagator Runtime Queue; DS Security Descriptor Propagator Average Exclusion Time; DRA Outbound Objects Filtered/sec; DRA Outbound Values Total/sec; DRA Outbound Values (DNs only)/sec; AB ANR/sec; AB Property Reads/sec; AB Searches/sec; AB Matches/sec; AB Proxy Lookups/sec; ATQ Threads Total; ATQ Threads LDAP; ATQ Threads Other; DRA Inbound Bytes Total Since Boot; DRA Inbound Bytes Not Compressed (Within Site) Since Boot; DRA Inbound Bytes Compressed (Between Sites, Before Compression) Since Boot; DRA Inbound Bytes Compressed (Between Sites, After Compression) Since Boot; DRA Outbound Bytes Total Since Boot; DRA Outbound Bytes Not Compressed (Within Site) Since Boot; DRA Outbound Bytes Compressed (Between Sites, Before Compression) Since Boot; DRA Outbound Bytes Compressed (Between Sites, After Compression) Since Boot; LDAP New Connections/sec; LDAP Closed Connections/sec; LDAP New SSL Connections/sec; DRA Pending Replication Operations; DRA Threads Getting NC Changes; DRA Threads Getting NC Changes Holding Semaphore; DRA Inbound Link Value Updates Remaining in Packet; DRA Inbound Total Updates Remaining in Packet; DS % Writes from NTDSAPI; DS % Searches from NTDSAPI; DS % Reads from NTDSAPI; SAM Account Group Evaluation Latency; SAM Resource Group Evaluation Latency; ATQ Outstanding Queued Requests; ATQ Request Latency; ATQ Estimated Queue Delay; Tombstones Garbage Collected/sec; Phantoms Cleaned/sec; Link Values Cleaned/sec; Tombstones Visited/sec; Phantoms Visited/sec; NTLM Binds/sec; Negotiated Binds/sec; Digest Binds/sec; Simple Binds/sec; External Binds/sec; Fast Binds/sec; Base searches/sec; Subtree searches/sec; Onelevel searches/sec; Database adds/sec; Database modifys/sec; Database deletes/sec; Database recycles/sec; Approximate highest DNT; Transitive operations/sec; Transitive suboperations/sec; Transitive operations milliseconds run
interval = 10
disabled = 0
mode = single
useEnglishOnly=true
index = perfmon
[perfmon://DNS]
object = DNS
counters = Total Query Received; Total Query Received/sec; UDP Query Received; UDP Query Received/sec; TCP Query Received; TCP Query Received/sec; Total Response Sent; Total Response Sent/sec; UDP Response Sent; UDP Response Sent/sec; TCP Response Sent; TCP Response Sent/sec; Recursive Queries; Recursive Queries/sec; Recursive Send TimeOuts; Recursive TimeOut/sec; Recursive Query Failure; Recursive Query Failure/sec; Notify Sent; Zone Transfer Request Received; Zone Transfer Success; Zone Transfer Failure; AXFR Request Received; AXFR Success Sent; IXFR Request Received; IXFR Success Sent; Notify Received; Zone Transfer SOA Request Sent; AXFR Request Sent; AXFR Response Received; AXFR Success Received; IXFR Request Sent; IXFR Response Received; IXFR Success Received; IXFR UDP Success Received; IXFR TCP Success Received; WINS Lookup Received; WINS Lookup Received/sec; WINS Response Sent; WINS Response Sent/sec; WINS Reverse Lookup Received; WINS Reverse Lookup Received/sec; WINS Reverse Response Sent; WINS Reverse Response Sent/sec; Dynamic Update Received; Dynamic Update Received/sec; Dynamic Update NoOperation; Dynamic Update NoOperation/sec; Dynamic Update Written to Database; Dynamic Update Written to Database/sec; Dynamic Update Rejected; Dynamic Update TimeOuts; Dynamic Update Queued; Secure Update Received; Secure Update Received/sec; Secure Update Failure; Database Node Memory; Record Flow Memory; Caching Memory; UDP Message Memory; TCP Message Memory; Nbstat Memory; Unmatched Responses Received
interval = 10
disabled = 0
mode = single
useEnglishOnly=true
index = perfmon
[admon://default]
disabled = 0
monitorSubtree = 1
index = windows
[WinRegMon://default]
disabled = 0
hive = .*
proc = .*
type = rename|set|delete|create
index = windows
[WinRegMon://hkcu_run]
disabled = 0
hive = \\REGISTRY\\USER\\.*\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\.*
proc = .*
type = set|create|delete|rename
index = windows
[WinRegMon://hklm_run]
disabled = 0
hive = \\REGISTRY\\MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\.*
proc = .*
type = set|create|delete|rename
index = windows
Move the entire Splunk_TA_windows folder to C:\Program Files\Splunk\etc\deployment-apps on the deployment server.
Reload the deploy server using following command in the command prompt.
> cd \Program Files\Splunk\bin
> .\splunk reload deploy-server
From the browser in the deployment server, logon back to splunk enterprise and follow the steps
Settings > Forwarder management > Apps > Splunk_TA_Windows > Edit > (+) Add the Universal_Forwarders server class.
In the browser of the deployment server direct to Settings > Forwarder Management > Apps.
Click Edit > (+) Add new server class > Universal_Forwarder > Save.
Adding data of the local server
In the Splunk Enterprise of the deployment server click Splunk_enterprise > Add data > Monitor > Local event logs > Add all and click next > Name the desired host field value > review and submit.
In the Apps > searching & reporting > data summary, the host is found and can be monitored from now.
The Recycle Bin is an organizer where records and folders that one have deleted are put away. They have not been for all time expelled from your hard drive(s), they were just moved to this unique folder called Recycle Bin. In a similar manner, any firm would definitely show interest in having a recycle bin enabled for the Active Directory for various reasons.
Start > server manager > Tools > Active Directory Administrative Center > Open the Domain > In the Tasks click on Enable the Recycle bin...> OK as shown in the figure.
Active Directory server Backup
Start > Server Manager > Tools > Windows Server Backup > Local Backup > In the Actions menu select Backup once.. > Follow the onscreen commands > Select Full server backup (Recommended) / Custom backup > Local Drives are the preferred storage type > Select the supported hard drive for the backup destination.
A system hard drive is an unsupported volume for the server backup
It is a best practice to create a separate non sys-drive for in particular with the server backup.
Akhil's Blog 