Easy Mass Password Changes

Introduction

When tasked with updating the local administrator password on all systems, one can easily get overwhelmed. Some organizations rely on the manual effort. For this reason, regardless of the security policy in place, the task of regular password changes for local accounts is simply ignored. Today, there are tools to make this task so easy that it can be done in a matter of minutes.

Tool

The tool being discussed in this article it NetWrix Bulk Password Reset. It is freeware, that freely downloadable. Simply enter the account name, the new password, and a list of systems and click Process. The tool also provides the ability to import a list of systems from a text file, which is nice if you work in a larger environment.

To execute a password change, perform the following tasks:

  1. Enter the name of the local account on which you want the password changed
  2. Enter the new password and confirm
  3. Enter the computer names, or import from a text file
  4. Click Process

If you click OK, it will save all of the settings except for the password, which will allow you to reprocess on the failed systems and new systems in the list.

When Process is clicked, it gives you the option to run once now, or re-run every six hours until all computers are processed, creating a scheduled task that will deactivate once all computers have been updated successfully. Email reports will be sent each time it is run, providing a status of the operation. You will need to enter an account to use when choosing the re-run every six hours option.

Upon clicking OK, you will be presented with a progress window, listing which systems.

Conclusion

If you are the type of person who prefers to use GUI tools, this is a great free tool to use to manage password updates on any scale.

Advertisements

Configuring Shares in Resource Pools

As virtual infrastructures grow in size, resource allocation is an important design consideration, as it ensures the organization is getting the most bang for its buck. Proper cluster and resource pool design help ensure both resources and licenses are allocated in the most optimal manner. VMware offers many ways to carve up resources, by clusters based on physical hosts and by resource pools based on assigned values.

Clusters

Some environments divide clusters into multiple tiers, similar to what one would do with storage. Higher tiers would have newer hardware, with faster processors and more RAM. The sizing would be based on a predetermined vCPU to physical core ratio and overall memory consumption, possibly allocating a host for maintenance of failover purposes, the +1 in N+1. Other environments align their clusters by operating system, such as Windows and Linux. This is a cost isolation/reduction model, providing isolation of workloads for host-based operating system licensing, which are available for both Windows and Red Hat Linux. Additionally, this allows the environment to achieve better memory utilization, by taking advantage of transparent page sharing.

Resource Pools

Regardless of the preferred model for creating clusters, resource pools can be created to further divide resources. One approach to further divvy up resources is to create resource pools with a set amount of resources, which is a practical approach if a company has an accounting structure that allows them to charge back for a specific amount of resources allocated.

Another way to take advantage of both cluster designs is to leverage the operating system cluster model, with resource pools inside of the cluster. High, Normal, Low are typical names, based on the default VMware values for shares. This is a good model, if it is maintained. That being said, the default values associated with the resource pools are useful only as a starting point, but the values must be modified depending on what is being placed in each resource pool.

A High share value should be twice that of the Normal share value, and the normal share value should be twice that of the Low share value. This ensures that the VM’s in the High resource pools have twice the priority when accessing resources than the VMs in the Normal resource pool, and the VMs in the Normal resource pool have twice the priority to resources as the VMs in the Low resource pool.

The model is not so much based on the number of virtual machines, but rather the number of virtual cpu’s and RAM assigned inside of the resource pool.

The method for properly calculating the share values assigned to the High, Normal, and Low resource pools are as follows.

  1. Assign an arbitrary number to each share, keeping in mind that the High share value should be twice that of the Normal share value, and the normal share value should be twice that of the Low share value.
    1. Example: High=20, Normal=10, Low=5
  2. Calculate the number of vCPU’s assigned to all of the VM’s in the High resource pool, and multiple by the value assigned in the previous step
    1. Example: 197 times 20 = 3940
  3. Calculate the amount of RAM assigned to all of the VMs in the High resource pool, and multiply that by the value assigned in step 1.
    1. Example: 304072MB times 20 = 6081440
    2. Note: Whether RAM is measured in GB or MB is meaningless, as long as all calculations are done using the same
  4. Repeat Steps 2 and 3 for the Normal and Low resource pools
  5. The results of these calculations will be what will be assigned to each share value in the resource pool.

Here is an example of what the share values would look like in an environment with 322 VMs

Headings

VMs

Value

Total RAM

Total vCPUs

RAM Shares

CPU Shares

Percent RAM of Cluster

Percent CPU of Cluster

Normal

183

10

1331880

522

13318800

5220

62%

50%

Low

107

5

449172

265

2245860

1325

10%

13%

High

32

20

304072

197

6081440

3940

28%

38%

21646100

10485

 

Notice that the value associated with the Normal resource pool is higher than that of the high resource pool. This is because the RAM assigned to the all of the VM’s in the Normal resource pool is 4 times that of the High resource pool. Notice, though, that the share value is only twice as much. Remember, these shares are not in place to say 25% of the resources go to this pool, they guarantee that a value of 10 is assigned to each VM in the resource pool. This ensures that the VM’s in the High resource pools have twice the priority when accessing resources than the VMs in the Normal resource pool, and the VMs in the Normal resource pool have twice the priority to resources as the VMs in the Low resource pool.

One thing to note about this model is that it takes maintenance. There are 3 events that require a re-calculation

  1. Adding a VM to the resource pool
  2. Removing a VM from the resource pool
  3. Changing the CPU or RAM resources assigned to a VM in the resource pool

These are pretty common tasks, so it is recommended to revisit the values on a monthly basis. Exporting lists from vCenter, and performing the calculations with Excel take no more than an hour.

Regardless of the chosen design, it is always beneficial to periodically review the environment to ensure it continues to abide by the design set forth. Many times one will find that the original design becomes outdated. Never be afraid to update the model if it makes sense.