Monthly Archives: February 2014

Duplicating an AWS server – should have just started from scratch…

I’ve spent the better part of a week working on this, and we have finally found all the little issues, so far…

Here’s the problem, we had a citrix server in AWS running some services for monitoring for our company, which was overloading the server causing usability issues both with citrix and the services. Rather than building a new server from scratch and reconfiguring either citrix or the services, we figured that we would just spin up a new instance from a nightly backup of the original server and remove components from each, which would be quicker than starting from scratch, theoretically that is. After way too much time spent on finding each glitch, here is the end result.

1. Spin up a new instance that will be your duplicate. NOTE: if you are in a domain, to avoid conflicts, put this server in its own security group so it cannot see the domain and cannot conflict with your live server.

2. Let it boot all the way up and connect to it. Once logged in use the EC2config service to rename the system on boot and set the admin password you desire. For more info on this service, see this link. Once those parameters are set, shut the instance down.

3. Take the latest snapshot in the AWS console for the instance you are copying, right click it and create a volume from it.

4. Detach the instance’s volume that it spun up with and attach the volume created from the snapshot on /dev/sda1 to make it the boot drive.

5. let the instance completely boot up. At this point, it will have the same network interface and IP as the original server, which can’t be changed in a VPC.

6. Shut the instance down and attach a new network interface with the desired IP address. Remove the old interface. NOTE: I did not do this portion personally, so I’m not sure if you need to boot it then shut down again to remove the old interface, but I would assume you can’t do it live.

You will now have a duplicate instance. It seems easy now that we have the steps, but getting here was such a pain I would have rather started from scratch.

WebDav for external access to Synology Shares via Windows

While setting up a Synology as a file server for a client, I wanted to have them be able to access their share through a mapped drive in windows, whether in the network or outside. Ran into some stumbling blocks and couldn’t find full answers so I’m posting my own (referencing already awesome documentation where available).

1. The client does not have a static IP and the Syno is the only internal device that needs to be accessed internally, so I did not feel the purchase of a static IP to be necessary. Synology allows you to sign up for a free DDNS address through them. I registered clientname.synology.me through the DDNS feature of the Synology control panel. See Synology’s Documentation here. Once that was up and running, I created a CNAME DNS record for files.clientdomain.com to resolve to clientname.synology.me.

2. I enabled WebDav on the Synology, as described here. NOTE: The users also need to have WebDav permissions to the share they are connecting to.

3. I created firewall rules for external traffic hitting ports 5001 and 5006 to redirect to the Internal Synology IP address.

4. I purchased a SSL certificate from godaddy for files.clientdomain.com, using this article as a guide to install it. Note about this article: I was not able to use some of the directories referenced, specifically /volume1/generic/certificate, so I used a shared folder that was already there. EDIT 03/09/15: Synology has made installing an SSL so much simpler! See this link. If the intermediate certificate errors, you can get the correct one from your provider, in the case of godady it is here.

NOTE: At this point, you can use DSFILE app for iPhone and Android without any further configuration.

5. Most of the documentation will tell you you need a third party application to use webdav to map a drive in Windows. See this for example. EXCEPT if you have an SSL cert. But almost none of the documentation tells you what to do if you have an SSL cert. After some trial and error I found you have to enter https://files.clientdomain.com:5006/sharename, in the map network drive folder box.

EXTRA CREDIT: if you want the same drive to work internally and externally: local DNS must be setup with a forward lookup zone for the domain, with files.clientdomain.com pointing to the internal address of the synology. If this isn’t an option, you can have one drive mapped to the internal address, and one mapped to the external.

 

Synology now has me totally sold! This is the fifth one I have installed at client locations and I’m ready to order the DS414 starting with two 4TB drives for my home!