Clearing a SAN lockdown state

Hah, are you really bragging that you know how to clear a lockdown at one of California’s finest hotels?

No… Just No, I think that would involve blackmailing the governator or some mild kidnapping both are way beyond my ability to pull off.

Is this something to do with restoring operation of a faulty biological SAN/pacemaker?

As much as I enjoyed biology in A level that would also be beyond my knowledge and this is a computer orientated blog.

I am talking about restoring operation of a Storage Area Network controller that has reached a software enforced lockdown state specifically the LSI/Netapp built IBM branded DS3524 SAN incorporates lockdown counters which track the number of power cycles that one/both controllers on this unit experiences and if a threshold is reached then a lockdown is enabled which prevents the unit in question from booting.

Is that a nasty tactic to sell service contracts?

I don’t think so, this behaviour is likely to protect your precious data from a flaky controller which is advantageous unless your SAN controllers are operating correctly but experience a series of temporary power fluctuations in that case once reliable power has been restored this lockdown would need to be cleared to enable operations.

This lockout is indicated by LU appearing on the twin 7-segment LED displays on the controller mounted status indicators to the rear of the SAN.

A word of warning, please ensure that the SAN controller is only in this state due to external factors and not a fault and as normal I take no responsibility for your actions.. if you kill you data it was your choice to try and clear this lockdown.

To perform this lockout reset you will need an IBM serial-console/din connector and a computer/remote console host equipped with a RS232/Serial/DB9 connector.

The IBM serial to Console cable is pictured below and should have been included with the SAN if not IBM may send you one

P1000352

This cable plugs into a female DIN port hidden under a black plastic cover at the rear of the SAN controllers.

clip_image004[1]

Install Putty on the computer connected to the SAN to be used as a terminal emulator then once the connection has been made set the connection to serial and then set the parameters as follows.

clip_image006[1]

 

Serial Line: This should be the COM port that your RS232 is port is listed as, this can be determined by the your system HW manager but in my case it should be COM 1.

Speed (Baud): any speed will do as the SAN controller uses adaptive baud rates but I use 19200.

Data bits: 8

Stop bits: 1

Parity: None

Flow Control: XON/XOFF

When you connect there may not be a message so press <CONTROL> and <BREAK> until correct speed detected, this will be indicated by intelligible onscreen text.
When prompted to press <S> for Service Menu press <ESC> instead.  This will take opens a shell prompt.

At this shell prompt you *may* be able to use these credentials as they seem to be generic with FW images (verified by these working on a replacement controller) if these dont work then contactyour IBM/LSI representative

User ID:    shellUsr
Password:    wy3oo&w4

The following commands need to be issued into this terminal in a specific order depending on which controller is in lockdown.

If controller A is in lockdown:

Run the following commands on both controllers –
lemClearLockdown
clearHardwareLockdown
psvClearSodRebootLoopCounter

Then unplug ctrl-A and run the following commands on ctrl-B:
loadDebug
cmgrSetAltToFailed
cmgrSetAltToOptimal

Then Hot-plug ctrl-A

This should sync setting across the controllers and clear the lockdown and you should be able to use your SAN again : )

Software Encrypted SSD Performance – A Surprising outcome

Seriously? Are you surprised at the speed increase provided by an SSD?

No I’m not, actually I was a little disappointed in my SSDs Performance.

 

Did you buy a no-Brand SSD from some shady eBay seller?

Well, Kind of… I bought a Dell OEM branded edition of a Samsung PM830 from a reputable eBay seller… in person to avoid ebay charges for him, this drive is reported to be a High performance part by trusted sources. I then used Diskcryptor to provide protection against unauthorised access to my files from konboot, ntpasswd, linux live disks  or any other number of NTFS access based attacks.

Ahhh! I know what happened…. your SSD performance was limited by a less capable CPU that could only encrypt at low rate!

Actually, no the laptop hosting this drive has a recent model intel core chip that in benchmarks can easily encrypt twofish at a rate that could saturate the reported  550mb/s  max speed of this drive.

 

After some investigation and what seemed like an endless series of setting tweaks the issue seemed to stem from a problem that plagued the first generations of SSDs…. Wastage due to deleted flash memory blocks not being released cleanly back to the drive controller for reuse. This performance issue was overcome with the introduction of the TRIM command which ‘recycles’ deleted data blocks (explained here and here).

 

How did the Software based Full Disk Encryption (FDE) intefere with TRIM?

At a low level FDE intercepts file system operations from the Operating system to the Disk and turns them into what looks like random gibberish, so instead of a disk populated with nice sensibly structured file system the stored data  looks like nothing comprehensible until the appropriate encryption key is applied (these are usually derived from a password using something like PBKDF2).

 

This encryption provider that intercepts File system commands is where the performance degradation problem lies (at least in the case of diskcryptor) as it appears to interfere with the operation of the TRIM command.

This could be for many reasons but I would guess that the most likely culprit is that:

The  TRIM command issued by the Operating System (OS) provides a set of LBAs where files previously were deleted from, these blocks do not exist as a structure in the FDE container and mapping from the OS specified blocks to the FDE blocks can not happen due to various reasons related to the abstraction of the encrypted data on the SSD into a virtual HDD  (e.g potential storage errors due to  lack of discreet block level representation of files meaning that a TRIM command would wipe out a block of data  representing a segment of  the encrypted container and so would have a corrupting effect on subsequent data in that container) so the encryption provider may likely strip the TRIM command out to ensure integrity.

 

Should you not have known this?

I thought this would have been the case BUT there was so much anecdotal evidence on online forum sites stating that late editions of solutions such as Truecrypt and Diskcryptor would not  degrade performance on SSDs so I thought it was worth a check.

On initial encryption the performance was on par with its unencrypted throughput so I thought I had proven the online observations correct in this case.

My blind trust in the then ‘proven’ software solution is also why I spent a lot time looking @ other factors on my beta operating system before removing encryption especially as I installed an Intel chipset driver on this Win 8 edition around the time of the performance degradation and assumed a bug showed its face.

 

So is it a case of Speed or Security

Happily no, most modern SSD units support some form of strong encryption (e.g the PM830 has AES256, The Intel 320 has AES128 ) that can be ‘enabled’ (this is likely always on as there is no long initial encryption process) by adding a HDD password in the BIOS.

This has one major pro and huge negative:

Pro – The encryption is performed by the SSD controller so there is no host machine performance degradation due to the removal of an encryption overhead.

Con – The HDD password on the Samsung PM830 is 8 characters MAX, much weaker than my previous 37 character diskcryptor password (this is the reason I wanted to used a software approach in the first place).

 

So whats the outcome

Major laziness on my part came back back to bite me ,  I should have  checked the  performance of the software encrypted SSD  after filling and then removing data from it and not just shortly after I encrypted it and should not have assumed that the on-line anecdotes and my intital benchmark were correct.

Lesson learned and I am peeling the egg of my face but enjoying my again speedy SSD .

 

Manipulating / Resizing Images using Classic ASP

By Classic ASP do you mean the COBOL of early 21st Century web development that hasn’t expanded functionality in what seems like forever?

Yes that Classic ASP, the one that you may encounter when maintaining enterprise codebases.

What magic incantation do I have to use?

Classic ASP supports 3 main languages VBScript, JScript and PERLScript which although they are not known for their strong OO they can access COM/OLE/System objects and this is how we are going to manipulate images.

Standing on the shoulders of giants

There are a few components that we can leverage for this end but this tutorial will cover the legendary and reliable Image Magick suite, download the version that you desire (I used the q16 winx64 static version) , restart your server and then fire up your notepad.

The code

In the below code we will be resizing the height of an image while preserving the aspect ratio

 

   1:  'Declare the variables
   2:  dim srcImg, fs, imageMagick, tmpVar,targImgPath, imgPath,image_width, image_height, newHeight
   3:   
   4:  'New image height
   5:  newHeight = 400             
   6:   
   7:  'Create a File System Object for manipulating files
   8:  Set fso= CreateObject("Scripting.FileSystemObject")
   9:   
  10:  'Declare the path of the image we wish to manipulate
  11:  targImgPath = "c:\\image.jpg"
  12:   
  13:  'Get the path of the image taht we wish to manipulate by using the Server.MapPath function
  14:  imgPath = Server.MapPath(targImgPath)
  15:   
  16:  'Get image dimensions using the load picture operation
  17:  'Get the image contentthat we wish to manipulate by using the fs.GetFile object
  18:   
  19:  set srcImg = loadpicture(fs.GetFile(imgPath))
  20:   
  21:  'Get the current image height and width        
  22:  image_width = srcImg.width
  23:  image_height = srcImg.height
  24:         
  25:  'Calcualate the aspect ratio of the image
  26:  tempVar =  image_width / image_height 
  27:   
  28:  'Calculate the new width of the image 
  29:  image_width = Round(newHeight * tempVar) 
  30:   
  31:  'Create an Image Magick object to manipulate the image
  32:  Set imageMagick = Server.CreateObject("ImageMagickObject.MagickImage.1")
  33:   
  34:  'Resize the image to the desired width and height and output the image to where desired
  35:  imageMagick.Convert Server.MapPath(imgPath, "-resize" , image_width&"x"&image_height, "C:\\resizedimage.jpg")

Simple! and only the tip of the iceberg,  Image Magick has lots of functions that you can invoke in a similar manner Smile