Quick and dirty ESXi 5.0 whitebox, 16g RAM, for ~$400

Assumptions: you’re vaguely familiar with ESXi and Virtual Center.

So this is what I used to build my latest ESXi 5.0 Whitebox with a quad core CPU and 16 Gigs of RAM.

Just the essentials:

Mobo: ASUS P8H67-M PRO. $117

Ram:  4x Corsair XMS3 CMX4GX3M1A1600C9 4GB PC12800 DDR3 RAM – Dual Channel, 1600MHz, 4096MB $24.99 each

Processor: Intel Core i5-2400 (Sandy Bridge) LGA1155 $189.99

Network Card: Intel EtherExpress Pro 1000 $29.00

SATA CD/DVD-Drive $22.48 OEM

Storage: (I like it because it’s tiny): Lacie MosKeyto 8g USB flash drive.  $17

NOTE THAT YOU CAN NOT STORE VMDKs ON FLASH DRIVES.  If you wish to store VMDKs on disk, you’ll want to get a SATA hard drive instead of the USB flash drive.

Unless you get a NAS device. I use a QNAP 439-Turbo Pro II+.  It’ll do iSCSI and NFS (plus a million other things) which is where I store my VMDK’s.  I found the QNAP for $600. I bought 4 seagate barracuda XT drives 2TB each for like $130 a pop before the floods in Thailand.

Vaya con dios, and stay thirsty my friends.

Juniper JunOS Authentication against Active Directory 2008 R1 / Radius


You have a Windows Server 2008 R1 Active Directory (AD) environment already setup and configured.

You know the IP addresses of your AD server as well as your devices that will act as RADIUS clients.

You have a password to use as the “Shared Secret”.  For documentation sake, we will use the password: P@ssword

You’re using the “Domain Admins” user group as the group to allow access to the devices

The username ‘cstevens’ (The user you will be logging as) is part of the “Domain Admins” group

1)      We need to add Radius support to Active Directory.  In order to do that you will need to install a new role on your AD server.

a) In server manager, click on the Roles then Add Roles.

b) In the “Add Roles Wizard” select Network Policy and Access Services and click Next.

c) At the Network Policy and Access Services screen, Click Next.

d) In “Select Role Services” check Network Policy Server and click next.

e) At the “Confirm installations Selections” click Install.

f) Once the install completes, select Close.

2)      Add a RADIUS client in Network Policy Server.

a)      Click Start -> Administrative Tools -> Network Policy Server

b)      In the Network Policy Server MMC, right click on NPS (Local) and select “Register Server in Active Directory”.  Click OK to authorize this computer to read users’ dial-in properties.  Click OK again at the next screen.

c) Expand “RADIUS Clients and Servers”.  Right click on RADIUS clients and select “New RADIUS Client”

d) In the New RADIUS Client window fill out the friendly name, the IP address of your JunOS device and the secret password and click OK.

3)      Create a network policy

a)      Expand the “Policies”, right click on Network Policies and select “New”

b) Specify a policy name and click Next.

c) On the “Specify Conditions” window, click Add, select Windows Groups, click Add Groups and enter in Domain Admins.  Click OK until you get back to the Specify Conditions window and click Next

d) In the “Specify Access Permission” window check the Access Granted radio button and click next.

e) In the Configure Authentication Methods window make sure only the “Microsoft Encrypted Authentication Version 2” is checked and click Next.

f) Next, at the Configure Constraints screen, you can leave everything unchecked in the “Idle timeout”, “Session Timeout”, “Called Station ID”, “Day and time restrictions” and “NAS port type.”  Click next to continue.

g) At the “Configure Settings” window, under Radius Attributes -> Standard, removed Framed Protocol and change Service-Type to login.  (Note to self: is this even needed?)  Also select the “Encryption” option and check to use only strong encryption.  Click next.

4) JunOS Configuration

a) Log into your JunOS device.  You will need to create each user that you will want to log into the device.  For example, I’ll add my own name, but note to NOT assign a password to the user.

b) Set your radius server information

c) Set your radius server options for mschap-v2

d) Here’s what you should see when you do a “show | compare”

e) Oh, we’ll also need to set the authentication order:

f) Don’t forget to commit the changes!

That should be it!