Thomas-Krenn-Wiki - New pages [en]

Cloud Computing Concepts

2026-04-02T08:24:19Z

Aranzinger: Created page with "The term '''Cloud'''—actually cloud computing—is a term for various concepts related to the delivery of IT services. These can be broadly divided into three categories and classified using the cloud computing stack. This article provides an overview of these concepts. == Cloud Computing Stack == file:Cloud Computing Stack.jpg|250px|thumb|right|Cloud Computing Stack.<ref>[http://oracle-help.com/oracle-cloud/..."

The term '''Cloud'''—actually [[:Category:Cloud Computing|cloud computing]]—is a term for various concepts related to the delivery of IT services. These can be broadly divided into three categories and classified using the [[#Cloud Computing Stack|cloud computing stack]]. This article provides an overview of these concepts.

== Cloud Computing Stack ==
[[file:Cloud Computing Stack.jpg|250px|thumb|right|Cloud Computing Stack.<ref>[http://oracle-help.com/oracle-cloud/cloud-computing-stack-saas-paas-iaas/ WHAT IS CLOUD COMPUTING STACK (SAAS, PAAS, IAAS)] (oracle-help.com)</ref>]]
This section describes the various cloud concepts using the cloud computing stack. The cloud computing stack illustrates these concepts through the components of externally managed services that are hosted services.

=== Infrastructure as a Service (IaaS) ===
In this concept, the server infrastructure is managed by the cloud service provider (CSP). All components (CPU, [[RAM Basics|RAM]], storage, network) are already virtualized and can be freely allocated by the user. The user has full control over resource usage, meaning that CPU cores, RAM, and storage can be adjusted at any time as needed. Since the infrastructure is a virtualized environment and is typically designed to be redundant, it is impossible to determine on which hardware within a data center the infrastructure is currently running (exceptions are [[Virtual Location|Virtual Locations]]—not to be confused with [[Virtual Private Cloud|VPCs]]).

The user is solely responsible for the maintenance and support of all software, including the operating system (this also includes proper licensing).

Many service providers operate multiple data centers, giving users the ability to choose the geographic location of their data.

==== Benefits ====
Since IaaS allows for the rapid migration of virtual machines and applications without refactoring<ref>[https://de.wikipedia.org/wiki/Refactoring Refactoring] (de.wikipedia.org) </ref> (see also [[Lift and Shift Migration|Lift & Shift]]), it is a particularly good option for time-critical IT migrations to the cloud (for example, when discontinuing colocation in a data center). Using an IaaS platform can also be worthwhile for purpose-specific applications that do not require 24-hour operation.

=== Platform as a Service (PaaS) ===
In addition to the infrastructure, this cloud concept also provides the operating system and runtime environment. As a user, you are only responsible for managing the data within the applications. Specifically, this means that a database pre-installed by the service provider (MySQL, Oracle, Postgres, etc.) is used to develop and deploy your own applications. One advantage for developers is that performance can be scaled dynamically.

Unlike IaaS, there is no longer a need to create a virtual environment.

==== Benefits ====

This approach is particularly beneficial for web developers—such as those in the e-commerce sector or other service providers—as it allows them to focus on application development.

=== Software as a Service (SaaS) ===
SaaS is arguably the best-known model for online services. This is because it has also found its way into the consumer market and is used on a regular basis.

With SaaS, the entire stack—from the hardware to the finished application—is provided as a ready-made solution.

==== Benefits ====
SaaS offerings are a resource-efficient alternative, as they eliminate the need for personnel and time to manage hardware and software.

== More information ==
* [https://www.isbn-suchen.de/search.php?q=978-3-446-46184-0 IT-Management Guide: Concepts, Methods, Solutions and Resources for practical use] (ISBN 978-3-446-46184-0, 7. revised edition (9. März 2020)), Chapter 7: Cloud Computing
* [https://www.linkedin.com/pulse/20140730172610-9679881-pizza-as-a-service/ Pizza as a Service] (linkedin.com/pulse, Albert Barron, 30.07.2014)

== References ==
<references />

{{Sbohn}}
{{Aranzinger}}
[[Category:Cloud Computing]]
[[de:Cloud Computing Konzepte]]

Boot-Device Replacement - Change of Proxmox ZFS Mirror Disk

2026-03-26T12:45:09Z

Aranzinger: Created page with "These instructions describe the '''change of a boot device''' in a '''Proxmox VE (PVE) host system''' '''with ZFS-mirror'''. This change is necessary, when a disk is damaged or has failed in the compound. In this article, it is explained what to do after a system hard drive failure. Options for different boot-loaders ("GRUB" or "systemd-boot") are explained. Furthermore, it is explained how to change a hard drive within a PVE so that the used mirror is completely ''o..."

These instructions describe the '''change of a boot device''' in a '''[[Proxmox VE]] (PVE) host system''' '''with ZFS-mirror'''. This change is necessary, when a disk is damaged or has failed in the compound. In this article, it is explained what to do after a system hard drive failure. Options for different boot-loaders ("GRUB" or "systemd-boot") are explained. Furthermore, it is explained how to change a hard drive within a PVE so that the used mirror is completely ''online,'' and ''healthy'' and that the redundancy of the operating system is recreated.

{{#widget:Imagebox-left|link={{#tklink:type=sitex|id=19702|linkonly=1}}|image=/de/wikiDE/images/d/d5/Ceph-hci-proxmox-3.png|text=Buy Proxmox optimized servers|campaign=Buy Proxmox Servers}}
{{#widget:SitexBox|link={{#tklink:type=sitex|id=19702|linkonly=1}}|text=Buy Proxmox optimized servers|campaign=campaign=Buy Proxmox Servers}}

== Recommendation - Test environment ==
All described steps can be previously performed in a test environment. For this, create a '''virtual machine in Proxmox VE''' and install PVE on a ZFS RAID-1.

Therefore, you gain experience in this process and lower the risk for your productive system.

== Instructions ==
This paragraph summarizes the commands that are necessary for changing your data carrier and its influence on your system in brief.

'''Attention: It is highly recommended to read the detailed instructions if it is your first time performing this process or are still inexperienced in administering Proxmox VE systems!'''

#Identify the faulty storage device and change it.
#Copy partition layout of the ''healthy'' disk on the ''exchange'' disk (and randomize the GUID)
#Find the ZFS partition using the volume ID (<code>Solaris /usr & Apple ZFS</code>)
#Copy partition of the ''new'' disk into the ''zpool''
#Finalize exchange with <code>proxmox-boot-tool</code>
Once you have completed all the steps correctly, your ZFS will be "online", "healthy", and "boot-safe" again.

== Identify failed data carrier ==
First, you need to identify the failed disk and its name in your PVE system. This can be made, for example, with the <code>lsblk</code> command.

=== Before failure ===
After installation, two boot disks are available (''sda'' and ''sdb''):
<pre>
root@pve-virtual-01:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 100G 0 disk
├─sda1 8:1 0 1007K 0 part
├─sda2 8:2 0 512M 0 part
└─sda3 8:3 0 99.5G 0 part
sdb 8:16 0 100G 0 disk
├─sdb1 8:17 0 1007K 0 part
├─sdb2 8:18 0 512M 0 part
└─sdb3 8:19 0 99.5G 0 part
</pre>

=== After failure ===
In this test scenario, the ''sda'' hard drive has failed. It is missing in the <code>lsblk</code> output after the failure:
<pre>
root@pve-virtual-01:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sdb 8:16 0 100G 0 disk
├─sdb1 8:17 0 1007K 0 part
├─sdb2 8:18 0 512M 0 part
└─sdb3 8:19 0 99.5G 0 part
</pre>

'''Important''': When replacing a data storage device, the descriptions may change. '''Always verify the exact name immediately after replacing the damaged storage device with a new one!''' A faulty specification of the name could irreparably damage your system in the next steps.

== Copy partition layout ==
This information can be always found in the current Proxmox VE documentation. <ref>[https://pve.proxmox.com/pve-docs/pve-admin-guide.html#chapter_zfs ZFS on Linux] (pve.proxmox.com) Abschnitt ''Changing a failed device'' im Unterkapitel 3.8.5.</ref>
<pre>
# sgdisk <healthy bootable device> -R <new device>
# sgdisk -G <new device>
# zpool replace -f <pool> <old zfs partition> <new zfs partition>
</pre>

The new data carrier is in the system and does not have a partition layout yet. However, we require the partitions so that the system can boot properly and that we can provide two technically identic data carriers for the ZFS:
<pre>
root@pve-virtual-01:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 100G 0 disk
sdb 8:16 0 100G 0 disk
├─sdb1 8:17 0 1007K 0 part
├─sdb2 8:18 0 512M 0 part
└─sdb3 8:19 0 99.5G 0 part
</pre>

We now copy the partition layout from the ''healthy'' data carrier to the ''new'' data carrier.
{| {{Prettytable}} cellspacing="0" style="margin: 1em 1em 1em 0; background: #f9f9f9; border: 1px #a0a0a0 solid; border-collapse: collapse; " rules="all"
| Please note once again that you MUST first identify the correct device name (''device-name'') using (''Device-Name'') with <code>lsblk</code>. Otherwise, you risk ending up with a broken Proxmox VE system, as the partition layout of the "new" disk might be accidentally replicated to the "healthy" disk. This would result in the system being unable to boot at all, forcing you to perform a clean install.
|-
|}
<pre>
root@pve-virtual-01:~# sgdisk /dev/sdb -R /dev/sda
The operation has completed successfully.

root@pve-virtual-01:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 100G 0 disk
├─sda1 8:1 0 1007K 0 part
├─sda2 8:2 0 512M 0 part
└─sda3 8:3 0 99.5G 0 part
sdb 8:16 0 100G 0 disk
├─sdb1 8:17 0 1007K 0 part
├─sdb2 8:18 0 512M 0 part
└─sdb3 8:19 0 99.5G 0 part
</pre>

Since we copied the layout to the new disk, the disk and partitions now have the same GUIDs. That is why we still need to randomize them:
<pre>
root@pve-virtual-01:~# sgdisk -G /dev/sda
The operation has completed successfully.
</pre>

== Find out disk ID (by-id) ==
To replace the volume correctly in ZFS, we need to determine the ID of the new volume. In this case, we are looking for the volume associated with the device name sda.
<pre>
root@pve:~# ls -l /dev/disk/by-id/*

lrwxrwxrwx 1 root root 9 Mar 16 15:11 /dev/disk/by-id/ata-QEMU_DVD-ROM_QM00003 -> ../../sr0
lrwxrwxrwx 1 root root 9 Mar 16 15:11 /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0 -> ../../sda
lrwxrwxrwx 1 root root 10 Mar 16 15:11 /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-part1 -> ../../sda1
lrwxrwxrwx 1 root root 10 Mar 16 15:11 /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-part2 -> ../../sda2
lrwxrwxrwx 1 root root 10 Mar 16 15:11 /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-part3 -> ../../sda3
lrwxrwxrwx 1 root root 9 Mar 16 15:11 /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1 -> ../../sdb
lrwxrwxrwx 1 root root 10 Mar 16 15:11 /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1-part1 -> ../../sdb1
lrwxrwxrwx 1 root root 10 Mar 16 15:11 /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1-part2 -> ../../sdb2
lrwxrwxrwx 1 root root 10 Mar 16 15:11 /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1-part3 -> ../../sdb3
</pre>

PVE always creates dedicated partitions for ''boot, EFI,'' and ''ZFS'' on storage devices:
<pre>
root@pve:~# fdisk -l /dev/sda

Disk /dev/sda: 32 GiB, 34359738368 bytes, 67108864 sectors
Disk model: QEMU HARDDISK
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 7D6423DE-2A9C-4B8D-A272-C7B28E1452D9

Device Start End Sectors Size Type
/dev/sda1 34 2047 2014 1007K BIOS boot
/dev/sda2 2048 1050623 1048576 512M EFI System
/dev/sda3 1050624 67108830 66058207 31.5G Solaris /usr & Apple ZFS
</pre>

In this case, we require the device-ID (''by-id'') from the ''/dev/sda3.'' partition, which is as follows:
/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-part3

== Switch ZFS data carrier ==
First, we verify the ZFS pool status. Here, we see that the failed hard drive is not available anymore in the system and previously had the ID ''/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-part3.''
<pre>
root@pve-virtual-01:~# zpool status -v
pool: rpool
state: DEGRADED
status: One or more devices could not be used because the label is missing or
invalid. Sufficient replicas exist for the pool to continue
functioning in a degraded state.
action: Replace the device using 'zpool replace'.
see: http://zfsonlinux.org/msg/ZFS-8000-4J
scan: none requested
config:

NAME STATE READ WRITE CKSUM
rpool DEGRADED 0 0 0
mirror-0 DEGRADED 0 0 0
15467202543801207082 UNAVAIL 0 0 0 was /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-part3
scsi-0QEMU_QEMU_HARDDISK_drive-scsi1-part3 ONLINE 0 0 0
</pre>

Now, we change the data carriers.

'''Important:''' In this example, our new hard drive has the same ID as the old one. This will not be the case in your actual scenario. Please follow the syntax:

<pre>root@pve-virtual-01:~# zpool replace -f rpool /dev/disk/by-id/ID-ALTE-FESTPLATTE /dev/disk/by-id/ID-NEUE-FESTPLATTE
</pre>
In our example:
<pre>
root@pve-virtual-01:~# zpool replace -f rpool /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-part3 /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-part3
</pre>

The exchange is now complete. Now, you can verify if the RAID-1 (''ZFS-Mirror'') is '''online''' and '''healthy''' again:
<pre>
root@pve-virtual-01:~# zpool status -v
pool: rpool
state: ONLINE
scan: resilvered 998M in 0 days 00:00:08 with 0 errors on Tue Mar 16 12:16:34 2021
config:

NAME STATE READ WRITE CKSUM
rpool ONLINE 0 0 0
mirror-0 ONLINE 0 0 0
scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-part3 ONLINE 0 0 0
scsi-0QEMU_QEMU_HARDDISK_drive-scsi1-part3 ONLINE 0 0 0
</pre>

== Finalize disk exchange ==
Finally, there are a few steps left to ensure that the system is stable after a reboot and fully functional.

Now, you have to perform the following steps with the ''proxmox-boot-tool'':

* First, you need to find out the disk ID as described in the step [[Boot-Device Replacement - Replacing a Proxmox ZFS Mirror Disk#Find out disk ID (by-id)|Find out disk ID (by-id)]]—but this time, you need to find the '''ID of the second partition''', since this is always used for the '''EFI system'''.
* When you have found out the ID (in this case ''/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-part2),'', you can execute the following commands:
<pre>root@pve:~# proxmox-boot-tool format /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-part2

UUID="" SIZE="536870912" FSTYPE="" PARTTYPE="c12a7328-f81f-11d2-ba4b-00a0c93ec93b" PKNAME="sdb" MOUNTPOINT=""
Formatting '/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-part2' as vfat..
mkfs.fat 4.2 (2021-01-31)
Done.

root@pve:~# proxmox-boot-tool init /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-part2

Re-executing '/usr/sbin/proxmox-boot-tool' in new private mount namespace..
UUID="FD52-5CAE" SIZE="536870912" FSTYPE="vfat" PARTTYPE="c12a7328-f81f-11d2-ba4b-00a0c93ec93b" PKNAME="sdb" MOUNTPOINT=""
Mounting '/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-part2' on '/var/tmp/espmounts/FD52-5CAE'.
Installing systemd-boot..
Created "/var/tmp/espmounts/FD52-5CAE/EFI/systemd".
Created "/var/tmp/espmounts/FD52-5CAE/EFI/BOOT".
Created "/var/tmp/espmounts/FD52-5CAE/loader".
Created "/var/tmp/espmounts/FD52-5CAE/loader/entries".
Created "/var/tmp/espmounts/FD52-5CAE/EFI/Linux".
Copied "/usr/lib/systemd/boot/efi/systemd-bootx64.efi" to "/var/tmp/espmounts/FD52-5CAE/EFI/systemd/systemd-bootx64.efi".
Copied "/usr/lib/systemd/boot/efi/systemd-bootx64.efi" to "/var/tmp/espmounts/FD52-5CAE/EFI/BOOT/BOOTX64.EFI".
Random seed file /var/tmp/espmounts/FD52-5CAE/loader/random-seed successfully written (512 bytes).
Not installing system token, since we are running in a virtualized environment.
Created EFI boot entry "Linux Boot Manager".
Configuring systemd-boot..
Unmounting '/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-part2'.
Adding '/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-part2' to list of synced ESPs..
Refreshing kernels and initrds..
Running hook script 'proxmox-auto-removal'..
Running hook script 'zz-proxmox-boot'..
Copying and configuring kernels on /dev/disk/by-uuid/5D2E-4BFB
Copying kernel and creating boot-entry for 5.15.30-2-pve
WARN: /dev/disk/by-uuid/5D2F-103F does not exist - clean '/etc/kernel/proxmox-boot-uuids'! - skipping
Copying and configuring kernels on /dev/disk/by-uuid/FD52-5CAE
Copying kernel and creating boot-entry for 5.15.30-2-pve

root@pve:~# proxmox-boot-tool status

Re-executing '/usr/sbin/proxmox-boot-tool' in new private mount namespace..
System currently booted with uefi
5D2E-4BFB is configured with: uefi (versions: 5.15.30-2-pve)
WARN: /dev/disk/by-uuid/5D2F-103F does not exist - clean '/etc/kernel/proxmox-boot-uuids'! - skipping
FD52-5CAE is configured with: uefi (versions: 5.15.30-2-pve)

root@pve:~# proxmox-boot-tool refresh

Running hook script 'proxmox-auto-removal'..
Running hook script 'zz-proxmox-boot'..
Re-executing '/etc/kernel/postinst.d/zz-proxmox-boot' in new private mount namespace..
Copying and configuring kernels on /dev/disk/by-uuid/5D2E-4BFB
Copying kernel and creating boot-entry for 5.15.30-2-pve
WARN: /dev/disk/by-uuid/5D2F-103F does not exist - clean '/etc/kernel/proxmox-boot-uuids'! - skipping
Copying and configuring kernels on /dev/disk/by-uuid/FD52-5CAE
Copying kernel and creating boot-entry for 5.15.30-2-pve

root@pve:~# proxmox-boot-tool clean

Checking whether ESP '5D2E-4BFB' exists.. Found!
Checking whether ESP '5D2F-103F' exists.. Not found!
Checking whether ESP 'FD52-5CAE' exists.. Found!
Sorting and removing duplicate ESPs..

root@pve:~# proxmox-boot-tool status

Re-executing '/usr/sbin/proxmox-boot-tool' in new private mount namespace..
System currently booted with uefi
5D2E-4BFB is configured with: uefi (versions: 5.15.30-2-pve)
FD52-5CAE is configured with: uefi (versions: 5.15.30-2-pve)</pre>

After that, the system has been successfully rebooted and is now fully redundant and secure again.

== References ==
<references />

{{Jsterr}}
{{Aranzinger}}
[[Category:Proxmox Administration]]
[[de:Boot-Device Replacement - Proxmox ZFS Mirror Disk austauschen]]

Backup and restore under Debian 13 with Proxmox Backup Client

2026-03-25T12:55:01Z

Pstreifinger:

This article describes how to back up a '''Debian 13''' system with the help of '''Proxmox Backup Clients''' on a Proxmox Backup server.

== Initial situation ==
For the performance, a '''Proxmox Backup Server''' and a '''Debian 13''' system, that you want to back up, is required.

If you '''did not install a PBS yet''', you will find the instructions for the installation here: [[Proxmox Backup Server Installation]].

== Proxmox Backup Client ==
In this paragraph, the '''Proxmox Backup Client''' is installed and configured on a Debian 13 system.

The whole installation is performed as '''root user'''. With the following command, you can log in as root-user: <pre>su</pre>

=== Add repository ===
First, the '''repository''' must be configured for the ''Proxmox Backup Client''. For this, the ''proxmox-backup-client.list'' file must be created with the following command:
<pre>sudo nano /etc/apt/sources.list.d/proxmox-backup-client.list</pre>
The following content must be added to this file:
<pre>deb http://download.proxmox.com/debian/pbs-client trixie main</pre>
Next, the '''Repository-GPG-Key''' must be imported. Proxmox uses for every Debian version another GPG-key. For Debian version 13, the GPG-key for Trixie is required:
<pre>wget -qO - https://enterprise.proxmox.com/debian/proxmox-release-trixie.gpg | sudo tee /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg >/dev/null</pre>

=== Installation ===
After installing the ''Proxmox Backup Client'' repository, all package lists must be updated:<pre>
sudo apt update</pre>
Now, you can install ''Proxmox Backup Client'':
<pre>sudo apt install proxmox-backup-client</pre>

=== Connect to PBS ===
After successful installation of the client, you can connect to the Proxmox Backup server with the following command:
<pre>proxmox-backup-client login --repository <user>@<pam>@<ipadresse>:<datastore></pre>
The following adjustments must be made:
* <code><user></code>: Enter the PBS username; we recommend using an alternative account with the necessary permissions rather than the root account
* <code><pam></code>: Enter the realm required when logging in to PBS here (usually this is '''pam''')
* <code><ipaddress></code>: Enter the IP address of the Proxmox Backup server here
* <code><datastore></code>: Specify the name of the datastore where the backups should be stored
* '''The entry could look like this: "backup@pam@10.26.33.11:zfs-pool".'''
Accept the fingerprint and enter the password in the PBS.

Now, the Backup Client is installed on your Debian system.

== Perform backup ==

=== Type of security ===
To back up a file or a path, run the following command:
<pre>proxmox-backup-client backup etc.pxar:/(directory or file that should be secured) --repository <user>@<pam>@<ipadresse>:<datastore></pre>
If you want to back up the whole system, you require this command:
<pre>proxmox-backup-client backup etc.pxar:/ --repository <user>@<pam>@<ipadresse>:<datastore></pre>
After you have performed one of these commands, the backup should now be displayed in the datastore of the Proxmox Backup server.

=== Display in the shell ===
You can display the backups in the Debian shell:<pre>proxmox-backup-client snapshots --repository <user>@<pam>@<ipadresse>:<datastore></pre>
Sample output:<pre>
┌──────────────────────────────────┬───────┬───────────────────────────────────┐
│ snapshot │ size │ files │
╞══════════════════════════════════╪═══════╪═══════════════════════════════════╡
│ host/debian/2026-03-11T11:33:16Z │ 728 B │ catalog.pcat1 etc.pxar index.json │
└──────────────────────────────────┴───────┴───────────────────────────────────┘
</pre>

== Restore ==
For the recreation of your data, perform the following command:<pre>proxmox-backup-client restore <Backup Name> etc.pxar <destination directory> --repository <user>@<pam>@<ipaddress>:<datastore></pre>
* <code><Backup Name></code>: Enter the complete name of the backup
* <code><Destination Directory></code>: Enter the destination directory for the restore here
* <code><user>, <pam>, <ipaddress>, <datastore></code>: These should be selected as specified for connection to PBS

=== Example ===
The following values are used for the example:

* '''Backup name''': <code>host/debian/2026-03-11T11:33:16Z</code>
* '''Destination directory''': <code>/home</code>
* '''user''': <code>backup</code>
* '''pam''': <code>pam</code>
* '''ip-address''': <code>10.21.0.50</code>
* '''datastore''': <code>backup_ssd</code>

This results in the following command:<pre>proxmox-backup-client restore host/debian/2026-03-11T11:33:16Z etc.pxar /home --repository backup@pam@10.21.0.50:backup_ssd</pre>

== Cron job ==
You can also automate your backups using a '''cron job'''.

=== Create script ===
First, you have to create the file <code>/usr/local/sbin/debian-backup.sh</code>:
<pre>nano /usr/local/sbin/debian-backup.sh</pre>
Create the following script (select the values enclosed in <code><></code> according to your settings):
<pre>#!/bin/bash
set -euo pipefail

export PBS_REPOSITORY="<user>@<pam>@<IPaddress>:<Datastore>"
export PBS_PASSWORD="<Password>"

proxmox-backup-client backup \
home.pxar:/<directory></pre>
Then make the script executable:
<pre>chmod +x debian-backup.sh</pre>

=== Installation and configuration of Cron ===
Next, '''Cron''' must be installed with the following commands:
<pre>sudo apt update

sudo apt install cron
</pre>
Create '''Cron''' file:
<pre>
sudo crontab -e
</pre>
If you want to back up your data every day at 3:30 a.m., add the following text to the file:
<pre>
30 3 * * * /usr/local/sbin/debian-backup.sh
</pre>
The exact instructions for creating or changing Cron jobs can be found in the article https://wiki.ubuntuusers.de/Cron/ .

{{Pstreifinger}}
{{Aranzinger}}
[[de:Backup und Restore unter Debian 13 mit Proxmox Backup Client]]

VirtualBox

2026-03-25T05:43:31Z

Aranzinger: Created page with "'''VirtualBox''' is a virtualization solution from Oracle. VirtualBox was originally developed by Innotek, which was later acquired by Sun Microsystems. In 2010, Oracle acquired Sun, including VirtualBox. VirtualBox runs on Windows, Linux, Mac OS and Solaris. == General information == * Documentation: http://www.virtualbox.org/manual/UserManual.html == Versions == === VirtualBox 6.1 === * Most important new features (excerpt) in version 6.1: ** Now supports importi..."

'''VirtualBox''' is a virtualization solution from Oracle. VirtualBox was originally developed by Innotek, which was later acquired by Sun Microsystems. In 2010, Oracle acquired Sun, including VirtualBox.

VirtualBox runs on Windows, Linux, Mac OS and Solaris.

== General information ==
* Documentation: http://www.virtualbox.org/manual/UserManual.html

== Versions ==
=== VirtualBox 6.1 ===
* Most important new features (excerpt) in version 6.1:
** Now supports importing a VM from Oracle Cloud Infrastructure
** Enhanced support for exporting a VM to Oracle Cloud Infrastructure
** Supports nested hardware virtualization for Intel CPUs
** Supports Linux kernel 5.4 for Linux based guests
* Complete changelogs: https://www.virtualbox.org/wiki/Changelog

=== VirtualBox 6.0 ===
* Most important renewals (excerpt) in version 6.0:
** Support of export for virtual machines in the Oracle Cloud Infrastructure
** Improved user interface
** Improved support of HiDPI monitors
** New file manager supports copying files between host and guest
** Large update of 3D graphic support for Windows guests
** Hyper-V as fallback option for Windows hosts
** Support for Linux kernel 4.20 for Linux-based guests
* Complete changelogs: https://www.virtualbox.org/wiki/Changelog
* More information:
** [https://www.heise.de/ix/meldung/VirtualBox-6-0-mit-vielen-punktuellen-Verbesserungen-4255869.html VirtualBox 6.0 with lots of selective improvements] (heise.de, 19.12.2018)

=== VirtualBox 5.2 ===
* Most important renewals (excerpt) in version 5.2:
** VM export to Oracle Cloud (OPC)
** Unattended operating system installation in the guest system
** Revised graphical user interface
* Complete changelogs:https://www.virtualbox.org/wiki/Changelog
* More information:
** [https://www.heise.de/ix/meldung/Inklusive-Upload-in-die-Oracle-Cloud-VirtualBox-5-2-freigegeben-3866366.html Includes upload to the Oracle-Cloud: VirtualBox 5.2 released] (heise.de, 20.10.2017)

=== VirtualBox 5.1 ===
* Most important renewals (excerpt) in version 5.1:
** Improved performance through a new implementation for APIC and I/O-APIC
** Debugging Windows guests using Hyper-V paravirtualization
** Graphical user interface fully migrated to Qt5
** Higher performance and faster access times through passive API event listener
** Better support for Python 3
** NVMHCI-compatible storage-controller enables the emulation of NVMe devices
* Complete changelogs: https://www.virtualbox.org/wiki/Changelog
* More information:
** [http://www.heise.de/ix/meldung/Virtualization-software-VirtualBox-5-1-relies-on-Qt5-3265361.html Virtualization software: VirtualBox 5.1 relies on Qt5] (heise.de, 13.07.2016)

=== VirtualBox 5.0 ===
* Most important renewals (excerpt) in version 5.0:
** USB 3.0 support
** Improved Drag&Drop
** Disk-Image encryption
* Complete changelogs: https://www.virtualbox.org/wiki/Changelog
* More information: ** [http://www.heise.de/newsticker/meldung/Virtualisierungssoftware-VirtualBox-5-0-vorgestellt-USB-3-0-Support-und-bessere-Performance-2747850.html Virtualization software VirtualBox 5.0 presented: USB-3.0-support and better performance] (heise.de, 10.07.2015)

=== VirtualBox 4.3 ===
* Important renewals (excerpt) from in 4.3:
** New NAT network mode ([[Netzwerkkonfiguration in VirtualBox#NAT Service|NAT Service]]) that allows guest systems to communicate with one another
** Support of Windows 8.1, Windows Server 2012 R2 and OS X 10.9 "Mavericks"
** Windows 8.1 Touch Device input assistance
** Faster 3D effects on Ubuntu or Fedora Linux guest systems
** IPv6 is available in bridged, host, internal, and new NAT modes
* Complete changelogs: https://www.virtualbox.org/wiki/Changelog
* More information:
** [http://www.admin-magazin.de/News/Virtualbox-4.3-verbessert-Netzwerk-Funktionalitaet VirtualBox 4.3 improves network functionality] (ADMIN Magazine, 16.10.2013)
** [http://www.heise.de/open/meldung/VirtualBox-4-3-unterstuetzt-Multitouch-1979845.html VirtualBox 4.3 supports Multitouch] (heise open, 15.10.2013)

=== VirtualBox 4.2 ===
* Most important renewals (excerpt) in version 4.2:
** Support for Windows 8 and OS X 10.8 "Mountain Lion"
* Complete changelogs: http://www.virtualbox.org/wiki/Changelog-4.2
* More information:
** [http://www.heise.de/open/meldung/VirtualBox-4-2-unterstuetzt-Windows-8-und-Mountain-Lion-1707785.html VirtualBox 4.2 supports Windows 8 and Mountain Lion] (heise open, 13.09.2012)

=== VirtualBox 4.1 ===
* Most important renewals (in part) in version 4.1:
** Cloning support: vull clones can be created via GUI and VBoxManage, linked clones via VBoxManage
** GUI: new/extended wizards for creating new virtual disks or for copying virtual disks
** Memory limit on 64-bit hosts now 1 TB
** Experimental support for PCI passthrough on Linux hosts
** Windows guest systems: experimental WDDM graphic driver with Windows Aero and Direct3D support
** Network: new connection mode ''Generic Driver''
** New network mode ''UDP tunnel'': allows the connection of VMs that run on different hosts
** Experimental support for SATA HDD Hotplugging with VBoxManage
* Complete changelogs: http://www.virtualbox.org/wiki/Changelog-4.1
* More information:
** [http://www.heise.de/open/meldung/Oracle-veroeffentlicht-VirtualBox-4-1-1281936.html Oracle publishes VirtualBox 4.1] (heise open, 19.07.2011)
** [http://virtualization.info/en/news/2011/07/release-oracle-virtualbox-4-1-0.html Release: Oracle VirtualBox 4.1.0] (virtualization.info)

=== VirtualBox 4.0 ===
* Current maintenance release: [http://blogs.oracle.com/virtualization/entry/oracle_vm_virtualbox_4_02 4.0.12 (2011-07-15)]
* Most important renewals (in part) from version 4.0:
** Extension packs for expansions
** New settings and disk file format
** New GUI (VirtualBox Manager)
** Improved OVF support
* Possible limitation of CPU time and I/O bandwidth of a VM
* Support for asynchronem I/O für iSCSI, VMDK, VHD and Parallels Image files
** Support for multiple screens in Linux and Solaris guests with X.Org servers from version 1.3
* Complete changelogs: http://www.virtualbox.org/wiki/Changelog-4.0
* More information:
** [http://virtualization.info/en/news/2010/12/release-oracle-vm-virtualbox-4-0.html Release: Oracle VM VirtualBox 4.0] (virtualization.info)

=== VirtualBox 3.2 ===
* Most important renewals (in part):
** [http://www.virtualbox.org/manual/ch04.html#guestadd-balloon Memory Ballooning] (only on 64-Bit hosts)
** CPU hot-plug for Linux (hot-add and hot-remove) and some Windows guests (only hot-add)
** LsiLogic SAS controller emulation
* Complete changelogs: http://www.virtualbox.org/wiki/Changelog-3.2
* More information:
** [http://virtualization.info/en/news/2010/12/release-oracle-vm-virtualbox-version-3-2-12.html Release: Oracle VM VirtualBox 3.2.12] (virtualization.info)
** [http://virtualization.info/en/news/2010/10/release-oracle-vm-virtualbox-3-2-10.html Release: Oracle VM VirtualBox 3.2.10] (virtualization.info)
** [http://virtualization.info/en/news/2010/08/release-oracle-virtualbox-3-2-8.html Release: Oracle VM VirtualBox 3.2.8] (virtualization.info)
** [http://virtualization.info/en/news/2010/06/release-oracle-vm-virtualbox-3-2-6.html Release: Oracle VM VirtualBox 3.2.6] (virtualization.info)
** [http://virtualization.info/en/news/2010/06/release-oracle-vm-virtualbox-3-2-4.html Release: Oracle VM VirtualBox 3.2.4] (virtualization.info)
** [http://virtualization.info/en/news/2010/06/release-oracle-vm-virtualbox-3-2-2.html Release: Oracle VM VirtualBox 3.2.2] (virtualization.info)
** [http://virtualization.info/en/news/2010/05/release-oracle-vm-virtualbox-3-2.html Release: Oracle VM VirtualBox 3.2] (virtualization.info)

=== VirtualBox 3.1 ===
* Complete changelogs: http://www.virtualbox.org/wiki/Changelog-3.1

=== VirtualBox 3.0 ===
* Complete changelogs: http://www.virtualbox.org/wiki/Changelog-3.0

== More information ==
* http://de.wikipedia.org/wiki/VirtualBox

{{Wfischer}}
{{Aranzinger}}
[[de:VirtualBox]]
[[Category:VirtualBox]]
[[Category:Review 2023 Q3]]

Advantech Industry Firewall server

2026-03-24T12:03:04Z

Aranzinger:

For the operation of an open source firewall such as [[OPNsense]], a multiple number of different server systems is suitable. In this article, we present Advantech Industry Firewall systems that were tested with OPNsense at Thomas-Krenn.

{{#widget:Imagebox-left|link={{#tklink:type=sitex|id=20777|linkonly=1}}|image=/de/wikiDE/images/0/0f/OPNsense-Shopbanner.png|text=Click here for our OPNsense Industry Firewalls in the Thomas-Krenn online shop|campaign=Advantech Industry Firewall Server }}
{{#widget:SitexBox|link={{#tklink:type=sitex|id=20777|linkonly=1}}|text=Click here for our OPNsense Industry Firewalls in the Thomas-Krenn online shop|campaign=Advantech Industrie Firewall Server }}

== Firewall optimized Advantech systems ==
The following chart shows Advantech systems that were tested with OPNsense at Thomas-Krenn:

{| class="wikitable"
|- style="background-color: #EFEFEF;text-align:center;"
! Server
! <tklink type="sitex" id="20756">UNO-2271G V2</tklink> 
[[File:UNO-2271G V2.png|100px]]
! <tklink type="sitex" id="20804">FWA-1012VC-4CA1S</tklink> 
[[File:FWA-1012VC.png|100px]]
! <tklink type="sitex" id="20803">FWA-1012VC-8CA1S</tklink> 
[[File:FWA-1012VC.png|100px]]
! <tklink type="sitex" id="20805">FWA-1112VC-4CA1S</tklink> 
[[File:FWA-1112VC-4CA1S.jpg|100px]]
! <tklink type="sitex" id="20802">FWA-2012-16A1S</tklink> 
[[File:FWA-2012-16A1S.png|100px]]
! <tklink type="sitex" id="21233">FWA-1214LRI-4CA1R</tklink> 
[[File:FWA-1214.png|100px]]
! <tklink type="sitex" id="21233">FWA-1214FRI-8CA1R</tklink> 
[[File:FWA-1214.png|100px]]
! <tklink type="sitex" id="21123">FWA-3034</tklink> 
[[File:FWA-3034.jpg|100px]]
! <tklink type="sitex" id="21073">FWA-5072-00A1R</tklink> 
[[File:FWA-5072-00A1R.png|100px]]
|-
| Special features
| valign=top |
* fanless
* 2 NICs
* optional 2 additional NICs (2x i350)
| valign=top |
* 4 NICs
* 2 SFP
* Intel QAT
| valign=top |
* 6 NICs
* 2 SFP
* Intel QAT
| valign=top |
* 6 NICs
* 2 SFP+
* 10 Gbit
* Intel QAT
* high temperature range
| valign=top |
* 6 NICs
* Intel QAT
* 1x NMC
| valign=top |
* 4 cores (Atom x7433RE)
* 4 NICs
| valign=top |
*8 cores (Atom x7835RE)
*4 NICs
* 2 SFP (FWA-1214FRI-8CA1R)
| valign="top" |
* Front I/O
* 8x 2,5 Gbit onboard
* 2x 10 Gbit onboard
* 1x NMC
* red. NT
| valign=top |
* Front I/O
* 4x NMC
* red. NT
|-
| Mainboard
| align="center" | UNO-2271G-N221AE
| align="center" | FWA-1012VC 4-Core
| align="center" | FWA-1012VC 8-Core
| align="center" | Advantech Mainboard FWA-1112VC
| align="center" | Advantech Mainboard FWA-2012
| align="center" | Advantech Mainboard FWA-1214
| align="center" | Advantech Mainboard FWA-1214
| align="center" | Advantech Mainboard FWA-3034
| align="center" | Advantech Mainboard FWA-5072-00A1R
|-
| CPU 
: Taktfrequenz
: Cores / Threads
: AES-NI Instructions
| align="center" | [https://ark.intel.com/content/www/de/de/ark/products/214754/intel-celeron-processor-n6210-1-5m-cache-up-to-2-60-ghz.html Celeron N6210] 
: 1,2 GHz
: 2 / 2
: yes
| align="center" | [https://www.intel.de/content/www/de/de/products/sku/97937/intel-atom-processor-c3558-8m-cache-up-to-2-20-ghz/specifications.html Atom C3558] 
: 2,2 GHz
: 4 / 4
: yes
| align="center" | [https://www.intel.de/content/www/de/de/products/sku/97926/intel-atom-processor-c3758-16m-cache-up-to-2-20-ghz/specifications.html Atom C3758] 
: 2,2 GHz
: 8 / 8
: yes
| align="center" | [https://www.intel.de/content/www/de/de/products/sku/97937/intel-atom-processor-c3558-8m-cache-up-to-2-20-ghz/specifications.html Atom C3558] 
: 2,2 GHz
: 4 / 4
: yes
| align="center" | [https://www.intel.de/content/www/de/de/products/sku/97927/intel-atom-processor-c3958-16m-cache-up-to-2-0-ghz/specifications.html Atom C3958] 
: 2,0 GHz
: 16 /16
: yes
| align="center" | [https://www.intel.de/content/www/de/de/products/sku/236967/intel-atom-x7433re-processor-6m-cache-up-to-3-40-ghz/specifications.html Atom x7433RE] 
: 3,4 GHz
: 4 / 4
: yes
| align="center" | [https://www.intel.de/content/www/de/de/products/sku/236968/intel-atom-x7835re-processor-6m-cache-up-to-3-60-ghz/specifications.html Atom x7835RE] 
: 3,6 GHz
: 8 / 8
: yes
| align="center" | [https://www.intel.de/content/www/de/de/products/sku/232105/intel-core-i313100te-processor-12m-cache-up-to-4-10-ghz/specifications.html Core i3-13100TE] - [https://www.intel.de/content/www/de/de/products/sku/132219/intel-core-i712700e-processor-25m-cache-up-to-4-80-ghz/specifications.html Core i7-12700E] 
: 4,1 - 5,1 GHz
: 8 / 8 - 12 / 20
: yes
| align="center" | [https://www.intel.de/content/www/de/de/products/sku/236636/intel-xeon-silver-4509y-processor-22-5m-cache-2-60-ghz/specifications.html Xeon Silver 4509Y] - [https://www.intel.de/content/www/de/de/products/sku/237250/intel-xeon-platinum-8580-processor-300m-cache-2-00-ghz/specifications.html Xeon Platinum 8580] 
: 2,0 - 3,9 GHz
: 8 / 16 - 60 / 120
: yes
|-
| RAM
| align="center" | 2 - 8 GB
| align="center" | 8 - 32 GB
| align="center" | 8 - 32 GB
| align="center" | 8 - 32 GB
| align="center" | 8 - 32 GB
| align="center" | 8 GB
| align="center" | 8 GB
| align="center" | 8 - 64 GB
| align="center" | 16 - 1024 GB
|-
| Disk (SATA)
| align="center" | -
| align="center" | -
| align="center" | -
| align="center" | -
| align="center" | -
| align="center" | -
| align="center" | -
| align="center" | 2
| align="center" | 2
|-
| Disk (NVMe and other)
|
* 32 GB eMMC onboard
* 1 mSATA
|
* 1 SATA M.2 2280
|
* 1 SATA M.2 2242/2280
| align="center" |
* 1 SATA M.2 2280
| align="center" |
* 1 SATA M.2 2280
| align="center" |
* 64GB M.2 SATA SSD 2242 onboard
| align="center" |
* 64GB M.2 SATA SSD 2242 onboard
| align="center" | 1 SATA/NVMe M.2 2280
| align="center" | 2 SATA/NVMe M.2 2280
|-
| NICs 1 Gbit (contained)
| align="center" | 2
(2x i211)
| align="center" | 6
(4x RJ45, 2x SFP)
| align="center" | 8
(6x RJ45, 2x SFP)
| align="center" | 4
(2x i211, 2x X553 L)
| align="center" | 6
(6x RJ45)
| align="center" | 4
(4x RJ45)
| align="center" | 6
(4x RJ45 und 2x SFP)
| align="center" | 2
(2x SFP)
| align="center" | 2
(2x RJ45)
|-
|NICs 2,5 Gbit (contained)
| align="center" | -
| align="center" | -
| align="center" | -
| align="center" | -
| align="center" | -
| align="center" | -
| align="center" | -
| align="center" | 8
(8x i226-LM)
| align="center" | -
|-
| NICs 10 Gbit (contained)
| align="center" | -
| align="center" | -
| align="center" | -
| align="center" | 2
(2x X553 N)
| align="center" | -
| align="center" | -
| align="center" | -
| align="center" | 2
(2x X710)
| align="center" | -
|-
| NICs 25 Gbit (contained)
| align="center" | -
| align="center" | -
| align="center" | -
| align="center" | -
| align="center" | -
| align="center" | -
| align="center" | -
| align="center" | -
| align="center" | -
|}

{{Tniedermeier}}
{{Aranzinger}}
[[de:Advantech Industrie Firewall Server]]

Overview of virtualization technologies

2026-03-24T11:24:55Z

Aranzinger: Created page with "== Technologies == === Hardware emulation === In hardware emulation, all hardware components (CPU, chipset, I/O cards, etc.) are emulated. The CPU emulation translates hardware instructions from the emulated to the native CPU (for example emulation of PowerPC, ARM, SPARC, MIPS, ... on x86). This results in significant overhead and, consequently, a loss of performance. Guest operation systems can be operated without adjustments. Examples for hardware emulation: * [ht..."

== Technologies ==

=== Hardware emulation ===
In hardware emulation, all hardware components (CPU, chipset, I/O cards, etc.) are emulated. The CPU emulation translates hardware instructions from the emulated to the native CPU (for example emulation of PowerPC, ARM, SPARC, MIPS, ... on x86). This results in significant overhead and, consequently, a loss of performance.

Guest operation systems can be operated without adjustments.

Examples for hardware emulation:
* [http://bochs.sourceforge.net/ Bochs]
* [http://fabrice.bellard.free.fr/qemu/ QEMU]
* [http://pearpc.sourceforge.net/ PearPC]
* [http://de.wikipedia.org/wiki/Windows_Virtual_PC#Virtual_PC_f.C3.BCr_Mac Windows Virtual PC for Mac (PPC)] (no longer supported)

=== Hardware virtualization ===
Similar to hardware emulation, numerous hardware components are emulated (chipset, I/O cards,...) However, the CPU is not emulated, but some CPU instructions are intercepted and adjusted. Therefore, only the CPU architecture can be used in the guest systems, which is also available physically in the host systems. However, performance is significantly higher than with hardware emulation.

Guest operating systems can be operated without adjustments.

Examples for hardware virtualization:
* [[VMware vSphere 5.5]], [http://www.vmware.com/products/workstation VMware Workstation]
* [[Microsoft Hyper-V]]
* [[VirtualBox]]
* [http://www.xenproject.org/ XEN] starting with version 3 and using Hardware Virtual Machine (HVM), requires an Intel VT/AMD-V CPU

=== Paravirtualization ===
In paravirtualization, no hardware emulation takes place. The host offers instead a special API for hardware access. In the guest systems, only the CPU architecture can be used that is also available in the host system physically.

Guest systems (kernel) must be adapted, but the ABI (Application Binary Interface) remains unchanged.

Example:
* XEN
* VMware vSphere (paravirtualized device drivers, and previously also paravirtualized CPUs with VMI)<ref>[http://blogs.vmware.com/guestosguide/2009/09/vmi-retirement.html Update: Support for guest OS paravirtualization using VMware VMI to be retired from new products in 2010-2011] (blogs.vmware.com, 22.09.2009)</ref>

=== Operating system virtualization / container ===
There is also no emulation. There is only one kernel for host and guest system. Therefore, the guest operating system can only be the same operating system as the one running on the host (for example Linux on Linux, different distributions are possible). This technology has a low overhead, as no emulation takes place and syscalls pass through only one kernel, not two. Guest systems can be started within seconds.

Examples:
* [[Linux Containers LXC]]
* [http://openvz.org/ OpenVZ]
* [http://linux-vserver.org/ Linux-VServer]
* [http://www.oracle.com/technetwork/server-storage/solaris/containers-169727.html Solaris Containers]
* [http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails.html FreeBSD Jails]

== More information ==
* [http://de.wikipedia.org/wiki/Virtualisierung_(Informatik) Virtualisierung (Informatik)] (de.wikipedia.org)
* [http://www.tecchannel.de/server/virtualisierung/2076934/ab_wann_lohnt_sich_virtualisierung_fuer_kmus/ Wann lohnt sich Virtualisierung für kleine und mittelständische Unternehmen?] (tecchannel.de, 13.01.2015)

== References ==
<references />

{{Fhettenbach}}
{{Aranzinger}}
[[Category:Virtualization]]
[[pl:Przegląd technologii wirtualizacji]]
[[de:Virtualisierungstechnologien im Überblick]]

OPNsense FAQ

2026-03-23T11:47:11Z

Aranzinger: Created page with "In this article, you will find answers on frequently asked questions about the Open Source firewall OPNsense. {{#widget:Imagebox-left|link={{#tklink:type=sitex|id=19293|linkonly=1}}|image=/de/wikiDE/images/0/0f/OPNsense-Shopbanner.png|text=Click here for our OPNsense firewalls in the Thomas-Krenn online shop|campaign=OPNsense FAQs }} {{#widget:SitexBox|link={{#tklink:type=sitex|id=19293|linkonly=1}}|text=Click here for our OPNsense firewalls in the Thomas-Krenn onli..."

In this article, you will find answers on frequently asked questions about the Open Source firewall [[OPNsense]].

{{#widget:Imagebox-left|link={{#tklink:type=sitex|id=19293|linkonly=1}}|image=/de/wikiDE/images/0/0f/OPNsense-Shopbanner.png|text=Click here for our OPNsense firewalls in the Thomas-Krenn online shop|campaign=OPNsense FAQs }}
{{#widget:SitexBox|link={{#tklink:type=sitex|id=19293|linkonly=1}}|text=Click here for our OPNsense firewalls in the Thomas-Krenn online shop|campaign=OPNsense FAQs}}

== FAQ ==
This paragraph lists answers on different questions about OPNsense.

# Which servers are suitable for OPNsense?
#* You will find compatible and tested servers in the Thomas-Krenn online shop in the area <tklink type="sitex" id="19293">OPNsense Firewalls.</tklink>
# Where can I find an overview about the most important data of Thomas-Krenn devices that are compatible with OPNsense?
#* [[Low Energy Systems (LES) Firewall Server]]
#* [[Intel based Thomas-Krenn Firewall Server]]
#* [[AMD based Thomas-Krenn Firewall Server]]
# Where can I find performance data on different Thomas-Krenn firewall servers?
#* The article [[Thomas-Krenn OPNsense Firewall Performance]] shows the systems tested on performance.
#* Additional systems are being added on an ongoing basis.
# The category [[:Category:OPNsense|OPNsense]] can be found in the Thomas-Krenn-Wiki.
#* Webinars on the OPNsense topic can be found on our Thomas-Krenn Youtube channel: [https://www.youtube.com/user/ThomasKrenn/videos ThomasKrenn]
#* In our company blog TKmag, there is also a lot of information on OPNsense: [https://www.thomas-krenn.com/de/tkmag/ TKmag | The expert magazine covering servers, storage, virtualization, and more.]
# How are network cables properly connected? Standard WAN and LAN port assignments
#* The article [[Thomas-Krenn OPNsense Firewalls network interfaces]] shows the correct cabling.
# How can additional interfaces be configured in the OPNsense web interface?
#* The article [[OPNsense add interface]] shows the required steps.
# How to install OPNsense?
#* Information can be found in the article [[Install OPNsense]].
# How to perform the basic configuration?
#* [[Install OPNsense#Configuration|Basic configuration after installation]]
# How to secure the configuration?
#* The configuration can be secured as[[OPNsense_installieren#Konfiguration_sichern| XML file]].
#* The XML-file can be encrypted, too.
# How to recreate the configuration.
#* Option 1: Via the web interface under System -> Configuration -> Backups, under the "Restore" heading.
#* Option 2: Via the [[OPNsense Konfiguration wiederherstellen|console of the OPNsense firewall]].
# Which OPNsense version ist the current version?
#* Information on the releases with the most important renewals can be found in the article [[OPNsense]].
# What options does OPNsense offer for VPN connections?
#* With an OPNsense firewall, you can set up VPNs using [[OpenVPN]], IPsec, and [[WireGuard]] (via plugin), among others; additional VPN technologies can also be added as plugins, just like WireGuard.
#* The VPN-techniques can be used for site-to-site and also for Roadwarrior.
#* [[OPNsense OpenVPN für Road Warrior einrichten|Setup for OPNsense OpenVPN for Road Warrior]]
#* [[Installation of OPNsense OpenVPN instances site-to-site]]
#* [[OPNsense_OpenVPN_Performance_Tests#OpenVPN_Einstellungen|OpenVPN Site-to-Site settings]] between two OPNsense firewalls
#* [[OPNsense WireGuard VPN for Road Warrior configuration]]
#* [[OPNsense OpenVPN performance tests and results]]
#* [[OPNsense_IPsec_Performance_Tests#IPsec_Einstellungen|IPsec Site-to-Site settings]] between two OPNsense firewalls
#* A concrete configuration recommendation for a IPsec Roadwarrior configuration does not exist. It is important to always take the end device into account. A Windows 10 client requires different settings than an Android or iOS device.
# Are Chelsio, Mellanox, and Broadcom network cards supported by OPNsense?
#* Yes, but the driver must be activated manually: [[OPNsense Chelsio Mellanox Broadcom Netzwerkkarten-Treiber aktivieren|Activation of OPNsense Chelsio Mellanox Broadcom network cards driver]]
#* '''Hint:''' Broadcom cards are activated automatically with the release of the OPNsense 24.7 version.
# Is it possible to connect two OPNsense firewalls to form a cluster?
#* Yes, you will also find an article on how to [[OPNsense HA Cluster configuration]].
#* [[OPNsense_HA_Cluster_einrichten#Anforderungen|Requirements for hardware]]
# The dashboard of the OPNsense firewall shows no CPU temperatures.
#* There is an article on how to [[CPU Temperaturen in OPNsense anzeigen|Display CPU temperatures in OPNsense]]

== Selection of suitable hardware ==
When making your selection, please keep the following points in mind:
* Location (fanless system for office or 19" rack server)
* Front-IO system or classic rack server
* One or two power supplies
* Number of required 1 GBit, 10 GBit or >25 Gbit network interfaces
* Required CPU performance
** OpenVPN: high-clock-speed CPU, for example Xeon-E or Xeon Silver: <tklink type="sitex" id="20460">RI1101-SMXEFH</tklink>
** IPsec VPN Tunnel: If you need a throughput of 1 Gbps or more, choose a Xeon-E CPU or Xeon Silver: <tklink type="sitex" id="20460">RI1101-SMXEFH</tklink>
** Proxy: Number of cores is more important than clock speed
* Required size of RAM
** Operation of firewall with basic funtions and VPN services: 4GB RAM (50 or more users: 8 GB RAM)
** In addition with Intrusion Detection (IDS), Intrusion Prevention (IPS) or Proxy: 8GB RAM (50 or more users: 16GB RAM)
** When operating Zenarmor: 16GB RAM (250 or more users: 32GB RAM)
* Hardware compatibility with the firewall solution's operating system ([[FreeBSD]] for OPNsense or pfSense, [[Linux]] for ipFire)
* Recommendation of manufacturer, see for example [[Hardwareanforderungen OPNsense|Hardware requirements for OPNsense]]

== Commissioning of Pre-Installed OPNsense firewalls ==
You can also purchase pre-installed OPNsense firewalls from Thomas-Krenn.
In the article [[Inbetriebnahme vorinstallierter Thomas-Krenn OPNsense Firewalls|Commissioning of pre-installed Thomas-Krenn OPNsense firewalls]], you will find information how to properly set up and further configure pre-installed systems.

== OPNsense Business Edition ==
In this paragraph, you will find important information on OPNsense Business edition.

# Which additional functions are offered by the OPNsense business edition?
#* Information on [[OPNsense Business Edition]]
# Where can I buy the OPNsense Business Edition subscription?
#* You can add the Business Edition subscription to your order when purchasing an OPNsense-compatible server.
#* You can also buy Business Edition subscriptions separately via <tklink type="configurator" detail="configurator" id=27314 />
# How can I activate OPNsense Business Edition?
#* The Business Edition can be easily activated using the activation key after purchasing a subscription: [[Activate OPNsense Business Edition license]]
# Is there a specific timeline for when the new OPNsense Business Edition will be released?
#* Yes, on April 12, 2021, a time table has been defined that is valid for all future business edition releases. It is now published every April and October as a separate issue.<ref>[https://forum.opnsense.org/index.php?
topic=22602.msg OPNsense business edition 21.4 released] (forum.opnsense.org)</ref>
#* Be sure to check the OPNsense interface regularly for available updates.
# Is there a notification when the business edition subscription expires or is there a function to extend it automatically.
#* No, this fuction is not available. The subscriptions expire automatically.
#* In the OPNsense dashboard, you will find an entry called ''Licensed until DATE'' in the '''System Information''' widget in the '''Version''' line.
# What happens, when you forget to extend the Business Edition? Will updates still work?
#* Of course, you can always switch back to the regular OPNsense update mirror and continue to receive updates through it.
# Is there a separate extension of the subscription and if so, how are they different?
#* No, there are no separate extensions of the subscription.
# Are two OPNsense Business Edition subscriptions required when using an HA cluster?
#* Yes, one subscription is required per machine.

== Questions from the Webinar Q&A: Open Source Firewall OPNsense (with m.a.x. it) (as of June 5, 2024) ==
Here, you will find all questions from the Q&A that have not been answered yet: Open Source Firewall OPNsense (mit m.a.x. it) listed with the answers:

# Are there experiences with updates of the community version?
#* Wait for the release upgrade to the .4 or .5 point release
#* There have been a lot of hotfix updates for the Community Edition lately, as issues have kept cropping up.
#* In a corporate environment, it’s best to use the OPNsense Business Edition, as this provides three major update packages per release instead of about 10.
# If not solved in the current version: Problems with DHCP-Relay over a site-to-site VPN-connection?
#* This should be possible with the Kea-DHCP.
# How suitable is the OPNsense firewall for the use of, for example, Sophos UTM solutions?
#* In general, a lot of functions can be represented with OPNsense and plugins.
#* It depends on the use application case, an additional software (for example Zenarmor) is required for some functions.
#* WLAN, SD-RED, Userportal and email quarantine is not available for OPNsense
# What are the general costs associated with purchase and operation?
#* The hardware costs depend on the size of the network, the desired throughput, and the required features (IDS/IPS or VPNs).
#** The cost of an OPNsense appliance starts at under 400 euros for a LES device; robust rack servers cost around 1,500 euros, but prices for a high-end HA cluster with two devices can exceed 10,000 euros. For a suitable sizing, it is best to directly contact our experts.
#** The price depends on a lot of factors, for example performant CPUs or additional network cards.
#* Software costs either free of charge with the Community Edition or 149 per year with the business edition.
#* Other ongoing costs include maintenance or support contracts; these costs vary depending on your needs.
# What resources are available for those new to the subject?
#* Webinars on the OPNsense topic, for example: [https://www.thomas-krenn.com/de/tkmag/webinare/opnsense-fuer-anwender-wie-sie-die-firewall-richtig-nutzen-und-absichern/ OPNsense for applicators – How to use and secure the firewall correctly]
#* [https://forum.opnsense.org/index.php OPNsense Forum]
#* [https://docs.opnsense.org/index.html OPNsense Documentation]
#* [https://www.zenarmor.com/docs/ Zenarmor User Guide]
#* Thomas-Krenn-Wiki category [[:Kategorie:OPNsense|OPNsense]]

== Questions from the OPNsense Q&A webinar - with m.a.x. it (as of March 25, 2021) ==
Here, you will find all questions that have not been answered yet from [https://www.thomas-krenn.com/de/tkmag/webinare/opnsense-qa-webinar/ Large OPNsense Q&A webinar – with m.a.x. it] listed with answers:

'''Questions about VPN topics'''

# Which setup is recommended if you want to connect '''10 sites with the same IP subnet''' per VPN? In the past, this was resolved in pfSense using a '''Transfer NAT''' network with OpenVPN certificates.
#* 10 locations on the same subnet—you shouldn't do that; alternatively, renumber them. Otherwise, it is also possible with NAT, but quite complicated. Our recommendation is to renew the subnets.
# What is the best practice when setting up a default gateway and multiple gateways for specific networks? Should you select the default gateway as the “IPv4 Upstream Gateway” for the interface? Or is it better to use auto-detect and then check the box for "Upstream Gateway" (or, depending on the version: "Default Gateway") under ''System -> Gateways -> Single''? What if you have multiple uplinks (System/Gateways/Group)? Do you then select the upstream gateway for all interfaces? And how do you specify which gateway OpnSense’s own services (WireGuard, OpenVPN, etc.) should use?
#* Allowing the upstream gateway on the interface enables true multi-WAN. PF rules are set so that a package so that a packet that comes in on Line B also goes out on that line. Upstream gateway checkbox in gateways simply means that this gateway can also be used as the default gateway if ''Default GW Switching'' is active in ''System -> Settings -> General''. For more details, feel free to ask about this on the OPNsense forum.
# How suitable is '''OPNsense as a central server for VPN road warriors''' for installations? Is there any way to automate the deployment of the client configuration here?
#* The OPNsense export feature can be accessed via the API, so you could write a script for it; there isn't anything off-the-shelf available at the moment.
# How to set a WireGuard connection as interface?
#* Once you have configured and enabled the WireGuard service, you can assign an interface to wg0, for example, in the Interfaces -> Assign Interfaces section.
# Is it possible to '''NAT for IPSec connections'''? For IPsec, no corresponding interface is available when selecting NAT rules.
#* Yes, you have to look for BINAT in the documentation. The company m.a.x. it has also sponsored the development for more P2 with NAT together with OPNsense 21.1.
# Is there the opportunity in '''IPsec''', to allocate SPD policies to several phase 2 tunnels? (source NAT, multiple internal nets)
#* Yes, this has been sponsored by m.a.x. it with OPNsense 21.1.
#* Is it known that '''WireGuard''' occasionally stops the traffic. Turning the service off and then back on will restore everything to normal.
#* Which '''plugins''' are a must have? Which client-VPN is advantageous for OPNsense? IPsec (Cisco-NCP-bintec-lancom), Wireguard or OpenVPN?
#* The fewer plugins, the better. OpenVPN is best for ClientVPN.

'''Questions on firewall topics'''

# Is there the option "were used" in the Firewall -> Alias section to find out, which rules are used by the '''Alias'''?
#* No, as soon as the firewall rules and NAT are migrated on API, it would be worth a feature request for OPNsense. This function is known by Cisco ASA and Sophos systems.
# Does an OPNsense-firewall help with a recent exchange attack?
#* No, that would be too late. The Nginx plugin has a WAF ( Web Application Firewall). In our opinion, however, that would not have worked here.
# How is an '''additional filter in the firewall live log''' activated?
#* In the firewall live log, an additional filter gets active, when it is created and added with +.
#'''Blocker for malicious hosts in the Internet''' can be set up on different levels. When and where should you use a blocker: DNS, pf-Rule, Suricata?
#* DNS blacklisting and the FireHOL is sufficient.
#'''Use OPNsense as a gateway''' to the Internet for specific applications and monitor data traffic: Create FW-rules with, for example, *.teamviewer.com? Evaluate data traffic and generate alerts?
#* *. DNS Alias does not work. For this, the proxy is needed.

'''Performance questions'''

# A '''performance comparison''' between pfSense and OPNsense (Internal firewalling without IPS to isolate/protect services yielded the following results: 3Gbit/s were reached with pfSense and 900Mbit with OPNsense. The tests have been performed on the identical hardware, each as a VMware VM. Have there been any improvements to OPNsense in the meantime?
#* Yes and no, pfSense uses better default settings. So, the settings in OPNsense need to be adjusted accordingly. However, one customer is achieving throughput speeds of 6 Gbps using a VMware VM (OPNsense 20.1)—could the problem actually be with the VM?

'''General questions'''

# Is it possible to rebuild the '''webfilter reporting''' of a Sophos UTM with OPNsense?
#* Yes, but it would take a lot of effort; you're better off checking out the Sensei plugin.
# Is there a '''graphic mail log''' as with Sophos UTM?
#* Yes, Rspamd has a web console that can be accessed via port forwarding to localhost on port 11334.
# Is it possible to setup a watchdog function for OPNsense services via '''Monit'''? Is there a documentation on all relevant services?
#* Yes, but only manually. In the comprehensive OPNsense documentation covering all relevant services, you will also find a section on [https://docs.opnsense.org/manual/monit.html Monit].
# Is there something like a '''Packet Tracer Policy Lookup''' in OPNsense?
#* No, this is not available.
# When will '''ZFS as a file system option''' finally be available during installation?
#* Eventually with OPNsense 22.1.

'''Questions on high availability cluster'''

# In a '''HA-compound (currently 2 cores)''', Squid should always appear to the outside world with the same source IP, regardless of the node (VIP from a /27 net). How can this be configured?
#* This should function with outbound NAT.
# In a test setup, I set up two OPNsense firewalls in a VMware environment and created a high-availability cluster following the Thomas-Krenn instructions. "Disable preempt" has been activated. However, in the event of a failover (when a NIC is disconnected), only that one IP address is moved to Firewall 2, not all IP addresses. Is this the desired behaviour?
#* Never click on disable preempt! HA in VMware requires adjustments on ESX via CLI.

'''Hardware and hypervisor-related questions'''

# How can you determine whether a '''NIC is suitable for Suricata in IPS mode with VLANs''' (keyword: netmap)? The driver groups listed by FreeBSD are not really helpful (em, re, etc.). In practice, many NICs prove to be unstable.
#*This was explained in the webinar.
# Which procedure (also with regard to performance) would be more recommendable: VLANs on fewer NICs or for every VLAN an individual dedicated NIC?
#* This was explained in the webinar.
# Is OPNsense compatible with '''AMD Ryzen CPUs'''?
#* Yes, take a look at our AMD-based servers in the Thomas-Krenn online shop.
# Are there any experiences with '''OPNsense and VXLAN'''?
#* It's possible, but unfortunately we don't have any experience with it. It's usually done at the hypervisor level.
# How can I add '''multiple LAN interfaces in a virtual OPNsense environment?
#* Once they're added via the hypervisor, they'll also appear in the system. Attention: This messes up all existing interfaces, and they must be corrected via the console.

'''Questions on OPNsense Business Edition'''

# We operate a OPNsense-HA-cluster (V. 20.7.8) on a dedicated Thomas-Krenn hardware including an activated '''Business Edition'''. Should we already upgrade to version 21.x?
#* OPNsense 21.1 is not yet available for business edition users.
# What is next for '''centralized management of multiple OPNsense firewalls'''? As far as we know, this feature is only available in the Business Edition; I haven't used it yet. Is it useful, and what can you tell us about central management?
#* Only the LITE features, such as upgrades and the WebUI, are available. Policy rollouts are not supported.

{{Tniedermeier}}
{{Aranzinger}}
[[Category:OPNsense]]
[[de:OPNsense FAQs]]

Update Intel Microcode under VMware

2026-03-20T10:44:37Z

Aranzinger: Created page with "VMware regularly releases microcode updates for Intel CPUs for ESXi. After installing such updates, new Intel Microcode versions are installed during the starting process. In this article, we show how to '''verify the Microcode version''' on a server with VMware ESXi 6.7 and '''install newer microcode versions as needed'''. == Example of setup == In this example, we use the following setup: * Server with ASUS P10S-M Mainboard with BIOS version 4401 (notifica..."

VMware regularly releases microcode updates for Intel CPUs for ESXi. After installing such updates, new [[Intel Microcode]] versions are installed during the starting process. In this article, we show how to '''verify the Microcode version''' on a server with [[VMware ESXi 6.7]] and '''install newer microcode versions as needed'''.

== Example of setup ==
In this example, we use the following setup:
* Server with [[ASUS P10S-M Mainboard]] with BIOS version 4401 (notification: This example is not on the VMware HCL)
* VMware ESXi 6.7 (directly after installation, for now, without applying any patches)

The test was conducted on August 27, 2018, using the latest available BIOS, microcode, and software versions at that time. This clearly demonstrates how the latest security updates—both microcode and software updates—can be applied in security-critical environments.

== Read out BIOS version ==
First, verify the BIOS version:
<pre>
[root@localhost:~] esxcfg-info | grep -i bios
|----BIOS UUID................................................0x50 0xaa 0xab 0xc 0x5d 0x93 0x17 0x2c 0x39 0x7b 0x2c 0x4d 0x54 0x47 0xd 0xc1
|----BIOS Vendor..............................................American Megatrends Inc.
|----BIOS Version.............................................4401
|----BIOS ReleaseDate.........................................2018-03-05T00:00:00
|----BIOS Asset Tag...........................................To Be Filled By O.E.M.
|----Name............................................HardwareSMBIOSHeap
|----Group Name..........................HardwareSMBIOS
|----World Command Line.................................grep -i bios
|----Option Name........................................ignoreHwSMBIOSInfo
[root@localhost:~]
</pre>

If it is a Thomas-Krenn system, the latest BIOS version for the mainboard can be found in the [[BIOS security updates]] article. In this example, the latest BIOS-version available is already existing.

== Read out current Microcode version ==
[[File:Microcode-Update-Guidance-20180808-Page-12.png|thumb|right|In the Microcode Update Guidance dated August 8, 2018 (see [[Intel Microcode#Microcode Versions|Intel Microcode - Microcode Versions]]), Intel lists the new microcode version 0x8E is listed for the Xeon E3-1220 v6 processor used in this example.]]

The currently available Microcode version can be read out on the SSH shell with the '''vsish''' command:
<pre>
[root@localhost:~] vsish -e cat /hardware/cpu/cpuModelName
Intel(R) Xeon(R) CPU E3-1220 v6 @ 3.00GHz
[root@localhost:~] vsish -e cat /hardware/cpu/cpuList/0 | grep -i -E 'family|model|stepping|microcode|revision'
Family:6
Model:158
Stepping:9
Number of microcode updates:0
Original Revision:0x00000084
Current Revision:0x00000084
[root@localhost:~]
</pre>

In this example, the current Microcode version 0x84 is available.

Intel provides information on available Microcode versions in the ''Microcode Update Guidance'' document (see [[Intel Microcode#Microcode Versionen|Intel Microcode - Microcode versions]]). In this document, CPUs are listed by their [[CPUID]] (not by family/model/stepping). In the full output of the vsish cpuList command, the CPUID can be found in the "1:CPUID leaf" section under "EAX" (in this example, 0x906e9):
<pre>
[root@localhost:~] vsish -e cat /hardware/cpu/cpuList/0
CPU information {
Family:6
Model:158
Type:0
Stepping:9
[...]
CPUID:CPUID content {
0:CPUID leaf {
EAX:0x00000016
EBX:0x756e6547
ECX:0x6c65746e
EDX:0x49656e69
}
1:CPUID leaf {
EAX:0x000906e9
[...]
Number of microcode updates:0
Original Revision:0x00000084
Current Revision:0x00000084
[...]
</pre>

Alternatively, the CPUID can be determined in the following way based on Familiy/Model/Stepping:
# Note Family/Model/Stepping in Hex format. The /proc/cpuinfo file outputs the values in decimal format:
#* Family: 6 -> 0x6
#* Model: 158 -> 0x9e
#* Stepping: 9 -> 0x9
# The CPUID has the setup '''0FFM0FMS'''. Now work your way from the back to the front to determine the CPUID based on Family/Model/Stepping:
# S (Stepping) = 9
# M (last digit of the model number) before: e9
# F (Family) before = 6e9
# The digit 0 before = 06e9
# Model (penultimate digit of the model number) before that = '''906e9'''

When searching for "906e9" in the "Microcode Update Guidance" document dated August 8, 2018, the "New Production MCU Rev" column lists microcode version "0x8E". In this case, Intel is providing a newer microcode version than the one currently installed on the system.

=== Install patch ===
VMware provides Microcode updates together with other patches for download.

Install all available updates (as described in the article [[Update VMware ESXi]]). In this example, the ESXi670-201808402-BG update is contained, which contains the new Microcode.<ref>[https://kb.vmware.com/s/article/56538 VMware ESXi 6.7, Patch Release ESXi670-201808402-BG - Updates cpu-microcode VIB] (VMware aknowledge base article 56538)</ref>

=== Query microcode ===
Checking the microcode version after applying the patches and restarting the host shows the new microcode version 0x8E:
<pre>
[root@localhost:~] vsish -e cat /hardware/cpu/cpuList/0 | grep -i -E 'family|model|stepping|microcode|revision'
Family:6
Model:158
Stepping:9
Number of microcode updates:1
Original Revision:0x00000084
Current Revision:0x0000008e
</pre>

== References ==
<references />

== More information ==
* [https://blogs.vmware.com/vsphere/2015/05/using-esxi-6-0-cpu-microcode-loading-feature.html Using the ESXi 6.0 CPU Microcode Loading Feature] (blogs.vmware.com, 08.05.2015)

{{Wfischer}}
{{Aranzinger}}
[[Category:Intel]][[Category:VMware]]
[[pl:Aktualizacja mikrokodu firmy Intel w VMware]]
[[de:Intel Microcode unter VMware aktualisieren]]

Linkspeed configuration of Broadcom network cards

2026-03-17T13:17:10Z

Aranzinger:

When integrating Broadcom network cards in Linux distributions, the linkspeed may differ from the expected value. This value can be configured later with the help of '''firmware utility bnxtnvm'''.

This article describes the verification and configuration of the linkspeeds with the help of bnxtnvm/NICCLI.

Before you start, follow this article for the [[Activation of maintenance mode in Proxmox VE|Activation of maintenance mode in Proxmox VE]].
==Verification of linkspeed==
Due to the mixed operation of different linkspeeds, individual ports may be out of service. In a production environment, this manifests itself as missing connections and/or reduced network speeds, for example, when operating a server cluster with mesh cabling. All transceivers of the configured network card must be also removed.

'''Hint:''' Please note the [[Broadcom network cards|Compatibility of linkspeeds]]. Certain Broadcom cards support only certain or no mixed operations.

Here is an example for a defective issue: root@PMX1:~# ethtool enp67s0f0np0
Settings for enp67s0f0np0:
Supported ports: [ FIBRE ]
Supported link modes: 10000baseT/Full
25000baseCR/Full
Supported pause frame use: Symmetric Receive-only
Supports auto-negotiation: Yes
Supported FEC modes: RS BASER
'''Advertised link modes: 10000baseT/Full'''
Advertised pause frame use: No
Advertised auto-negotiation: Yes
Advertised FEC modes: RS BASER
Speed: 10000Mb/s
Duplex: Full
Auto-negotiation: on
Port: Direct Attach Copper
PHYAD: 0
Transceiver: internal
Supports Wake-on: g
Wake-on: d
Current message level: 0x00002081 (8321)
drv tx_err hw
Link detected: yes
Under "Advertised link modes", only the speed is displayed (10 Gb/s), although the network card could run on 25 Gb/s.
== Linkspeed configuration with bnxtnvm==
'''Hint:''' If you are using a mesh network, you may need to disconnect the direct cabling of the systems to be configured before beginning the configuration process. The other systems can remain connected to each other.

To reach the desired and full functionality of the network cards, you must force the network cards to use the desired speed using bnxtnvm.

bnxtnvm can be downloaded in the [https://www.thomas-krenn.com/redx/tools/mb_download.php/ct.YuuHGw/mid.y9b3b4ba2bf7ab3b8/bnxtnvm.zip?utm_source=thomas-krenn.com&utm_medium=RSS-Feed&utm_content=Broadcom%20bnxtnvm%20Firmware%20Update%20Utility&utm_campaign=Downloads Thomas-Krenn download area] for your Windows systems or use the following commands on your Linux systems:<pre lang="bash" start="1">
wget https://www.thomaskrenn.com/redx/tools/mb_download.php/ct.YuuHGw/mid.y9b3b4ba2bf7ab3b8/bnxtnvm.zip &&
unzip bnxtnvm.zip &&
chmod +x bnxtnvm
</pre>Next, you'll need to enter a series of commands to adjust your system to the desired speed:
=== Reading configurable speeds ===
In the first step, the driver linkspeed IDs of the network card are required:
./bnxtnvm -dev=enp67s0f0np0 optionhelp=drv_link_speed
Issue:<pre lang="bash">d
Name : drv_link_speed
Description : Driver Link speed
Option Type : Multi Instance Type
Max Instance Indexes : 0 to 15
Valid values :
0 (Autoneg)
1 (1G)
2 (10G)
3 (25G)
4 (40G)
5 (50G)
6 (100G)
7 (200G_PAM4)
8 (50G_PAM4)
9 (100G_PAM4)
14 (5G)
15 (100M)
</pre>The linkspeed ID is required for the enforcement of the desired linkspeed.
===Configuration of linkspeed===
The linkspeed is now set with the help of the linkspeed ID:<pre lang="bash">
./bnxtnvm -dev=enp67s0f0np0 setoption=drv_link_speed:0#3

./bnxtnvm -dev=enp67s0f0np0 setoption=firmware_link_speed_d0:0#3

./bnxtnvm -dev=enp67s0f0np0 setoption=firmware_link_speed_d3:0#3
</pre>Explanation of the commands:
{| class="wikitable"
!Interface-ID||Option||Port|| Linkspeed-ID
|-
|enp67s0f0np0||drv_link_speed||0||3
|-
|enp67s0f0np0||firmware_link_speed_d0||0||3
|-
|enp67s0f0np0||firmware_link_speed_d3||0|| 3
|}The drv_link_speed, firmware_link_speed_d0 & firmware_link_speed_d3 have to be set for all ports.

The values correspond to the number of ports of the used network cards (for example 0, 1, 2 and 3 for a network card with 4 network ports).

With the linkspeed ID "3", a speed of 25 Gb/s is forced.

You will receive the following issue after performing the command:<pre lang="bash">
root@PMX1:~# ./bnxtnvm -dev=enp67s0f0np0 setoption=drv_link_speed:0#3
drv_link_speed is set successfully
Please reboot the system to apply the configuration
</pre>After entering the commands for all ports, a reboot of the system is necessary.

===Verification of changes===
Perform the following command to verify the state:<pre lang="bash">
./bnxtnvm -dev=enp67s0f0np0 device_info
</pre>The configuration has been performed correctly, when the '''FW image status''' outputs the value '''Operational''':
root@PMX1:~# ./bnxtnvm -dev=enp67s0f0np0 device_info

Device Interface Name : enp67s0f0np0
MACAddress : bc:97:e1:da:92:a0
Base MACAddress : BC:97:E1:DA:92:A0
Device Serial Number : P425G214400143FV
Chip Number : BCM57504
Part Number : BCM957504-P425G
Description : Broadcom NetXtreme-E Quad-port 25Gb Ethernet PCIe Adapter
PCI Vendor Id : 14e4
PCI Device Id : 1750
PCI Subsys Vendor Id : 14e4
PCI Subsys Device Id : 2100
PCI Device Name : 0000:01:00.0
Adapter Rev : 11
Active Package version : 224.1.102.0
Package version on NVM : 224.1.102.0
Firmware version : 224.0.159.0
Active NVM config version : 0.0.34
NVM config version : 0.0.34
Firmware Reset Counter : 0
Error Recovery Counter : 0
Crash Dump Timestamp : N/A
Reboot Required : No
Secure Boot : Enabled
Secure Firmware Update : Enabled
'''FW Image Status : Operational'''
Crash Dump Available in DDR : False
If this is not the case, the firmware of the network card must be synchronized additionally.
===Firmware sync===
Synchronizing the firmware will apply the entered link speed:<pre lang="bash">
./bnxtnvm -dev=enp67s0f0np0 fw_sync
</pre>

===Control with the help of ethtool===
The successful configuration can now be verified with the ethtool:root@PMX1:~# ethtool enp67f0np0
Settings for enp67f0np0:
Supported ports: [ FIBRE ]
Supported link modes: 10000baseT/Full
25000baseCR/Full
Supported pause frame use: Symmetric Receive-only
Supports auto-negotiation: Yes
Supported FEC modes: RS BASER
'''Advertised link modes: 25000baseCR/Full'''
Advertised pause frame use: No
Advertised auto-negotiation: Yes
Advertised FEC modes: RS BASER
'''Speed: 25000Mb/s'''
Duplex: Full
Auto-negotiation: on
Port: Direct Attach Copper
PHYAD: 0
Transceiver: internal
Supports Wake-on: g
Wake-on: d
Current message level: 0x00002081 (8321)
drv tx_err hw
Link detected: yes

Finally, you can disable maintenance mode again and, if necessary, repeat this procedure for the remaining nodes.

==Linkspeed configuration with NICCLI==
'''Hint:''' In case of a mesh cabling, it may be necessary that you disconnect the direct cabling of the systems to be configured before beginning the configuration. The other systems can remain wired to each other. You also have to remove all transceivers of the configured network card.

To ensure that the network cards function as intended and at full capacity, you must use NICCLI to force them to operate at the desired speed.

===NICCLI installation===
To install NICCLI, follow these instructions: [[Installation NICCLI under Proxmox VE|Installation NICCLI]]

First, perform the following command to find out the assignment of the interface names and PCI-IDs:
root@PMX2:~# lshw -c network -businfo
Bus info Device Class Description
pci@0000:01:00.0 enp1s0f0np0 network BCM57508 NetXtreme-E 10Gb/25Gb/40Gb/50Gb/100Gb/200Gb Ethernet
pci@0000:01:00.1 enp1s0f1np1 network BCM57508 NetXtreme-E 10Gb/25Gb/40Gb/50Gb/100Gb/200Gb Ethernet
pci@0000:06:00.0 enp6s0f0 network I350 Gigabit Network Connection
pci@0000:06:00.1 enp6s0f1 network I350 Gigabit Network Connection
pci@0000:41:00.0 enp65s0f0np0 network BCM57416 NetXtreme-E Dual-Media 10G RDMA Ethernet Controller
pci@0000:41:00.1 enp65s0f1np1 network BCM57416 NetXtreme-E Dual-Media 10G RDMA Ethernet Controller
'''pci@0000:81:00.0 ens17f0np0 network BCM57504 NetXtreme-E 10Gb/25Gb/40Gb/50Gb/100Gb/200Gb Ethernet'''
pci@0000:81:00.1 ens17f1np1 network BCM57504 NetXtreme-E 10Gb/25Gb/40Gb/50Gb/100Gb/200Gb Ethernet
pci@0000:81:00.2 ens17f2np2 network BCM57504 NetXtreme-E 10Gb/25Gb/40Gb/50Gb/100Gb/200Gb Ethernet
pci@0000:81:00.3 ens17f3np3 network BCM57504 NetXtreme-E 10Gb/25Gb/40Gb/50Gb/100Gb/200Gb Ethernet
usb@1:1.3 enx42a65ce855c5 network Ethernet interface

Next, enter "niccli" in the CLI. After this, you have to select a port index. Select the index here that has the same PCI ID as the one selected above:
root@PMX2:~# niccli
/opt/niccli/niccli.x86_64: /lib/x86_64-linux-gnu/libnl-3.so.200: no version information available (required by /opt/niccli/niccli.x86_64)

-------------------------------------------------------------------------------
Scrutiny NIC CLI v229.0.150.0 - Broadcom Inc. (c) 2024 (Bld-79.52.33.102.16.0)
-------------------------------------------------------------------------------

BoardId MAC Address FwVersion PCIAddr Type Mode
1) BCM57508 84:16:0C:6F:16:90 226.0.145.1 0000:01:00.0 NIC PCI
2) BCM57508 84:16:0C:6F:16:90 226.0.145.1 0000:01:00.1 NIC PCI
3) BCM57416 00:62:0B:31:4A:F0 226.0.145.0 0000:41:00.0 NIC PCI
4) BCM57416 00:62:0B:31:4A:F1 226.0.145.0 0000:41:00.1 NIC PCI
'''5) BCM57504 00:62:0B:6F:00:8C 226.0.145.1 0000:81:00.0 NIC PCI'''
6) BCM57504 00:62:0B:6F:00:8C 226.0.145.1 0000:81:00.1 NIC PCI
7) BCM57504 00:62:0B:6F:00:8E 226.0.145.1 0000:81:00.2 NIC PCI
8) BCM57504 00:62:0B:6F:00:8E 226.0.145.1 0000:81:00.3 NIC PCI

Enter the target index to connect with : 5

=== Reading out configurable speeds ===

Now, you can read out the linkspeed ID for the desired port speed:<pre>
BCM57504> setoption -name firmware_link_speed_d0 -value ? -scope 0
ERROR: Invalid syntax.
Name : firmware_link_speed_d0
Description : This per-port option configures the speed setting when the device is in D0 mode.
The default speed is set to Autoneg. A 10GBaseT board only allows Autoneg.
Option Type : Multi Instance Type
Instance Indexes : 0 to 15
Valid values :
0 (Autoneg)
1 (1G)
2 (10G)
3 (25G)
4 (40G)
5 (50G)
6 (100G)
7 (200G_PAM4)
8 (50G_PAM4)
9 (100G_PAM4)
14 (2_5G)
15 (100M)
BCM57504>

</pre>
The linkspeed ID is required for the enforcement of the desired linkspeed.

=== Configuration of the linkspeed ===
This linkspeed ID must be entered in the following command under "-value ":<pre>
BCM57504> setoption -name firmware_link_speed_d0 -value 3 -scope 0
BCM57504> setoption -name firmware_link_speed_d0 -value 3 -scope 1
BCM57504> setoption -name firmware_link_speed_d0 -value 3 -scope 2
BCM57504> setoption -name firmware_link_speed_d0 -value 3 -scope 3
firmware_link_speed_d0 is set successfully
Please reboot the system to apply the configuration
</pre>
The same must be repeated for "firmware_link_speed_d3": <pre>
BCM57504> setoption -name firmware_link_speed_d3 -value 3 -scope 0
BCM57504> setoption -name firmware_link_speed_d3 -value 3 -scope 1
BCM57504> setoption -name firmware_link_speed_d3 -value 3 -scope 2
BCM57504> setoption -name firmware_link_speed_d3 -value 3 -scope 3
</pre>

Explanation of command:
{| class="wikitable"
! Option || Linkspeed-ID (value)|| Port (scope)
|-
| firmware_link_speed_d0|| 3|| 0-3
|-
| firmware_link_speed_d3|| 3|| 0-3
|}
The firmware_link_speed_d0 & firmware_link_speed_d3 options must be set for all ports.

The values correspond to the number of ports of the used network card (for example 0, 1, 2 and 3 for a network card with 4 network ports).

With the linkspeed ID "3", a speed of 25 Gb/s is forced.

After entering the commands for all ports, a reboot of the system is necessary.

=== Verification of changes ===
Enter "niccli" again in the CLI after the reboot and perform the following command:
BCM57504> device_info
Interface Name : ens17f0np0
MAC Address : 00:62:0B:6F:00:8C
Base MAC Address : 00:62:0B:6F:00:8C
Serial Number : N425G224200E5NFG
Part Number : BCM957504-N425G
PCI Address : 0000:81:00.0
Chip Number : BCM57504
Chip Name : THOR
Description : Broadcom NetXtreme E-Series Quad-port 25Gb SFP28 OCP 3.0 Ethernet Adapter
Active Package Name : 226.1.107.1
Firmware Name : PRIMATE_FW
Firmware Version : 226.0.145.1
RoCE Firmware Version : 226.0.145.0
HWRM Interface Spec : 1.10.2
Kong mailbox channel : Not Applicable
Active Package Version : 226.1.107.1
Package Version on NVM : 226.1.107.1
PCI Device ID : 0x1751
PCI Vendor ID : 0x14E4
PCI Revision ID : 0x11
PCI Component ID : 0x1751
PCI Subsys Device ID : 0x5425
PCI Subsys Vendor ID : 0x14E4
Active NVM config version : 0.0.37
NVM config version : 0.0.37
Reboot Required : No
Firmware Reset Counter : 0
Error Recovery Counter : 0
Crash Dump Timestamp : Not Available
Secure Boot : Enabled
Secure Firmware Update : Enabled
'''FW Image Status : Operational'''
Crash Dump Available in DDR : No
Verify, whether the value is set to "Operational". If this is not the case, you have to perform a firmware sync. Otherwise, the configuration has been successful.

=== Firmware sync ===
Synchronizing the firmware will apply the entered link speed:<pre>
BCM57504> fw_sync
</pre>

=== Control with the help of ethtool ===
Now, you can verify the configuration of the network card with ethtool:
root@PMX2:~# ethtool ens17f0np0
Settings for ens17f0np0:
Supported ports: [ FIBRE ]
Supported link modes: 10000baseT/Full
10000baseKX4/Full
10000baseKR/Full
25000baseCR/Full
25000baseKR/Full
25000baseSR/Full
10000baseCR/Full
10000baseSR/Full
10000baseLR/Full
Supported pause frame use: Symmetric Receive-only
Supports auto-negotiation: Yes
Supported FEC modes: RS BASER
'''Advertised link modes: 25000baseCR/Full'''
Advertised pause frame use: No
Advertised auto-negotiation: No
Advertised FEC modes: Not reported
'''Speed: 25000Mb/s'''
Duplex: Full
Auto-negotiation: off
Port: FIBRE
PHYAD: 0
Transceiver: internal
Supports Wake-on: g
Wake-on: d
Current message level: 0x00002081 (8321)
drv tx_err hw
Link detected: no

Finally, you can disable maintenance mode again and, if necessary, repeat this procedure for the remaining nodes.

{{Npauli}}
{{Aranzinger}}
[[Category:Network cards]]
[[Category:Proxmox Administration]]
[[de:Linkspeed-Konfiguration von Broadcom Netzwerkkarten]]

KeePassXC password manager

2026-03-16T12:13:56Z

Aranzinger: Created page with "'''KeePassXC''' is an open source password manager for Windows, Linux, BSD and Mac OS that uses the KeePass 2.x (.kdbx) data file format for safing passwords. Such a data file format can also be used with other systems, for example with KeePassDX (open source password manager for Android) when the file is copied there. == Safety == KeePassXC '''does not perform a synchronisation''' about cloud providers. '''All passwords remain on your own computer''' (unless..."

'''KeePassXC''' is an open source password manager for [[Windows]], [[Linux]], BSD and Mac OS that uses the KeePass 2.x (.kdbx) data file format for safing passwords. Such a data file format can also be used with other systems, for example with KeePassDX (open source password manager for Android) when the file is copied there.

== Safety ==
KeePassXC '''does not perform a synchronisation''' about cloud providers. '''All passwords remain on your own computer''' (unless you manually copy or sync the .kdbx database file, for example, to your smartphone).

Cloud-specific security vulnerabilities in cloud-based password managers, such as those published by ETH Zurich in February 2026 for three cloud solutions,<ref>[https://ethz.ch/de/news-und-veranstaltungen/eth-news/ news/2026/02/passwortmanager-offer-less-protection-than-promised.html Password managers offer less protection than promised] (ethz.ch, February 16, 2026)</ref> cannot occur due to the architecture.

Furthermore, the BSI also provides more information on the safety of passwort managers.<ref>[https://www.bsi.bund.de/DE/Themen/Verbraucherinnen-und-Verbraucher/Informationen-und-Empfehlungen/Cyber-Sicherheitsempfehlungen/Accountschutz/Sichere-Passwoerter-erstellen/Passwort-Manager/passwort-manager_node.html Administrate passwords with a password manager] (www.bsi.bund.de)</ref>

== Installation ==
KeePassXC is available for download on the KeePassXC website.<ref>[https://keepassxc.org/download/ Download KeePassXC] (keepassxc.org)</ref> The installation is recommended via Flatpak package under Linux.

Under [[Linux Mint]], KeePassXC can be installed via software manager (select Flatpak (Flathub) as source):
:[[File:KeePassXC-Installation.png|300px]]

== Setup ==
The following screenshots show the setup of KeePassXC:
<gallery>
File:KeePassXC-01-Welcome-to-KeePassXC.png|Click on "Create Database".
File:KeePassXC-02-Create-new-database.png|Enter the database name and, optionally, a description.
File:KeePassXC-03-Encryption-settings.png|Leave the default database format as KDBX 4.
File:KeePassXC-04-Encryption-settings-advanced.png|Under "Advanced", you can change the encryption settings.
File:KeePassXC-05-Database-credentials.png|Set master password.
File:KeePassXC-05-Database-credentials-additional-protection.png|After clicking “Add additional protection...”, you can optionally configure a key file and a challenge-response mechanism.
File:KeePassXC-07-Save-database-as.png|Specify the file name and folder for the database file.
File:KeePassXC-08.png|The database has been created.
File:KeePassXC-09-Add-new-entry.png|Click the "+" button to create a new password entry.
File:KeePassXC-10-Entry.png|Entry
File:KeePassXC-11-Advanced.png|Advanced
File:KeePassXC-12-Icon.png|Icon
File:KeePassXC-13-Auto-Type.png|Auto-Type
File:KeePassXC-14-Properties.png|Properties
File:KeePassXC-15-Entry-OK.png|After setting all parameters, click "OK".
File:KeePassXC-16.png|The entry (for Mastodon in this example) has now been created.
File:KeePassXC-17-right-click.png|Right-clicking on the entry displays available actions
File:KeePassXC-18-unlock.png|When KeePassXC is closed and restarted, you must enter the master password.
File:KeePassXC-19.png|Once you enter the master password, the entries you created will be visible again.
</gallery>

== More information ==
* [https://keepassxc.org/ KeePassXC Password Manager] (keepassxc.org)
* [https://www.freiburg.linux.de/vortraege/FLUG-2025-Passkeys-With-KeePassXC.pdf Passkeys With KeePassXC - An Introduction] (www.freiburg.linux.de, 17.09.2025) Lecture by Janek Bevendorff (KeePassXC Maintainer) at the Freiburger Linux User Group.

== References ==
<references />

{{Wfischer}}
{{Aranzinger}}
[[Category:Linux]]
[[de:KeePassXC Passwortmanager]]

Supplement to safety instructions for Intel products 2026.1 IPU

2026-03-13T08:09:07Z

Aranzinger: Created page with "In March '''2026''', Intel published new security advisories for different Intel products with regard to IPU 2026. Some of these safety instructions require '''firmware updates'''. In this article, you will find an excerpt and hints on these security advisories as well as information on where to find updates for products from Thomas-Krenn. == Security advisories == In the following, you will find safety instructions on the firmware published by Intel. {| class="wiki..."

In March '''2026''', Intel published new security advisories for different Intel products with regard to IPU 2026. Some of these safety instructions require '''firmware updates'''.

In this article, you will find an excerpt and hints on these security advisories as well as information on where to find updates for products from Thomas-Krenn.

== Security advisories ==
In the following, you will find safety instructions on the firmware published by Intel.

{| class="wikitable"
|- style="background-color: #EFEFEF; font-weight: bold;"
! align="center" |Intel security advisory
! align="center" |title
! align="center" |affected systems
|-
|align=center | [https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01393.html INTEL-SA-01393]
|align=center | 2026.1 IPU, UEFI Reference Firmware Advisory
| rowspan="35" align="left" | (see Intel-SA)
|-
|align=center | [https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01234.html INTEL-SA-01234]
|align=center | 2025.3 IPU, UEFI Reference Firmware Advisory
|}

== Updates for Thomas-Krenn products ==
Updates on the corresponding system can be found in the <tklink type="sitex" id="440"> download area from Thomas-Krenn</tklink>.
The updates in the download area have been tested by us to guarantee the stability and compatibility of our systems.

If you require the latest version for your system and it is not yet available in our download area, you can get it at [https://www.asus.com/de/support/download-center/ Asus] , [https://www.supermicro.com/en/support/resources/downloadcenter/swdownload Supermicro] or [https://www.gigabyte.com/de/Support/Consumer/Download Gigabyte].

== More information ==
* [https://www.intel.com/content/www/us/en/security-center/default.html Security Center] (www.intel.com)

{{Thomas-Krenn.AG}}
{{Aranzinger}}
[[Category:Intel Safety Information]]
[[de:Ergänzung zu Sicherheitshinweise Intel Produkten 2026.1 IPU]]

Monitoring of a Proxmox cluster with checkmk

2026-03-12T08:57:44Z

Aranzinger: Created page with "This article explains how to monitor a Proxmox Ceph HCI cluster (3 nodes) and how to make the configuration. For the configuration of the Ceph-checks, please see the following article: Monitoring of a Proxmox VE Ceph Hosts with checkmk. '''Attention''': These instructions only function if you have a valid SSL-certificate and if the Proxmox nodes are soluble via DNS. For all other setups, there is the point "Monitoring without DNS and SSL". == Requirements ==..."

This article explains how to monitor a Proxmox Ceph HCI cluster (3 nodes) and how to make the configuration. For the configuration of the Ceph-checks, please see the following article: [[Monitoring of a Proxmox VE Ceph Hosts with checkmk]].

'''Attention''': These instructions only function if you have a valid SSL-certificate and if the Proxmox nodes are soluble via DNS. For all other setups, there is the point "Monitoring without DNS and SSL".

== Requirements ==
To monitor a Proxmox VE cluster, the following components are needed with checkmk:

* an installed Linux server (Debian 12 preferred)
* a complete installation of the docker
* an operation-ready, functional checkMD-RAW container (free of charge)
* Proxmox nodes must be soluble via DNS
* Proxmox nodes need a valid SSL-certificate

== Proxmox configuration ==
So that checkmk can call up the data from Proxmox VE, a group and an associated user must be created and justified on <code>Datacenter</code>-level.

<gallery>
file:04 Permissions definieren checkmk.png|Create read-only group
file:04 Permissions definieren checkmk.png|Set group rights
file:03 checkmk user anlage.png|Create and assign user
</gallery>

== checkmk agent installation ==
This step must be performed for every host. So that the agent can registrate in checkmk, you first have to create the host in checkmk. Log in to the Web-UI in checkmk under <code>Setup -> Agents -> Linux</code>. You need the packaged-agent:<code>check-mk-agent_2.2.0p8-1_all.deb</code>. On the Proxmox host, you can install it as follows:<pre>

root@PMX4:~# wget http://10.2.1.180:8006/cmk/check_mk/agents/check-mk-agent_2.2.0p8-1_all.deb
root@PMX4:~# dpkg -i check-mk-agent_2.2.0p8-1_all.deb

</pre>

== Configuration in checkmk ==

=== Create Proxmox hosts ===
This step must be made for every host. In order for the agent to register in checkmk, we first need to create the host in checkmk. Log in to the Web-UI and you can add the Proxmox host under <code>Setup -> Hosts -> Add Host</code>. The following must be filled out:

* Basic settings -> Hostname: name or IP of the Proxmox host
* Monitoring agents -> Checkmk agent / API integrations: (API integrations if configured, else Checkmk agent)
* After saving with "Save & view folder", we configure the API integration using the special agent for Proxmox VE.

=== Deposit Proxmox user ===
Under setup, you can type in "Proxmox" and select "VM, Cloud, Container" with the sub-item Proxmox VE. With Add-Rule, you can create a rule. Here, it is important, that the following data is deposited:

* Username: deposit checkmk@pve
* Password: deposit relation
* Conditions -> select Explicit Conditions
* Explicit Hosts: All Proxmox nodes of the cluster created in checkmk must be selected here.

=== Deposit Proxmox cluster ===
* Setup -> Host -> Hosts > Add cluster
* Basic settings: host name: pve-cluster-01 (name of cluster) and node: add host to cluster
* Network address: IP address family: No IP
* Monitoring agents: Checkmk agent / API integrations: API integrations if configured, else Checkmk agent
* Safe

=== Configure clustered services ===
* Setup -> search for clustered -> Clusterd services
* Add Rule
* Conditions -> Explicit Hosts -> select nodes of PVE-cluster
* Services: Enter Interface fw in the first field and Interface tap in the second field.

== Registrate host at checkmk ==
If the agent is installed on the Proxmox core, you have to registrate the host in checkmk first. This must be performed for every server.
Please adapt the following parameters on the environment. Attention: We have changed the default port of the agent-receivers from 8000 to 8007.

* -- hostname <Name or IP of Proxmox Hosts>
* -- server <Name or IP + Port of checkmk-server>
<pre>
root@PMX4:/etc/check_mk# cmk-agent-ctl register --trust-cert --hostname hostname --server checkmkserver:8007 --site cmk --user cmkadmin

Please enter password for 'cmkadmin'
Registration complete.
</pre>

== Monitoring without DNS and SSL ==
[[File:01_Proxmox_Checks_(Without_Ceph).png|alt=Proxmox Cluster Checks without Ceph|thumb|Proxmox cluster checks without Ceph]]
These instructions only function if all hosts are reachable via DNS and if the SSL-certificates are valid! If you only want to have the checks with IP and without valid SSL-certificate, you have to do the following:

* create host in checkmk
* checkmk agent on Proxmox host
* registrate hosts with cmk-agent-ctl on checkmk-server
* service discovery in checkmk

If this is done, the basic checks are available.

 

== Source ==
* https://checkmk.com/de/blog/proxmox-monitoring

{{jsterr}}
{{Aranzinger}}
[[Category:Monitoring]]
[[Category:Monitoring (PVE)]]
[[de:Monitoring eines Proxmox Clusters mit checkmk]]

Windows installation on a RAID-compound

2026-03-09T12:07:58Z

Aranzinger: Created page with "In this article, you will find information on what to note when '''installing''' '''Windows desktop versions''' and '''Windows Server''' on a '''RAID''' to guarantee a smooth installation. ==Hardware and software== The following hardware and software is used as test environment: *Operating system: Windows Server 2022 Standard (desktop version) *Mainboard: Supermicro X12DPi-NT6 *CPU: Dual Intel Xeon Silver 4316 *RAM: 2x..."

In this article, you will find information on what to note when '''installing''' '''Windows desktop versions''' and '''Windows Server''' on a '''[[RAID]]''' to guarantee a smooth installation.

==Hardware and software==
The following hardware and software is used as test environment:

*Operating system: [[Windows Server 2022 Editionsunterschiede|Windows Server 2022 Standard]] (desktop version)
*Mainboard: Supermicro X12DPi-NT6
*CPU: Dual Intel Xeon Silver 4316
*RAM: 2x 64 GB ECC Registered (RDIMM) DDR4 2666 RAM 4 Rank
*[[RAID Controller]]
**[[MegaRAID 9500 Series Tri-Mode Storage Adapters|Broadcom MegaRAID 9560-8i SAS-SATA-NVMe]]
**[[Adaptec SmartRAID 3100 Controller|Microchip SmartRAID 3102-8i SAS-SATA]]
**[[Intel VROC (VMD NVMe RAID)]] Key (Raid 0,1,5,10)

==Installation preparation==
In the following, the preparations for the installation of a Windows operating system on a RAID compound are described.

===RAID creation and initialization===
First, a properly configured RAID is important. When creating the RAID, it should also be initialized.

Initializing a RAID overwrites several sectors of the virtual hard disk with zeros. If no initialization is performed, among other things, background tasks such as the consistency check, which checks the parities in RAID 5, 6, 50, and 60, cannot be performed later. For RAID 0, 1 and 10, a ''Fast Initialization'' is enough, where only the first and last sectors are overwritten. For RAID 5, 6, 50 and 60 is, however, a ''Full Initialization'' recommended, which overwrites all sectors with zeros and can therefore take several hours to days on larger hard drives (see also:[[MegaRAID Glossar|MegaRAID glossary]]).

In the following screenshots, the process for deleting, creating and initializing of a RAID for Broadcom, Adaptec and Intel VROC in UEFI-controller-BIOS is explained. If the RAID controller is not displayed in the BIOS, it is operated via [[#Legacy RAID|Legacy]]. Before you create a new RAID, you can delete the hard drive. This also deletes the existing RAID metadata on the hard disks and ensures smooth RAID creation.

====Broadcom MegaRAID====
In the following, the process for deleting, creating and initializing a Broadcom RAID under UEFI is explained.

<gallery widths="200" heights="180">
file:MegaRAID delete.jpg|Deleting a Broadcom RAID: In the mainboard BIOS under Advanced, you will find the controller BIOS. In this window, you must select the appropriate RAID under Virtual Drive Management in the Main Menu. The RAID can then be deleted under Operation in ''Delete Virtual Drive''.
file:MegaRAID Default Initialisierung.jpg|Creating a Broadcom RAID: In the ''Configuration Management'', which is also reachable under ''Main Menu, a new RAID can be created under'' ''Create Virtual Drive.'' After this, you have to select the hard drives, determine a RAID level and assign a name. With Broadcom controllers, you also have the option of performing a fast (almost) or complete (''full'') initialization under Default Initialization.
</gallery>

====Adaptec====
In the following gallery, it is explained how an Adaptec RAID is deleted and recreated under UEFI.

<gallery widths="200" heights="180">
file:Delete Logical Drives.jpg|Deleting an Adaptec RAIDS: First, open the controller BIOS in the mainboard BIOS under Advanced. Then delete the RAID by following these steps: Array Configuration --> Manage Arrays --> Array X --> List Logical Drives --> Logical Drive X --> Delete Logical Drive
file:Adaptec Array Config.jpg|Creating an Adaptec RAID: Array Configuration --> Create RAID --> Select hard drives --> RAID Level --> assign names and create RAID
</gallery>

====VROC====
In this gallery, the same process of deleting and recreating a VROC-RAID is explained.

<gallery widths="200" heights="180">
file:VROC Delete.jpg|Delete VROC RAID: To delete your RAID, you have to select the VROC-Controller under ''Advanced'' in the BIOS. After this, the RAID can be selected and deleted via ''Delete.''
file:VROC RAID erstellen.jpg|Creating a VROC RAID: You can create a VROC-RAID via ''Create RAID'' in the Controller BIOS. After this, the hard disk must be selected, a name and the RAID-level must be assigned.
</gallery>

===Boot mode===
Before the installation of the operating system can be started, the correct booting mode for the installation medium must be determined. There are two booting modes: '''UEFI''' and '''Legacy'''. The installation medium must be started in the same booting mode as for the RAID, as there may be complications with the installations.

The following table describes how to determine the mode of the controller:
{| class="wikitable"
|+
!UEFI
!Legacy
|-
|If the controller is operated with UEFI firmware, the controller BIOS can be found in the motherboard BIOS under ''Advanced''.
This is the case for both hardware RAIDs and onboard RAIDs (VROC). If the RAID has been configured here, it is a UEFI RAID.
|If the controller is addressed via legacy, the controller BIOS is not displayed in the mainboard BIOS.
The controller BIOS is now displayed when the server boots up and can be opened with a key combination. If the RAID was configured here, it is a legacy RAID.
|}

The following table shows the Legacy BIOS key combination:

{| class="wikitable"
!
!Broadcom
!Adaptec
!VROC/RST
|-
!'''Shortcut'''
|CTRL + R
|CTRL +A
|CTRL + I
|}

====Change of Legacy/UEFI====
The BIOS options specify whether each PCI slot on the motherboard is operated in legacy or UEFI mode. The mode can also be changed there.

In the case of Supermicro motherboards, this can be changed under the ''Advanced'' tab in the ''PCIe/PCI/PnP Configuration'' menu. All PCI slots are listed here in the format ''CPU SLOTX PCI-E ...'' and can be set individually to Legacy or EFI.

====Installationmedium Legace/UEFI====
If you have determined, in which mode the RAID has been created, the installation medium must be started in the same mode. If you get a notification after starting the installation medium, that it was started in the wrong mode, you have to recreate the medium with the right partition scheme ('''MBR for Legacy''' or '''GPT for UEFI'''): [[#Installationsmedium_mit_Rufus_erstellen|Create installation medium with Rufus.]]

In the BIOS under ''Save & Exit'', all possible boot media are displayed under ''Boot Override''.

[[file:BIOS Boot Override.jpg|frameless|400x400px]]

You can tell by the intention if the installation medium now starts via UEFI or Legacy.

'''UEFI:''' USB, Partition 2 (USB) - medium is started via UEFI.

'''No intention''': medium is started via Legacy.

If no UEFI or Legacy boot media is displayed, the ''Boot Mode'' can be changed to ''Legacy'', ''UEFI'' or ''Dual'' in the BIOS under ''Boot''.

===Use different ISO and medium===
Please make sure that an intact Windows ISO is used on an intact medium to guarantee a proper installation. It may come to installation cancellation or that the installation routine does not start when using corrupt Windows ISO-files.

If the installation does not start or if there are cancellations, the ISO should be downloaded or another ISO-file should be started. If problems still occur, the medium must be verified or changed.

===Create installation medium with Rufus===
Another source of errors during installation is the application used to create the installation medium. We recommend Rufus<ref>[https://rufus.ie/de/ Offizielle Homepage zum Programm Rufus]</ref>, as it is a small program and easy to understand. Currently, Rufus can only be used to create installation media for Windows, but according to the manufacturer, support for other operating systems is planned for the future.

You can download Rufus here: [https://rufus.ie/de/]

If you have started Rufus, select your USB stick under ''drive''. After this, you can add the desired ISO under ''choice''. Now, you have to select the ''partition scheme''. For a Legacy installation, you need MBR.

In this [[Windows UEFI Boot-Stick unter Windows erstellen|Wiki article]], it is explained, how to create an UEFI boot stick for Windows.

==Include driver during installation==
The respective drivers are needed for the installation of Windows for the used RAID controllers. If the created RAID is not displayed as a free drive in Windows Installer or if an error message is generated when attempting to install on it, these drivers may still be missing.

In this case, the respective drivers must be downloaded and included for the RAID controller. You will find the driver on our [https://www.thomas-krenn.com/de/download.html download page] or you can download it on the page of the manufacturer. After downloading, the archive, in which the driver is located, must be unpacked, copied to a USB stick and plugged into the server.

The following screenshots explain how to include the driver.

<gallery widths="200" heights="180">
file:Windowsinstaller Festplattenauswahl .jpg|First, open the window for selecting the driver via Load Driver.
file:Windowsinstaller Treiber suchen.jpg|In this window, you can open Explorer via Explorer. In Explorer, select the subfolder containing the driver on the USB stick and confirm.
file:Windows Treiber auswählen.jpg|Finally, the subfolder is searched for suitable drivers. When the driver is displayed, simply select it and confirm.
</gallery>

The RAID can then be selected as the installation location and the installation can be started then.

==References==
<references />

{{Slankl}}
{{Aranzinger}}
[[Category:Windows]]
[[de:Windows Installation auf einem RAID-Verbund]]

Qemu drive cache option

2026-03-06T08:06:46Z

Aranzinger:

'''Quick Emulator''' ('''QEMU''') is an Open Source emulator that emulates virtual hardware. QEMU can be used in combination with KVM and is used in this way in Proxmox. In this article, the QEMU drive option "cache" will be explained. The configuration of a QEMU drive contains the generation of a block driver node (backend) as well as a guest device.

== cache option ==
The option "cache" controls how the host cache is used for the access on block data.

The "cache" connection is a connection that determines the three options '''cache.direct''', '''cache.no-flush''' (both as in -blockdev) as well as '''cache.writeback''' (-device). The five cache modes writeback, none, writethrough, directsync and unsafe correspond to the following settings:<ref>[https://www.qemu.org/docs/master/system/qemu-manpage.html#hxtool-1 QEMU User Documentation (Manpage) - Block device options] (www.qemu.org/docs) <cite>cache is “none”, “writeback”, “unsafe”, “directsync” or “writethrough” and controls how the host cache is used to access block data. This is a shortcut that sets the cache.direct and cache.no-flush options (as in -blockdev), and additionally cache.writeback, which provides a default for the write-cache option of block guest devices (as in -device).</cite></ref>

{| class="wikitable"
|+
! colspan="2" |Cache
!-device options
! colspan="2" |-blockdev options
! colspan="3" |Notes<ref>[https://opendev.org/openstack/nova/commit/b9dc86d8d646472195070022ff7ae4c372bef4ca libvirt: Use 'writeback' QEMU cache mode when 'none' is not viable] (opendev.org/openstack/nova, 04.05.2019) <cite>The thing that makes 'writethrough' so safe against host crashes is that it never keeps data in a "write cache", but it calls fsync() after _every_ write. This is also what makes it horribly slow. But 'cache=none' doesn't do this and therefore doesn't provide this kind of safety. The guest OS must explicitly flush the cache in the right places to make sure data is safe on the disk. And OSes do that. 

So if 'cache=none' is safe enough for you, then 'cache=writeback' should be safe enough for you, too -- because both of them have the boolean 'cache.writeback=on'. The difference is only in 'cache.direct', but 'cache.direct=on' only bypasses the host kernel page cache and data could still sit in other caches that could be present between QEMU and the disk (such as commonly a volatile write cache on the disk itself).</cite></ref>
|-
!Name QEMU
!Name Proxmox VE GUI
!cache.writeback
!cache.direct
!cache.no-flush
! colspan="2" |Ensuring data integrity after a sudden host failure
!Writing performance
|-
|writeback
|Write back
! style="background-color:#CCFFCC;" align="center" |✔ (on)
! style="background-color:#FFCCCC;" align="center" |-
! style="background-color:#FFCCCC;" align="center" |-
| rowspan="2" |High, if the guest operating system/file system writes regularly the cache-content on the disk (flush). This is normally performed automatically by modern file systems. See also [[Ext4 Write Barriers]].
|Pagecache of host is used.
| rowspan="2" |high
|-
|none
|No cache
! style="background-color:#CCFFCC;" align="center" |✔ (on)
! style="background-color:#CCFFCC;" align="center" |✔ (on)
! style="background-color:#FFCCCC;" align="center" |-
|Pagecache of host is not used. However, data may still be stored in other caches (e.g., HDD cache). Therefore, the guest operating system must still perform regular flushes.
|-
|writethrough
|Write through
! style="background-color:#FFCCCC;" align="center" |-
! style="background-color:#FFCCCC;" align="center" |-
! style="background-color:#FFCCCC;" align="center" |-
| rowspan="2" |Very high, since QEMU with "writethrough" cache mode never stores data in a "write cache", but '''calls the fsync() function after each write operation'''.
|Pagecache of the host is used.
| rowspan="2" |low, as the fsync() function is called up after every writing process.
|-
|directsync
|Direct sync
! style="background-color:#FFCCCC;" align="center" |-
! style="background-color:#CCFFCC;" align="center" |✔ (on)
! style="background-color:#FFCCCC;" align="center" |-
|Pagecache des Hosts wird nicht verwendet.
|-
|unsafe
|Write back (unsafe)
! style="background-color:#CCFFCC;" align="center" |✔ (on)
! style="background-color:#FFCCCC;" align="center" |-
! style="background-color:#CCFFCC;" align="center" |✔ (on)
| style="background-color:#FFCCCC;" |No guarantee of data integrity! High risk of data loss!

This caching mode should only be used for temporary data, where data loss is not a problem. This mode can only be helpful for accelerating the guest installation. However, it should be absolutely switched to another caching mode in production environments.<ref>https://opendev.org/openstack/nova/src/commit/18a7dcb6e816e26e405259e981498f6a7bc71608/nova/conf/libvirt.py#L724</ref>
|Pagecache of host is used.
|highest
|}

The standard mode in QEMU is cache=writeback. In Proxmox VE, none (no cache) is used as standard.

=== cache.writeback ===
The mode '''cache.writeback=on''' is used by default. Data write operations are reported as completed as soon as the data is available in host pagecache. This is safe as long as your guest operating system ensures that the hard disk caches are emptied correctly if necessary. If your guest operating system does not proceed volatile hard disk writing caches correctly, your host or the power supply fails, it may come to data damages in your guest operating system.

For such guests, the use of cache.writeback=off should be taken into consideration. This means that the host pagecache is used for reading and writing data, but the writing notification is only then sent to the guest after QEMU made sure that every writing process has been emptied on the hard disk. Please note that this has a significant impact on the performance.<ref>[https://www.qemu.org/docs/master/system/qemu-manpage.html#hxtool-1 QEMU User Documentation (Manpage) - Block device options] (www.qemu.org/docs) <cite>By default, the cache.writeback=on mode is used. It will report data writes as completed as soon as the data is present in the host page cache. This is safe as long as your guest OS makes sure to correctly flush disk caches where needed. If your guest OS does not handle volatile disk write caches correctly and your host crashes or loses power, then the guest may experience data corruption. 
For such guests, you should consider using cache.writeback=off. This means that the host page cache will be used to read and write data, but write notification will be sent to the guest only after QEMU has made sure to flush each write to the disk. Be aware that this has a major impact on performance.</cite></ref>

{| class="wikitable"
|+
!Disk (settings Proxmox VE GUI)
!Request cache via
!Result at cache.writeback=on
!Result at cache.writeback=off
!Notes
|-
|IDE
| rowspan="2" |<nowiki>hdparm -I /dev/sdc | grep "Write cache"</nowiki>
| rowspan="2" |* Write cache
| rowspan="2" |Write cache (no asterisk in front of it)
| rowspan="2" |hdparm executes a ATA IDENTIFY DEVICE command, to request settings.
|-
|SATA
|-
|VirtIO Block
|cat /sys/block/vda/queue/write_cache
|write back
|write through
|The VirtIO block driver provides the information via sysfs.
|-
|SCSI
|sdparm --get=WCE /dev/sda
|WCE = 1
|WCE = 0
|sdparm performs a SCSI MODE SENSE command, to request settings. WCE stands for "Writeback Cache Enable".
|}

=== chache.direct ===
'''cache.direct=on''' bypasses the host pagecache. This is an attempt to execute the disk-I/O directly in the memory of the guest. QEMU may continue to perform a internal copy of the data.

=== cache.no-flush ===
QEMU announces that '''cache.no-flush''' ('''Attention - risk of data loss! - only use when data integrity is not important, for example in pure tests) never has to write data on the hard disk, but to safe everything in the cache. If something goes wrong, for example if your host does not have any power, the hard disk was accidentally disconnected or else, your image is likely to get useless.

== Tests ==
The following tests have been performed on a lvmthin volume. These only support raw (no qcow2).<ref>https://forum.proxmox.com/threads/proxmox-disks-changed-from-qcow-to-raw-after-migration.96007/#post-417101</ref> For background information on cache=none with qcow2, please refer to the article "Understanding QCOW2 Risks with QEMU cache=none in Proxmox".<ref>[https://kb.blockbridge.com/technote/proxmox-qemu-cache-none-qcow2/ Understanding QCOW2 Risks with QEMU cache=none in Proxmox] (kb.blockbridge.com)</ref>

With the [https://gist.github.com/3172656 diskchecker.pl Perl Skript], we have tested, if data gets lost during a power outage. You will find information on this script here:
http://brad.livejournal.com/2116715.html
{| class="wikitable"
|+Debian 13 VM with raw
!Cache settings
!diskchecker.pl results
|-
|Default (no cache)
|Total errors: 0
|-
|Write back (unsafe)
|Total errors: 2786
|-
|Write through
|Total errors: 0
|-
|Write back
|Total errors: 0
|-
|Direct sync
|Total errors: 0
|}

=== Default (No cache) ===
<pre>
tk@debian13-1:~$ ./diskchecker.pl -s 172.16.0.112 create test_file 1000
diskchecker: running 1 sec, 0.46% coverage of 1000 MB (293 writes; 293/s)
diskchecker: running 2 sec, 1.06% coverage of 1000 MB (684 writes; 342/s)
diskchecker: running 3 sec, 1.70% coverage of 1000 MB (1099 writes; 366/s)
diskchecker: running 4 sec, 2.33% coverage of 1000 MB (1507 writes; 376/s)
diskchecker: running 5 sec, 2.93% coverage of 1000 MB (1907 writes; 381/s)
diskchecker: running 6 sec, 3.58% coverage of 1000 MB (2326 writes; 387/s)
diskchecker: running 7 sec, 4.20% coverage of 1000 MB (2739 writes; 391/s)
diskchecker: running 8 sec, 4.81% coverage of 1000 MB (3152 writes; 394/s)
diskchecker: running 9 sec, 5.40% coverage of 1000 MB (3553 writes; 394/s)
diskchecker: running 10 sec, 6.03% coverage of 1000 MB (3976 writes; 397/s)
[...]
tk@debian13-1:~$ ./diskchecker.pl -s 172.16.0.112 verify test_file
verifying: 0.03%
verifying: 46.22%
verifying: 100.00%
Total errors: 0
tk@debian13-1:~$
</pre>

=== Write back (unsafe) ===
<pre>
tk@debian13-1:~$ ./diskchecker.pl -s 172.16.0.112 create test_file_unsafe 1000
diskchecker: running 1 sec, 0.45% coverage of 1000 MB (286 writes; 286/s)
diskchecker: running 2 sec, 1.22% coverage of 1000 MB (782 writes; 391/s)
diskchecker: running 3 sec, 2.06% coverage of 1000 MB (1328 writes; 442/s)
diskchecker: running 4 sec, 2.81% coverage of 1000 MB (1820 writes; 455/s)
diskchecker: running 5 sec, 3.55% coverage of 1000 MB (2306 writes; 461/s)
diskchecker: running 6 sec, 4.25% coverage of 1000 MB (2778 writes; 463/s)
diskchecker: running 7 sec, 5.04% coverage of 1000 MB (3302 writes; 471/s)
diskchecker: running 8 sec, 5.85% coverage of 1000 MB (3863 writes; 482/s)
diskchecker: running 9 sec, 6.73% coverage of 1000 MB (4466 writes; 496/s)
diskchecker: running 10 sec, 7.50% coverage of 1000 MB (4984 writes; 498/s)
[...]
tk@debian13-1:~$ ./diskchecker.pl -s 172.16.0.112 verify test_file_unsafe
verifying: 0.02%
Error at page 26, 4 seconds before end.
Error at page 34, 6 seconds before end.
Error at page 49, 3 seconds before end.
Error at page 123, 0 seconds before end.
Error at page 166, 0 seconds before end.
Error at page 167, 6 seconds before end.
Error at page 169, 1 seconds before end.
Error at page 199, 1 seconds before end.
Error at page 200, 2 seconds before end.
Error at page 214, 4 seconds before end.
[...]
verifying: 100.00%
Total errors: 2786
Histogram of seconds before end:
0 420
1 478
2 339
3 285
4 303
5 351
6 354
7 256
tk@debian13-1:~$
</pre>

=== Write through ===
<pre>
tk@debian13-1:~$ ./diskchecker.pl -s 172.16.0.112 create test_file_writethrough 1000
diskchecker: running 1 sec, 0.36% coverage of 1000 MB (234 writes; 234/s)
diskchecker: running 2 sec, 0.92% coverage of 1000 MB (587 writes; 293/s)
diskchecker: running 3 sec, 1.45% coverage of 1000 MB (929 writes; 309/s)
diskchecker: running 4 sec, 1.97% coverage of 1000 MB (1268 writes; 317/s)
diskchecker: running 5 sec, 2.49% coverage of 1000 MB (1612 writes; 322/s)
diskchecker: running 6 sec, 3.02% coverage of 1000 MB (1957 writes; 326/s)
diskchecker: running 7 sec, 3.53% coverage of 1000 MB (2295 writes; 327/s)
diskchecker: running 8 sec, 4.07% coverage of 1000 MB (2650 writes; 331/s)
diskchecker: running 9 sec, 4.57% coverage of 1000 MB (2989 writes; 332/s)
diskchecker: running 10 sec, 5.07% coverage of 1000 MB (3327 writes; 332/s)
[...]
tk@debian13-1:~$ ./diskchecker.pl -s 172.16.0.112 verify test_file_writethrough
verifying: 0.02%
verifying: 56.67%
verifying: 100.00%
Total errors: 0
tk@debian13-1:~$
</pre>

=== Write back ===
<pre>
tk@debian13-1:~$ ./diskchecker.pl -s 172.16.0.112 create test_file_writeback 1000
diskchecker: running 1 sec, 0.45% coverage of 1000 MB (289 writes; 289/s)
diskchecker: running 2 sec, 1.03% coverage of 1000 MB (671 writes; 335/s)
diskchecker: running 3 sec, 1.62% coverage of 1000 MB (1051 writes; 350/s)
diskchecker: running 4 sec, 2.21% coverage of 1000 MB (1438 writes; 359/s)
diskchecker: running 5 sec, 2.82% coverage of 1000 MB (1831 writes; 366/s)
diskchecker: running 6 sec, 3.40% coverage of 1000 MB (2224 writes; 370/s)
diskchecker: running 7 sec, 3.98% coverage of 1000 MB (2611 writes; 373/s)
diskchecker: running 8 sec, 4.56% coverage of 1000 MB (3005 writes; 375/s)
diskchecker: running 9 sec, 5.15% coverage of 1000 MB (3397 writes; 377/s)
diskchecker: running 10 sec, 5.73% coverage of 1000 MB (3788 writes; 378/s)
[...]
tk@debian13-1:~$ ./diskchecker.pl -s 172.16.0.112 verify test_file_writeback
verifying: 0.03%
verifying: 47.70%
verifying: 100.00%
Total errors: 0
tk@debian13-1:~$
</pre>

=== Direct sync ===
<pre>
tk@debian13-1:~$ ./diskchecker.pl -s 172.16.0.112 create test_file_directsync 1000
diskchecker: running 1 sec, 0.38% coverage of 1000 MB (246 writes; 246/s)
diskchecker: running 2 sec, 0.90% coverage of 1000 MB (579 writes; 289/s)
diskchecker: running 3 sec, 1.49% coverage of 1000 MB (960 writes; 320/s)
diskchecker: running 4 sec, 2.01% coverage of 1000 MB (1302 writes; 325/s)
diskchecker: running 5 sec, 2.53% coverage of 1000 MB (1643 writes; 328/s)
diskchecker: running 6 sec, 3.08% coverage of 1000 MB (2006 writes; 334/s)
diskchecker: running 7 sec, 3.61% coverage of 1000 MB (2363 writes; 337/s)
diskchecker: running 8 sec, 4.16% coverage of 1000 MB (2721 writes; 340/s)
diskchecker: running 9 sec, 4.74% coverage of 1000 MB (3108 writes; 345/s)
diskchecker: running 10 sec, 5.26% coverage of 1000 MB (3463 writes; 346/s)
[...]
tk@debian13-1:~$ ./diskchecker.pl -s 172.16.0.112 verify test_file_directsync
verifying: 0.01%
verifying: 57.56%
verifying: 100.00%
Total errors: 0
tk@debian13-1:~$
</pre>

== More information ==
* [https://events19.lfasiallc.com/wp-content/uploads/2017/11/Storage-Performance-Tuning-for-FAST-Virtual-Machines_Fam-Zheng.pdf Storage Performance Tuning for FAST! Virtual Machines]
* [https://documentation.suse.com/de-de/sles/12-SP5/html/SLES-all/cha-cachemodes.html Disk Cache Modes] (documentation.suse.com)

== References ==
<references />

{{Wfischer}}
{{Aranzinger}}
[[Category:Proxmox]]
[[de:Qemu drive cache Option]]

Ext4 Write Barriers

2026-03-05T13:18:38Z

Aranzinger: Created page with "''' Write barriers '''are used in the Linux kernel to ensure that data that has been written is actually written to a data carrier '''permanently '''before further new data is written. The use of write barriers ensures that even in the event of a sudden power failure,''' no data written via fsync() is lost. '''Write barriers force the''' correct sequence of journal-commits''' of the file system on the data carrier which allows volatile write caches to be used safely..."

''' Write barriers '''are used in the [[Linux]] kernel to ensure that data that has been written is actually written to a data carrier '''permanently '''before further new data is written. The use of write barriers ensures that even in the event of a sudden power failure,''' no data written via fsync() is lost. '''Write barriers force the''' correct sequence of journal-commits''' of the file system on the data carrier which allows volatile write caches to be used safely (but with some loss of performance).

== Function of write barriers ==
Write barriers are implemented via flushing the storage writing case '''before''' and '''after''' I/O operation. After '''writing a transaction''', the '''storage-cache is flushed''', the '''commit-block of the file system is written''' and the '''cache is emptied again'''. Therefore, it is ensured that:
* the data carrier (hard disk or SSD) contains all data
* no re-ordering of individual accesses has taken place

If barriers are activated, a fsync() call also triggers a storage-cache-flush. This guarantees that the file data is stored permanently on the hard disk even if a power failure occurs shortly after the return of fsync().

== Ext4 file system as example ==
The [[Ext4]] file system has been using write barriers since May 2008.<ref>[https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=571640cad3fda6475da45d91cf86076f1f86bd9b ext4: enable barriers by default] (git.kernel.org, 26.05.2008)</ref> This ensures that even with data carriers with volatile caches—e.g., hard disks with RAM caches—no data written using fsync() is lost, even in the event of a sudden power failure.

The activation of write barriers can lead to significant performance losses in some applications. In particular, applications that use fsync() intensively or that create or delete a lot of small files sometimes run significantly slower. <ref>[https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/storage_administration_guide/ch-writebarriers Chapter 22. Write Barriers] (docs.redhat.com, Storage Administration Guide RHEL 7) <cite>Enabling write barriers incurs a substantial performance penalty for some applications. Specifically, applications that use fsync() heavily or create and delete many small files will likely run much slower.</cite></ref> IF RAID-controllers with battery-backed cache or for example SSDs with [[SSD Power Loss Protection]] are used, the performance can be increased by deactivating write barriers without increasing the risk of data loss. <ref>[https://kb.techtaco.org/linux/postgresql/postgresql_file_system_tuning/#write-barrier-tuning PostgreSQL File System Tuning - Write Barrier Tuning] (kb.techtaco.org)</ref>However, this only applies if effective power loss protection is actually in place.
{| class="wikitable"
|+
!Test case
!HDD Western Digital WD5003ABYX
!Intel SSD with PLP
!Samsung SSD without PLP
|-
|barriers=1 (activated)
!style="background-color:#CCFFCC;" align="center"|no data loss
!style="background-color:#CCFFCC;" align="center"|no data loss
!style="background-color:#CCFFCC;" align="center"|no data loss
|-
|barriers=0 (deactivated)
!style="background-color:#FFCCCC;" align="center"|data loss
!style="background-color:#CCFFCC;" align="center"|no data loss
|no data loss (Attention: data loss still possible!)
|}

== Ext4 file system tests with diskchecker.pl ==
The following test has been performed with the [https://gist.github.com/3172656 diskchecker.pl Perl Script]. The test script uses two computers to check whether data can be lost in the event of a power failure. To do this, the script runs on two computers:
# On a logging computer: The script is in server mode.
# On the system to be tested: After the script has been started, the power supply is interrupted

The system to be tested is then infected again and restarted. The script is now executed again for verification purposes. Further background information on this script can be found here: http://brad.livejournal.com/2116715.html

=== Test with WD 500 GByte HDD ===
[[File:Western-Digital-WD5003ABYX-500GB-SATA-64MB-Cache.jpg|300px|thumb|right|Western Digital WD5003ABYX 500GB SATA HDD with 64MB Cache]]In this test, a Western Digital WD5003ABYX 500GB SATA HDD with 64MB cache is used.

==== barrier=1 (default) ====
<pre>root@pve:~# mount | grep sdc
/dev/sdc1 on /mnt/sdc-hdd type ext4 (rw,relatime)
root@pve:~# uname -a
Linux pve 6.17.2-1-pve #1 SMP PREEMPT_DYNAMIC PMX 6.17.2-1 (2025-10-21T11:55Z) x86_64 GNU/Linux
root@pve:/mnt/sdc-hdd# ./diskchecker.pl -s 172.16.0.112 create test-hdd-ext4-default 1000
diskchecker: running 1 sec, 0.02% coverage of 1000 MB (11 writes; 11/s)
diskchecker: running 2 sec, 0.05% coverage of 1000 MB (35 writes; 17/s)
diskchecker: running 3 sec, 0.09% coverage of 1000 MB (59 writes; 19/s)
diskchecker: running 4 sec, 0.13% coverage of 1000 MB (83 writes; 20/s)
diskchecker: running 5 sec, 0.17% coverage of 1000 MB (107 writes; 21/s)
diskchecker: running 6 sec, 0.20% coverage of 1000 MB (132 writes; 22/s)
diskchecker: running 7 sec, 0.24% coverage of 1000 MB (155 writes; 22/s)
diskchecker: running 8 sec, 0.28% coverage of 1000 MB (180 writes; 22/s)
diskchecker: running 9 sec, 0.32% coverage of 1000 MB (204 writes; 22/s)
diskchecker: running 10 sec, 0.36% coverage of 1000 MB (229 writes; 22/s)
diskchecker: running 11 sec, 0.39% coverage of 1000 MB (252 writes; 22/s)
diskchecker: running 12 sec, 0.43% coverage of 1000 MB (276 writes; 23/s)
diskchecker: running 13 sec, 0.47% coverage of 1000 MB (300 writes; 23/s)
diskchecker: running 14 sec, 0.50% coverage of 1000 MB (323 writes; 23/s)
diskchecker: running 15 sec, 0.54% coverage of 1000 MB (347 writes; 23/s)
diskchecker: running 16 sec, 0.58% coverage of 1000 MB (371 writes; 23/s)
diskchecker: running 17 sec, 0.62% coverage of 1000 MB (396 writes; 23/s)
diskchecker: running 18 sec, 0.66% coverage of 1000 MB (421 writes; 23/s)
diskchecker: running 19 sec, 0.69% coverage of 1000 MB (445 writes; 23/s)
client_loop: send disconnect: Broken pipe
werner@x390:~/bin$
werner@x390:~/bin$ ssh root@172.16.10.1
root@172.16.10.1's password:
Linux pve 6.17.2-1-pve #1 SMP PREEMPT_DYNAMIC PMX 6.17.2-1 (2025-10-21T11:55Z) x86_64
[...]
root@pve:~# mount /dev/sdc1 /mnt/sdc-hdd
root@pve:~# dmesg | tail -4
[ 38.545085] vmbr0: port 1(nic1) entered blocking state
[ 38.545091] vmbr0: port 1(nic1) entered forwarding state
[ 207.082732] EXT4-fs (sdc1): recovery complete
[ 207.101678] EXT4-fs (sdc1): mounted filesystem 8ac821f6-c372-415c-addd-855c3161ded9 r/w with ordered data mode. Quota mode: none.
root@pve:~# cd /mnt/sdc-hdd/
root@pve:/mnt/sdc-hdd# ./diskchecker.pl -s 172.16.0.112 verify test-hdd-ext4-default
verifying: 0.36%
verifying: 19.26%
verifying: 59.26%
verifying: 94.18%
verifying: 100.00%
Total errors: 0
root@pve:/mnt/sdc-hdd#</pre>

==== barrier=0 ====
<pre>
root@pve:~# mount -t ext4 -o barrier=0 /dev/sdc1 /mnt/sdc-hdd
root@pve:~# mount | grep sdc
/dev/sdc1 on /mnt/sdc-hdd type ext4 (rw,relatime,nobarrier)
root@pve:~# cd /mnt/sdc-hdd
root@pve:/mnt/sdc-hdd# ./diskchecker.pl -s 172.16.0.112 create test-hdd-ext4-nobarrier 1000
diskchecker: running 1 sec, 0.20% coverage of 1000 MB (129 writes; 129/s)
diskchecker: running 2 sec, 0.62% coverage of 1000 MB (394 writes; 197/s)
diskchecker: running 3 sec, 0.95% coverage of 1000 MB (608 writes; 202/s)
diskchecker: running 4 sec, 1.22% coverage of 1000 MB (782 writes; 195/s)
diskchecker: running 5 sec, 1.55% coverage of 1000 MB (998 writes; 199/s)
diskchecker: running 6 sec, 1.89% coverage of 1000 MB (1213 writes; 202/s)
diskchecker: running 7 sec, 2.13% coverage of 1000 MB (1377 writes; 196/s)
diskchecker: running 8 sec, 2.41% coverage of 1000 MB (1556 writes; 194/s)
diskchecker: running 9 sec, 2.74% coverage of 1000 MB (1774 writes; 197/s)
diskchecker: running 10 sec, 3.00% coverage of 1000 MB (1945 writes; 194/s)
diskchecker: running 11 sec, 3.31% coverage of 1000 MB (2146 writes; 195/s)
diskchecker: running 12 sec, 3.61% coverage of 1000 MB (2347 writes; 195/s)
diskchecker: running 13 sec, 3.90% coverage of 1000 MB (2542 writes; 195/s)
diskchecker: running 14 sec, 4.21% coverage of 1000 MB (2750 writes; 196/s)
diskchecker: running 15 sec, 4.54% coverage of 1000 MB (2967 writes; 197/s)
diskchecker: running 16 sec, 4.80% coverage of 1000 MB (3142 writes; 196/s)
diskchecker: running 17 sec, 5.09% coverage of 1000 MB (3336 writes; 196/s)
diskchecker: running 18 sec, 5.35% coverage of 1000 MB (3513 writes; 195/s)
diskchecker: running 19 sec, 5.65% coverage of 1000 MB (3713 writes; 195/s)
diskchecker: running 20 sec, 5.91% coverage of 1000 MB (3890 writes; 194/s)
diskchecker: running 21 sec, 6.21% coverage of 1000 MB (4091 writes; 194/s)
diskchecker: running 22 sec, 6.48% coverage of 1000 MB (4281 writes; 194/s)
diskchecker: running 23 sec, 6.72% coverage of 1000 MB (4449 writes; 193/s)
diskchecker: running 24 sec, 7.01% coverage of 1000 MB (4645 writes; 193/s)

</pre>

<pre>
client_loop: send disconnect: Broken pipe
werner@x390:~/bin$ ssh root@172.16.10.1
root@172.16.10.1's password:
Linux pve 6.17.2-1-pve #1 SMP PREEMPT_DYNAMIC PMX 6.17.2-1 (2025-10-21T11:55Z) x86_64
[...]
root@pve:~# mount -t ext4 -o barrier=0 /dev/sdc1 /mnt/sdc-hdd
root@pve:~# dmesg | tail -n 4
[ 38.535100] vmbr0: port 1(nic1) entered forwarding state
[ 324.430790] EXT4-fs (sdc1): barriers disabled
[ 327.063895] EXT4-fs (sdc1): recovery complete
[ 327.064076] EXT4-fs (sdc1): mounted filesystem 8ac821f6-c372-415c-addd-855c3161ded9 r/w with ordered data mode. Quota mode: none.
root@pve:~# cd /mnt/sdc-hdd
root@pve:/mnt/sdc-hdd# ./diskchecker.pl -s 172.16.0.112 verify test-hdd-ext4-nobarrier
verifying: 0.02%
Error at page 19, 2 seconds before end.
Error at page 303, 1 seconds before end.
Error at page 339, 0 seconds before end.
Error at page 511, 1 seconds before end.
Error at page 544, 0 seconds before end.
Error at page 681, 0 seconds before end.
Error at page 708, 2 seconds before end.
Error at page 1108, 1 seconds before end.
Error at page 1337, 0 seconds before end.
Error at page 1388, 0 seconds before end.
verifying: 2.22%
Error at page 1487, 0 seconds before end.
Error at page 1492, 0 seconds before end.
[...]
Error at page 63758, 0 seconds before end.
Error at page 63990, 1 seconds before end.
verifying: 100.00%
Total errors: 545
Histogram of seconds before end:
0 178
1 187
2 142
3 1
4 1
6 2
7 3
8 3
9 2
10 5
11 1
14 4
15 1
16 2
17 1
18 1
19 2
20 3
22 3
23 2
24 1
root@pve:/mnt/sdc-hdd#
</pre>

=== Test with SSD with PLP ===
In this example, a 80 GByte [[Intel DC S3500 Series SSD]] with [[SSD Power Loss Protection]] is used.

==== barrier=1 (default) ====
<pre>
root@pve:/mnt/sdc-ssd-with-plp# mount | grep sdc
/dev/sdc1 on /mnt/sdc-ssd-with-plp type ext4 (rw,relatime)
root@pve:/mnt/sdc-ssd-with-plp# ./diskchecker.pl -s 172.16.0.112 create test-ssd-ext4 1000
diskchecker: running 1 sec, 0.04% coverage of 1000 MB (28 writes; 28/s)
diskchecker: running 2 sec, 0.67% coverage of 1000 MB (427 writes; 213/s)
diskchecker: running 3 sec, 1.34% coverage of 1000 MB (859 writes; 286/s)
diskchecker: running 4 sec, 2.05% coverage of 1000 MB (1324 writes; 331/s)
diskchecker: running 5 sec, 2.71% coverage of 1000 MB (1758 writes; 351/s)
diskchecker: running 6 sec, 3.48% coverage of 1000 MB (2266 writes; 377/s)
diskchecker: running 7 sec, 4.24% coverage of 1000 MB (2775 writes; 396/s)
diskchecker: running 8 sec, 4.88% coverage of 1000 MB (3207 writes; 400/s)
diskchecker: running 9 sec, 5.53% coverage of 1000 MB (3652 writes; 405/s)
diskchecker: running 10 sec, 6.14% coverage of 1000 MB (4073 writes; 407/s)
diskchecker: running 11 sec, 6.76% coverage of 1000 MB (4492 writes; 408/s)
diskchecker: running 12 sec, 7.38% coverage of 1000 MB (4922 writes; 410/s)
diskchecker: running 13 sec, 7.98% coverage of 1000 MB (5344 writes; 411/s)
diskchecker: running 14 sec, 8.65% coverage of 1000 MB (5799 writes; 414/s)
diskchecker: running 15 sec, 9.25% coverage of 1000 MB (6229 writes; 415/s)
diskchecker: running 16 sec, 9.84% coverage of 1000 MB (6652 writes; 415/s)
diskchecker: running 17 sec, 10.47% coverage of 1000 MB (7103 writes; 417/s)
diskchecker: running 18 sec, 11.11% coverage of 1000 MB (7556 writes; 419/s)
diskchecker: running 19 sec, 11.71% coverage of 1000 MB (7974 writes; 419/s)
diskchecker: running 20 sec, 12.31% coverage of 1000 MB (8405 writes; 420/s)
diskchecker: running 21 sec, 12.91% coverage of 1000 MB (8847 writes; 421/s)
diskchecker: running 22 sec, 13.57% coverage of 1000 MB (9328 writes; 424/s)
diskchecker: running 23 sec, 14.18% coverage of 1000 MB (9767 writes; 424/s)
</pre>
<pre>
werner@x390:~/bin$ ssh root@172.16.10.1
root@172.16.10.1's password:
Linux pve 6.17.2-1-pve #1 SMP PREEMPT_DYNAMIC PMX 6.17.2-1 (2025-10-21T11:55Z) x86_64
[...]
root@pve:~# mount /dev/sdc1 /mnt/sdc-ssd-with-plp
root@pve:~# dmesg | tail -n 4
[ 38.515045] vmbr0: port 1(nic1) entered blocking state
[ 38.515052] vmbr0: port 1(nic1) entered forwarding state
[ 175.603062] EXT4-fs (sdc1): recovery complete
[ 175.603218] EXT4-fs (sdc1): mounted filesystem 2847a7c0-0a1e-4ab8-8a4b-7c2856dcf0a3 r/w with ordered data mode. Quota mode: none.
root@pve:~# cd /mnt/sdc-ssd-with-plp/
root@pve:/mnt/sdc-ssd-with-plp# ./diskchecker.pl -s 172.16.0.112 verify test-ssd-ext4
verifying: 0.00%
verifying: 28.12%
verifying: 85.80%
verifying: 100.00%
Total errors: 0
root@pve:/mnt/sdc-ssd-with-plp#
</pre>

==== barrier=0 ====
<pre>
root@pve:~# mount -t ext4 -o barrier=0 /dev/sdc1 /mnt/sdc-ssd-with-plp
root@pve:~# mount | grep sdc
/dev/sdc1 on /mnt/sdc-ssd-with-plp type ext4 (rw,relatime,nobarrier)
root@pve:~# cd /mnt/sdc-ssd-with-plp/
root@pve:/mnt/sdc-ssd-with-plp# ./diskchecker.pl -s 172.16.0.112 create test-ssd-ext4-nobarrier 1000
diskchecker: running 1 sec, 0.45% coverage of 1000 MB (289 writes; 289/s)
diskchecker: running 2 sec, 1.19% coverage of 1000 MB (768 writes; 384/s)
diskchecker: running 3 sec, 1.90% coverage of 1000 MB (1230 writes; 410/s)
diskchecker: running 4 sec, 2.65% coverage of 1000 MB (1721 writes; 430/s)
diskchecker: running 5 sec, 3.47% coverage of 1000 MB (2258 writes; 451/s)
diskchecker: running 6 sec, 4.20% coverage of 1000 MB (2743 writes; 457/s)
diskchecker: running 7 sec, 4.92% coverage of 1000 MB (3246 writes; 463/s)
diskchecker: running 8 sec, 5.72% coverage of 1000 MB (3783 writes; 472/s)
diskchecker: running 9 sec, 6.43% coverage of 1000 MB (4266 writes; 474/s)
diskchecker: running 10 sec, 7.15% coverage of 1000 MB (4756 writes; 475/s)
diskchecker: running 11 sec, 7.90% coverage of 1000 MB (5270 writes; 479/s)
diskchecker: running 12 sec, 8.60% coverage of 1000 MB (5758 writes; 479/s)
diskchecker: running 13 sec, 9.43% coverage of 1000 MB (6325 writes; 486/s)
diskchecker: running 14 sec, 10.17% coverage of 1000 MB (6862 writes; 490/s)
diskchecker: running 15 sec, 10.86% coverage of 1000 MB (7354 writes; 490/s)
diskchecker: running 16 sec, 11.57% coverage of 1000 MB (7870 writes; 491/s)
diskchecker: running 17 sec, 12.21% coverage of 1000 MB (8337 writes; 490/s)
diskchecker: running 18 sec, 12.88% coverage of 1000 MB (8821 writes; 490/s)
diskchecker: running 19 sec, 13.50% coverage of 1000 MB (9288 writes; 488/s)
diskchecker: running 20 sec, 14.15% coverage of 1000 MB (9755 writes; 487/s)
diskchecker: running 21 sec, 14.76% coverage of 1000 MB (10213 writes; 486/s)
diskchecker: running 22 sec, 15.45% coverage of 1000 MB (10719 writes; 487/s)
diskchecker: running 23 sec, 16.09% coverage of 1000 MB (11199 writes; 486/s)
diskchecker: running 24 sec, 16.71% coverage of 1000 MB (11681 writes; 486/s)
diskchecker: running 25 sec, 17.52% coverage of 1000 MB (12301 writes; 492/s)
</pre>

<pre>
root@pve:~# mount -t ext4 -o barrier=0 /dev/sdc1 /mnt/sdc-ssd-with-plp
root@pve:~# dmesg | tail -n 4
[ 38.503206] vmbr0: port 1(nic1) entered forwarding state
[ 128.406477] EXT4-fs (sdc1): barriers disabled
[ 129.953659] EXT4-fs (sdc1): recovery complete
[ 129.953789] EXT4-fs (sdc1): mounted filesystem 2847a7c0-0a1e-4ab8-8a4b-7c2856dcf0a3 r/w with ordered data mode. Quota mode: none.
root@pve:~# cd /mnt/sdc-ssd-with-plp
root@pve:/mnt/sdc-ssd-with-plp# ./diskchecker.pl -s 172.16.0.112 verify test-ssd-ext4-nobarrier
verifying: 0.00%
verifying: 29.52%
verifying: 77.96%
verifying: 100.00%
Total errors: 0
root@pve:/mnt/sdc-ssd-with-plp#
</pre>

=== Test with SSD without PLP ===
In this test, a 512 GByte Samsung 850 PRO SATA SSD is used.

==== barrier=1 (default) ====
<pre>
root@pve:~# mkfs.ext4 /dev/sdc1
mke2fs 1.47.2 (1-Jan-2025)
Discarding device blocks: done
Creating filesystem with 125026646 4k blocks and 31260672 inodes
Filesystem UUID: b1721738-9749-4b86-9d05-d380b0337316
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968,
102400000

Allocating group tables: done
Writing inode tables: done
Creating journal (262144 blocks): done
Writing superblocks and filesystem accounting information: done

root@pve:~# mkdir /mnt/sdc-ssd-without-plp
root@pve:~# mount /dev/sdc1 /mnt/sdc-ssd-without-plp
root@pve:~# cd /mnt/sdc-ssd-without-plp
root@pve:/mnt/sdc-ssd-without-plp# wget https://gist.githubusercontent.com/bradfitz/3172656/raw/301f516a4719b48cc9c133c4ba9c864ff8eaf056/diskchecker.pl
[...]
2026-02-27 11:34:15 (140 MB/s) - 'diskchecker.pl' saved [6702/6702]

root@pve:/mnt/sdc-ssd-without-plp# chmod +x diskchecker.pl
root@pve:/mnt/sdc-ssd-without-plp# sync
root@pve:/mnt/sdc-ssd-without-plp# ./diskchecker.pl -s 172.16.0.112 create test-ssd-noplp-ext4 1000
diskchecker: running 1 sec, 0.03% coverage of 1000 MB (22 writes; 22/s)
diskchecker: running 2 sec, 0.33% coverage of 1000 MB (214 writes; 107/s)
diskchecker: running 3 sec, 0.64% coverage of 1000 MB (408 writes; 136/s)
diskchecker: running 4 sec, 0.94% coverage of 1000 MB (603 writes; 150/s)
diskchecker: running 5 sec, 1.24% coverage of 1000 MB (803 writes; 160/s)
diskchecker: running 6 sec, 1.54% coverage of 1000 MB (993 writes; 165/s)
diskchecker: running 7 sec, 1.86% coverage of 1000 MB (1205 writes; 172/s)
diskchecker: running 8 sec, 2.16% coverage of 1000 MB (1399 writes; 174/s)
diskchecker: running 9 sec, 2.48% coverage of 1000 MB (1607 writes; 178/s)
diskchecker: running 10 sec, 2.79% coverage of 1000 MB (1810 writes; 181/s)
diskchecker: running 11 sec, 3.09% coverage of 1000 MB (2012 writes; 182/s)
diskchecker: running 12 sec, 3.40% coverage of 1000 MB (2216 writes; 184/s)
diskchecker: running 13 sec, 3.69% coverage of 1000 MB (2412 writes; 185/s)
diskchecker: running 14 sec, 3.99% coverage of 1000 MB (2615 writes; 186/s)
diskchecker: running 15 sec, 4.29% coverage of 1000 MB (2814 writes; 187/s)
diskchecker: running 16 sec, 4.60% coverage of 1000 MB (3018 writes; 188/s)
diskchecker: running 17 sec, 4.90% coverage of 1000 MB (3218 writes; 189/s)
diskchecker: running 18 sec, 5.20% coverage of 1000 MB (3425 writes; 190/s)
diskchecker: running 19 sec, 5.50% coverage of 1000 MB (3626 writes; 190/s)
diskchecker: running 20 sec, 5.79% coverage of 1000 MB (3828 writes; 191/s)
diskchecker: running 21 sec, 6.08% coverage of 1000 MB (4028 writes; 191/s)
diskchecker: running 22 sec, 6.36% coverage of 1000 MB (4214 writes; 191/s)
diskchecker: running 23 sec, 6.65% coverage of 1000 MB (4414 writes; 191/s)
diskchecker: running 24 sec, 6.94% coverage of 1000 MB (4617 writes; 192/s)
diskchecker: running 25 sec, 7.23% coverage of 1000 MB (4816 writes; 192/s)
diskchecker: running 26 sec, 7.52% coverage of 1000 MB (5020 writes; 193/s)
client_loop: send disconnect: Broken pipe
</pre>

<pre>
werner@x390:~/bin$ ssh root@172.16.10.1
root@172.16.10.1's password:
Linux pve 6.17.2-1-pve #1 SMP PREEMPT_DYNAMIC PMX 6.17.2-1 (2025-10-21T11:55Z) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Fri Feb 27 11:32:14 2026 from 172.16.0.112
root@pve:~# mount /dev/sdc1 /mnt/sdc-ssd-without-plp
root@pve:~# dme
dmesg dmeventd
root@pve:~# dmesg | tail -n 4
[ 38.593080] vmbr0: port 1(nic1) entered blocking state
[ 38.593084] vmbr0: port 1(nic1) entered forwarding state
[ 88.513484] EXT4-fs (sdc1): recovery complete
[ 88.514141] EXT4-fs (sdc1): mounted filesystem b1721738-9749-4b86-9d05-d380b0337316 r/w with ordered data mode. Quota mode: none.
root@pve:~# cd /mnt/sdc-ssd-without-plp
root@pve:/mnt/sdc-ssd-without-plp# ./diskchecker.pl -s 172.16.0.112 verify test-ssd-noplp-ext4
verifying: 0.02%
verifying: 3.74%
verifying: 100.00%
Total errors: 0
root@pve:/mnt/sdc-ssd-without-plp#
</pre>

==== barrier=0 ====
<pre>
root@pve:~# mount -t ext4 -o barrier=0 /dev/sdc1 /mnt/sdc-ssd-without-plp
root@pve:~# mount | grep sdc
/dev/sdc1 on /mnt/sdc-ssd-without-plp type ext4 (rw,relatime,nobarrier)
root@pve:~# cd /mnt/sdc-ssd-without-plp
root@pve:/mnt/sdc-ssd-without-plp# ./diskchecker.pl -s 172.16.0.112 create test-ssd-noplp-ext4-nobarrier 1000
diskchecker: running 1 sec, 0.47% coverage of 1000 MB (303 writes; 303/s)
diskchecker: running 2 sec, 1.26% coverage of 1000 MB (814 writes; 407/s)
diskchecker: running 3 sec, 1.97% coverage of 1000 MB (1274 writes; 424/s)
diskchecker: running 4 sec, 2.75% coverage of 1000 MB (1783 writes; 445/s)
diskchecker: running 5 sec, 3.51% coverage of 1000 MB (2285 writes; 457/s)
diskchecker: running 6 sec, 4.34% coverage of 1000 MB (2835 writes; 472/s)
diskchecker: running 7 sec, 5.14% coverage of 1000 MB (3371 writes; 481/s)
diskchecker: running 8 sec, 5.90% coverage of 1000 MB (3883 writes; 485/s)
diskchecker: running 9 sec, 6.59% coverage of 1000 MB (4348 writes; 483/s)
diskchecker: running 10 sec, 7.26% coverage of 1000 MB (4809 writes; 480/s)
diskchecker: running 11 sec, 8.02% coverage of 1000 MB (5333 writes; 484/s)
diskchecker: running 12 sec, 8.75% coverage of 1000 MB (5843 writes; 486/s)
diskchecker: running 13 sec, 9.43% coverage of 1000 MB (6317 writes; 485/s)
diskchecker: running 14 sec, 10.12% coverage of 1000 MB (6805 writes; 486/s)
diskchecker: running 15 sec, 11.05% coverage of 1000 MB (7450 writes; 496/s)
diskchecker: running 16 sec, 11.70% coverage of 1000 MB (7912 writes; 494/s)
diskchecker: running 17 sec, 12.38% coverage of 1000 MB (8401 writes; 494/s)
diskchecker: running 18 sec, 12.99% coverage of 1000 MB (8862 writes; 492/s)
diskchecker: running 19 sec, 13.65% coverage of 1000 MB (9352 writes; 492/s)
diskchecker: running 20 sec, 14.29% coverage of 1000 MB (9822 writes; 491/s)
diskchecker: running 21 sec, 14.92% coverage of 1000 MB (10294 writes; 490/s)
diskchecker: running 22 sec, 15.55% coverage of 1000 MB (10761 writes; 489/s)
diskchecker: running 23 sec, 16.21% coverage of 1000 MB (11261 writes; 489/s)
diskchecker: running 24 sec, 16.82% coverage of 1000 MB (11741 writes; 489/s)
client_loop: send disconnect: Broken pipe
</pre>

<pre>
werner@x390:~/bin$ ssh root@172.16.10.1
root@172.16.10.1's password:
Linux pve 6.17.2-1-pve #1 SMP PREEMPT_DYNAMIC PMX 6.17.2-1 (2025-10-21T11:55Z) x86_64
[...]
root@pve:~# mount -t ext4 -o barrier=0 /dev/sdc1 /mnt/sdc-ssd-without-plp
root@pve:~# dmesg | tail -n 4
[ 38.959022] vmbr0: port 1(nic1) entered forwarding state
[ 322.860448] EXT4-fs (sdc1): barriers disabled
[ 323.915454] EXT4-fs (sdc1): recovery complete
[ 323.915513] EXT4-fs (sdc1): mounted filesystem b1721738-9749-4b86-9d05-d380b0337316 r/w with ordered data mode. Quota mode: none.
root@pve:~# cd /mnt/sdc-ssd-with
sdc-ssd-without-plp/ sdc-ssd-with-plp/
root@pve:~# cd /mnt/sdc-ssd-without-plp
root@pve:/mnt/sdc-ssd-without-plp# ./diskchecker.pl -s 172.16.0.112 verify test-ssd-noplp-ext4
test-ssd-noplp-ext4 test-ssd-noplp-ext4-nobarrier
root@pve:/mnt/sdc-ssd-without-plp# ./diskchecker.pl -s 172.16.0.112 verify test-ssd-noplp-ext4-nobarrier
verifying: 0.01%
verifying: 49.87%
verifying: 100.00%
Total errors: 0
root@pve:/mnt/sdc-ssd-without-plp#
</pre>

== More information ==
* [https://lwn.net/Articles/283161/ Barriers and journaling filesystems] (lwn.net, 21.05.2008)
* [https://docs.kernel.org/admin-guide/ext4.html ext4 General Information] (docs.kernel.org/admin-guide)
* https://web.archive.org/web/20200227164936/https://www.fibrevillage.com/storage/565-what-s-barriers-how-to-enable-disable-it-on-linux
* [https://www.linux-magazine.com/content/download/63318/487772/file/Write_Barriers.pdf IMPOSING ORDER: Working with write barriers and journaling filesystems] (Linux-Magazine Issue 78, May 2007)

== References ==
<references />

{{Wfischer}}
{{Aranzinger}}
[[Category:Linux]]
[[de:Ext4 Write Barriers]]

TKMI Logs & Reports

2026-03-03T11:22:10Z

Aranzinger: Created page with "The TKMI records different '''system reports'''. Every report is geared to a certain use. In the following, the reports are presented individually. == IPMI Event Log == TKMI IPMI & Event Log This report lists all recorded events chronologically in the ''Intelligent Platform Management Interface (IPMI)''. With the help of the filter settings, specific entries can be..."

The [[Overview TKMI|TKMI]] records different '''system reports'''. Every report is geared to a certain use. In the following, the reports are presented individually.

== IPMI Event Log ==
[[File:TKMI_Logs-Reports_IPMI-Event-Log.png|alt=TKMI IPMI & Event Log|thumb|153x153px|TKMI IPMI & Event Log]]
This report lists all recorded events chronologically in the ''Intelligent Platform Management Interface (IPMI)''.

With the help of the filter settings, specific entries can be searched:
* '''Filter by Date''': The displayed events are limited to a determined period.
* '''Filter by type''': The displayed events are determined to a specific event or sensors.

With the help of the ''Clear Event Logs'' button , the events recorded so far can be deleted.

With the help of the ''Download Event Logs'' button, the recorded events can be exported.

Furthermore, you will receive statistics on the number of monthly recorded events as a bar chart.
== Operation Log ==
[[File:TKMI_Logs-Reports_Operation-Log.png|alt=TKMI Operation Log|thumb|157x157px|TKMI Operation Log]]
This report lists all events, that concern the host-system, in chronological order.

The following options are available for presentation:

* '''Filter by Date''': Start and end times of the listed operations can be determined and enables restriction to specific time periods.
* '''Event Category''': Either ''Information'' or ''Warning'' logs can be displayed. The former contain simple status events, while the latter only list events associated with warnings.

With the help of the ''Clear Logs'' button, all available log entries will be deleted.

With the help of the ''Download Logs'' button, all available log entries can be downloaded. The entries are stored in <code>log</code> file format and packaged in a <code>tgz</code> archive.

== Audit Log ==
[[File:TKMI_Logs-Reports_Audit-Log.png|alt=TKMI Audit Log|thumb|154x154px|TKMI Audit Log]]
This report lists all events about the host system, which serve to ensure compliance, security, and problem solving.

In particular, the system reports contain the user ID and IP address of the actions performed.

The following options are available for display:

* '''Filter by Date''': Start and end time of the listed operations can be determined and enables restriction to specific time periods.

With the help of the ''Clear Logs'' button, all available log entries will be deleted.

With the help of the ''Download Logs'' button, all available log entries can be downloaded. The entries are stored in <code>log</code> file format and packaged in a <code>tgz</code>-archive.

== Video Log ==
[[File:TKMI_Logs-Reports_Video-Log.png|alt=TKMI Video Log|thumb|153x153px|TKMI Video Log]]
This report lists videos recorded by the host system. Settings for video triggers, recording quality, and storage location can be configured in [[TKMI Settings]].

The following options are available for display:

* '''Filter by Date''': Start and end time of listed operations can be determined and enables restriction to specific time periods.

With the help of the ''Clear Logs'' buttons, all available log entries will be deleted.

== SOL Video Log ==
[[File:TKMI_Logs-Reports_SOL-Video-Log.png|alt=TKMI Serial on LAN (SOL) Log|thumb|154x154px|TKMI Serial on LAN (SOL) Log]]
This report lists a video-file recorded via ''Serial over LAN''. Settings for video triggers, recording quality, and storage location can be configured in [[TKMI Settings]].

The following options are available for display:
* '''Filter by Date''': Start- and end time of listed operations can be determined and enables restriction to specific time periods.

With the help of the ''Clear Logs'' button, all available log entries will be deleted.

{{Sbohn}}
{{Aranzinger}}
[[Category:Thomas-Krenn Management Interface]]
[[de:TKMI Logs & Reports]]

Install Mint Debian Edition 7

2026-02-19T13:53:02Z

Aranzinger: Created page with "'''Linux Mint''' is a Linux distribution for PCs and notebooks, which is particularly suitable for users switching from Windows 10 or Windows 11. The original version of Linux Mint is based on Ubuntu. In addition, there is a variant with '''Linux Mint Debian Edition''' that is based on Debian GNU/Linux. In this Wiki article, we present the installation of '''Linux Mint Debian Edition 7''' published in 2025. == Download == Image:Linux-Mint-Debian-Edition-7..."

'''Linux Mint''' is a [[Linux]] distribution for PCs and notebooks, which is particularly suitable for users switching from Windows 10 or Windows 11. The original version of Linux Mint is based on [[Ubuntu]]. In addition, there is a variant with '''Linux Mint Debian Edition''' that is based on [[Debian GNU/Linux]]. In this Wiki article, we present the installation of '''Linux Mint Debian Edition 7''' published in 2025.

== Download ==
[[Image:Linux-Mint-Debian-Edition-7-Erster-Start-14-Startmenue.png|thumb|right|400px|Start menu of Linux Mint Debian Edition 7]] Download the ISO-image for the installation and transfer it for the installation, for example on an USB stick:
* [https://linuxmint.com/download_lmde.php Download LMDE 7] (linuxmint.com)

== Installation ==
The following screenshots show the history of the installation of Linux Mint Debian Edition 7:

<gallery>
File:Linux-Mint-Debian-Edition-7-Installation-01-Start-LMDE.png|Start LMDE from the installation medium.
File:Linux-Mint-Debian-Edition-7-Installation-02-Install-Linux-Mint.png|Start the installation by double-clicking on '''Install Linux Mint'''.
File:Linux-Mint-Debian-Edition-7-Installation-03-Willkommen.png|Confirm the welcome message.
File:Linux-Mint-Debian-Edition-7-Installation-04-Sprache.png|Select the desired language (in the example German).
File:Linux-Mint-Debian-Edition-7-Installation-05-Zeitzone.png|Select time zone.
File:Linux-Mint-Debian-Edition-7-Installation-06-Tastaturbelegung.png|Select keyboard layout.
File:Linux-Mint-Debian-Edition-7-Installation-07-Benutzerkonto.png|Create user account.
File:Linux-Mint-Debian-Edition-7-Installation-08-Installatoinsart.png|Select target data carrier.
File:Linux-Mint-Debian-Edition-7-Installation-09-Warnung.png|Confirm the message that all existing data on the data carrier will be overwritten.
File:Linux-Mint-Debian-Edition-7-Installation-10-Installationswerkzeug.png|If there is no partition table on the data carrier yet, this message appears.
File:Linux-Mint-Debian-Edition-7-Installation-11-Erweiterte-Optionen.png|Select on which device the GRUB bootloader should be installed.
File:Linux-Mint-Debian-Edition-7-Installation-12-Zusammenfassung.png|Verify all data in the summary and click on '''install'''.
File:Linux-Mint-Debian-Edition-7-Installation-13-Installation.png|Data is copied.
File:Linux-Mint-Debian-Edition-7-Installation-14-Neustarten.png|The installation is completed. Restart the computer.
File:Linux-Mint-Debian-Edition-7-Installation-15-Installationsmedium-entfernen.png|Remove the installation medium and press the Enter-key.
</gallery>

== Initial start ==
The initial start:

<gallery>
File:Linux-Mint-Debian-Edition-7-Erster-Start-01-Grub.png|The GRUB bootloader waits some seconds (if you want to select this option).
File:Linux-Mint-Debian-Edition-7-Erster-Start-02-Login.png|The login screen appears. Log in with your access data.
File:Linux-Mint-Debian-Edition-7-Erster-Start-03-Willkommen.png|The welcome assistant appears.
</gallery>

=== Colours ===
Under '''first steps''', you have the option to configure several basic settings:

<gallery>
File:Linux-Mint-Debian-Edition-7-Erster-Start-04-Erste-Schritte.png|First, you can select the desired color scheme. Click on the first green '''start''' button.
File:Linux-Mint-Debian-Edition-7-Erster-Start-05-Themen.png|Select the desired appearance and confirm your selection by clicking on the '''X''' icon in the upper right corner.
</gallery>

=== Timeshift ===
The program Timeshift allows to create system snapshots regularly. This allows you to quickly and easily revert to an older configuration in the event of configuration problems. The following screenshots show the initial configuration of Timeshift:

<gallery>
File:Linux-Mint-Debian-Edition-7-Erster-Start-04-Erste-Schritte.png|
File:Linux-Mint-Debian-Edition-7-Erster-Start-06-Timeshift-01-Passwort.png|
File:Linux-Mint-Debian-Edition-7-Erster-Start-06-Timeshift-02-Typ.png|
File:Linux-Mint-Debian-Edition-7-Erster-Start-06-Timeshift-03.png|
File:Linux-Mint-Debian-Edition-7-Erster-Start-06-Timeshift-04-Schnappschussort.png|
File:Linux-Mint-Debian-Edition-7-Erster-Start-06-Timeshift-05-Ebenen.png|
File:Linux-Mint-Debian-Edition-7-Erster-Start-06-Timeshift-06-Ordner.png|
File:Linux-Mint-Debian-Edition-7-Erster-Start-06-Timeshift-07-Einrichtung.png|
File:Linux-Mint-Debian-Edition-7-Erster-Start-06-Timeshift-08-Oberflaeche.png|
File:Linux-Mint-Debian-Edition-7-Erster-Start-06-Timeshift-09-Schnappschuss-erstellen.png|
File:Linux-Mint-Debian-Edition-7-Erster-Start-06-Timeshift-10-in-Arbeit.png|
File:Linux-Mint-Debian-Edition-7-Erster-Start-06-Timeshift-11-Oberflaeche.png|
</gallery>

=== Multimediacodecs ===
To ensure that videos and audio files are played back correctly, install optional multimedia codecs as shown in the following screenshots:

<gallery>
File:Linux-Mint-Debian-Edition-7-Erster-Start-07-Multimediacodecs-01-Zwischenspeicher.png
File:Linux-Mint-Debian-Edition-7-Erster-Start-07-Multimediacodecs-02-Installieren.png
File:Linux-Mint-Debian-Edition-7-Erster-Start-07-Multimediacodecs-03-Installieren.png
File:Linux-Mint-Debian-Edition-7-Erster-Start-07-Multimediacodecs-04-Passwort.png
File:Linux-Mint-Debian-Edition-7-Erster-Start-07-Multimediacodecs-05-Installation.png
</gallery>

=== Update management ===
To receive function and safety updates for your installed applications regularly, set up update management as described below:

<gallery>
File:Linux-Mint-Debian-Edition-7-Erster-Start-08-Erste-Schritte.png
File:Linux-Mint-Debian-Edition-7-Erster-Start-09-Aktualisierungsverwaltung-01.png
File:Linux-Mint-Debian-Edition-7-Erster-Start-09-Aktualisierungsverwaltung-02-Spiegelserver.png
File:Linux-Mint-Debian-Edition-7-Erster-Start-09-Aktualisierungsverwaltung-03-Passwort.png
File:Linux-Mint-Debian-Edition-7-Erster-Start-09-Aktualisierungsverwaltung-04.png
File:Linux-Mint-Debian-Edition-7-Erster-Start-09-Aktualisierungsverwaltung-05.png
File:Linux-Mint-Debian-Edition-7-Erster-Start-09-Aktualisierungsverwaltung-06.png
File:Linux-Mint-Debian-Edition-7-Erster-Start-09-Aktualisierungsverwaltung-07.png
File:Linux-Mint-Debian-Edition-7-Erster-Start-09-Aktualisierungsverwaltung-08.png
File:Linux-Mint-Debian-Edition-7-Erster-Start-09-Aktualisierungsverwaltung-09.png
File:Linux-Mint-Debian-Edition-7-Erster-Start-09-Aktualisierungsverwaltung-10.png
File:Linux-Mint-Debian-Edition-7-Erster-Start-09-Aktualisierungsverwaltung-11-Passwort.png
File:Linux-Mint-Debian-Edition-7-Erster-Start-09-Aktualisierungsverwaltung-12-Updates.png
File:Linux-Mint-Debian-Edition-7-Erster-Start-09-Aktualisierungsverwaltung-13-neuester-Stand.png
</gallery>

=== System settings ===
You can make further configuration changes in the respective sub-area in the system settings:

<gallery>
File:Linux-Mint-Debian-Edition-7-Erster-Start-10-Erste-Schritte.png
File:Linux-Mint-Debian-Edition-7-Erster-Start-11-Systemeinstellungen-01.png
File:Linux-Mint-Debian-Edition-7-Erster-Start-11-Systemeinstellungen-02.png
</gallery>

=== Application administration ===
You can install additional programs in the application management:

<gallery>
File:Linux-Mint-Debian-Edition-7-Erster-Start-10-Erste-Schritte.png
File:Linux-Mint-Debian-Edition-7-Erster-Start-12-Anwenungsverwaltung-01.png
</gallery>

=== Firewall ===
Linux Mint Debian Edition has a simple firewall that you can set up here:

<gallery>
File:Linux-Mint-Debian-Edition-7-Erster-Start-10-Erste-Schritte.png
File:Linux-Mint-Debian-Edition-7-Erster-Start-13-Firewall-01.png
File:Linux-Mint-Debian-Edition-7-Erster-Start-13-Firewall-02.png
</gallery>

== Start menu ==
After finishing the initial configuration, the start menu looks like this:

<gallery>
File:Linux-Mint-Debian-Edition-7-Erster-Start-14-Startmenue.png
</gallery>

{{Wfischer}}
{{Aranzinger}}
[[Category:Linux Mint]]
[[de:Linux Mint Debian Edition 7 installieren]]

Microsoft licensing programs

2026-02-19T12:22:35Z

Aranzinger: Created page with "'''Microsoft''' offers for different distribution ways and target groups multiple '''licensing programs'''. This article shows the differences between '''Electronic Software Download''', '''Full Packaged Product''', '''Direct OEM''', '''OEM System-Builder''' and '''volume licenses'''. Price information on Direct OEM and OEM system builder licenses can be found in the Thomas-Krenn-webshop in the <tklink type=sitex id=18135/> area. == Overview of Microsoft licensing prog..."

'''Microsoft''' offers for different distribution ways and target groups multiple '''licensing programs'''. This article shows the differences between '''Electronic Software Download''', '''Full Packaged Product''', '''Direct OEM''', '''OEM System-Builder''' and '''volume licenses'''. Price information on Direct OEM and OEM system builder licenses can be found in the Thomas-Krenn-webshop in the <tklink type=sitex id=18135/> area.

== Overview of Microsoft licensing programs ==
The following table shows an overview of the differences between the different Microsoft licensing programs:<ref>[http://www.microsoft.com/de-de/licensing/lizenzprogramme/open-license/default.aspx The licensing programs for smaller and medium-sized organisations] (www.microsoft.com)</ref>
{| class="wikitable"
|- style="background-color: #EFEFEF; font-weight: bold;"
!width="10%"|
!width="18%"| Software Download
!width="18%"| Retail Full Packaged Product (FPP)
!width="18%"| Original Equipment Manufacturer (Direct OEM)
!width="18%"| OEM System Builder (OEM SB)
!width="18%"| Volume licenses (VL)
|-
|valign="top"| Target group
|colspan=2 valign="top" align="center"| Private users as well as medium-sized companies.
|colspan=2 valign="top" align="center"| Smaller and medium-sized companies.
|valign="top" align="center"| Smaller, medium-sized and large companies.
|-
|valign="top"| Installation
|valign="top" align="center"| Available for download.<ref>[https://www.microsoft.com/de-de/store/b/terms-of-sale MICROSOFT TERMS AND CONDITIONS OF SALE in Germany Consumer-Store] (www.microsoft.com): ''Codes for downloading software and content. Certain software and content will be delivered to you by providing a download link in the Microsoft account you used to make your purchase. Subject to the paragraph below, we will typically store the download link and digital key for a purchase in your account for 3 years from the date of purchase, but we do not promise to store it for any specific period of time. For subscription products delivered by providing a download link, different terms and storage rights may apply, which will be presented to you for review and consent when you subscribe.'' (accessed on January 1st, 2018)</ref>
|valign="top" align="center"| Available for download. (package contains key and download link).
|colspan=2 valign="top" align="center"| Pre-installed or from DVD.
|valign="top" align="center"| Available for download.
|-
|valign="top"| Downgrade
|valign="top" align="center"| No downgrade rights.
|valign="top" align="center"| Normally no downgrade rights, except for individual server products.<ref name="Downgrade">[http://www.microsoft.com/licensing/about-licensing/briefs/downgrade-rights.aspx Downgrade rights for Microsoft Volume Licensing, OEM, and full packaged product licenses] (www.microsoft.com)</ref>
|colspan=2 valign="top" align="center"| Windows Server contains an unlimited downgrade right, Windows 8.1/8/7/Vista a N2-downgrade right.<ref name="Downgrade" /> 
For more information, see: [[Downgrade Microsoft licenses]].
|valign="top" align="center"| Comprehensive right to downgrade.<ref name="Downgrade" />
|-
|valign="top"| Virtualization rights
|valign="top" align="center"| No virtualization rights.
|colspan=3 valign="top" align="center"| No virtualization rights for the Windows desktop operating system or office applications.
Virtualization rights for Windows Server.
|valign="top" align="center"| Virtualization rights vary depending on the product and edition; for the Windows desktop operating system, they are available exclusively through Software Assurance.
|-
|valign="top"| '''Licenses for this program available at <tklink type=sitex id=912>Thomas-Krenn</tklink>'''
|colspan=2 valign="top" align="center"| No
|valign="top" align="center"| '''Yes, when purchasing a server or a PC: for example <tklink type="configurator" detail="configurator" id=10986>RI1208 Server</tklink>'''
|valign="top" align="center"| '''Yes, individually too: <tklink type=sitex id=18135/>'''
|valign="top" align="center"| '''Yes, on request: <tklink type=sitex id=198/>'''
|-
|valign="top"| Comments
|valign="top"| ESD is only available for the following products:
* Windows 10
* Office 365
* Office 2016
|valign="top"|
|valign="top"|
* [[Windows Server 2012]] Foundation is only available as OEM-license. <ref>[http://download.microsoft.com/download/4/D/B/4DB352D1-C610-466A-9AAF-EEF4F4CFFF27/WS2012_Licensing-Pricing_FAQ.pdf Windows Server Licensing & Pricing FAQ] (download.microsoft.com): ''Q47. How much will Windows Server Essentials cost? - [...] Foundation - OEM only'''</ref>
|valign="top"|
|valign="top"|
* available from 5 licenses.<ref>[http://www.microsoft.com/de-de/licensing/lizenzprogramme/open-license/ueberblick.aspx Licensing programs for smaller and medium-sized organisations - Overview] (www.microsoft.com)</ref>
|}

=== Direct OEM ===
''Direct OEMs'' are normally larger OEMs that have a direct licensing agreement with Microsoft and purchase software directly from Microsoft.<ref name="programs">[http://oem.microsoft.com/public/worldwide/licensing/OEM_System_Builder_Licensing_Guide.pdf OEM System Builder Licensing Guide] (oem.microsoft.com) - Microsoft Licensing Programs (Seite 3)</ref>

=== OEM System Builder ===
''System Builder'' are normally smaller OEMs that purchase Microsoft software indirectly through authorized OEM distributors.<ref name="programs" />

More information on System Builder licenses:
* [http://www.microsoft.com/oem/de/licensing/sblicensing/Pages/index.aspx OEM System Builder-Licensing] (www.microsoft.com)

=== Volume licenses ===
Microsoft volume license programs are for smaller, medium-sized and larger companies and available for 5 licenses or 5 end devices or more.

The usage rights for volume licenses differ from those for single-user licenses such as OEM licenses. Office software can only be virtualized (virtual desktop infrastructures - VDI) or provided via Remote Desktop Services (RDS) if it has been licensed under a volume license agreement.<ref>[http://www.microsoft.com/de-de/licensing/ueber-lizenzierung/grundprinzipien/was-sind-volumenlizenzprogramme.aspx What are volume licensing programs?] (www.microsoft.com)</ref>

More information on volume licenses:
* [http://www.microsoft.com/de-de/download/details.aspx?id=10585 Microsoft Volume Licensing Service Center (VLSC) User Guide - German] (www.microsoft.com)

== FAQs ==
# I purchased a server at Thomas-Krenn and would like to purchase an OEM license retrospectively. Is that possible?
#* No. Microsoft OEM licenses may only be delivered together with hardware. The only exception to this rule are CAL licenses.<ref>[http://oem.microsoft.com/public/worldwide/licensing/OEM_System_Builder_Licensing_Guide.pdf OEM System Builder Licensing Guide] (oem.microsoft.com) - Client Access Licensing for Windows Server Products (Seite 8 und 9): ''Additional OEM System Builder CALs may be purchased and sold to customers after the initial server sale. [...] CALs are channel agnostic; any CAL (OEM, VL, or Retail) can be used to access any Windows Server (OEM, VL, or Retail).''</ref>
#* If you did not purchase a Microsoft license when buying a Thomas-Krenn server, you can alternatively purchase an OEM SB license at a later date in the Thomas-Krenn Shop in the section <tklink type=sitex id=18135/>.

== More licensing programs ==
* [http://www.microsoft.com/OEM/de/salesmarketing/Pages/reseller-option-kit.aspx reseller-option kits for server - Reseller Option Kit (ROK)] (www.microsoft.com)

== References ==
<references />

{{Wfischer}}
{{Aranzinger}}
[[Category:Windows]]
{{Consultinglink
|campaign=consulting
}}
[[de:Microsoft Lizenzprogramme]]

Microsoft 365 licensing

2026-02-19T09:54:13Z

Aranzinger: Created page with "In the past, Office 365 was easier to manage. At that time, there was only Office 365 in various levels. However, Microsoft then took the step of combining the Office packages into a complete solution with a number of additional features and naming the new product Microsoft 365. However, the "old" Office 365 is still available, but with a smaller range of functions. In addition to the two categories already mentioned, there is a third: Microsoft 365 Business. Depending o..."

In the past, Office 365 was easier to manage. At that time, there was only Office 365 in various levels. However, Microsoft then took the step of combining the Office packages into a complete solution with a number of additional features and naming the new product Microsoft 365. However, the "old" Office 365 is still available, but with a smaller range of functions. In addition to the two categories already mentioned, there is a third: Microsoft 365 Business. Depending on the version, certain additional features from the Microsoft 365 Enterprise range may also be included here.

== Categories ==
In general, M365 licenses can be assigned in the following categories:

- Microsoft 365 Business (companies'''< 300 employees'''): [https://www.microsoft.com/de-de/microsoft-365/business/compare-all-microsoft-365-business-products?market=de Microsoft 365 Business Plans]

- Microsoft 365 Enterprise: [https://www.microsoft.com/de-de/microsoft-365/compare-microsoft-365-enterprise-plans?market=de Microsoft 365 Enterprise Plans]

- Office 365 Enterprise: [https://www.microsoft.com/de-de/microsoft-365/enterprise/compare-office-365-plans?market=de Office 365 Enterprise Plans]

The Microsoft 365 Enterprise contains the complete "Office 365 Enterprise"-package and includes a number of '''Enterprise Security + Mobility''' and '''Windows Features'''.

== License comparison ==
To compare prices, you can use our Microsoft configurator: <tklink type="configurator" detail="configurator" id=21660 />

'''Attention''': The following comparison tables are presented in a greatly simplified form. Please use the provided link above for a complete comparison. These lead directly to the manufacturer websites, which are more detailed and updated.

=== License comparison Microsoft 365 Business (< 300 employees) ===
{| class="wikitable"
|+
License comparison Microsoft 365 Business (< 300 employees)
!Microsoft 365
!Business Basic
!Applications for Business
!Business Standard
!Business Premium
|-
|Desktop versions of Office applications
|
|✔
|✔
|✔
|-
|Office applications on the web and on devices
|✔
|✔
|✔
|✔
|-
|Exchange online
|✔
|
|✔
|✔
|-
|Teams
|*
|*
|*
|*
|-
|Advanced threat protection
|
|
|
|✔
|-
|Administration of PCs and devices
|
|
|
|✔
|}

===License comparison Microsoft 365 Enterprise ===
{| class="wikitable"
|+
License comparison Microsoft 365 Enterprise
!Microsoft 365
!Apps for Enterprise
!E3
!E5
|-
|Desktop versions of Office applications
|✔
|✔
|✔
|-
|Office applications on the web and on mobile devices
|✔
|✔
|✔
|-
|Exchange Online
|
|✔
|✔
|-
|Teams
|
|*
|*
|-
|Windows
|
|✔
|✔
|-
|Intune
|
|✔
|✔
|-
|Extended analyses
|
|
|✔
|-
|Extended Identity & Access Management
|
|
|✔
|-
|Extended threat protection
|
|
|✔
|-
|Extended information protection
|
|
|✔
|-
|Extended compliance administration
|
|
|✔
|}

===License comparison Office 365 Enterprise===
{| class="wikitable"
|+License comparison Office 365 Enterprise
!Office 365
!E1
!E3
!E5
|-
|desktop versions of Office applications
|
|✔
|✔
|-
|Office applications on the web and on device
|✔
|✔
|✔
|-
|Exchange online
| ✔
|✔
|✔
|-
|Teams
|*
|*
|*
|-
|Support of group policies
|
|✔
|✔
|-
|Microsoft Defender for 365
|
|
|✔
|}
<nowiki>*</nowiki> Attention: Teams must now be purchased separately.

==Sources:==
https://www.microsoft.com/de-de/microsoft-365/compare-microsoft-365-enterprise-plans?market=de

https://www.microsoft.com/de-de/microsoft-365/enterprise/compare-office-365-plans?market=de

https://www.microsoft.com/de-de/microsoft-365/business/compare-all-microsoft-365-business-products?market=de

https://m365maps.com/matrix.htm
[[Category:Windows]]
{{Consultinglink
|campaign=consulting
}}
{{fmueller}}
{{Aranzinger}}
[[de:Microsoft 365 Lizenzierung]]

Using the LCD display of FWA-3034 under FreeBSD and OPNsense

2026-02-19T06:24:06Z

Aranzinger: Created page with "FWA-3034 from Advantech Under FreeBSD or OPNsense, the built-in display of the Advantech '''FWA-3034''' appliance is not used by default. To use the display, the community plugin '''lcdproc''' can be used in conjunction with a customized configuration. == Test environment == The following instructions have been performed in the following test environment: * '''Hardware''': Advantech FWA3034 wit..."

[[File:FWA3034.png|alt=FWA-3034 from Advantech|thumb|300x300px|FWA-3034 from Advantech ]]
Under [[FreeBSD]] or [[OPNsense]], the built-in display of the Advantech '''FWA-3034''' appliance is not used by default. To use the display, the community plugin '''lcdproc''' can be used in conjunction with a customized configuration.

== Test environment ==
The following instructions have been performed in the following test environment:

* '''Hardware''': Advantech FWA3034 with integrated LCD display
* '''Software''': OPNsense 26.1.2_5-amd64 (FreeBSD 14.3-RELEASE-p8s)

== Performance ==
[[File:Plugin_firmware_os-lcd-proc-sdelcd.png|alt=Suchen Sie nach dem Community Plugin lcd|thumb|Search for community plugin lcd]]
To correctly control the serial display, the plugin ‘’'os-lcd-proc-sdelcd'‘’ must be installed:
# Under '''System ‣ Settings ‣ Firmware,''' click on the '''Plugins''' tab. Here, the checkbox for''' ''Show community plugins'' '''must be selected'''. '''Then search for '''lcd.'''
# [[File:Progress_install_plugin_os-lcd-proc-sdelcd.png|alt=Installieren Sie das Plugin|thumb|Install plugin]]Click on "'''+'''" to install the plugin.
#:
After the plugin has been installed, our customized configuration file with the display specifications must be used.

The file path is <code>/usr/local/etc/LCDd.conf</code>.
<pre>

[server]
DriverPath=/usr/local/lib/lcdproc/
Driver=CwLnx
Bind=127.0.0.1
Port=13666
ReportToSyslog=yes
User=nobody
Foreground=yes
Hello="== THOMAS KRENN "
Hello="== FreeBSD LCD MOD"
Hello=""
Hello=" 1234567890 "
GoodBye=""
GoodBye=""
WaitTime=10
TitleSpeed=10
ServerScreen=on
Backlight=open
ToggleRotateKey=Enter
PrevScreenKey=Up
NextScreenKey=Down

[menu]
MenuKey=Escape
EnterKey=Enter
UpKey=Up

[hd44780]
ConnectionType=lcdserializer
Device=/dev/ttyU0
Speed=19200
Keypad=yes

[CwLnx]
Device=/dev/cuau1
ConnectionType=serial
Size=20x4
Speed=19200

</pre>

=== Activate system service for testing ===
Activate the system service with the following command:

<code>service LCDd onerestart</code>

[[file:Start plugin os-lcd-proc-sdelcd.png|rahmenlos|605x605px]]

== Display / output ==
After completing the previous steps, you should see the following result:

[[file:LCD DP FWA3034.jpg|frameless|627x627px]]
{{Wseifert}}
{{Aranzinger}}
[[Category:OPNsense]]
[[de:LCD Display von FWA-3034 unter FreeBSD und OPNsense verwenden]]

LSA LSI Storage Authority Software

2026-02-18T11:27:39Z

Aranzinger:

In this article, we explain how to install and configure the '''LSA LSI Storage Authority Software''' from Broadcom.

== Prerequisites ==

* Server with [[MegaRAID Controller]]
* Microsoft Windows Server
* Local administrator rights on the system
== What is LSA? ==

The '''LSI Storage Authority (LSA)''' is a webbased management software from Broadcom to supervise and administrate '''MegaRAID controllers''' under Windows and Linux.

The following information and functions are provided via the LSA-websurface:
* status overview of all installed RAID controllers
* supervising all physical and virtual drives
* immediate creation of RAIDs
* displaying warnings, errors and events
* firmware and driver information & updates
* configuration of email notifications in case of incidents

The websurface is provided locally on the server and called up via browser by default.

== Installation ==
<gallery>
download.png | '''Step 1:''' First, download the ‘’'LSA (LSI Storage Authority)''' from the Broadcom website: [https://docs.broadcom.com/docs/008.003.012.000_LSA_Windows<nowiki/>» Download here'''|alt=Step 1:First, download the ‘’'LSA (LSI Storage Authority) from the Broadcom website: : [https://docs.broadcom.com/docs/008.003.012.000_LSA_Windows » Download here
lsa-lsi-installation-01.png | '''Step 2:''' After downloading, the software is available as an archive. This can be unzipped by right-clicking on ‘’'Extract All...'''.
lsa-lsi-installation-02.png | '''Step 3:''' After unpacking, a folder will be created. It contains the file '''setup.exe''', which is used to start the installation. '''Note:''' After installation, a known login error with '''Error Code 49 (Invalid Credentials)''' may occur. In this case, please refer to the following article: [[LSI Storage Authority Error Code 49 Invalid Credentials]].
lsa-lsi-installation-03.png | '''Step 4:''' After successful installation, it is recommended to restart the LSA service to avoid a complete system restart. This can be done directly via the '''Task Manager'''.
lsa-lsi-installation-04.png | '''Step 5:''' In the '''Services''' tab, locate the '''LSAService''' service, right-click to select it, and execute '''Restart'''.
lsa-lsi-installation-05.png | '''Step 6:''' The LSA can then be started via the '''Launch LSA''' link. Access is then automatic via the standard web browser.
</gallery>

== Create RAID ==
This section describes how to create a RAID array on a [[MegaRAID controller]] using the web interface of the '''LSI Storage Authority (LSA)'''. The creation process is carried out via the advanced configuration and guides you step by step through the selection of the RAID level, the physical drives, and the creation of the virtual drive.

'''Hint: When creating a new RAID array, all data on the selected hard drives will be deleted.'''
<gallery>
lsa-lsi-raid-01.png | '''Step 1:''' In the LSA web interface, on the right-hand side in the '''Controller Actions''' section, there is an '''Configure''' option, which opens another drop-down menu.

lsa-lsi-raid-02.png | '''Step 2:''' Select '''Advanced Configuration''' from the drop-down menu that opens.

lsa-lsi-raid-03.png | '''Step 3:''' In the advanced configuration, you can choose between the various available RAID levels. In this example, a '''RAID 1''' is created.

lsa-lsi-raid-04.png | '''Step 4:''' Clicking '''Next''' takes you to the next menu, where you can configure the physical drives and virtual drives.

lsa-lsi-raid-05.png | '''Step 5:''' First, the physical hard drives to be used for the RAID must be selected.

lsa-lsi-raid-06.png | '''Step 6:''' Select the desired hard drives and confirm your selection by clicking on ‘’'Add Physical Drives'''.

lsa-lsi-raid-07.png | '''Step 7:''' A '''virtual drive''' is then created, which will later be used by the operating system.

lsa-lsi-raid-08.png | '''Step 8:''' Once the virtual drive has been created, the RAID can be set up by clicking on '''Finish'''.

lsa-lsi-raid-09.png | '''Step 9:''' After successfully creating the RAID, a corresponding confirmation appears in the LSA web interface.

lsa-lsi-raid-10.png | '''Step 10:''' The newly created virtual drive and the associated drive group status are now displayed in the controller menu.
</gallery>

== Firmware update ==
A firmware update of a [[MegaRAID controller]]s can be performed directly via the websurface of the '''LSI Storage Authority (LSA)'''.

<gallery>
download.png | '''Step 1:''' First, download the latest compatible firmware from the [https://www.thomas-krenn.com/de/download?manufacturer=15&category=10 » Thomas-Krenn download page «]. To do this, you must first filter the installed controller correctly under "Select product".

Unpack-archive-icon.png | '''Step 2:''' The downloaded archive is unzipped, and the unzipped folder contains the '''.rom''' file required for the update.

lsa-lsi-firmware-update-00.png | '''Step 3:''' In the LSA web interface, on the right-hand side in the '''Controller Actions''' section, you will find the '''Update Firmware''' option, which opens the firmware update menu.

lsa-lsi-firmware-update-01.png | '''Step 4:''' Clicking on '''Browse''' opens the file explorer, where you can select the previously unzipped '''.rom''' file and confirm with '''Open'''.

lsa-lsi-firmware-update-02.png | '''Step 5:''' After loading the file, the update can be prepared using the '''Update''' button.

lsa-lsi-firmware-update-03.png | '''Step 6:''' For verification purposes, a version comparison between the currently installed firmware and the selected firmware is displayed, with the final confirmation for the update below.

lsa-lsi-firmware-update-04.png | '''Step 7:''' Activate the '''Confirm''' checkbox and click on '''Flash Firmware''' to start the firmware update.
</gallery>

Once the update has been successfully completed, you can usually continue working with the controller immediately. Restarting the system is only necessary in rare cases.

== Convert individual hard drive to JBOD ==
This section describes how to set a single physical hard disk to '''JBOD (Just a Bunch Of Disks)''' mode using the '''LSI Storage Authority (LSA)''' web interface. This allows the hard disk to be passed directly to the operating system without a RAID array. It also shows how to return a hard disk that was previously configured as JBOD to the '''Unconfigured Good''' state so that it can be used again in a RAID array.
<gallery>
lsa-lsi-jbod-single-01.png | '''Step 1:''' In the controller settings, all unconfigured hard drives are displayed under '''Unconfigured Drives'''.
lsa-lsi-jbod-single-02.png | '''Step 2:''' Select the desired hard drive and then convert it to JBOD mode using '''Make JBOD''' in the right sidebar under '''Element Actions'''.
lsa-lsi-jbod-single-03.png | '''Step 3:''' The process takes only a few seconds. Once completed successfully, the hard drive will be displayed in the '''JBOD''' section and the message '''Action Successful''' will appear.
</gallery>

If a JBOD-hard drive should be used again for a RAID-compound, it can be resetted as follows:

<gallery>
lsa-lsi-jbod-single-04.png | '''Step 1:''' The JBOD hard drive is selected and reset using '''Make Unconfigured Good''' in the right sidebar.
lsa-lsi-jbod-single-05.png | '''Step 2:''' The action is confirmed by checking the '''Confirm''' checkbox and clicking '''Yes, Make Unconfigured Good'''.
</gallery>

== Convert all hard drives to JBOD ==
This section describes how all hard drives connected to the controller can be used automatically as '''JBOD'''. To do this, the '''controller personality''' is changed from '''RAID''' to '''JBOD''', which passes all drives directly to the operating system without RAID configuration.

<gallery>
lsa-lsi-jbod-01.png | '''Step 1:''' In the LSI Storage Authority web interface, the '''Controller Actions''' area is located on the right-hand side. Select '''Personality Management''' there.
lsa-lsi-jbod-02.png | '''Step 2:''' In the '''Select Personality''' menu, you can choose between '''RAID''' and '''JBOD'''. Here, you must select '''JBOD'''.
lsa-lsi-jbod-03.png | '''Step 3:''' Clicking '''Change''' changes the personality of the controller and all hard drives are automatically provisioned as JBOD.
</gallery>

== Set up email notification ==
For reliable operation, it is recommended to configure email notifications in the LSA so that you are automatically notified in the event of RAID errors or critical events.

In particular, the following points should be noted:

* Use of an available SMTP-server
* Activation of SSL/TLS, if supported by the mail server
* Depositing of at least one recipient address
* Test of configuration via '''Test Configuration'''

Only if email notifications are set up correctly can an early response to hardware errors be guaranteed.

<gallery>
lsa-lsi-installation-07.png | '''Step 1:''' After opening the LSI Storage Authority web interface, you can log in via '''Sign In'''. The current '''Windows username''' is used as the username, and the password corresponds to the local system password.

lsa-lsi-installation-08.png | '''Step 2:''' After successful login, the currently logged-in user is displayed in the top right corner. Left-clicking opens a drop-down menu.

lsa-lsi-installation-09.png | '''Step 3:''' In this drop-down menu, select '''Settings''' to open the configuration.

lsa-lsi-installation-10.png | '''Step 4:''' The settings include the configuration of the '''Alert Filter''' and the '''Mail Server''' settings..

lsa-lsi-installation-11.png | '''Step 5:''' In the '''Mail Server''' menu, you can configure the SMTP settings according to your own mail server configuration. Use the '''Test Configuration''' button to check whether email delivery is working properly.

lsa-lsi-installation-12.png | '''Step 6:''' Once configuration is complete, the settings are saved via '''Save Settings'''. Email notifications are then sent automatically when corresponding events occur.
</gallery>

== Common mistakes ==
* [[LSI Storage Authority Error Code 49 Invalid Credentials|Fix login errors]]

== Conclusion ==

After successful installation and configuration, the LSI Storage Authority offers a central and clear opportunity to supervise MegaRAID-controllers.
In productive environments in particular, a correctly configured LSA contributes significantly to operational reliability and rapid error detection.

{{Azillner}}
{{Aranzinger}}
[[Category:LSI]]
[[de:LSA LSI Storage Authority Software]]

Get-Filehash - sha256sum Windows

2026-02-17T10:03:00Z

Aranzinger: Created page with "Under Linux, the command line tool '''sha256sum''' is used for the integrity check of files. After downloading a file, it can be verified whether the file was downloaded without errors and has not been modified. Under Windows, the cmdlet '''Get-Filehash''' is available in the '''Powershell'''. == Use == To use Get-Filehash, click on start and type in '''PowerSh''' and start then a powershell console. Then navigate to the desired directory and run Get-Filehash..."

Under [[Linux]], the command line tool '''sha256sum''' is used for the integrity check of files. After downloading a file, it can be verified whether the file was downloaded without errors and has not been modified. Under [[Windows]], the cmdlet '''Get-Filehash''' is available in the '''Powershell'''.

== Use ==
To use Get-Filehash, click on start and type in '''PowerSh''' and start then a powershell console. Then navigate to the desired directory and run Get-Filehash to create an SHA256 checksum:
: '''Get-Filehash [FILENAME]'''

The following example shows the checksum of an [[UEFITool]] download:
<pre>
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

Get to know the cross-platform PowerShell - https://aka.ms/pscore6

PS C:\Users\micro> cd .\Downloads\
PS C:\Users\micro\Downloads> Get-Filehash .\UEFITool.exe

Algorithm Hash Path
--------- ---- ----
SHA256 434EFED4599601D7A136E4CF608DB478A4CC2AEDF02B5BFD05998A84FDDC341E C:\Users\micro\Downloads\UEFI...

PS C:\Users\micro\Downloads>
</pre>

== Supported algorithms ==
In addition to SHA256, Get-Filehash can also generate hash values based on the following algorithms using the '''-algorithm''' parameter:
* SHA1
* SHA256
* SHA384
* SHA512
* MD5

== More information ==
* [https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/get-filehash Get-FileHash] (docs.microsoft.com)

{{Wfischer}}
{{Aranzinger}}
[[de:Get-Filehash - sha256sum Windows]]
[[Category:Windows]]

OPNsense 26.1 Firewall Rule Migration

2026-02-16T12:45:10Z

Aranzinger: Created page with "With the release of the OPNsense '''26.1''' version, work continued on the '''gradual migration of all configuration menus to MVC/API code'''. The firewall-rules area has been extended with this release by a MVC/API configuration menu ''Firewall → Rules [new]''. The previous menu under ''Firewall → Rules'' will remain in parallel as a legacy and will receive a migration assistant. This article shows how to perform this '''migration of the firewall rules onto the..."

With the release of the [[OPNsense]] '''26.1''' version, work continued on the '''gradual migration of all configuration menus to MVC/API code'''. The firewall-rules area has been extended with this release by a MVC/API configuration menu ''Firewall → Rules [new]''. The previous menu under ''Firewall → Rules'' will remain in parallel as a legacy and will receive a migration assistant. This article shows how to perform this '''migration of the firewall rules onto the new firewall configuration menu'''.

'''Please note:''' This migration worked perfectly with various OPNsense firewalls, but there is no guarantee that this migration will always work without problems. A backup of the configuration is essential.

{{#widget:Imagebox-left|link={{#tklink:type=sitex|id=19293|linkonly=1}}|image=/de/wikiDE/images/0/0f/OPNsense-Shopbanner.png|text=Click here to view our OPNSense firewalls in the Thomas-Krenn online shop|campaign=OPNsense 26.1 Firewall Regel Migration }}
{{#widget:SitexBox|link={{#tklink:type=sitex|id=19293|linkonly=1}}|text=Click here to view our OPNSense firewalls in the Thomas-Krenn online shop|campaign=OPNsense 26.1 Firewall Regel Migration }}

== Preparation to migrate the rules ==
Before the rules are exported and then imported into the new menu, you should follow the steps suggested by the migration assistant for safety reasons.
<gallery>
File:OPNsense-26.1-Firewall-rules-migration-001.png|Start the migration process in the menu ''Firewall → Rules → Migration assistant''.
File:OPNsense-26.1-Firewall-rules-migration-002.png|If you are running a ZFS-based installation of the OPNsense firewall, you can take a snapshot of the system in the ''System → Snapshots'' menu.
File:OPNsense-26.1-Firewall-rules-migration-003.png|Click on the orange plus to create a new snapshot.
File:OPNsense-26.1-Firewall-rules-migration-004.png|Click on ''Save''.
File:OPNsense-26.1-Firewall-rules-migration-005.png|The snapshot was created
File:OPNsense-26.1-Firewall-rules-migration-006.png|Alternatively, you can also safe the configuration, which is possible via the menu ''System → Configuration → Backups''.
File:OPNsense-26.1-Firewall-rules-migration-007.png|By clicking on ''Download configuration'', you can download the configuration as CSV-file.
File:OPNsense-26.1-Firewall-rules-migration-008.png|Verify in the menu ''Firewall → Settings → Advanced'' if the variable ''Disable anti-lockout'' is deactivated.
</gallery>

== Export existing firewall rules ==
The actual migration process starts with this step and the rules are exported in a CSV-format.

<gallery>
File:OPNsense-26.1-Firewall-rules-migration-009.png|In the menu ''Firewall → Rules → Migration assistant'', you can export the existing firewall rules in step 3.
File:OPNsense-26.1-Firewall-rules-migration-010.png|These existing rules are downloaded as CSV-file. You can change them at this point.
</gallery>

== Import exported rules ==
In this final step, the previously downloaded CSV file is now imported into the new firewall rule menu, and finally the old firewall rules are deleted.

<gallery>
File:OPNsense-26.1-Firewall-rules-migration-011.png|In step 4 of the migration wizard, you can now import them again for the new configuration menu.
File:OPNsense-26.1-Firewall-rules-migration-012.png|You will be linked to the new firewall rules menu. Click on the "Import csv" icon on the right.
File:OPNsense-26.1-Firewall-rules-migration-013.png|By clicking on ''Choose File'', select the previously downloaded CSV-file.
File:OPNsense-26.1-Firewall-rules-migration-014.png|Click on the check mark to import the rules.
File:OPNsense-26.1-Firewall-rules-migration-015.png|The rules have been imported. Click on the X in the top right corner to close the menu.
File:OPNsense-26.1-Firewall-rules-migration-016.png|Finally, all you have to do is click on "Apply", and the rules will be stored and activated in the new menu.
File:OPNsense-26.1-Firewall-rules-migration-017.png|The existing legacy rules can now be removed all at once. Click on ''Remove all legacy rules''.
File:OPNsense-26.1-Firewall-rules-migration-018.png|Click on ''Yes''.
File:OPNsense-26.1-Firewall-rules-migration-019.png|You will be redirected to the new firewall menu. Click on ''Apply''. The migration is now finished.
</gallery>

{{Tniedermeier}}
{{Aranzinger}}
[[Category:OPNsense]]
[[de:OPNsense 26.1 Firewall Regel Migration]]

Security advisories on AMD-SB-4013

2026-02-16T11:53:42Z

Aranzinger: Created page with "On '''February 10th, 2025,''' AMD published the AMD-SB-4013 Security Bulletin<ref>[https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4013.html AMD Athlon™ and AMD Ryzen™ Processor Vulnerabilities – February 2026] (www.amd.com/en/resources/product-security)</ref> with a variety of security vulnerabilities. == Affected systems == * Systems with AMD Ryzen Threadripper PRO 3000WX processors * Systems with AMD Ryzen Threadripper PRO 5000WX processors *..."

On '''February 10th, 2025,''' AMD published the AMD-SB-4013 Security Bulletin<ref>[https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4013.html AMD Athlon™ and AMD Ryzen™ Processor Vulnerabilities – February 2026] (www.amd.com/en/resources/product-security)</ref> with a variety of security vulnerabilities.

== Affected systems ==
* Systems with AMD Ryzen Threadripper PRO 3000WX processors
* Systems with AMD Ryzen Threadripper PRO 5000WX processors
* Systems with AMD Ryzen Threadripper 7000 / PRO 7000WX processors
* Systems with AMD Ryzen Threadripper 9000 / PRO 9000WX processors

== Troubleshooting ==

Here is a table listing the corresponding CVEs and corrective measures for each Threadripper generation, if available.

'''AMD Ryzen Threadripper PRO 3000WX'''

{| class="wikitable"
|+
!Security vulnerability
!Risk potential:
! align="center" |'''AGESA version'''
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2021-26381 CVE-2021-26381]
| align="center" |7.1 (high)
| align="center" |ChagallWSPI-sWRX8 1.0.0.2 (2022-01-20)
CastlePeakWSPI-sWRX8 1.0.0.9 (2022-01-20)
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2024-21961 CVE-2024-21961]
| align="center" |6.0 (medium)
| align="center" |no fix planned
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2024-36355 CVE-2024-36355]
| align="center" |7.0 (high)
| align="center" |ChagallWSPI-sWRX8-1.0.0.B (2024-12-24)
CastlePeakWSPI-sWRX8 1.0.0.G (2024-12-30)
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-29949 CVE-2025-29949]
| align="center" |4.8 (medium)
| align="center" |ChagallWSPI-sWRX8 1.0.0.C (2025-04-03)
CastlePeakWSPI-sWRX8 1.0.0.H (2025-03-31)
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-29950 CVE-2025-29950]
| align="center" |7.1 (high)
| align="center" |ChagallWSPI-sWRX8 1.0.0.C (2025-04-03)
CastlePeakWSPI-sWRX8 1.0.0.I (2025-10-27)
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-52533 CVE-2025-52533]
| align="center" |8.7 (high)
| align="center" | Fix in Key Distribution Server (KDS)
|-
|}

'''AMD Ryzen Threadripper PRO 5000WX'''

{| class="wikitable"
|+
!Security vulnerability
!Risk potential:
! align="center" |'''AGESA version'''
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2021-26381 CVE-2021-26381]
| align="center" |7.1 (high)
| align="center" |ChagallWSPI-sWRX8 1.0.0.1 (2021-11-10)
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2024-36355 CVE-2024-36355]
| align="center" |7.0 (high)
| align="center" |ChagallWSPI-sWRX8-1.0.0.B (2024-12-24)
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-29949 CVE-2025-29949]
| align="center" |4.8 (medium)
| align="center" |ChagallWSPI-sWRX8 1.0.0.C (2025-04-03)
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-29950 CVE-2025-29950]
| align="center" |7.1 (high)
| align="center" |ChagallWSPI-sWRX8 1.0.0.C (2025-04-03)
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-52533 CVE-2025-52533]
| align="center" |8.7 (high)
| align="center" |Fix in Key Distribution Server (KDS)
|-
|}

'''AMD Ryzen Threadripper 7000'''

{| class="wikitable"
|+
!Security vulnerability
!Risk potential:
! align="center" |'''AGESA version'''
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2024-36310 CVE-2024-36310]
| align="center" |4.6 (medium)
| align="center" |StormPeakPI-SP6_1.1.0.0j (2025-06-11)
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2024-36355 CVE-2024-36355]
| align="center" |7.0 (high)
| align="center" |StormPeakPI-SP6 1.1.0.0i (2024-12-18)
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-29950 CVE-2025-29950]
| align="center" |7.1 (high)
| align="center" |ShimadaPeakPI-SP6_1.0.0.1 (2025-05-07)
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-52533 CVE-2025-52533]
| align="center" |8.7 (high)
| align="center" | Fix in Key Distribution Server (KDS)
|-
|}

'''AMD Ryzen Threadripper PRO 7000WX'''

{| class="wikitable"
|+
!Security vulnerability
!Risk potential:
! align="center" |'''AGESA version'''
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2024-36310 CVE-2024-36310]
| align="center" |4.6 (medium)
| align="center" |StormPeakPI-SP6_1.0.0.1l (2025-06-18)
StormPeakPI-SP6_1.1.0.0j (2025-06-11)
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2024-36355 CVE-2024-36355]
| align="center" |7.0 (high)
| align="center" |StormPeakPI-SP6 1.0.0.1k (2024-12-20)
StormPeakPI-SP6 1.1.0.0i (2024-12-18)
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-29950 CVE-2025-29950]
| align="center" |7.1 (high)
| align="center" |ShimadaPeakPI-SP6_1.0.0.1 (2025-05-07)
StormPeakPI-SP6_1.0.0.1l (2025-06-18)

StormPeakPI-SP6_1.1.0.0j (2025-06-11)
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-52533 CVE-2025-52533]
| align="center" |8.7 (high)
| align="center" | Fix in Key Distribution Server (KDS)
|-
|}

'''AMD Ryzen Threadripper 9000'''

{| class="wikitable"
|+
!Security vulnerability
!Risk potential:
! align="center" |'''AGESA version'''
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-29950 CVE-2025-29950]
| align="center" |7.1 (high)
| align="center" |ShimadaPeakPI-SP6_1.0.0.1 (2025-05-07)
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-54514 CVE-2025-54514]
| align="center" |4.8 (medium)
| align="center" |ShimadaPeakPI-SP6_1.0.0.1b (2025-07-28)
|-
|}

'''AMD Ryzen Threadripper PRO 9000WX'''

{| class="wikitable"
|+
!Security vulnerability
!Risk potential:
! align="center" |'''AGESA version'''
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2024-21961 CVE-2024-21961]
| align="center" |6.0 (medium)
| align="center" |No fix planned
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2024-36355 CVE-2024-36355]
| align="center" |7.0 (high)
| align="center" |ComboAM5 1.1.0.3c (2025-01-27)
ComboAM5 1.2.0.3d (2025-04-29)
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-29950 CVE-2025-29950]
| align="center" |7.1 (high)
| align="center" |ShimadaPeakPI-SP6_1.0.0.1 (2025-05-07)
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-54514 CVE-2025-54514]
| align="center" |4.8 (medium)
| align="center" |ShimadaPeakPI-SP6_1.0.0.1b (2025-07-28)
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-52533 CVE-2025-52533]
| align="center" |8.7 (high)
| align="center" | Fix in Key Distribution Server (KDS)
|-
|}

=== Updates for products from Thomas-Krenn ===
Updates on the corresponding system can be found in the <tklink type="sitex" id="440">download area of Thomas-Krenn</tklink>.
The versions in the download area have been tested by us to guarantee the stability and compatibility of our systems.

If you require the latest version for your system, but it is not yet available in our download area, you can get it at [https://www.asus.com/de/support/download-center/ Asus] or [https://www.supermicro.com/en/support/resources/downloadcenter/swdownload Supermicro].

== References ==
<references/>

{{Thomas-Krenn.AG}}
{{Aranzinger}}
[[Category:AMD Safety Information]]
[[de:Sicherheitshinweise zu AMD-SB-4013]]

Security advisories on AMD-SB-3023

2026-02-16T08:48:38Z

Aranzinger: /* Updates for products of Thomas-Krenn */

On '''February 10th, 2025''', AMD published the AMD-SB-3023 Security Bulletin<ref>[https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3023.html AMD EPYC™ and AMD EPYC™ Embedded Series Processor Vulnerabilities – February 2026] (www.amd.com/en/resources/product-security)</ref> with a variety of security vulnerabilities.

== Affected systems ==
* systems with "Zen 1" AMD EPYC 7001 Naples processors
* systems with "Zen 2" [[AMD EPYC 7002 Rome]] processors
* systems with "Zen 3" [[AMD EPYC 7003 Milan]] processors
* systems with "Zen 4" [[AMD EPYC 9004 Genoa und Bergamo|AMD EPYC 9004 Genoa and Bergamo]] & 8004 Siena processors
* systems with "Zen 5" [[AMD EPYC 9005 Turin]] processors

== Troubleshooting ==

Here is a table listing the corresponding CVEs and corrective measures for each EPYC generation, if available.

'''AMD EPYC 7001 Naples'''

{| class="wikitable"
|+
!Security vulnerability
!Risk potential:
! align="center" |'''AGESA version'''
!SEV FW
!µcode
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-29950 CVE-2025-29950]
| align="center" |7.1 (high)
| align="center" |NaplesPI 1.0.0.R (2025-07-31)
| align="center" |N/A
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-52533 CVE-2025-52533]
| align="center" |8.7 (high)
| align="center" |no fix planned
| align="center" |N/A
| align="center" |N/A
|-
|}

'''AMD EPYC 7002 Rome'''

{| class="wikitable"
|+
!Security vulnerability
!Risk potential:
! align="center" |'''AGESA version'''
!SEV FW
!µcode
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-29950 CVE-2025-29950]
| align="center" |7.1 (high)
| align="center" |RomePI 1.0.0.N (2025-08-14)
| align="center" |N/A
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2024-21961 CVE-2024-21961]
| align="center" |6.0 (medium)
| align="center" |Workaround in Custom BIOS Settings (CBS)
| align="center" |N/A
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-52533 CVE-2025-52533]
| align="center" |8.7 (high)
| align="center" |no fix planned
| align="center" |N/A
| align="center" |N/A
|-
|}

'''AMD EPYC 7003 Milan:'''

{| class="wikitable"
|+
!Security vulnerability
!Risk potential:
! align="center" |'''AGESA version'''
!SEV FW
!µcode
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-48514 CVE-2025-48514]
| align="center" |4.0 (medium)
| align="center" |MilanPI 1.0.0.H (2025-09-04)
| align="center" |SEV FW 1.37.23
SPL[SEV]=0x1B
mitigation bit=3
| align="center" |B1:0x0A0011DE
B2:0x0A001247
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-29939 CVE-2025-29939]
| align="center" |6.9 (medium)
| align="center" |MilanPI 1.0.0.H (2025-09-04)
| align="center" |SEV FW 1.37.23
SPL[SEV]=0x1B
mitigation bit=3
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-48509 CVE-2025-48509]
| align="center" |1.8 (low)
| align="center" | MilanPI 1.0.0.H (2025-09-04)
| align="center" | SEV FW 1.37.23
SPL[SEV]=0x1B
mitigation bit=3
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-0031 CVE-2025-0031]
| align="center" |4.6 (medium)
| align="center" |MilanPI 1.0.0.H (2025-09-04)
| align="center" |SEV FW 1.37.20
SPL[SEV]=0x1A
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-52536 CVE-2025-52536]
| align="center" |6.7 (medium)
| align="center" |MilanPI 1.0.0.H (2025-09-04)
| align="center" |SEV FW 1.37.1F
SPL[SEV]=0x1A
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-29950 CVE-2025-29950]
| align="center" |7.1 (high)
| align="center" |MilanPI 1.0.0.H (2025-09-04)
| align="center" |N/A
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-52533 CVE-2025-52533]
| align="center" |3.8 (low)
| align="center" |MilanPI 1.0.0.G (2025-01-30)
| align="center" |N/A
| align="center" |N/A
|}

'''AMD EPYC 8004 Siena:'''

{| class="wikitable"
|+
!Security vulnerability
!Risk potential:
! align="center" |'''AGESA version'''
!SEV FW
!µcode
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-48514 CVE-2025-48514]
| align="center" |4.0 (medium)
| align="center" |GenoaPI 1.0.0.H (2025-12-15)
| align="center" |SEV FW 1.37.31
SPL[SEV]=0x1B
mitigation bit=3
| align="center" |A2:0x0AA0021B
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-29939 CVE-2025-29939]
| align="center" |6.9 (medium)
| align="center" |GenoaPI 1.0.0.G (2025-06-27)
| align="center" |SEV FW 1.37.31
SPL[SEV]=0x1B
mitigation bit 0
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-48509 CVE-2025-48509]
| align="center" |1.8 (low)
| align="center" | GenoaPI 1.0.0.F (2025-03-28)
| align="center" | SEV FW 1.37.2A
SPL[SEV]=0x18
mitigation bit=3
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-0031 CVE-2025-0031]
| align="center" |4.6 (medium)
| align="center" |GenoaPI 1.0.0.G (2025-06-27)
| align="center" |SEV FW 1.37.2B
SPL[SEV]=0x19
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-52536 CVE-2025-52536]
| align="center" |6.7 (medium)
| align="center" |GenoaPI 1.0.0.G (2025-06-27)
| align="center" |SEV FW 1.37.2B
SPL[SEV]=0x19
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2024-21953 CVE-2024-21953]
| align="center" |5.9 (medium)
| align="center" |GenoaPI 1.0.0.F (2025-03-28)
| align="center" |SEV FW 1.37.2A
SPL[SEV]=0x18
| align="center" |N/A
|-
|}

'''AMD EPYC 9004 Bergamo / Siena:'''

{| class="wikitable"
|+
!Security vulnerability
!Risk potential:
! align="center" |'''AGESA version'''
!SEV FW
!µcode
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-48514 CVE-2025-48514]
| align="center" |4.0 (medium)
| align="center" |GenoaPI 1.0.0.H (2025-12-15)
| align="center" |SEV FW 1.37.31
SPL[SEV]=0x1B
mitigation bit=3
| align="center" |A2:0x0AA0021B
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-29939 CVE-2025-29939]
| align="center" |6.9 (medium)
| align="center" |GenoaPI 1.0.0.G (2025-06-27)
| align="center" |SEV FW 1.37.31
SPL[SEV]=0x1B
mitigation bit 3
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-48509 CVE-2025-48509]
| align="center" |1.8 (low)
| align="center" | GenoaPI 1.0.0.F (2025-03-28)
| align="center" | SEV FW 1.37.2A
SPL[SEV]=0x18
mitigation bit=3
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-0031 CVE-2025-0031]
| align="center" |4.6 (medium)
| align="center" |GenoaPI 1.0.0.G (2025-06-27)
| align="center" |SEV FW 1.37.2B
SPL[SEV]=0x19
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-52536 CVE-2025-52536]
| align="center" |6.7 (medium)
| align="center" |GenoaPI 1.0.0.G (2025-06-27)
| align="center" |SEV FW 1.37.2B
SPL[SEV]=0x19
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-29950 CVE-2025-29950]
| align="center" |7.1 (high)
| align="center" |GenoaPI 1.0.0.G (2025-06-27)
| align="center" |N/A
| align="center" |N/A
|-
|}

'''AMD EPYC 9004 Genoa:'''

{| class="wikitable"
|+
!Security vulnerability
!Risk potential:
! align="center" |'''AGESA version'''
!SEV FW
!µcode
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-48514 CVE-2025-48514]
| align="center" |4.0 (medium)
| align="center" |GenoaPI 1.0.0.H (2025-12-15)
| align="center" |SEV FW 1.37.31
SPL[SEV]=0x1B
| align="center" |B1: 0x0A101156
B2:0x0A101251
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-29939 CVE-2025-29939]
| align="center" |6.9 (medium)
| align="center" |GenoaPI 1.0.0.G (2025-06-27)
| align="center" |SEV FW 1.37.31
SPL[SEV]=0x1B
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-52536 CVE-2025-52536]
| align="center" |6.7 (medium)
| align="center" |GenoaPI 1.0.0.G (2025-06-27)
| align="center" |SEV FW 1.37.3D
SPL[SEV]=0x2
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-48509 CVE-2025-48509]
| align="center" |1.8 (low)
| align="center" | GenoaPI 1.0.0.F (2025-03-28)
| align="center" | SEV FW 1.37.2A
SPL[SEV]=0x18
mitigation bit=3
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-0031 CVE-2025-0031]
| align="center" |4.6 (medium)
| align="center" |GenoaPI 1.0.0.G (2025-06-27)
| align="center" |SEV FW 1.37.2A
SPL[SEV]=0x18
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-52536 CVE-2025-52536]
| align="center" |6.7 (medium)
| align="center" |GenoaPI 1.0.0.G (2025-06-27)
| align="center" |SEV FW 1.37.2B
SPL[SEV]=0x19
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-29950 CVE-2025-29950]
| align="center" |7.1 (high)
| align="center" |GenoaPI 1.0.0.G (2025-06-27)
| align="center" |N/A
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2024-36310 CVE-2024-36310]
| align="center" |4.6 (medium)
| align="center" |GenoaPI 1.0.0.G (2025-06-27)
| align="center" |N/A
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2024-36355 CVE-2024-36355]
| align="center" |7.0 (high)
| align="center" |GenoaPI 1.0.0.E (2024-12-16)
| align="center" |N/A
| align="center" |N/A
|-
|}

'''AMD EPYC 9005 Turin / Turin Dense'''

{| class="wikitable"
|+
!Security vulnerability
!Risk potential:
! align="center" |'''AGESA version'''
!SEV FW
!µcode
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-48514 CVE-2025-48514]
| align="center" |4.0 (medium)
| align="center" |TurinPI 1.0.0.6 (2025-06-30)
| align="center" |SEV FW 1.37.41
SPL[SEV]=0x4
mitigation bit=3
| align="center" |C1:0x0B002151
Dense B0: 0x0B10104E
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-54514 CVE-2025-54514]
| align="center" |4.8 (medium)
| align="center" |TurinPI 1.0.0.6 (2025-06-30)
| align="center" |N/A
| align="center" |BRH C1: 0x0B002151
BRHD B0: 0x0B10104E
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-29939 CVE-2025-29939]
| align="center" |6.9 (medium)
| align="center" |TurinPI 1.0.0.6 (2025-06-30)
| align="center" |SEV FW 1.37.41
SPL[SEV]=0x4
mitigation bit=3
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-29946 CVE-2025-29946]
| align="center" |4.5 (medium)
| align="center" |TurinPI 1.0.0.6 (2025-06-30)
| align="center" |SEV FW 1.37.41
SPL[SEV]=0x4
mitigation bit=3
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-29948 CVE-2025-29948]
| align="center" |5.9 (medium)
| align="center" |TurinPI 1.0.0.6 (2025-06-30)
| align="center" |SEV FW 1.37.41
SPL[SEV]=0x4
mitigation bit=3
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-29952 CVE-2025-29952]
| align="center" |5.9 (medium)
| align="center" |TurinPI 1.0.0.6 (2025-06-30)
| align="center" |SEV FW 1.37.41
SPL[SEV]=0x4
mitigation bit=3
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-48517 CVE-2025-48517]
| align="center" |4.6 (medium)
| align="center" |TurinPI 1.0.0.6 (2025-06-30)
| align="center" |SEV FW 1.37.41
SPL[SEV]=0x4
mitigation bit=3
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-52536 CVE-2025-52536]
| align="center" |6.7 (medium)
| align="center" |TurinPI 1.0.0.5 (2025-04-18)
| align="center" |SEV FW 1.37.3D
SPL[SEV]=0x2
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-48509 CVE-2025-48509]
| align="center" |1.8 (low)
| align="center" |TurinPI 1.0.0.5 (2025-04-18)
| align="center" | SEV FW 1.37.3D
SPL[SEV]=0x2
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-0031 CVE-2025-0031]
| align="center" |4.6 (medium)
| align="center" |TurinPI 1.0.0.5 (2025-04-18)
| align="center" |SEV FW 1.37.3D
SPL[SEV]=0x2
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-0029 CVE-2025-0029]
| align="center" |1.8 (low)
| align="center" |TurinPI 1.0.0.5 (2025-04-18)
| align="center" |N/A
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-29950 CVE-2025-29950]
| align="center" |7.1 (high)
| align="center" |TurinPI 1.0.0.6 (2025-06-30)
| align="center" |N/A
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2024-36310 CVE-2024-36310]
| align="center" |4.6 (medium)
| align="center" |TurinPI 1.0.0.4 (2025-03-04)
| align="center" |N/A
| align="center" |N/A
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-0012 CVE-2025-0012]
| align="center" |6.8 (medium)
| align="center" |TurinPI 1.0.0.4 (2025-03-04)
| align="center" |N/A
| align="center" |C1: 0x0B002147
Dense B0: 0x0B101047
|-
| align="center" |[https://www.cve.org/CVERecord?id=CVE-2025-52534 CVE-2025-52534]
only Turin Dense
| align="center" |5.3 (medium)
| align="center" |TurinPI 1.0.0.6 (2025-06-30)
| align="center" |N/A
| align="center" |Dense B0: 0x0B10104E
|-
|}

Supermicro published a Security Bulletin on the security vulnerabilities. A list with BIOS-versions of the corresponding mainboards, with an AGESA version to close the gap, is also available. In the following, there is an excerpt from this table in which all mainboards, that are offered by Thomas-Krenn, are listed: <ref>[https://www.supermicro.com/en/support/security_AMD-SB-3023 AMD Security Bulletin AMD-SB-3023, February 2026] (www.supermicro.com)</ref>

{| class="wikitable"
|+
!AMD motherboard
! align="center" |'''BIOS version'''
|-
| align="center" |H11 - EPYC 7001 / 7002
| align="center" |3.5
|-
| align="center" |H12SSW-iN/NT
| align="center" |3.5
|-
| align="center" |H12SSL-i/C/CT/NT
| align="center" |3.5
|-
| align="center" |H12DSi-N6/NT6
| align="center" |3.5
|-
| align="center" |H13SSW
| align="center" |3.8
|-
| align="center" |H13SSL-N/NC
| align="center" |3.8
|}

=== Updates for products from Thomas-Krenn ===
Updates on the corresponding system can be found in the <tklink type="sitex" id="440">download area of Thomas-Krenn</tklink>.
The versions in the download area have been tested by us to guarantee the stability and compatibility of our systems.

If you require the latest version for your system and it is not yet available in our download area, you can get it at [https://www.asus.com/de/support/download-center/ Asus] or [https://www.supermicro.com/en/support/resources/downloadcenter/swdownload Supermicro].

== References ==
<references/>

{{Thomas-Krenn.AG}}
{{Aranzinger}}
[[Category:AMD Safety Information]]
[[de:Sicherheitshinweise zu AMD-SB-3023]]

Security advisories on Intel products 2026.1 IPU

2026-02-12T12:28:45Z

Aranzinger: /* Updates for products of Thomas-Krenn */

In February '''2026''', Intel published new security advisories on different Intel products as part of the IPU 2026.1. Some of these security advisories require '''firmware updates'''.

In this article, you will find an excerpt and hints on these security advisories as well as information on where to find updates for products of Thomas-Krenn.

== Security advisories ==
Here, you will find security advisories on firmware published by Intel.

{| class="wikitable"
|- style="background-color: #EFEFEF; font-weight: bold;"
! align="center" |Intel Security Advisory
! align="center" |Title
! align="center" |Affected systems
|-
|align=center | [https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01171.html INTEL-SA-01171]
|align=center | Intel® Ethernet Adapters 800 Series Advisory
| rowspan="35" align="left" | (see Intel-SA)
|-
|align=center | [https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01412.html INTEL-SA-01412]
|align=center | Intel® Server Board and Intel® Server System Firmware Update Utility Advisory
|-
|align=center | [https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01401.html INTEL-SA-01401]
|align=center | Intel® Server Firmware Advisory
|-
|align=center | [https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01397.html INTEL-SA-01397]
|align=center | 2026.1 IPU, Intel® Trust Domain Extensions (Intel® TDX) module Advisory
|-
|align=center | [https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01396.html INTEL-SA-01396]
|align=center | 2026.1 IPU, Intel® Processor Firmware Advisory
|-
|align=center | [https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01315.html INTEL-SA-01315]
|align=center | 2026.1 IPU, Intel® Chipset Firmware Advisory
|-
|align=center | [https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01314.html INTEL-SA-01314]
|align=center | 2025.4 IPU, Intel® TDX Module Advisory
|-
|align=center | [https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01406.html INTEL-SA-01406]
|align=center | Intel® Quick Assist Technology (Intel® QAT) Advisory
|-
|align=center | [https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01403.html INTEL-SA-01403]
|align=center | Intel® NPU Driver Advisory
|}

== Updates for products from Thomas-Krenn ==
Updates on the corresponding system can be found in the <tklink type="sitex" id="440">download area of Thomas-Krenn</tklink>.
The updates in the download area have been tested by us to guarantee the stability and compatibility of our systems.

If you require the latest version for your system and it is not yet available in our download area, you can get it at [https://www.asus.com/de/support/download-center/ Asus], [https://www.supermicro.com/en/support/resources/downloadcenter/swdownload Supermicro] or [https://www.gigabyte.com/de/Support/Consumer/Download Gigabyte].

== More information ==
* [https://www.phoronix.com/news/Intel-20260210-Microcode Intel CPU Microcode 20260210 Brings Security Updates & Functional Fixes] (phoronix.com, 10.02.2026)
* [https://www.intel.com/content/www/us/en/security-center/default.html Security Center] (www.intel.com)
* [https://www.supermicro.com/en/support/security_Intel_IPU2026.1 Intel Platform Update (IPU) Update 2026.1 February 2026] (supermicro.com, 10.02.2026)
{{Thomas-Krenn.AG}}
{{Aranzinger}}
[[Category:Intel Safety Information]]
[[de:Sicherheitshinweise zu Intel Produkten 2026.1 IPU]]

Deactivation of IPv6

2026-02-12T12:09:27Z

Aranzinger: Created page with "This article describes how to '''deactivate or switch off the IPv6 support under Linux and Windows'''. This can be helpful as long as IPv6 has not been used productively for safety reasons. This prevents you from obtaining an IPv6 address as soon as an IPv6 router advertisement daemon becomes available on a network. Furthermore, existing firewall rules are often not valid for IPv6. In this case, services that were actually blocked by an IPv4 rule might then be accessible..."

This article describes how to '''deactivate or switch off the IPv6 support under Linux and Windows'''. This can be helpful as long as IPv6 has not been used productively for safety reasons. This prevents you from obtaining an IPv6 address as soon as an IPv6 router advertisement daemon becomes available on a network. Furthermore, existing firewall rules are often not valid for IPv6. In this case, services that were actually blocked by an IPv4 rule might then be accessible via IPv6. Linux has its own command, "ip6tables", for managing IPv6 firewall rules.

== Ubuntu ==
In [[Ubuntu]] 10.04, 12.04, 14.04 and 16.04, IPv6 is compiled directly into the kernel and is not loaded as module. The simplest method to deactivate IPv6 is to set the suitable sysctl parameter. This can be made temporarily with the following command:
echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6

To make this setting permanent, it is advisable to use the sysctl functions. For this, create a file named <code>/etc/sysctl.d/01-disable-ipv6.conf</code> with the following content:
net.ipv6.conf.all.disable_ipv6 = 1
IPv6 is then deactivated after the next reboot.

This can be verified with the "ip addr show" command. There must then be no entries with the text "inet6" anymore.
ip addr show | grep inet6

== RHEL / CentOS ==
Under RHEL 6/ CentOS, the deactivation of IPv6 can be made identically like under Ubuntu via sysctl (see above).

In RHEL 4 / CentOS, IPv6 is integrated as module. Add the following line to the /etc/modprobe.conf file:
install ipv6 /bin/true

The verification, whether it worked, can be made with the "ip addr show | grep inet6" command or alternatively with the
lsmod | grep -i ipv6 command

== Windows ==
Information on the deactivation of IPv6 can be found for the respective Windows version on the following pages:

* Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012:
*: [https://support.microsoft.com/de-de/help/929852/guidance-for-configuring-ipv6-in-windows-for-advanced-users Guide to configuring IPv6 in Windows for advanced users] (support.microsoft.com, KB 929852)
* Windows XP:
*: [http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_ip_v6_pro_remove.mspx?mfr=true Microsoft Windows XP - Remove IPv6] (www.microsoft.com)

== Applications that require IPv6 support ==
=== OpenVZ ===
The following problem occurs with OpenVZ with the kernel "2.6.18-164.15.1.el5.028stab068.9", when IPv6 is deactivated via module-blacklisting (see "RHEL 4 / CentOS 4"). OpenVZ does not function, as the vzmon module can not be loaded.

<pre>
Jul 8 21:21:08 ovz2 kernel: vzmon: Unknown symbol ve_snmp_proc_init
Jul 8 21:21:08 ovz2 kernel: vzmon: Unknown symbol addrconf_sysctl_free
Jul 8 21:21:08 ovz2 kernel: vzmon: Unknown symbol ve_ndisc_init
Jul 8 21:21:08 ovz2 kernel: vzmon: Unknown symbol addrconf_ifdown
Jul 8 21:21:08 ovz2 kernel: vzmon: Unknown symbol ip6_frag_cleanup
Jul 8 21:21:08 ovz2 kernel: vzmon: Unknown symbol fini_ve_route6
Jul 8 21:21:08 ovz2 kernel: vzmon: Unknown symbol addrconf_sysctl_init
Jul 8 21:21:08 ovz2 kernel: vzmon: Unknown symbol ve_snmp_proc_fini
Jul 8 21:21:08 ovz2 kernel: vzmon: Unknown symbol ve_ndisc_fini
Jul 8 21:21:08 ovz2 kernel: vzmon: Unknown symbol init_ve_route6
Jul 8 21:21:08 ovz2 kernel: vzmon: Unknown symbol addrconf_sysctl_fini
Jul 8 21:21:08 ovz2 vz: failed to load module vzmon failed
</pre>

The same should be valid for Virtuozzo: http://kb.parallels.com/en/3583

=== Unbound DNS Server ===
In the default configuration, the Unbound DNS server listens on 127.0.0.1 (IPv4) and::1 (IPv6). If IPv6 is disabled as described above, the following error occurs when starting with the Unbound default configuration:
<pre>
user@ubuntu-10.04:~$ sudo /etc/init.d/unbound start
* Starting recursive DNS server unbound
[1278656703] unbound[1924:0] error: can't bind socket: Cannot assign requested address
[1278656703] unbound[1924:0] fatal error: could not open ports [fail]
user@ubuntu-10.04:~$
</pre>

You can easily circumvent the problem by explicitly specifying only the address 127.0.0.1 in the configuration file <code>/etc/unbound/unbound.conf</code>:
<pre>
# specify the interfaces to answer queries from by ip-address.
# The default is to listen to localhost (127.0.0.1 and ::1).
# specify 0.0.0.0 and ::0 to bind to all available interfaces.
# specify every interface[@port] on a new 'interface:' labelled line.
# The listen interfaces are not changed on reload, only on restart.
# interface: 192.0.2.153
# interface: 192.0.2.154
# interface: 192.0.2.154@5003
# interface: 2001:DB8::5
interface: 127.0.0.1
</pre>

{{Cmitasch}}
{{Aranzinger}}
[[category:Linux]]
[[category:Windows]]
[[category:Network+Equipment]]
[[pl:Wyłączenie IPv6]]
[[de:IPv6 deaktivieren]]

I/O performance benchmarking tools at a glance

2026-02-11T12:17:07Z

Aranzinger:

There are multiple '''I/O benchmarking tools''' to measure '''I/O performance'''. In this article, we provide an overview about different tools.

== Block device benchmarks ==
Block device benchmarks access an unformatted block device (such as a hard disk, SSD, or RAID array) directly. They are especially suitable for comparing different hard drives, SSDs, RAID-controllers, etc...

=== Block device benchmark overview ===
The most block device benchmarks, that are listed here, also allow the specification of files in a file system (so they can also be used as file system benchmarks):
{| {{Prettytable}}
|- style="background-color: #EFEFEF; font-weight: bold;"
!width="15%"|
!width="17%"| [[Linux I/O Performance Tests mit dd|dd]]
!width="17%"| [[fio]]
!width="17%"| [[Iometer]]
!width="17%"| [http://spew.berlios.de/ spew]
!width="17%"| [http://vdbench.org/ vdbench]
|-
!valign=top| Threads
|valign=top| Single-Thread
|valign=top| Multi-Thread
(numjobs Parameter)
|valign=top| Multi-Thread
|valign=top| Single-Thread
|valign=top| Multi-Thread
|-
!valign=top| Regular I/O support
|valign=top align="center"| yes
|valign=top align="center"| yes
|valign=top align="center"| yes
|valign=top align="center"| yes
|valign=top align="center"| yes
|-
!valign=top| Direct I/O support
|valign=top align="center"| yes
<code>iflag=direct</code> (read)
<code>oflag=direct</code> (write)
|valign=top align="center"| yes
<code>--direct=1</code>
|align="center" rowspan="2"| no
Iometer offers a <code>Ramp Up Time</code> to minimize cache influence. <ref>[http://iometer.cvs.sourceforge.net/*checkout*/iometer/iometer/Docs/Iometer.pdf Iometer User's Guide Version 2003.12.16] chapter 15.3 Ramp Up Time, page 62:

: <cite>The Ramp Up Time field specifies the number of seconds Iometer waits, after all workers report that they have begun working, before beginning to record statistics on each test. You can use this field to avoid recording any statistics during an initial “ramp-up” period (for example, while caches are filled with data). The default value is zero.</cite>
: <cite>Typical ramp-up times vary from 15 to 60 seconds. Ramp-up time may need to be increased for caching controllers, large servers, or clustered systems.</cite></ref>
|valign=top align="center"| yes
<code>--direct</code>
|valign=top align="center"| yes
<code>openflags=o_direct</code>
|-
!valign=top| Synchronous I/O support
|valign=top align="center"| yes
<code>oflag=sync</code>
<code>oflag=dsync</code>
|valign=top align="center"| yes
<code>--sync=1</code>, see also the options

<code>fsync</code> and <code>fdatasync</code>
|valign=top align="center"| yes
<code>--sync</code>
|valign=top align="center"| yes
<code>openflags=o_sync</code> (also <code>o_dsync</code> and <code>o_rsync</code> - Pass all three options to the Linux open() function.<ref>[[sourceforge:projects/vdbench/files/vdbench502.pdf/download|Vdbench 5.0.2 documentation]], chapter 1.16.12‘openflags=’: control over open and close of luns or files, page 44</ref>
|-
!valign=top| More information
|valign=top|
|valign=top|
|valign=top|
|valign=top|
|valign=top|
* http://blogs.sun.com/lisan/entry/pitfalls_of_benchmarking_flash_with
|}

== File system benchmarks ==
File system benchmarks unlike block device benchmarks, they do ''not'' directly access an unformatted block device. The device must be formatted with a file sytem. File system benchmarks mainly serve to measure the performance of different file systems (for example ext3 compared to xfs) one after the other on the same block device.

Examples for file system benchmarks:
* [http://www.iozone.org/ IOzone] - Note on IOzone under Windows: The Windows binaries available on the IOzone website crash regularly under current Windows versions (2008 R2 64-bit). However, you can use IOzone with these current Windows versions if you build IOzone from the sources against a current version of Cygwin > 1.7 (<code>./configure && make</code>). To use the new binary independently of a Cygwin environment, you must copy some Cygwin DLLs to the iozone directory.
* [[Linux Filesystem Performance Tests with dbench|dbench]]

== I/O performance measurements ==
In addition to these benchmark tools, that generate I/O load as well as measure I/O transfer, there are also tools that only measure the I/O performance without generating load. These tools are helpful, when a system is too slow and when you are looking for the performance bottleneck.

Examples for tools to measure I/O performance:
* [[Linux I/O performance measurements with iostat|iostat]]

== References ==
<references />

== More information ==
* http://wikis.sun.com/display/BluePrints/Solid+State+Drives+in+HPC+-+Reducing+the+IO+Bottleneck
* http://www.mysqlperformanceblog.com/2009/03/02/ssd-xfs-lvm-fsync-write-cache-barrier-and-lost-transactions/
* [http://www.phoronix-test-suite.com/ Phoronix Testing Suite] (see also http://wiki.ubuntuusers.de/Phoronix_Testing_Suite, http://en.wikipedia.org/wiki/Phoronix_Testing_Suite, http://www.heise.de/software/download/phoronix_testing_suite/56799)
* http://www.ssd-test.de

{{Wfischer}}
{{Aranzinger}}
[[Category:Linux]][[Category:Windows]]
[[pl:Przegląd aplikacji do pomiaru wydajności I/O]]
[[de:I/O Performance Benchmarking Tools im Überblick]]

Veeam Support ID

2026-02-11T09:46:43Z

Aranzinger: Created page with "For the renewal of an existing Veeam support contract or one that is about to expire, the '''Veeam Support ID'''<ref>[https://www.veeam.com/kb2705 Veeam Support Knowledge Base: kb2705]</ref> of the product is needed. This information can be found in your Veeam application under '''License''' <gallery width=1024 height=820 showcarousel="false" slideinfozoneopacity="0.95"> File:Veeam-Support-ID01.png|Select '''License''' File:Veeam-Support-ID02.png|The support ID can be..."

For the renewal of an existing Veeam support contract or one that is about to expire, the '''Veeam Support ID'''<ref>[https://www.veeam.com/kb2705 Veeam Support Knowledge Base: kb2705]</ref> of the product is needed.

This information can be found in your Veeam application under '''License'''

<gallery width=1024 height=820 showcarousel="false" slideinfozoneopacity="0.95">
File:Veeam-Support-ID01.png|Select '''License'''
File:Veeam-Support-ID02.png|The support ID can be found under license information
</gallery>

== Alternative ways ==

# You can log into your [https://my.veeam.com/?_gl=1*101oyb2*_ga*NDI2MTExNTczLjE2MzEyNjYyNjg.*_ga_PMJS81E58L*MTY3MTAxMTgwNi4zNS4xLjE2NzEwMTE4MDYuNjAuMC4w#/licenses/production?ad=in-text-link Veeam customer portal] and find the support ID under your products
# In your license file (.lic), which can be opened with a word processor. The field is marked with '''Support ID='''.

== References ==
<references />
{{Sbohn}}
{{Aranzinger}}
[[Category:Veeam]]
[[de:Veeam Support ID]]

Veeam backup edition differences

2026-02-11T09:01:45Z

Sbohn:

'''Veeam Backup''' software is an application to '''secure virtual and physical workloads''' in company networks. The use of this software in your company requires a '''license'''. This article provides an '''overview of the license packages''' and its features.

{{#widget:Imagebox-left|link={{#tklink:type=sitex|id=19383|linkonly=1}}|image=/de/wikiDE/images/4/43/Wiki_Banner_Veeam.jpg|text=Discover backup software and licenses from Veeam in our online shop now|campaign=Veeam backup licenses and functions}}
{{#widget:SitexBox|link={{#tklink:type=sitex|id=19383|linkonly=1}}|text=Discover backup software and licenses from Veeam in our online shop now|campaign=Veeam backup licenses and functions}}

== Veeam data platform ==
Since April 1st, 2023, Veeam summarizes its product range in the area of safety & restoration, monitoring and orchestration under the name Veeam Data Platform (VDP).<ref>[https://www.veeam.com/licensing-pricing.html Veeam data platform packages] (veeam.com, 21.04.2023)</ref> The following table provides an overview of the VDP editions and the products contained therein.

{| class="wikitable"
|- style="font-weight:bold;"
! style="font-weight:normal;" |
! Veeam backup & replication
! Veeam ONE 
! Veeam recovery orchestrator 
! Coveware Recon Scanner 
|-
| style="font-weight:bold;" | Foundation 
| style="background-color:#CCFFCC;" align="center"|✔
|
|
|
|-
| style="font-weight:bold;" | Advanced
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|
| style="background-color:#CCFFCC;" align="center"|✔
|-
| style="font-weight:bold;" | Premium
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
| style="font-weight:bold;background-color:#FFFFFF;" | Essentials
| style="background-color:#DBFFDB;" align="center"|✔
| style="background-color:#DBFFDB;" align="center"|✔
| style="background-color:#FFFFFF;" |
| style="background-color:#FFFFFF;" |
|}

'''Hint:''' ''Veeam Data Platform Essentials'' is restricted to '''maximum 50 workloads'''.

A package is licensed by obtaining [[Veeam Backup Lizenzen und Funktionen#Veeam Universal Licence|Veeam Universal Licences (VUL)]] based on the workloads. All products are supplied with [[Veeam Backup Lizenzen und Funktionen#Support|Production-Support]], premier support is optional.<ref name="support">[https://www.veeam.com/de/support-policy.html Veeam support guideline] (veeam.com, 21.04.2023)</ref>

=== Features ===
The Veeam Data Platform is based on version 13 of the flagships ''Veeam Backup & Replication''<ref>[https://helpcenter.veeam.com/docs/backup/vsphere/overview.html?ver=120 Veeam backup & replication documentation] (helpcenter.veeam.com, 21.04.2023)</ref> as well as the other products ''Veeam ONE''<ref>[https://helpcenter.veeam.com/docs/one/monitor/about.html?ver=120 Veeam ONE documentation] (helpcenter.veeam.com, 21.04.2023)</ref>, ''Veeam Recovery Orchestrator'' (formerly ''Veeam Disaster Recovery Orchestrator'')<ref>[https://helpcenter.veeam.com/docs/vdro/userguide/welcome.html?ver=60 Veeam Disaster Recovery Orchestrator documentation] (helpcenter.veeam.com, 21.04.2023)</ref> and ''Coveware Recon Scanner''<ref>[https://helpcenter.veeam.com/docs/coveware/userguide/overview.html Recon for Veeam Infrastructure 3.0] (helpcenter.veeam.com, 06.03.2026)</ref>. The main function of the products is summarized here:

{| class="wikitable mw-collapsible"
|- style="font-weight:bold;"
! style="font-weight:normal;" | Feature
! Foundation
! Advanced / Essentials
! Premium
|- style="background-color:#9aff99;"
| style="font-weight:bold;" | Veeam Backup & Replication
|
|
|
|-
| Backup
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
| Restore
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
| Replication
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
| Continuous Data Protection (CDP)
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
| Backup Copy
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
| Storage Systems Support
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
| Tape Devices Support
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
| Recovery Verification
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|- style="background-color:#efefef;"
| style="font-style:italic;" | Protected Objects
|
|
|
|-
| VMware vSphere VMs
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
| Microsoft Hyper-V VMs
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
| Nutanix AHV VMs
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
|Scale Computing HyperCore VMs
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
|Oracle Linux VMs
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
|Red Hat VMs
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
|Proxmox VE VMs
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
| AWS EC2 Instanzen
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
| Microsoft Azure VMs
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
| Google Cloud VMs
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
| NAS File Shares
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
| Physical Machines
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|- style="background-color:#efefef;"
| style="font-style:italic;" | Protected Applications
|
|
|
|-
| Microsoft SQL Server
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
| PostgreSQL
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
| Oracle data bases
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
| Active Directory
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
| Entra ID
|
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
| Microsoft Exchange
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
| Microsoft OneDrive
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
| Microsoft SharePoint
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|- style="background-color:#9aff99;"
| style="font-weight:bold;" | Veeam ONE
|
|
|
|-
| Real time monitoring, analysis and notifications
|
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
| Comprehensive reporting and informative dashboards
|
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
| Intelligent diagnoses and troubleshooting measures
|
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|-
| Capacity planning and chargeback
|
| style="background-color:#CCFFCC;" align="center"|✔
| style="background-color:#CCFFCC;" align="center"|✔
|- style="background-color:#9aff99;"
| style="font-weight:bold;" | Veeam Recovery Orchestrator
|
|
|
|-
| 1-click-mass recovery
|
|
| style="background-color:#CCFFCC;" align="center"|✔
|-
| DR-Failover-Orchestration
|
|
| style="background-color:#CCFFCC;" align="center"|✔
|-
| Automatic tests
|
|
| style="background-color:#CCFFCC;" align="center"|✔
|-
| Dynamic documentation
|
|
| style="background-color:#CCFFCC;" align="center"|✔
|-
| Compliance monitoring for RTOs and RPOs
|
|
| style="background-color:#CCFFCC;" align="center"|✔
|-
| Restore to the cloud
|
|
| style="background-color:#CCFFCC;" align="center"|✔
|}

The following reference is offered by Veeam for a complete list: [https://www.veeam.com/veeam_data_platform_feature_comparison_ds.pdf Veeam data platform feature comparison].

=== Veeam Universal License ===
Even before the introduction of VDP, Veeam also changed its licensing model. The '''Veeam Universal Licenses (VUL)''' authorize the use of the corresponding software based on the data to be secured and monitored '''workloads'''. The licenses are transferable between workloads.

VULs have a '''minimum purchase quantity of 10 licenses'''.

''VDP Essentials'' is an exception: Bundles with '''5 licenses''' are possible, but only a maximum of 50 workloads can be licensed for this purpose.<ref name="policy">[https://www.veeam.com/licensing-policy.html Veeam license guideline] (veeam.com, 21.04.2023)</ref>

{| class="wikitable"
|- style="font-weight:bold;"
! Workload 
! style="text-align:right;" | Number
!License
|-
| Virtual machine
| style="text-align:right;" | 1
| style="text-align:right;" | 1
|-
| Cloud-VM
| style="text-align:right;" | 1
| style="text-align:right;" | 1
|-
| Enterprise application
| style="text-align:right;" | 1
| style="text-align:right;" | 1
|-
| NAS/File share
| style="text-align:right;" | 500 GB
| style="text-align:right;" | 1
|-
| Workstation / end point
| style="text-align:right;" | 3
| style="text-align:right;" | 1
|}

==== Duration ====

VULs can be aquired as subscription license or perpetual license.

* A '''subscription license''' includes a right of use and the associated support (standard "Production", optional "Premier") and update and upgrade rights for a fixed period of 1, 3, or 5 years. When a subscription expires, you are no longer authorized to use the software.
* A '''perpetual license''' includes an unlimited right of use. Support (standard "Production", optional "Premier") and update and upgrade rights for a period of one year are included with the purchase of such a license. An extension of support and update and upgrade rights can be purchased at a later date.<ref name="policy" />

Perpetual licenses are available for VDP-packages Essentials, Foundation and Advanced.

=== Veeam BaaS and DRaaS ===
Veeam ''Backup as a Service (BaaS)'' and ''Disaster Recovery as a Service (DRaaS)'' are managed cloud services. These can be booked optionally from managed service providers (such as Thomas-Krenn.AG).

== More products ==
In addition to VDP, Veeam offers other standalone backup products for applications that run natively in the cloud, namely

* Veeam backup for [[Microsoft 365 Lizenzierung|Microsoft 365]]
* Veeam backup for Salesforce
* Veeam backup for Kubernetes / Kasten K10.

Unlike VDP, these products are licensed exclusively on a subscription basis per user or worker node (in the case of Box K10).

=== Licensing ===

The following table provides an overview of the subscription licenses:<ref name="policy" />

{| class="wikitable"
|- style="font-weight:bold;"
! style="font-weight:normal;" |
! Term in years
! user 
! Limitation
! Support
|-
| style="font-weight:bold;" | Microsoft 365
| style="text-align:right;" | 1 / 3 / 5
| at least 10 
| style="text-align:center;" | -
| default: production optional: premier 
|-
| style="font-weight:bold;" | Salesforce
| style="text-align:right;" | 1 / 3 / 5
| at least 10
| 100% Salesforce users must be licensed
| default: production optional: premier 
|- style="text-align:right;"
| style="font-weight:bold; text-align:left;" | Kasten K10
| 1 / 3 / 5
| at least 1 worker node
| style="text-align:center;" | -
| style="text-align:center;" | -
|}

== Support ==
Veeam offers 4 support models: '''Evaluation''', '''Standard''', '''Production''' and '''Premier'''.<ref name="support" />

The evaluation support is granted during the trial period of a Veeam product.

Standard support is no longer available since the introduction of VDP. When using a VDP product, you always purchase production support as well.

Premier Support is characterized by the assistance of a Support Account Manager (SAM).

An overview:

{| class="wikitable"
|- style="font-weight:bold;"
! Service
! Evaluation
! Standard
! Production
! Premier
|-
| Product updates
| style="text-align:center;" | -
| yes
| yes
| yes
|-
| Product upgrades
| style="text-align:center;" | -
| yes
| yes
| yes
|-
| Technical support
| telephone / Internet
| telephone / Internet
| telephone / Internet
| telephone / Internet / SAM
|}

== More information ==
* [https://www.veeam.com/de/support.html?ad=in-text-link Veeam support]
* [https://www.veeam.com/veeam_data_platform_feature_comparison_ds.pdf Veeam data platform feature comparison]

== References ==
<references />

{{Sbohn}}
{{Lstadler}}
{{Aranzinger}}
[[Category:Veeam]]
[[de:Veeam Backup Editionsunterschiede]]

Update Veeam end customer data

2026-02-11T05:55:10Z

Aranzinger: Created page with "The specification of the end customer data is obligatory when receiving Veeam licenses. This article describes the procedure of changing the stated end customer data after purchasing the license. The change must be performed directly via the Veeam portal and can not be made via Veeam partner. __FORCETOC__ == End customer data == Veeam Backup licenses are tied to the end customer, which is the applicant of the software and receive..."

The specification of the end customer data is obligatory when receiving Veeam licenses. This article describes the procedure of changing the stated end customer data after purchasing the license.

The change must be performed directly via the Veeam portal and can not be made via Veeam partner.
__FORCETOC__
== End customer data ==
[[Veeam Backup licenses and functions|Veeam Backup licenses]] are tied to the end customer, which is the applicant of the software and receives the access to the Veeam support portal.

== Procedure ==
The following gallery describes the procedure of changing the end customer data after purchasing the license. Go to the [https://my.veeam.com Veeam Support Website] to perform the following steps:

<gallery>
file:Veaam_support_login.png|Log in to the Veeam Support Portal.
file:Veeam_supportcase_oeffnen.jpg|You can ''open a support case'' via the ''Support'' tab.
file:Veeam_licensing_case_type.jpg|Select ''Licensing''.
file:Veeam_merge_license_files.png|In the mandatory field ''Licensing Issue'', select ''Merge License''.
file:Veeam_support_case_problembeschreibung.png|Now enter a description of your case.
</gallery>

Then enter the '''new end customer data''' in the free text field. The Veeam-support will then contact you.

Please note that the Veeam-support is provided in English.

{{Sbohn}}
{{Aranzinger}}
[[Category:Veeam]]
[[de:Veeam Endkundendaten aktualisieren]]

TKMI overview

2026-02-10T12:21:58Z

Aranzinger: Created page with "The '''Thomas-Krenn Management Interface''' (TKMI) is the websurface of BMC from Thomas-Krenn server. It is a MegaRAC® SP-X System-on-a-Chip (SoC) based on a graphic user interface (GUI). In the following paragraphs, you will find an overview of the displays and settings options of the TKMI. == Application == 450x450px The application screen cons..."

The '''Thomas-Krenn Management Interface''' (TKMI) is the websurface of [[Baseboard Management Controller|BMC]] from [[Thomas-Krenn server|Thomas-Krenn server]]. It is a MegaRAC® SP-X System-on-a-Chip (SoC) based on a graphic user interface (GUI). In the following paragraphs, you will find an overview of the displays and settings options of the TKMI.

== Application ==
[[File:TKMI-Login.png|alt=application in TKMI|thumb|450x450px]]
The application screen consists of the following elements:
{| class="wikitable"
!element
!description
|-
|User name
|Enter user name
|-
|Password
|Enter corresponding password
|-
|Language
Selection of language (currently only English (US) is available)
|-
|Remember user name
|The user name is pre-filled the next time you call up TKMI
|-
|Sign me in
|Start application
|-
|Forgot password
|The recreation of the password for a user name is possible with this link1
|}
1An email must be defined in the [[TKMI Settings#SMTP Settings|SMTP settings]], so that the recreation functions.

=== Standard settings ===
The standard settings for the first login is as follows

* '''user name''': admin
* '''password''': admin

The password must be changed during the first login.

== Components of user interface ==
[[file:TKMI Dashboard.png|small|user interface of TKMI|450x450px]]

After application, you are located on the dashboard. The main page consists of three elements.

=== Menu ===
In the menu, information on host systems and navigation can be found through different administration options.
{| class="wikitable"
!Element
!Description
|-
|Firmware information
|Here, the current BMC-version and the date of the builds are stated
|-
|Host state
|Displays the host as online or offline and is a link to the [[Benutzer:Sbohn/Spielwiese1#Power Control|Power Control]]
|-
|Quick search
|Provides a search bar for quick navigation
|-
|[[Benutzer:Sbohn/Spielwiese1#Menu options|Menu options]]
|The individual administration opportunities of the TKMI
|}

=== Quick-button bar ===
The elements in the quick-button bar are available on every page of the TKMI.
{| class="wikitable"
!Element
!Description
|-
|[[file:TKMI Quick-Button-Leiste Mail.png|frameless]]
|Displays an event log of warnings. The messages can be selected to navigate to [[Benutzer:Sbohn/Spielwiese1#Logs & Reports|Logs & Reports]]
|-
|[[file:TKMI Quick-Button-Leiste Warnung.png|frameless]]
|Displays hints on host systems
|-
|[[file:TKMI Quick-Button-Leiste Sprache.png|frameless]]
|Selection of language. Currently only ''US - English'' available
|-
|[[file:TKMI Quick-Button-Leiste Widget.png|frameless]]
|Displays or hides some dashboard widgets
|-
|[[file:TKMI Quick-Button-Leiste Sync.png|frameless]]
|Synchronizes with the latest sensor and event log updates
|-
|[[file:TKMI Quick-Button-Leiste Refresh.png|frameless]]
|Click to reload the latest page
|-
|[[file:TKMI Quick-Button-Leiste User.png|rahmenlos]]
|Displays the user name of the currently logged-in user. A click on this symbol displays the authorization of the user. There are 5 authorization levels: ''User, Operator, Administrator, None, OEM1''
|}
1Hint: All authorization are explained in more detail in the [[TKMI User Management|User Management]] menu

=== Dashboard ===
On the dashboard, widgets can be found, that provide information on different key figures. There are '''4 standard widgets''' and '''4 extended widgets''' in the Thomas-Krenn Management Interface (December 10th, 2024).

==== Standard-Widgets ====
{| class="wikitable"
!Element
!Descriptions
|-
|Power-On Hours
|Shows how much time has passed since the host was switched on. Resets during firmware updates.
|-
|Access Logs
|A graphic representation of different sensors and occupied/available storage in the protocols. By clicking on the ''More Info'' link, the [[TKMI Logs & Reports#Audit Log|Audit Log]], the [[TKMI Logs & Reports#Audit Log|Audit Log]] page can be called up
|-
|System Identify LED
|Switches the LED on and off on the physical device to identify the host system.
|-
|Set Debug Shell
|Switches the ''Debug Shell'' on and off
|}

==== Extended widgets ====
{| class="wikitable"
!Element
!Descriptions
|-
|Pending Deassertions
|Here, all ''Asserted Events'' are listed that are waiting for a ''De-Assertion''. To receive details on the events, click on the ''More Info'' link. This opens the [[TKMI Logs & Reports#IPMI Event Log|event protocol]]
|-
|Today & 30 Days
|Here, a list of event logs is displayed that were recorded by different sensors. Click on the ''Details'' link to get to [[TKMI Logs & Reports#IPMI Event Log|event log]].
|-
|Sensor Monitoring
|All critical sensors of the device are listed here. By clicking on a sensor in the list, the sensor detail page will be displayed with sensor information and sensor event details.
|}

=== Help symbol ===
On all subpages of the TKMI, there is a help symbol located in the right upper corner: [[file:TKMI Help-Icon.png|frameless|32x32px]]

By clicking on this symbol, helpful hints about the called up pages appear.

== Menu options ==
The TKMI offers the following administration options. Follow the corresponding link for details on the individual elements

=== [[TKMI sensor|sensor]] ===
On this page, details on all sensors available are displayed, for example name, type, status, current measured value and behaviour. Sensor readings are available for temperature, fans, watchdogs and voltage sensors as well as for supported discret sensors. The page is automatically updated with the latest data from the data base.

The sensors are sorted by type and status (''Critical'', ''Discrete'', ''Normal'' and ''Disabled'').

=== [[TKMI System Inventory|System Inventory]] ===
This page shows information on the hardware of the host computer.

The components are distributed in categories for better readability. These are '''System''', '''Processor''', '''Memory Controller''', '''BaseBoard''', '''Power''', '''Thermal''', '''PCIE Function''', '''Storage'''.

=== [[TKMI FRU information|FRU information]] ===
General information, housing information, board information and product information on Field Replacable Unit (FRU)-devices of the BMC are displayed on this page.

=== [[TKMI Logs & Reports|Logs & Reports]] ===
Behind this dropdown-menu, different logs and reports are located that are created during host system operations.

Here, the '''IPMI Event Log''', '''Operation Log''', '''Audit Log''', '''Video Log''' and the '''SOL Video Log''' are located.

=== [[:Category:TKMI Settings|Settings]] ===
This is a collection of different configuration settings of the TKMI. Here you will find '''RAID Management''', '''Network Settings''', '''User Management''', '''SSL Settings''' and '''SMTP Settings''' among many others.

=== [[TKMI Remote control|Remote control]] ===
In this menu option, you will find a HTML5-console and a serial over LAN (SOL) remote connection to the host system.

=== [[TKMI Image redirection|Image redirection]] ===
This option displays the '''Remote Images''' that are available for the BMC. For every image type, up to 4 images can be added depending on the configuration.

=== [[TKMI Power control|Power control]] ===
Here, the host system can be switched on and off as well as restarted remotely.

=== [[:Category:TKMI Maintenance|Maintenance]] ===
On this page, different components of the host system can be maintained. Here, '''BMC''' and '''BIOS Update''', '''Backup Configuration''', '''BMC Reset''', '''Reset Factory Defaults''' are located.

=== '''Sign Out''' ===
Logout from TKMI

==More information==
[https://en.wikipedia.org/wiki/MegaRAC System on a chip] (wikipedia.org, Dezember 2024)

[https://en.wikipedia.org/wiki/Serial_over_LAN Serial over LAN (SOL)] (wikipedia.org, Dezember 2024)

{{Sbohn}}
{{Aranzinger}}
[[Category:Thomas-Krenn Management Interface]]
[[de:Übersicht TKMI]]

Nextcloud files - overview

2026-02-10T10:08:14Z

Aranzinger: Created page with "'''Nextcloud''' offers an easy way to back up, share, and upload files to the cloud so you can work on and manage them alone or together. In addition, they can be synchronized across multiple devices (PCs, laptops, cell phones, tablets, etc.) so that you always have the correct data on your devices. Nextcloud files This is the base of Nextcloud and it is perfectly suitable for '''sharing information/files/folders''..."

'''Nextcloud''' offers an easy way to back up, share, and upload files to the cloud so you can work on and manage them alone or together. In addition, they can be synchronized across multiple devices (PCs, laptops, cell phones, tablets, etc.) so that you always have the correct data on your devices.
[[File:Login-View_Files.png|alt=Nextcloud Files|thumb|Nextcloud files]]
This is the base of Nextcloud and it is perfectly suitable for '''sharing information/files/folders''' and to archive with other communication partners (internal/external). Thomas-Krenn.AG uses Nextcloud files, for example, to enable file exchange with our customers that would exceed the conventional maximum file size for email attachments. Here is a brief overview of the Nextcloud Files GUI. 

== Overview ==
[[file:File-Overview.png|small|application menu of Nextcloud Files]]

=== All files ===
All your personal files and folders that belong to you or that you are authorized to view are displayed here. These are your "My Documents" or your private "home directory". You will also see files that have been shared with you. You can view and edit these files, but you cannot delete them because you are not the owner of the file.

=== Newest ===
Contains a chronological view of all files and folders uploaded by you or shared with you.
=== Favourites ===
Here you can see all files and folders marked with an asterisk for quicker access.

=== Releases ===
Here you can see all the shares that have been created for you and to which you therefore have access. You can also see all the shares that you have enabled for other users or external participants. You can distinguish both categories by the approval icon. If the symbol is available, this is a release that you have created. In addition, you can hover your mouse over the user avatar (round circle) to see whether it is a share for someone or from someone.

=== Tags ===
Tags are keywords in German and can be set for files from any source. This can be useful for certain scenarios. Under "tags" you can search for keywords and display only files that have been tagged with Tag1 and/or Tag2, etc. Please note: When used in combination with Nextcloud Talk, there are currently issues with setting tags.

== Create release ==
[[File:File-Sharing-Nextcloud.png|alt=Nextcloud Files Sharing|thumb]]
[[File:Nextcloud-File-Share-Options-2.png|alt=Nextcloud Files Sharing Optionen|thumb]]
Nextcloud offers the possibility to forward contents to registered users as well as external users. Attached, you will find possibilities for sharing objects in Nextcloud:

=== Release file or folder ===
To release a file to somebody, you have to click on the approval symbol (1)

=== For external users ===
Enter the email address of the desired recipient at (1). This recipient will then receive a link for the release.

=== For created users ===
Enter the email address of the desired recipient at (1). This recipient will then receive a link for the release.

=== For other Nextcloud instances ===
You can also forward files or folders to other Nextcloud instances. For this, enter the Federated-Cloud-ID of your sharing partner at (1). This feature has not been tested yet by Thomas-Krenn.AG.

=== Share link ===
Here (2), you will receive a release link for the object and you can also set additional options, for example if preparing the document is allowed, the download is prohibited or if a password or expiration date should be set. In addition, you can leave a note for the recipient that will be added when sharing the link. Example: "Hello colleagues, please take a look on this file and give me feedback."

=== Others with access ===
Here (3), you can see internal users, that do also have access onto this file.

=== Internal link ===
This link (4) can be copied as direct link into the clipboard and manually sent to a recipient. This only functions for users that already have access on these files (internal users).

== Deleted files ==

If you have deleted one or more objects, you can view a list of the files you have deleted under "Files" > “Deleted items” and permanently delete or restore them as needed. You can also use bulk editing to delete or restore multiple objects or even all objects.

=== Recreate object ===
To recreate a file or a folder, click on the "Restore" button to the right of the file name. The object is recreated and integrated at the original location.

=== Delete object permanently ===
[[File:Nextcloud_delete_permanently.png|alt=Nextcloud Files - Dateien dauerhaft löschen|none|thumb|647x647px|Nextcloud files - delete files permanently]]
Follow the steps 1 and 2 to permanently delete files or folders. Please note that there will be no further security prompt!

===Retention period ===
By default, Nextcloud allows deleted files to occupy up to 50% of the total storage space. Once the 50% limit is reached, Nextcloud deletes the oldest deleted files until the limit is again below 50%. Regardless of this rule, deleted files are retained for 30 days and then automatically deleted.

== Display hidden files ==
[[File:Show_hidden_files.png|alt=Nextcloud Files - versteckte Dateien anzeigen|thumb]]
If you want to upload files that are hidden by default in the operating system and contain a "." before the file name, you must explicitly set this so that they are displayed in Nextcloud.

To do this, click on the Settings menu item (1) under Files and then select "Show hidden files".

Examples for these files are .htaccess files or certain configuration files from Linux operating systems. You will not know if you have uploaded or possess hidden files. This can be determined in the folder browser:
[[file:Include Hidden Files.png|zentriert|miniatur|826x826px|Nextcloud Files - Hidden Files ]]

== More information ==
* [https://docs.nextcloud.com/ Nextcloud Manual] (docs.nextcloud.com)

{{Jsterr}}
{{Aranzinger}}
[[Category:Server-Software]]
[[de:Nextcloud Dateien - Überblick]]

Backup Proxmox VE VM with HA status "stopped" under Veeam

2026-02-05T13:41:15Z

Aranzinger:

This article shows how to change the configuration of the Veeam server that backing up virtual machines with HA status "stopped" works.

== Troubleshooting ==
When securing Proxmox VE VMs with the help of Veeam, the following error notification may appear:

"'''01/09/2025 7:28:08 AM:: hostname-machine: Failed to perform backup: Failed to connect the NBD server to the hypervisor host".'''

The reason for this is that the virtual machine under Proxmox has the HA status "stopped", which means that the Veeam server cannot reach the virtual machine and therefore cannot back it up.

== Solution ==
# Search for the installation directory of your Veeam server and in it the file "appsettings.json"
#: '''Hint:''' The standard path is C:\Program Files\Veeam\Plugins\PVE\Service\appsettings.json
# Open the file with administrator rights and change the value from <"LockVmOnBackup": false, > to <"LockVmOnBackup": true,>
# Restart VeeamPVESvc to make the changes effective
#: '''Hint:''' Verify whether backups or restore operations are running; if so, wait for them to finish or stop them.

The VM is then locked during the backup job, and the backup job runs even with the HA status set to "stopped".

== More information ==
* [[File:Proxmox_Backup_Error_VM_locked.png|alt=small|thumb|309x309px]]If errors appear during the backup, the VM stays in locked state. You can unlock the VM with "qm unlock <VM-number>".
* During the backup, it may be that Proxmox protocols some errors, as the VM can not be stopped due to the backup. This mistake can be ignored, as the backup is still completed successfully. However, it is recommended to hide this message in the corresponding monitoring system.

{{Npauli}}
{{Aranzinger}}
[[Category:Proxmox Troubleshooting]]
[[Category:Veeam]]
[[de:Backup Proxmox VE VM mit HA Status "stopped" unter Veeam]]

Tape Library/Integration of PBS into Autoloader

2026-01-30T10:22:36Z

Aranzinger: Created page with "This article shows how to integrate a Tape Library / an Autoloader into the Proxmox Backup server. == Initial situation == - Proxmox Backup server with integrated HBA for the connection between PBS and Tape Library - Quantum Superloader 3 (Autoloader) - wiring between Tape Library / Autoloader and the Proxmox Backup server == Configuration == The following steps need to be performed, so that the Tape Library can be added: <gallery> file:Tape Backup PBS Changer.pn..."

This article shows how to integrate a Tape Library / an Autoloader into the Proxmox Backup server.

== Initial situation ==
- Proxmox Backup server with integrated HBA for the connection between PBS and Tape Library

- Quantum Superloader 3 (Autoloader)

- wiring between Tape Library / Autoloader and the Proxmox Backup server

== Configuration ==

The following steps need to be performed, so that the Tape Library can be added:

<gallery>
file:Tape Backup PBS Changer.png|First, the changer must be added to the PBS. To do this, click on "'''Tape Library'''", then on "'''Changers'''" and then on "'''Add'''". Now you can assign a name for the changer and enter the ISCSI path, which should be added automatically if the cabling is correct. Then you can add the changer by clicking on "'''Add'''".
file:Tape Backup PBS Drives.png|After this, the drives must be added. Click on "'''Add'''" under "'''Drive'''". Here, too, a name can be assigned, and the changer and path can be selected. Click on "'''Add'''" to apply the configuration.
file:Tape Backup PBS Encryption Key.png|As an optional possibility, a key can be created under "'''Encryption Keys'''" for later configuration of the media pools.
file:Tape Backup PBS Media Pools.png|In the following, the media pool can be created. Click on "'''Add'''" under "'''Media Pools'''". Assign a "'''name'''" and configure "'''Allocation & Retention Policy'''", as well as the encryption key.
file:Tape Backup PBS Label Media.png|The media is now labeled. Go to "'''Add Tape'''" under "'''Inventory'''" and configure "'''Drive'''" "'''Label'''" and "'''Media Pool'''".
file:Tape Backup PBS Backup Job.png|Now all you have to do is create the backup job on the tape. To do this, go to "Backup Jobs" and click 'Add' to configure the backup job according to your requirements. Finally, you can create the backup job by clicking “OK.”
file:Tape Backup PBS Inventory.png|The status should now be on "'''Writable'''" under "'''Inventory'''".
file:Tape Backup PBS Übersicht.png|After successful configuration, your system should look similar to this graphic.
</gallery>After you have performed all steps, you have successfully integrated your Tape Library / Autoloader into the Proxmox Backup server.
'''Hint''': Test the backup job for safety's sake before you use the system in the productive area.
{{Npauli}}
{{Pstreifinger}}
{{Aranzinger}}
[[Category:Proxmox Backupserver]]
[[de:Tape Library/Autoloader in PBS einbinden]]

Installation Virtual Tape Library

2026-01-30T06:27:35Z

Aranzinger: Created page with "This article describes how to install and configure a Virtual Tape Library. A Virtual Tape Library offers different advantages compared to a usual Tape Library, for example the possibility to outsource the Tape backups to the cloud or a higher writing and reading performance due to emulated tapes. This article shows the installation and configuration of a VTL based on QUADStor as well as StarWind. == Prerequisites: == === QUADStor: === * VM with installed Debian 12.X..."

This article describes how to install and configure a Virtual Tape Library. A Virtual Tape Library offers different advantages compared to a usual Tape Library, for example the possibility to outsource the Tape backups to the cloud or a higher writing and reading performance due to emulated tapes.

This article shows the installation and configuration of a VTL based on QUADStor as well as StarWind.

== Prerequisites: ==

=== QUADStor: ===

* VM with installed Debian 12.X, it is recommended to not operate any further services on this VM and only use it as VTL
* VM with at least 8GB RAM (16GB when a lot of traffic is planned, 64GB if Dedup should be used)
* VM with at least 4 cores
* also possible as hardware-system alternatively
* valid subscription, QUADStor revises their license model currently

=== StarWind: ===

* VM with installed Windows or Linux
* at least 4 vCPU with 1.7GHz (VM), at least 8 vCPU with 1,7GHz (VM + ZFS), at least 1 CPU with 1.7GHz (Bare-Metal)
* at least 8GB RAM; at least 16GB RAM for ZFS
* separate data carrier or partition for VTL; capacity depending on usage
* also available as a hardware system alternatively 

== VTL with QUADStor ==

=== Installation QUADStor VTL ===
First, some packages need to be reinstalled, which will be required for the operation of QUADStor VTL:<pre>
apt update

apt install uuid-runtime build-essential sg3-utils apache2 gzip xz-utils postgresql libpq-dev psmisc linux-headers-`uname -r`

a2enmod cgi
</pre>After this, the webserver must be started:<pre>
systemctl restart apache2
</pre>

In addition, the installation package for QUADStor will be uploaded on the server. Go to the official [https://www.quadstor.com/downloads.html QUADStor website] and search the suitable version depending on OS and version.

In this example, the package for Debian 12.X is used and the selected package can now be uploaded to the VM and installed with wget:<pre>
wget https://www.quadstor.com/vtldownloads/quadstor-vtl-ext-3.0.79.21-debian12-x86_64.deb
apt install ./quadstor-vtl-ext-3.0.79.21-debian12-x86_64.deb
</pre>
Perform the following command to activate the service:<pre>
systemctl enable --now quadstorvtl.service

</pre>
Finally, the service can be checked if it is active and functional. If that is the case, the VM must be restarted:<pre>
root@np-vtl-01:~# systemctl status quadstorvtl.service
● quadstorvtl.service - QUADStor Virtual Tape Library
Loaded: loaded (/lib/systemd/system/quadstorvtl.service; enabled; preset: enabled)
Active: active (running) since Wed 2024-08-21 08:43:28 CEST; 34min ago
Tasks: 1724
Memory: 241.4M
CPU: 4.031s
CGroup: /system.slice/quadstorvtl.service
├─637 /quadstorvtl/sbin/coredev
├─660 /quadstorvtl/sbin/ietd
└─663 /quadstorvtl/sbin/vtmdaemon

Aug 21 08:43:28 np-vtl-01 vtmdaemon[663]: tl_server_load_conf:3933 ioctl qload
Aug 21 08:43:28 np-vtl-01 vtmdaemon[663]: tl_server_load_conf:3939 restart export jobs
Aug 21 08:43:28 np-vtl-01 vtmdaemon[663]: tl_server_load_conf:3942 reply to client
Aug 21 08:43:28 np-vtl-01 vtmdaemon[663]: tl_server_restart_export_jobs:6641 start
Aug 21 08:43:28 np-vtl-01 vtmdaemon[663]: tl_server_load_conf:3944 end
Aug 21 08:43:28 np-vtl-01 vtmdaemon[663]: tl_server_restart_export_jobs:6704 end
Aug 21 08:43:28 np-vtl-01 systemd[1]: Started quadstorvtl.service - QUADStor Virtual Tape Library.

root@np-vtl-01:~# reboot
</pre>

Now, you can connect to the websurface of QUADStor with the IP of your VM <code><nowiki>http://your.server.ip/</nowiki></code>

=== Configuration QUADStor VTL ===
Hint: You can also use Import-Files from QUADStor for the definition of the Changer and Drives. This can be found here:[https://www.quadstor.com/uscripts/ Definition Files]<gallery>
file:Webinterface QUADStor.png|Here, you can see the webinterface from QUADStor. To start the configuration, click on '''[Physical Storage]'''.
file:QUADStor Physical Storage.png|Here, the unassigned disks can be assigned to the respective storage pool by clicking on '''[Add]'''. Execute this for all disks.
file:QUADStor Physical Storage Add.png|Select the Default Pool and click on '''[Submit]'''. The assignment should only be visible in the overview.
file:QUADStor Add Storage Pool.png|If you do not want to use the Default Pool, you can create a new pool under '''[Storage Pools]'''. Alternatively, you can also adjust the Default Pool as desired in this tab. For this, click on '''[View]'''.
file:QUADStor Add Drive Definition.png|Now, the '''[Drive Definition]''' must be adjusted under '''[Device Definitions]'''. Click on '''[Add Drive Definition]''' and adjust the parameters. An explanation of the parameter can be found in the table below. Click on '''[Submit]'''.
file:QUADStor Add Changer Definition.png|The changers must also be created under the same tab. To do this, click on '''[Add Changer Definitions]''' and adjust the values. Apply the configuration by clicking on '''[Submit]'''.
file:QUADStor Device Definition Summary.png|After this, the definitions should look similar to this.
file:QUADStor Virtual Libaries.png|Click on '''[Virtual Libraries]''' to create the VTL and click on '''[Add VTL]'''.You can then assign a name, VDrives, VSlots, and the definitions from earlier. An explanation for this can be found below.
file:QUADStor Virtual Libaries Summary.png|The configuration should look similar to this. Go to '''[Add VCartridge]''' to conclude the configuration.
file:QUADStor Add VCartidgePNG.png|Here, under '''[Number of VCartridge]''', you can define how many tapes should be integrated into the VSlots. In addition, a label/prefix must also be assigned. This must consist of 6 characters and a 0 for automatic numbering.
</gallery>

Definition of Changer Definitions:
{| class="wikitable"
|+
!Term
!Definition
|-
|Name
|Unique name for Changer Definition. Only contains numbers and letters.
|-
|Vendor
|Replicated manufacturer name. Only contains numbers and letters.
|-
|Product
|Replicated product name. Contains numbers, letters as well as blank spaces.
|-
|Revision
|Replicated firmware status. May contain numbers, letters, spaces, and periods.
|-
|Serial Prefix
|Prefix for automatic generated serial number. Placed before the serial number.
|-
|Serial Suffix
|Suffix for automatic generated serial number. Placed before the serial number.
|-
|Serial Length
|Length of automatic generated serial numbers (usually between 10 - 12)
|-
|Inquiry Length
|Length of the SCSI query response (usually 56)
|-
|Drive Start Address
|States starting address for drives (leave as Default)
|-
|IE Start Address
|States the IE starting address for drives (leave as Default)
|-
|Slot Start Address
|States the slot starting address for drives (leave as Default)
|-
|AVoltag
|Determines whether the changer reports its virtual drive serial number in response to a SCSI read element
|}
Definition Drive Definitons:
{| class="wikitable"
!Term
!Definition
|-
|Name
|Unique name for drive definition. Only contains numbers and letters.
|-
|Vendor
|Replicated manufacturer name. Only contains numbers and letters.
|-
|Product
|Replicated product name. Contains numbers, letters and blank spaces.
|-
|Revision
|Replicated firmware-status. Contains numbers, letters blank spaces and dots.
|-
|Serial Suffix
|Suffix for automatic generated serial number. Attached to the serial number.
|-
|Serial Prefix
|Prefix for automatic generated serial number. Placed before the serial number.
|-
|Serial Length
|Length of automatic generated serial number ( usually between 10 - 12)
|-
|Inquiry Length
|Length of SCSI-query response (usually 56)
|-
|Media Type
|Defines which type of tape is emulated, such as LTO8, LTO7, etc.
|}

== VTL with StarWind ==

=== Installation StarWind ===
This installation is made on a Windows server 2022. To start the installation, execute the downloaded EXE-file.

'''Hint:''' To test StarWind VTL, you need a license key for the trial version. The free version offers only a very limited range of functions.<gallery>
file:StarWind vSAN.png|At the beginning, you can see installation nodes.
file:StarWind vSAN Installation path.png|Select the installation path.
file:StarWind vSAN VTL Checkbox.png|Check all required packages. Alternatively, you can also select ['''Full'''], so that all dependencies can be considered.
file:StarWind vSAN Start Menu.png|Enter now a path for the starting menu.
file:StarWind vSAN Desktop Icon.png|If necessary, you can also create a desktop icon.
file:StarWind vSAN Licence Key.png|After this, you have to state if you already have a License-Key or not. If this is not the case, the StarWind opens and you can request a key.
file:StarWind vSAN Add Licence Key.png|The path to the License-key must be entered.
file:StarWind vSAN Summary.png|Now, you can see a short summary of the licenses.
file:StarWind vSAN EULA.png|After this, you have to accept the EULA.
file:StarWind vSAN Summary2.png|Here you can see an overview of the configured parameters. If these meet your requirements, click on '''[Install]'''.
file:StarWind vSAN Basic Config.png|In the following, you can adjust different parameters such as ports or passwords. By clicking on '''[OK]''', the installation will be concluded.
</gallery>

=== Configuration StarWind ===
After successful installation, some configurations must be performed, so that the VTL can be integrated into your system:<gallery>
file:StarWind Add Storage.png|You can open the StarWind Management console. It will be displayed in the beginning that no pool has been configured yet.
file:StarWind Select Drive2.png|To configure this, go to your server on the left side under ['''Server'''] and click on ['''Connect'''], then you can select the respective drive for the pool.
file:StarWind Add VTL.png|After this, click '''"Add VTL Device"'''. Here, you can create a new VTL or add an existing one. For this, enter the respective path.
file:StarWind Select Devices.png|Select an additional model that should be emulated and click on ['''Next'''].
file:StarWind VTL Target.png|You can state an Alias for the VTL Target. For this, state a name and select ['''Create new Target''']. In addition, you can also allow the connection of multiple iSCSI endpoints. Click on ['''Next'''].
file:StarWind Creation Page.png|The VTL will be now created and configured.
file:StarWind Final.png|Finally, you will see the target name again, with which you can connect the VTL to your system. Finally, click on ['''Close'''].
</gallery>You can then connect your respective VTL to your backup infrastructure and start backing up.

==More information==
[https://pbs.proxmox.com/wiki/index.php/Installing_a_Virtual_Tape_Library Installing a Virtual Tape Library] 
[https://quadstor.com/vtlsupport/145-installation-on-rhel-centos-sles-debian.html Installation on RHEL CentOS SLES Debian]

{{Npauli}}
{{Aranzinger}}
[[Category:Server-Software]]
[[de:Installation Virtual Tape Library]]

Apache2 - Installation

2026-01-29T09:30:34Z

Aranzinger: Created page with "Copyright © 1997-2025 The Apache Software Foundation. This article describes how to install an Apache2 webserver under Ubuntu 24.04 LTS and provide a simple website. == Requirements == * Ubuntu 24.04 LTS (server or desktop) * Sudo- or Root-access * Internet connection The installation is done exclusively from the official Ubuntu package sources. == Installation of Apache2 == The installation is di..."

[[file:Apache-HTTP-LOGO.png|thumb|Copyright © 1997-2025 The Apache Software Foundation.]]

This article describes how to install an [[Apache2|Apache2 webserver]] under [[Ubuntu|Ubuntu 24.04 LTS]] and provide a simple website.
== Requirements ==
* [[Ubuntu|Ubuntu 24.04 LTS]] (server or desktop)
* Sudo- or Root-access
* Internet connection

The installation is done exclusively from the official Ubuntu package sources.

== Installation of Apache2 ==

The installation is directly performed via the [[Ubuntu]] package manager.

<gallery>
Apache2_Installation-01.png | '''Step 1:''' First, package lists should be updated and available packages should be brought up to date: <code>sudo apt update && sudo apt upgrade -y</code>
Apache2_Installation-02.png | '''Step 2:''' After this, the Apache2 webserver can be installed: <code>sudo apt install apache2 -y</code>
Apache2_Installation-03.png | '''Step 3:''' With the following command, it can be verified if the Apache2-service is active: <code>systemctl status apache2</code>
Apache2_Installation-04.png | '''Step 4:''' If the service is active, the webserver should be available in the browser under<code>http://IP-address/</code>.
</gallery>

== Add own website ==

After successful installation, the standard content can be replaced by an own website.

<gallery>
Apache2_Installation-05.png | '''Step 1:''' Switch to the Apache standard web directory: <code>cd /var/www/html/</code>
Apache2_Installation-06.png | '''Step 2:''' Optionally, you can safe or remove the existing <code>index.html</code>.
Apache2_Installation-07.png | '''Step 3:''' Create a new example website: <code>sudo nano index.html</code>
Apache2_Installation-08.png | '''Step 4:''' The new website is immediately visible in the browser after storing the file.
</gallery>

== Troubleshooting ==

* '''Website unavailable'''
** check whether the service is running: <code>systemctl status apache2</code>
** control firewall-rules: <code>sudo ufw status</code>

* '''Changes are not displayed'''
** empty browser-cache or reload page (<code>Strg + F5</code>)
** check file rights: <code>ls -l /var/www/html</code>

* '''Port 80 occupied'''
** check occupied ports: <code>sudo ss -tulpn</code>

== Summary ==

An [[Apache2|Apache2 webserver]] can be installed and operated under [[Ubuntu|Ubuntu 24.04 LTS]] in just a few steps.
After the installation, the standard content can be replaced by own websites and the webserver can be secured by fundamental measures.
{{Azillner}}
{{Aranzinger}}
[[Category:Server-Software]]
[[de:Apache2 - Installation]]

Apache2

2026-01-29T07:39:35Z

Aranzinger: Created page with "Copyright © 1997-2025 The Apache Software Foundation. The '''Apache HTTP server''' (in Linux systems often described as '''Apache2''') is one of the most used webserver worldwide.<ref>https://httpd.apache.org/</ref> It was developed by the '''Apache Software Foundation''' and is a free open-source software.<ref>https://www.apache.org/foundation/</ref> Apache2 is stable, flexible and performant and has been forming the base of multi..."

[[file:Apache-HTTP-LOGO.png|thumb|Copyright © 1997-2025 The Apache Software Foundation.]]
The '''Apache HTTP server''' (in Linux systems often described as '''Apache2''') is one of the most used webserver worldwide.<ref>https://httpd.apache.org/</ref>

It was developed by the '''Apache Software Foundation''' and is a free open-source software.<ref>https://www.apache.org/foundation/</ref>

Apache2 is stable, flexible and performant and has been forming the base of multiple web applications and Internet services for many years.
== What is Apache2? ==

Apache2 is a '''webserver''' that accepts HTTP- and HTTPS-requests of clients and then delivers websites or web applications.

It supports static contents such as HTML, CSS or pictures as well as dynamic contents that are generated via script languages or backend-services.

A key feature of Apache2 is its '''modular structure'''. Functions are provided via modules that can be activated or deactivated as needed.<ref>https://httpd.apache.org/docs/2.4/mod/</ref>

== Central characteristics ==

* Open Source and free to use<ref>https://www.apache.org/licenses/</ref>
* modular setup
* high stability and safety
* large community and extensive documentation
* cross-platform (Linux, Windows, Unix)

== Typical applications ==

=== Hosting of websites ===

Apache2 is often used to run traditional websites, including:
* company pages
* blogs
* forums
* Wikis
* documentation portals

Multiple websites can be operated simultaneously on a server thanks to virtual hosts.<ref>https://wiki.ubuntuusers.de/Apache/Virtual_Hosts/</ref>

=== Operating dynamic web applications ===

Apache2 is often used in combination with script and programming languages, for example:
* '''PHP''' (for example WordPress, Joomla, MediaWiki)<ref>https://www.php.net/manual/en/install.apache2.php</ref>
* '''Python''' (for example über mod_wsgi)<ref>https://modwsgi.readthedocs.io/</ref>
* '''Perl''' (for example via mod_perl)<ref>https://perl.apache.org/</ref>

A classic example is the so-called '''LAMP-Stack''' (Linux, Apache, MySQL/MariaDB, PHP/Perl/Python).<ref>https://wiki.ubuntuusers.de/LAMP/</ref>

== Important modules ==

Apache2 provides multiple modules including:

* '''mod_ssl''' – support for HTTPS<ref>https://httpd.apache.org/docs/2.4/mod/mod_ssl.html</ref>
* '''mod_rewrite''' – URL-transcriptions<ref>https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html</ref>
* '''mod_headers''' – controlling HTTP-Headers<ref>https://httpd.apache.org/docs/2.4/mod/mod_headers.html</ref>
* '''mod_proxy''' – Proxy- and Reverse-Proxy-functions
* '''mod_auth''' – authentication and access control<ref>https://httpd.apache.org/docs/2.4/howto/auth.html</ref>

== Safety ==

Apache2 is considered secure if it was configured correctly and updated regularly.<ref>https://httpd.apache.org/security/</ref>

Typical security measures include:

* use of HTTPS (TLS/SSL)
* safety updates on a regular basis
* restrictions of file rights
* use of security headers
* deactivation of unused modules

== Result ==

Apache2 is a proven, powerful, and extremely versatile web server.

Thanks to its modular design, it is suitable for smaller private websites as well as for complexe company solutions.

The large community, the extensive documentation and the continuous development make Apache2 a cornerstone of modern web infrastructures even today.

== More information ==
You can find installation instructions for '''Apache2''' here:
[[Apache2 - Installation]]

== Source ==
<references />

{{Azillner}}
{{Aranzinger}}
[[Category:Server-Software]]
[[de:Apache2]]

Time synchronisation under Linux with DCF77 radio clock module in ntpd

2026-01-28T13:36:12Z

Aranzinger: Created page with "Linux systems can obtain time information via the Internet using the '''Network Time Protocol''' (NTP) and the NTP service ntpd, thereby keeping the local system time up to date. If a system does not have network access, a '''PC radio clock with USB interface''' can be used for time synchronization. In this article, we present the configuration of such a radio clock using the example of a '''Expert Mouse Clock USB II 0107''' under Ubuntu 16.04 with Linux kernel 4..."

[[Linux]] systems can obtain time information via the Internet using the '''Network Time Protocol''' (NTP) and the NTP service ntpd, thereby keeping the local system time up to date. If a system does not have network access, a '''PC radio clock with USB interface''' can be used for time synchronization. In this article, we present the configuration of such a radio clock using the example of a '''Expert Mouse Clock USB II 0107''' under [[Ubuntu]] 16.04 with Linux kernel 4.4 on a LES v3.

== Hardware installation and alignment of antenna ==
[[file:Mouseclock.jpg|thumb|PC-radio clock''Expert Mouse Clock USB II 0107'']] The radio clock module is directly connected with an USB port of the Linux system. As soon as the module receives power via the USB interface, it starts to pick up the bits of the DCF77 radio signal <ref>[https://de.wikipedia.org/wiki/DCF77 DCF77] (de.wikipedia.org)</ref> on longwave from the computer independently (77,5 kHz).

For the best possible reception, please note the following:
* Electromagnetic interference from nearby power supplies, CRT monitors, electric motors, other electrical devices, or metal plates can significantly disrupt radio/longwave signals. Therefore, the radio clock module should not be located near such devices.
* The spatial alignment of the module to the transmitter is very important. The module receives long-wave signals from the Mainflingen transmitter via the built-in ferrite antenna.<ref>[https://de.wikipedia.org/wiki/ Transmission stations in Mainflingen] (de.wikipedia.org)</ref> A horizontal and perpendicular alignment to the transmitter location is highly recommended.<ref>[https://de.wikipedia.org/wiki/file:Dcf_weite.jpg Spread of DCF77 Signalt (file:Dcf weite.jpg)] (de.wikipedia.org)</ref> This ensures that the best possible signal strength is achieved on the module.
* Status of operating LED: If the operating LED blinks irregularly fast on the module, the radio connection is disrupted. In this case, no time synchronisation is possible. During normal operation, the LED flashes slowly, alternating between red and green every second.

== Set up time server NTP daemon ==
The '''ntp''' daemon supports multiple radio clock modules including the Expert Mouse Clock USB II 0107 module used in the test.

The NTP daemon is installed under Ubuntu via apt:
:<code>sudo apt install ntp</code>

In order for the module to be addressed by the NTP daemon, the configuration file /etc/ntp.conf must be modified as follows (for example via ''nano /etc/ntp.conf''):
<pre>
driftfile /var/lib/ntp/ntp.drift
server 127.127.8.0 mode 19 prefer
logfile /var/log/ntp
logconfig =all
</pre>

The supposed network address 127.127.8.0 is not an IP address, but a stored pseudo IP. The first part "127.127.8" refers to the generic reference driver.<ref>[http://doc.ntp.org/current-stable/drivers/driver8.html Generic Reference Driver] (doc.ntp.org)</ref> The rear part "0" refers to the device under which the radio clock module is addressed. (/dev/refclock-0).

== Set up udev rule ==
To automatically create the device file /dev/refclock-0 for the radio clock module at system startup, a udev rule is required. The USB ProductID is required to set up the rule that can be requested via ''lsub'':
<pre>
tk@testsystem:~$ lsusb
[...]
Bus 001 Device 004: ID 0403:e88a Future Technology Devices International, Ltd Expert mouseCLOCK USB II
[...]
tk@testsystem:~$
</pre>

Now, the respective rule (for example via ''sudo nano /etc/udev/rules.d/05-DCF77.rules'') can be created with the following content in the ''/etc/udev/rules.d/'' folder:
<pre>
KERNEL=="ttyUSB*", ATTRS{idProduct}=="e88a", SYMLINK+="refclock-0"
</pre>

This creates a symbolic link /dev/refclock-0 for the USB device with the ProductID e88a.

The link is then available by calling ''sudo udevadm trigger'':
<pre>
$ ls /dev/r*
/dev/random /dev/refclock-0 /dev/rfkill /dev/rtc /dev/rtc0
</pre>

==Configure AppArmor==
[[file:Apparmor.jpg|thumb|AppArmor configuration]]AppArmor must be configured accordingly so that the NTP daemon can access the serial USB TTY interface bound to "/dev/refclock-0".

Use "sudo nano /etc/apparmor.d/tunables/ntpd" to set the following entry (comment out other devices):
<pre>
@{NTPD_DEVICE}="/dev/ttyUSB*"
</pre>

After this, it is recommended to perform a reboot of the system to verify the correct functionality after a restart.

== Verification of the DCF77 module functionality ==
The function of the module can be verified with the following command:
:<code>ntpq -c cv -c rv</code>

Example output after a short runtime:
<pre>
associd=0 status=0020 2 events, clk_unspec,
device="RAW DCF77 CODE (Expert mouseCLOCK USB v2.0)",
timecode="---#-#-#-#####---D--S12--1--P1----2p1--8-2-241--8----81---P",
poll=4, noreply=0, badformat=1, baddata=0, fudgetime1=425.000, stratum=0,
refid=DCFa, flags=0,
refclock_time="df5a4d5e.00000000 Sat, Sep 29 2018 19:13:34.000",
refclock_status="DST; TIME CODE; (LEAP INDICATION; CALLBIT)",
refclock_format="RAW DCF77 Timecode",
refclock_states="*NOMINAL: 00:01:35 (42.98%); BAD FORMAT: 00:02:06 (57.01%); running time: 00:03:41"
associd=0 status=c218 leap_alarm, sync_lf_radio, 1 event, no_sys_peer,
version="ntpd 4.2.8p4@1.3265-o Fri Jul 6 20:10:51 UTC 2018 (1)",
processor="x86_64", system="Linux/4.4.0-135-generic", leap=11, stratum=1,
precision=-22, rootdelay=0.000, rootdisp=453.861, refid=DCFa,
reftime=df5a4d41.5497ee34 Sat, Sep 29 2018 21:13:05.330,
clock=df5a4d5f.07b18724 Sat, Sep 29 2018 21:13:35.030, peer=11255, tc=6,
mintc=3, offset=0.000000, frequency=0.000, sys_jitter=8.319076,
clk_jitter=5.563, clk_wander=0.000
</pre>

In the above example, the module needs several minutes to perform a complete time synchronization in poor reception conditions. The poor reception conditions can be seen in the following line:
: <code>refclock_states="*NOMINAL: 00:01:35 (42.98%); BAD FORMAT: 00:02:06 (57.01%); running time: 00:03:41"</code>

The following screenshot shows the output with optimal alignment of the integrated ferrite antenna (NOMINAL 99,32%, BAD 0,67% with approx. 13 hours of runtime):
[[file:BesterEmpfangV3.jpg|ohne|miniatur|960x960px]]

== References ==
<references />

{{wseifert}}
{{Aranzinger}}
[[Category:Linux]]
[[de:Zeitsynchronisation unter Linux mit DCF77 Funkuhr-Modul und ntpd]]

Analyzing NVMe I/O error messages in Linux

2026-01-28T06:02:13Z

Aranzinger: Created page with "If NMVe I/O error situations occur on a Linux system, the kernel logs error information that can be queried using the '''dmesg''' command. In this article, we show how to '''analyze a NVMe I/O error notification'''. == Example of error I/O Error sct 0x0 sc 0x4 DNR == File:Figure-100-Completion-Queue-Entry-Status-Field.png|300px|right|thumb|Completion Queue Entry Status Field: In Figure 100 der NVM Express® Base Specification Revision 2.3<ref name=nvme-base-23>[https..."

If NMVe I/O error situations occur on a Linux system, the kernel logs error information that can be queried using the '''dmesg''' command. In this article, we show how to '''analyze a NVMe I/O error notification'''.

== Example of error I/O Error sct 0x0 sc 0x4 DNR ==
[[File:Figure-100-Completion-Queue-Entry-Status-Field.png|300px|right|thumb|Completion Queue Entry Status Field: In Figure 100 der NVM Express® Base Specification Revision 2.3<ref name=nvme-base-23>[https://nvmexpress.org/wp-content/uploads/NVM-Express-Base-Specification-Revision-2.3-2025.08.01-Ratified.pdf NVM Express® Base Specification Revision 2.3] (nvmexpress.org)</ref> The meaning of the bits Do Not Retry ('''DNR'''), More ('''M'''), Command Retry Delay ('''CRD'''), Status Code Type ('''SCT'''), and Status Code ('''SC''') is explained.]]On a test system with Linux kernel 6.8.0-55-generic #57-Ubuntu, I/O tests with [[fio]] cause the fio test to abort due to an I/O error. The following can be seen in the '''dmesg''' output:

The first line contains the following information:
: <code>[74942.261934] nvme0c0n1: I/O Cmd(0x1) @ LBA 218630656, 256 blocks, I/O Error (sct 0x0 / sc 0x4) DNR</code>
: <code>[74942.262623] I/O error, dev nvme0c0n1, sector 218630656 op 0x1:(WRITE) flags 0x2008800 phys_seg 17 prio class 0</code>

The following parts of the notification are particularly interesting:
* I/O error
* sct 0x0
* sc 0x4
* DNR

The meaning of these values are documented in the NVMe express base specification<ref>[https://nvmexpress.org/specification/nvm-express-base-specification/ NVM Express® Base Specification] (nvmexpress.org)</ref>. In chapter 4.2.3 (Status Field Definition) of the NVM Express® base specification revision 2.3<ref name=nvme-base-23 />, the individual elements of the status field are described as follows:
* '''SCT''' (3 bits) - '''Status Code Type''' - states the type of status code returned by the controller (the NVMe SSD).
* '''SC''' (8 bits) - '''Status Code''' - (see details below.)
* '''CRD''' (2 bits) - '''Command Retry Delay''' - If the DNR-bit is set to „1“ in the status field, it is reserved. (See NVM express base specification for more details.)
* '''M''' (1 bit) - '''More''' - If this bit is set to „1“, there is additional status information about this command as part of the “error information log page," which can be accessed using the "Get Log Page" command. If this bit is set to "0", there is no additional status information about this command.
* '''DNR''' (1 bit) - '''Do Not Retry''' - If this bit is set to „1“, it means that if the same command is sent again to a controller in the NVM subsystem, it is likely to fail. If this bit is set to “0”, it means that the same command may be successful if repeated.

=== Status code type ===
[[File:Figure-101-Status-Code-Types.png|300px|right|thumb|Figure 101 explains the four status code types: Generic Command Status, Command Specific Status, Media and Data Integrity Errors, and Path Related Status.]]The NVM express base specification defines multiple status code types:
{| class="wikitable"
|+
!Status Code Type (sct)
!Definition
|-
|'''0'''
|'''generic command status'''
|-
|1
|command specific status
|-
|2
|media and data integrity errors
|-
|3
|path related status
|-
|4, 5, 6
|reserved
|-
|7
|manufacturer-specific
|}
In the example above (I/O error (sct 0x0 / sc 0x4) DNR), the status code type is 0 (sct 0x0).

=== Status code ===
Dependent on the respective status code type, the additional status code transmitted has a different meaning.

==== Status code (Generic Command Status) ====
[[File:Figure-102-Status-Code-of-Generic-Command-Status.png|300px|right|thumb|Figure 102: Status Code meanings of Generic Command Status information. The status code is ''sc 0x4 in the example'', which means '''Data Transfer Error'''.]]The meaning of the status code in a generic command status (sct=0) is defined in chapter 4.2.3.1. Here is an excerpt:
{| class="wikitable"
|+
!Status Code
!Definition
|-
|0
|Successful completion: The command was executed without errors.
|-
|1
|Invalid command opcode: A reserved coded value or a not supported value in the command-Opcode-field.
|-
|2
|Invalid field in command: A reserved coded value or a not supported value in a defined field (except for the Opcode-field).
|-
|3
|Command ID conflict: The command identifier (Command ID) is already used. Hint: How many commands are searched after a conflict is dependent on the respective implementation.
|-
|'''4'''
|'''Data transfer error''': An error occurred while transferring the data or metadata associated with a command.
|-
|...
|
|}
In the example above (''I/O error (sct 0x0 / sc 0x4) DNR''), the status code is 4 (''sc 0x4''). It is a matter of a '''data transfer error'''.

==== Status code (Command specific status) ====
The meaning of the status code of a command specific status (sct = 1) is defined in chapter 4.2.3.2. In this example, we will not go into detail about this.

== Interpretation of status information ==
The status information "'''data transfer error'''" indicates problems during data transmission. Cables, plug connections or backplanes may be a potential cause.

The detail output of lspci shows that the affected NVMe SSD is connected via [[PCIe]] 5.0 (32GT/s):
<pre>
# lspci -s 81:00.0 -vvv
81:00.0 Non-Volatile memory controller: KIOXIA Corporation Device 0013 (rev 01) (prog-if 02 [NVM Express])
Subsystem: KIOXIA Corporation Device 0045
Physical Slot: 1
[...]
Capabilities: [70] Express (v2) Endpoint, MSI 00
[...]
LnkCap: Port #0, Speed 32GT/s, Width x4, ASPM not supported
ClockPM- Surprise- LLActRep- BwNot- ASPMOptComp+
LnkCtl: ASPM Disabled; RCB 64 bytes, Disabled- CommClk+
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 32GT/s, Width x4
TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
[...]
LnkCap2: Supported Link Speeds: 2.5-32GT/s, Crosslink- Retimer+ 2Retimers+ DRS-
LnkCtl2: Target Link Speed: 32GT/s, EnterCompliance- SpeedDis-
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance Preset/De-emphasis: -6dB de-emphasis, 0dB preshoot
</pre>

In this example, a backplane with Oculink socket is used. However, Oculink does not support PCIe 5.0 according to specification PCIe 4.0.

To limit the connection to PCIe 4.0 speed (16GT/s), you can either use the setpci tool directly with the respective parameters or use the pci_set_speed.sh script from Alex Forenchich:<ref name=pcispeed>[https://alexforencich.com/wiki/en/pcie/set-speed PCIe Set Speed] (alexforencich.com)</ref>
<pre>
# ./pci_set_speed.sh 0000:81:00.0 4
Link capabilities: 007b7845
Max link speed: 5
Link status: 7045
Current link speed: 5
Configuring 0000:80:01.1...
Original link control 2: 001e0005
Original link target speed: 5
New target link speed: 4
New link control 2: 001e0004
Triggering link retraining...
Original link control: 70450040
New link control: 70450060
Link status: 7044
Current link speed: 4
</pre>

After executing the script, the PCIe link speed is reduced ('''LnkSta: Speed 16GT/s (downgraded)'''):
<pre>
root@xfuel:~# lspci -s 81:00.0 -vvv
81:00.0 Non-Volatile memory controller: KIOXIA Corporation Device 0013 (rev 01) (prog-if 02 [NVM Express])
Subsystem: KIOXIA Corporation Device 0045
Physical Slot: 1
[...]
Capabilities: [70] Express (v2) Endpoint, MSI 00
[...]
LnkCap: Port #0, Speed 32GT/s, Width x4, ASPM not supported
ClockPM- Surprise- LLActRep- BwNot- ASPMOptComp+
LnkCtl: ASPM Disabled; RCB 64 bytes, Disabled- CommClk+
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 16GT/s (downgraded), Width x4
TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
[...]
LnkCap2: Supported Link Speeds: 2.5-32GT/s, Crosslink- Retimer+ 2Retimers+ DRS-
LnkCtl2: Target Link Speed: 32GT/s, EnterCompliance- SpeedDis-
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance Preset/De-emphasis: -6dB de-emphasis, 0dB preshoot
</pre>

The following tests with fio did not show any problems. The cause for the '''data transfer error''' was the higher (32GT/s) transfer speed of PCIe 5.0 via components (backplanes) that are only approved up to PCIe 4.0.

=== Script for limiting the PCIe transmission rate ===
Here is the complete code of the bash-script from Alex Forenchich (License: [https://creativecommons.org/licenses/by-sa/4.0/ CC-BY-SA 4.0):<ref name=pcispeed>
<pre>
#!/bin/bash

dev=$1
speed=$2

if [ -z "$dev" ]; then
echo "Error: no device specified"
exit 1
fi

if [ ! -e "/sys/bus/pci/devices/$dev" ]; then
dev="0000:$dev"
fi

if [ ! -e "/sys/bus/pci/devices/$dev" ]; then
echo "Error: device $dev not found"
exit 1
fi

pciec=$(setpci -s $dev CAP_EXP+02.W)
pt=$((("0x$pciec" & 0xF0) >> 4))

port=$(basename $(dirname $(readlink "/sys/bus/pci/devices/$dev")))

if (($pt == 0)) || (($pt == 1)) || (($pt == 5)); then
dev=$port
fi

lc=$(setpci -s $dev CAP_EXP+0c.L)
ls=$(setpci -s $dev CAP_EXP+12.W)

max_speed=$(("0x$lc" & 0xF))

echo "Link capabilities:" $lc
echo "Max link speed:" $max_speed
echo "Link status:" $ls
echo "Current link speed:" $(("0x$ls" & 0xF))

if [ -z "$speed" ]; then
speed=$max_speed
fi

if (($speed > $max_speed)); then
speed=$max_speed
fi

echo "Configuring $dev..."

lc2=$(setpci -s $dev CAP_EXP+30.L)

echo "Original link control 2:" $lc2
echo "Original link target speed:" $(("0x$lc2" & 0xF))

lc2n=$(printf "%08x" $((("0x$lc2" & 0xFFFFFFF0) | $speed)))

echo "New target link speed:" $speed
echo "New link control 2:" $lc2n

setpci -s $dev CAP_EXP+30.L=$lc2n

echo "Triggering link retraining..."

lc=$(setpci -s $dev CAP_EXP+10.L)

echo "Original link control:" $lc

lcn=$(printf "%08x" $(("0x$lc" | 0x20)))

echo "New link control:" $lcn

setpci -s $dev CAP_EXP+10.L=$lcn

sleep 0.1

ls=$(setpci -s $dev CAP_EXP+12.W)

echo "Link status:" $ls
echo "Current link speed:" $(("0x$ls" & 0xF))
</pre>

== More information ==
* [https://forums.servethehome.com/index.php?threads/h12ssl-nt-work-around-missing-pcie-force-link-speed-option.42891/ H12SSL-NT - Work around missing PCIe Force Link Speed option] (forums.servethehome.com, 15.01.2024)

== References ==
<references />

{{Wfischer}}
{{Aranzinger}}
[[Category:Linux]]
[[de:NVMe I/O Error Fehlermeldung unter Linux analysieren]]

Safety instructions for AMD-SB-3027

2026-01-26T13:48:49Z

Aranzinger: Created page with "On '''January 15th''', AMD published the Security Bulletin AMD-SB-3027 <ref>[https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3027.html SEV-SNP Guest Stack Pointer Corruption Vulnerability] (www.amd.com/en/resources/product-security)</ref>. AMD assumes that this security vulnerability is attributable to inadequate access controls, which prevents to set an internal configuration bit. This attack could enable a malicious hypervisor to manipulate the conf..."

On '''January 15th''', AMD published the Security Bulletin AMD-SB-3027 <ref>[https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3027.html SEV-SNP Guest Stack Pointer Corruption Vulnerability] (www.amd.com/en/resources/product-security)</ref>. AMD assumes that this security vulnerability is attributable to inadequate access controls, which prevents to set an internal configuration bit.

This attack could enable a malicious hypervisor to manipulate the configuration of the CPU-pipeline, which could potentially cause damage to the stack pointer within an SEV-SNP guest running on the sibling SMT (Simultaneous Multithreading) thread.

AMD published remedial measures for these security vulnerabilities.

== Affected systems ==

Here is a tabular presentation of the affected processors.

{| class="wikitable"
|+
!Program
!Former Code Name
! colspan="2" align="center" |Mitigation
Option 1: µcode

Option 2: AGESA/PI
!SEV Mitigation Vector Bit
!CVE
|-
|AMD EPYC™ 7002 Series Processors
|"Rome"
| colspan="3" |Not Affected
| rowspan="8" |CVE-2025-29943
|-
|AMD EPYC™ 7003 Series Processors
|“Milan”
|0x0A0011DB
| rowspan="2" |Milan B1:0x0A0011DE
Milan-X:0x0A001247

OR

MilanPI 1.0.0.H
| rowspan="2" |µcode standalone release: 2025-07-14
AGESA Release 2025-09-04
|-
|AMD EPYC™ 7003 Series Processors
|"Milan-X"
|0x0A001244
|-
| rowspan="3" |AMD EPYC™ 9004 Series Processors
|"Genoa"/
|0x0A101154
| rowspan="3" |Genoa:0x0A101156
Genoa-X: 0x0A101251

Bergamo/Sienna A2: 0x0AA0021B

OR

GenoaPI 1.0.0.H
| rowspan="3" |µcode standalone release: 2025-07-14
AGESA Release 2025-12-15
|-
|"Genoa-X"
|0x0A10124F
|-
|"Bergamo"
|0x0AA00219
|-
| rowspan="2" |AMD EPYC™ 9005 Series Processors
|"Turin Classic"
|0x0B00211E
| rowspan="2" |Turin C1: 0x0B002151
Turin Dense B0: 0x0B10104E

OR

TurinPI 1.0.0.6
| rowspan="2" |µcode standalone release: 2025-07-14
AGESA Release: 2025-06-30
|-
|“Turin Dense”
|0x0B101028
|}

In the following, there is an extract from this table, in which all Supermicro mainboards are contained that are offered by Thomas-Krenn: <ref>[https://www.supermicro.com/en/support/security_AMD-SB-3027 AMD Security Bulletin AMD-SB-3027, Januar 2027] (www.supermicro.com)</ref>

{| class="wikitable"
|+
!AMD motherboard
! align="center" |'''BIOS version'''
|-
| align="center" |H12SSW-iN/NT
| align="center" |3.5
|-
| align="center" |H12SSL-i/C/CT/NT
| align="center" |3.5
|-
| align="center" |H12DSi-N6/NT6
| align="center" |3.5
|-
| align="center" |H13SSW
| align="center" |3.7
|-
| align="center" |H13SSL-N/NT
| align="center" |3.7
|}

=== Updates for products of Thomas-Krenn ===
Updates on the corresponding system can be found in the <tklink type="sitex" id="440">download area of Thomas-Krenn</tklink>.
The updates in the download area have been tested by us to guarantee the stability and compatibility of our systems.

If you require the latest version for your system and it is not yet available in our download area, you can get it at [https://www.asus.com/de/support/download-center/ Asus], [https://www.supermicro.com/en/support/resources/downloadcenter/swdownload Supermicro] or [https://www.gigabyte.com/de/Support/Consumer/Download Gigabyte].

== References ==
<references/>

== More information ==
* [https://www.supermicro.com/en/support/security_AMD-SB-3027 AMD Security Bulletin AMD-SB-3027] (supermicro.com, Januar 2026)

{{Thomas-Krenn.AG}}
{{Aranzinger}}
[[Category:AMD Safety Information]]
[[de:Sicherheitshinweise zu AMD-SB-3027]]

Ceph

2026-01-26T11:33:29Z

Aranzinger: Created page with "'''Ceph''' is a '''highly available, distributed, and robust file system'''. It was introduced in 2007 by Sage A. Weil as part of his dissertation at the University of California, Santa Cruz.<ref name="thesis">[https://www.ceph.io/assets/pdfs/weil-thesis.pdf Ceph: Reliable, Scalable, and high-performance distributed storage] (ceph.io)</ref> Sage A. Weil was also the founder of Inktank Storage, a company that has been primarily responsible for the development of Ceph sinc..."

'''Ceph''' is a '''highly available, distributed, and robust file system'''. It was introduced in 2007 by Sage A. Weil as part of his dissertation at the University of California, Santa Cruz.<ref name="thesis">[https://www.ceph.io/assets/pdfs/weil-thesis.pdf Ceph: Reliable, Scalable, and high-performance distributed storage] (ceph.io)</ref> Sage A. Weil was also the founder of Inktank Storage, a company that has been primarily responsible for the development of Ceph since 2011 and was acquired by Red Hat in 2014. <ref>[https://en.wikipedia.org/wiki/Ceph_%28software%29#History Ceph - History] (wikipedia.org)</ref>

{{#widget:Imagebox-left|link={{#tklink:type=sitex|id=18371|linkonly=1}}|image=/de/wikiDE/images/2/23/Kategorie_Server-Hardware.png|text=Click here for our Ceph hardware in the Thomas-Krenn online shop|campaign=Ceph }}
{{#widget:SitexBox|link={{#tklink:type=sitex|id=18371|linkonly=1}}|text=Click here for our Ceph hardware in the Thomas-Krenn online shop|campaign=Ceph }}

== Ceph as distributed file system ==
Ceph has the following characteristics:
* scalable, especially in width
* usable with Commodity Hardware
* flexible and self-administrated
* Object Store - RADOS (Reliable Autonomic Distributed Object Store)
* no Single Point of Failure - distribution onto multiple nodes
* software based and Open Source
* unified storage

== Ceph cluster ==
[[file:Ceph-client-and-storage-servers.png|thumb|right|300px|A Ceph cluster implements a distributed file system across multiple storage servers. Slide 9 from [http://de.slideshare.net/LarryCover/ceph-open-source-storage-software-optimizations-on-intel-architecture-for-cloud-workloads Ceph: Open Source Storage Software Optimizations on Intel Architecture for Cloud Workloads] (slideshare.net)
]]
Ceph is a distributed file system over multiple nodes. This is why it is also referred to as a Ceph cluster. There are always multiple roles in a Ceph cluster, which are taken over by individual nodes.

=== Monitors ===
Ceph monitors or monitoring nodes build a so-called cluster map. They are responsible to generate and administrate a uniform cluster status. A Ceph monitor is a daemon or a system-service that is responsible for the status and configuration information.

A Ceph cluster typically runs an odd number of monitors, with smaller clusters running 3 or 5. At least half of this number must be running. Otherwise, the cluster loses its defined condition and is inaccessible for clients.<ref name="essentials">[http://storageconference.us/2014/Presentations/Tutorial-CEPH.pdf Ceph Essentials] (storageconference.us)</ref>

=== Object Storage node ===
[[file:Ceph-osd-node.png|thumb|right|300px|In addition to monitors (M), the object storage node provides OSDs. Slide 24 from [http://de.slideshare.net/sageweil1/20150222-scale-sdc-tiering-and-ec?related=1 Storage tiering and erasure coding in Ceph] (slideshare.net)]]
An Object Storage node is the essential storage component in the storage cluster. It realizes an Object Storage Device (OSD) and connects it with the cluster. AN OSD consists of:
# a storage device (HDD/SSD, RAID volume)
# a Linux file-system ([[XFS]], [[Ext4]], [[btrfs]])
# a Ceph OSD daemon

[[file:Ceph-client-read-and-write.png|thumb|right|300px|Ceph handles the creation and distribution of replicas. Slide 10, Intel presentation (see above).]]
The OSD daemon is a service that supplies the clients with the stored objects. OSDs can either be primary or secondary. Primary OSDs are responsible for:
* replication, coherence, re-balancing and recovery
Secondary OSD:
* are under control of the primary, but can also become primary themselves.
Write requests of clients (''Client initiated Writes'') are always accepted by primary OSD.<ref>[https://docs.ceph.com/en/quincy/rados/operations/monitoring-osd-pg/ Monitoring OSDs and PGs] (ceph.com)</ref> The intelligent communication between OSDs to respond to client requests is also referred to as "peering".

==== OSD journal ====
By default, Ceph stores a journal on the same storage device as each OSD.<ref>[http://docs.ceph.com/docs/master/rados/configuration/journal-ref/ Journal Config Reference] (ceph.com)</ref>

Before data is finally written to the OSDs, it always goes to the journal first. In addition, the replicas are distributed to other nodes in compliance with the configuration. The client only receives its ACK (confirmation, that operation has been completed) for the data-operation if the replicas of its data was created. However, it is enough if the data is located in the jounals of the other nodes. Ceph then gradually writes the data from the journals to the OSDs. This procedure gives an idea of how important the performance of the journals is for processing client requests in the Ceph cluster. Red Hat writes about this theme in a Ceph hardware guide:
<ref>[https://access.redhat.com/webassets/avalon/d/Red_Hat_Ceph_Storage-1.2.3-Hardware_Guide-en-US/Red_Hat_Ceph_Storage-1.2.3-Hardware_Guide-en-US.pdf Red Hat Ceph Storage 1.2.3 Hardware Guide] (access.redhat.com)</ref>
<blockquote>
''Since Ceph has to write all data to the journal before it can send an ACK (for XFS and EXT4 at least), having the journal and OSD performance in balance is really important!
</blockquote>

The journals are often outsourced on SSDs to increase the performance. In this setup, multiple journals from different OSDs are often placed on a single SSD (no more than 4-5 journals per SSD are recommended). Please note the following points:
* If the SSD fails and with it the journals stored on it, the associated OSDs will also no longer be available. For example, if all the journals of a Ceph node are stored on only one SSD and this SSD fails, all OSDs of the node will be unavailable!
* SSDs with journals of multiple OSDs are based on high writing load. Take a look on the endurance of the SSD. It is best to monitor the current status of the SSD with [[SMART]] and [[:Kategorie:Monitoring|Icinga]] with the [[SMART Attributes Monitoring Plugin]].
* If multiple journals are stored on a single SSD, both the speed of random accesses ("random I/O") and the throughput ("sequential I/O") are crucial. When purchasing an SSD from a specific SSD series, be sure to choose a model with at least medium or preferably high capacity. SSD models with higher capacity typically have more flash chips that can be parallely used by the SSD controller. Therefore, SSD with higher capacity have a higher performance (for example when writing on [[Intel DC S3610 Series SSDs]] 520MB/s for the 800GB model compared to 110MB/s for the 100GB model).

== Access paths or Ceph interfaces ==
A Ceph storage can be accessed in different ways.[[File:Ceph-architektur-stack.png|thumb|right|300px|The [https://en.wikipedia.org/wiki/Ceph_%28software%29#/media/File:Ceph_stack.png Ceph Stack] (wikipedia.org) offers multiple access routes.]][[File:Linux-storage-stack-diagram v4.0.png|300px|thumb|In the [[Linux Storage Stack Diagramm|Linux Storage Stack chart]], the client access to Ceph storage via CephFS is shown in the upper section (green), and access via RBD is shown in the lower section (blue/orange).]]

=== radosgw ===
A RADOS or Ceph gateway is a REST based web service gateway. The RESTful API is Amazon S3 and OpenStack Swift compatible.

=== RADOS block device ===
The RADOS block device (RBD) or Ceph block device is a provided and distributed block device. It communicates with Ceph either via Linux kernel module or librbd library. The clients work with a virtual block device that is mapped from the Ceph Object Store.

=== CephFS ===
CephFS is a POSIX compliant, via Ceph cluster distributed file system.<ref>[http://ceph.com/docs/master/cephfs/ CephFS] (ceph.com)</ref> CephFS forces at least a Ceph metadata server (MDS) in the cluster.

=== librados ===
The library/API librados is a native interface for the direct access to RADOS. Applications are developed with librados that want to access RADOS directly. The above mentioned interfaces (radosgw, rbd, CephFS) relies on the c variant of librados themselves.<ref>[http://ceph.com/docs/master/rados/api/librados-intro/ librados introduction] (ceph.com)</ref> There are also bindings for C++, Java, Python, Ruby and PHP.

== Distribution of data ==
Ceph's distribution of data across the cluster is a unique feature developed by Sage A. Weil. The core of the algorithm is a CRUSH map, which is a mechanism to distribute data.

=== CRUSH Map ===
CRUSH is the abbreviation for ''Controlled Replication under scalable Hashing''. CRUSH is described as ''Data Placement Algorithm'' in English, which is an algorythm to distribute data on the OSDs. Unlike lookup variants from other file systems, CRUSH relies on a pseudo-random, deterministic calculation when placing objects.

Sage A. Weil writes on page 84 about CRUSH:<ref name="thesis" />
<blockquote>
''I have developed CRUSH (Controlled Replication Under Scalable Hashing), a pseudo-random data distribution algorithm that efficiently and robustly distributes object replicas across a heterogeneous, structured storage cluster. CRUSH is implemented as a deterministic function that maps an input value - typically an object or object group identifier—to a list of devices on which to store object replicas.''
</blockquote>

[[file:Ceph-crush-map.png|thumb|right|300px|CRUSH calculates how the data must be distributed in the cluster. Slide 19 from [https://www.netways.de/fileadmin/images/Events_Trainings/Events/OSDC/2015/Slides_2015/John_Spray_The_Ceph_Storage_System.pdf Datacenter Storage with Ceph] (netways.de)]]
CRUSH needs a compact, internal description of available OSDs and the ''Replica Placement Policy'' for efficient distribution and the ''Replica Placement Policy'' (how many replicas should be kept in the cluster). The advantage is that CRUSH is deterministic and that every node in the cluster and every client can calculate the current location of objects. Furthermore, the medadata effort is low for CRUSH, as they only change if OSDs are added or removed.

Another caracteristic of CRUSH is that it can be configured using rules. For example:
* Replica Count
* Affinity and distribution rules
* weightings
can be adjusted.

Sage A. Weil further describes CRUSH's calculations as follows:
<blockquote>
''Given a single integer input value x, CRUSH will output an ordered list R of n distinct storage targets. CRUSH utilizes a strong multi-input integer hash function whose inputs include x, making the mapping completely deterministic and independently calculable using only the cluster map, placement rules, and x.''
</blockquote>

== Placement groups and pools ==
Placement Groups (PGs) and pools are logical constructs that are used to administrate objects. They serve as abstraction and grouping.

=== Placement groups ===
[[file:Ceph-osd-crush-map.png|thumb|right|300px|Objects are grouped into PGs and distributed by CRUSH to OSDs, S.122.<ref name="thesis" />]]
PGs are logical groupings of objects that are assigned to OSDs. The assignment of Object <-> PG is determined by:
* the hash of the object-name
* the number of replicas
* the total number of PGs
The resulting PG is then incorporated into the CRUSH algorithm.

In the next step, the PGs are assigned to the OSDs. The distribution
* is independent of the PG, pseudo-randomly mapped to a set of OSDs
* of PGs, which are mapped to the same OSDs, has replicas in other OSDs

PGs offer the advantage that operations and algorithms do not have to work on object-level. However, this would be quite unrealistic and inefficient for but-million objects.

=== Pools ===
[[file:Ceph-pools.png|thumb|right|300px|The configuration of replicas, PGs, and CRUSH is performed at the pool level. Slide 34 from [http://de.slideshare.net/sageweil1/20150222-scale-sdc-tiering-and-ec?related=1 Storage tiering and erasure coding in Ceph] (slideshare.net)]]
Ceph pools are logical partitions for storing objects. Pools consists of a defined number of PGs. Pools are also used for the configuration of
* the number of replicas
* the number of PGs
* the used CRUSH rules

== RADOS ==
RADOS (Reliable Autonomic Distributed Object Store) is the actual object store of Ceph, in which objects are filed.

Sage A. Weil describes RADOS at the beginning of his dissertation as follows:<ref name="thesis" />
<blockquote>
[...] ''RADOS, Ceph’s Reliable Autonomic Distributed Object Store. RADOS provides an extremely scalable storage cluster management platform that exposes a simple object storage abstraction. System components utilizing the object store can expect scalable, reliable, and high-performance access to objects without concerning themselves with the details of replication, data redistribution (when cluster membership expands or contracts), failure detection, or failure recovery.''
</blockquote>

== More information ==
* [http://de.slideshare.net/Inktank_Ceph Ceph Community presentation channel] (de.slideshare.net)

== References ==
<references />

{{Gschoenberger}}
{{Aranzinger}}
[[Category:Linux Basics]]
[[Category:Ceph]]
[[de:Ceph]]

Installation of XCP-ng

2026-01-20T12:49:55Z

Aranzinger: Created page with "XCP-ng is suitable as '''Open Source virtualization platform''' to virtualize Linux, Windows and BSD systems. The following article shows the '''installation of XCP-ng''' on a host system. == Create installation medium == The installation of XCP-ng can be made via USB stick. In the following, the steps are described. === ISO download === You have two options for the installation of XCP-ng image files. ==== XCP-ng GitHub repository ==== In the Github repository,..."

XCP-ng is suitable as '''Open Source virtualization platform''' to virtualize [[Linux]], Windows and BSD systems. The following article shows the '''installation of XCP-ng''' on a host system.

== Create installation medium ==
The installation of XCP-ng can be made via USB stick. In the following, the steps are described.

=== ISO download ===
You have two options for the installation of XCP-ng image files.

==== XCP-ng GitHub repository ====
In the Github repository, you will always find the latest images as F''ull version'', ''Netinstall version'' and ''Upgrade Only version''.

The images can be found behind the following link:

https://github.com/xcp-ng/xcp/releases

==== Official XCP-ng website ====
You can also obtain the images from the official page of XCP-ng:

https://xcp-ng.org/#easy-to-install

=== Creation of USB-stick ===
{| cellspacing="0" {{Prettytable}} style="margin: 1em 1em 1em 0; background: #f9f9f9; border: 1px #a0a0a0 solid; border-collapse: collapse; "
|'''Hint: When creating the installation medium, all data on the stick will be deleted. Make sure that there are no files on the medium that you still need.'''
|}
There are multiple opportunities when creating a bootable USB stick.

==== Application-based ====
You can create a bootable USB stick with an application such as Rufus or Ventoy:

* [[Creating a Bootable DOS USB Stick|Create Bootable USB stick with Rufus]] (replace DOS with XCP-ng)

* [[Creation of bootable Multi-ISO USB stick with Ventoy|Create bootable USB stick with Ventoy]]

==== dd ====
The USB stick can be created with the <code>dd</code> command on a Linux system. Please note that you have to replace <code>/dev/sdX</code> by the correct description for your USB-stick:<pre>dd if=xcp-ng-8.3.0-20250606.iso of=/dev/sdX bs=8M status=progress oflag=direct</pre>

[[file:Dd clone2usb.png|frameless|1203x1203px]]

== Installation ==
Below are step-by-step instructions for installing XCP-ng using the installation media you created:<gallery>
file:XCP-ng USBStick.png|Plug the USB stick you created into the server and turn it on.
file:Gotobios.png|Click '''[Del]''' to access the BIOS.
file:Usb stick boot.png|Boot from the created USB stick.
file:Xcp-ng install grub screen.png|Select '''install.'''
file:Xcp-ng install keymap screen.png|Select the suitable keymap. '''[qwertz] de'''
file:Xcp-ng install welcome screen.png|Confirm with '''[Ok]''' for new installation or upgrade.
file:Xcp-ng install EUA screen.png|Confirm with '''[Accept EUA]''' license terms.
file:Xcp-ng install OS storage screen.png| Select '''target drive''' for host system
file:Xcp-ng install VM storage screen.png|Select VM storage for virtual machines.
file:Xcp-ng install vms storage ext screen.png|Select Virtual Machine Storage Type with ['''<nowiki>EXT]</nowiki>'''
file:Xcp-ng install from local media screen.png|Select installation source type '''[Local Media]'''
file:Xcp-ng install verfify media screen.png|'''[Verify installation source]''' test source medium.
file:Xcp-ng install setpw screen.png|Determine '''[Password]''' for XCP-ng host.
file:Xcp-ng install config mgmt network screen.png|determine '''Management/Networking interface'''
file:Xcp-ng install IP-Networking screen.png|Determine addressing type. In the example: '''[IPv4]'''
file:Xcp-ng install IP-NetworkingConfig screen.png|Networking / Management here in the example: '''[DHCP]''' * IPs are recommended for productive installations.
file:Xcp-ng install sethostname.png|Determine '''hostname''' as well as the accessible '''DNS''' servers
file:Xcp-ng install timezone screen.png|Determine '''time zone'''
file:Xcp-ng install timezone berlin screen.png|Determine '''city/area'''
file:Xcp-ng install NTP config screen.png|Configure '''DHCP NTP''' server for time synchronization
file:Xcp-ng install confirm install screen.png|Start installation with '''[Install XCP-ng]'''
file:Xcp-ng during install screen.png|XCP-ng is installed on target drive.
file:Xcp-ng install completed screen.png|Installation completed and confirm with '''[OK]'''. System is restarted.
</gallery>
== Initial start ==
After installation, the console will display the URL that you can use to access the XCP-ng web interface:
<gallery>
file:Xcp-ng install overview.png|Overview page on the local screen
file:XO-lite webinterface.png|Access on the XO-Lite webinterface
file:XO-lite webinterface overview.png|The XO-LITE webinterface
</gallery>

{{wseifert}}
{{Aranzinger}}
[[Category:XCP-ng]]
[[de:Installation von XCP-ng]]

Thomas-Krenn DC-SCM board expansion and BIOS/TKMI storage chip change

2026-01-20T08:16:43Z

Aranzinger: Created page with "This article is about the expansion of the DC-SCM board from Thomas-Krenn Barebone systems as well as replacing the flash chips for BIOS and TKMI or BMC located on it. == Compatible systems == The DC-SCM board and the chips on it can be removed from the following systems: {| class="wikitable" |+ ! !Intel platform !AMD platform |- |1HE |SR120-2 | |- |2HE |SR220-2 |SR220-2A SR221-2A |} == Expansion of the DC-SCM board == In the following, you will find instructions for t..."

This article is about the expansion of the DC-SCM board from Thomas-Krenn Barebone systems as well as replacing the flash chips for BIOS and TKMI or BMC located on it.

== Compatible systems ==
The DC-SCM board and the chips on it can be removed from the following systems:
{| class="wikitable"
|+
!
!Intel platform
!AMD platform
|-
|1HE
|SR120-2
|
|-
|2HE
|SR220-2
|SR220-2A
SR221-2A
|}

== Expansion of the DC-SCM board ==
In the following, you will find instructions for the demontage of the DC-SCM boards.<gallery widths="250" heights="250">
file:TK Barebone Oben.jpeg|The DC-SCM card is located at the rear center of the barebone.
file:OCP OhneStecker.jpeg|After shutting down and disconnecting from the power supply, the cable of the front VGA connector should be disconnected from the board.
file:TK Barebone RisercardPin.jpeg|The right riser card should be removed. To do this, loosen the thumb screw at the back and press the locking mechanism shown in yellow in the picture. Then pull the riser card vertically out of the slot.
file:TK Barebone DCSCM CardObenMarkiert.jpeg|The black screw in the middle of the DC-SCM card can now be solved more easily.
file:TK Barebone Hinten Markiert.jpeg|Finally, loosen the black screw at the rear.
file:TK Barebone DCSCM Card Außen Markiert.jpeg|The DC-SCM card can now be pulled out using the black tab at the back.
</gallery>When reinstalling, repeat the steps in reverse order.

=== Expansion of BIOS/TKMI flashchip ===
Below you will find step-by-step instructions for removing the flash chip on the DC-SCM board.<gallery widths="300" heights="300">
file:DC-SCM Board-BIOS-BMC Falshchipsockel.jpeg|The TKMI or BMC flash chip is located inside, while the BIOS chip is located outside on the DC-SCM board.
file:DC-SCM BMC Chipsockel offen Pinzette.jpeg|A thin, sturdy object, such as tweezers, is suitable for opening the base. First, carefully open the outer flap.
file:DC-SCM beide Chipsockel offen.jpeg|The flashchips may have different sizes. 256 or 512 bit. Carefully remove the chips vertically. It is best to use tweezers, as the contacts can easily bend.
file:Winbond Flashchip.jpeg|Manufacturers may also differ. The image shows a 256-bit chip from Winbond.
</gallery>

==== Installation of chip ====
<gallery widths="300" heights="300">
file:Winbond Flashchip Einbau.jpeg|During installation, ensure that the position of the circle on the corner of the chip matches the triangle in the socket.
file:Winbond Flashchip Eingebaut.jpeg|The image shows a correctly inserted memory chip.
</gallery>

{{Swolf}}
{{Aranzinger}}
[[Category:Server-Hardware]]
[[de:Thomas-Krenn DC-SCM Board Ausbau und BIOS / TKMI Speicherchip Wechsel]]

Creation of RAID with MegaRAID-controller in BIOS

2026-01-20T07:30:02Z

Aranzinger: Created page with "In this article, it is described how to create a RAID with the help of a '''MegaRAID controller''' in the '''BIOS'''. == Requirements == * Server with a MegaRAID controllers * Access to the BIOS of the server (IPMI or Lokal) == RAID 1 == RAID 1: all data is mirrored At least '''two''' unconfigured hard drives are required for a RAID 1. <gallery> RAID_mit_MegaRAID_Controller_im_BIOS_erstellen-01.jpg | '''Step 1:''' Start the server..."

In this article, it is described how to create a [[RAID]] with the help of a '''MegaRAID controller''' in the '''BIOS'''.

== Requirements ==

* Server with a [[MegaRAID controllers]]
* Access to the BIOS of the server (IPMI or Lokal)

== RAID 1 ==
[[file:RAID-1.png|thumb|RAID 1: all data is mirrored]]
At least '''two''' unconfigured hard drives are required for a [[RAID 1]].
<gallery>
RAID_mit_MegaRAID_Controller_im_BIOS_erstellen-01.jpg | '''Step 1:''' Start the server and switch to the BIOS. Open the '''Advanced''' tap there.
RAID_mit_MegaRAID_Controller_im_BIOS_erstellen-02.jpg | '''Step 2:''' Select the '''Broadcom MegaRAID Configuration Utility''' menu item.
RAID_mit_MegaRAID_Controller_im_BIOS_erstellen-03.jpg | '''Step 3:''' Verify the state of the controller as well as the recognized drives and navigate to the '''Main Menu'''.
RAID_mit_MegaRAID_Controller_im_BIOS_erstellen-04.jpg | '''Step 4:''' Open '''Configuration Management''' in the MegaRaid menu.
RAID_mit_MegaRAID_Controller_im_BIOS_erstellen-05.jpg | '''Step 5:''' Select '''Create Virtual Drive''' to create a new virtual drive.
RAID_mit_MegaRAID_Controller_im_BIOS_erstellen-RAID1-06.jpg | '''Step 6:''' Under '''Select RAID Level''', set the RAID type to '''RAID 1'''.
RAID_mit_MegaRAID_Controller_im_BIOS_erstellen-RAID1-07.jpg | '''Step 7:''' Open '''Select Drives''' and mark both drives that should be used for the RAID.
RAID_mit_MegaRAID_Controller_im_BIOS_erstellen-RAID1-08.jpg | '''Step 8:''' Confirm the selection of drives.
RAID_mit_MegaRAID_Controller_im_BIOS_erstellen-RAID1-09.jpg | '''Step 9:''' Verify the parameters of the virtual drive and safe the configuration with '''Save Configuration''' and exit the Utility.
</gallery>
After successful creation of the RAID-compound, it is displayed in the '''Main Menu''' that '''1 Drive Group''' and '''1 Virtual Drive''' are now available.

== RAID 5 / RAID 6 ==
[[file:RAID-5.png|thumb|RAID 5: Parity information is distributed across all data carriers. If one data carrier fails and is replaced by a new one, the original content can be reconstructed.]]
[[file:RAID-6.png|thumb|RAID 6: Double parity information allows two data carriers to fail without data loss.]]
At least '''three''' unconfigured hard drives are required for [[RAID#RAID 5|RAID 5]].

However, at least '''four''' unconfigured hard drives are required for [[RAID#RAID 6|RAID 6]].
<gallery>
RAID_mit_MegaRAID_Controller_im_BIOS_erstellen-01.jpg | '''Step 1:''' Start the server and switch to the BIOS. Open the '''Advanced''' tab.
RAID_mit_MegaRAID_Controller_im_BIOS_erstellen-02.jpg | '''Step 2:''' Select the '''Broadcom MegaRAID Configuration Utility''' menu point.
RAID_mit_MegaRAID_Controller_im_BIOS_erstellen-03.jpg | '''Step 3:''' Verify the state of the controller as well as the recognized drives and navigate to the '''Main Menu'''.
RAID_mit_MegaRAID_Controller_im_BIOS_erstellen-04.jpg | '''Step 4:''' Open the '''Configuration Management''' item in the MegaRAID menu.
RAID_mit_MegaRAID_Controller_im_BIOS_erstellen-05.jpg | '''Step 5:''' Select '''Create Virtual Drive''' to create a new virtual drive.
RAID_mit_MegaRAID_Controller_im_BIOS_erstellen-RAID5-06.jpg | '''Step 6:''' Under '''Select RAID Level''', set the RAID type to '''RAID 5''' or '''RAID 6.'''
RAID_mit_MegaRAID_Controller_im_BIOS_erstellen-RAID5-07.jpg | '''Step 7:''' Open '''Select Drives''' and mark and select the drives to be used for the RAID.
RAID_mit_MegaRAID_Controller_im_BIOS_erstellen-RAID5-08.jpg | '''Step 8:''' Confirm the selection of drives.
RAID_mit_MegaRAID_Controller_im_BIOS_erstellen-RAID5-09.jpg | '''Step 9:''' Verify the parameters of the virtual drive and safe the configuration with '''Save Configuration''' and exit the Utility.
</gallery>

After successfully creating the RAID array, it is displayed in the '''Main Menu''' that '''1 Drive Group''' and '''1 Virtual Drive''' are now available.

== Completion ==
After saving the configuration, the RAID is available as a '''virtual drive''' and can now be used.
{{Azillner}}
{{Aranzinger}}
[[de:RAID mit MegaRAID-Controller im BIOS erstellen]]

Linux Mint

2026-01-20T05:46:53Z

Aranzinger: Created page with "200x200px '''Linux Mint''' is one of the most popular '''Linux distributions''' worldwide and is considered as one of the '''most userfriendly alternatives to Windows'''.<ref>[https://dev.to/mshojaei77/top-30-most-popular-linux-distributions-july-2025-11fk Top 30 Most Popular Linux Distributions] (16.01.2026)</ref> This desktop distribution, which is based on Ubuntu, connects a familiar operating concept with high stability, la..."

[[file:Linux-mint.png|right|frameless|200x200px]]
'''Linux Mint''' is one of the most popular '''Linux distributions''' worldwide and is considered as one of the '''most userfriendly alternatives to Windows'''.<ref>[https://dev.to/mshojaei77/top-30-most-popular-linux-distributions-july-2025-11fk Top 30 Most Popular Linux Distributions] (16.01.2026)</ref> This desktop distribution, which is based on [[Ubuntu]], connects a familiar operating concept with high stability, large software selection and a clear focus on suitability for everyday use.

Therefore, Linux Mint is a highly recommended distribution for starters.
== History & background ==
Linux Mint was established by the developer Clement Lefebvre<ref>[https://linuxmint.com/about.php Linux Mint timeline] (16.01.2026)</ref>. The project started as small community project that should add additional Mulitmedia functions and userfriendly standards.<ref>[https://de.wikipedia.org/wiki/Linux_Mint#Historie Wikipedia Linux Mint History] (16.01.2026)</ref>

=== Motivation ===

Linux Mint should facilitate the switch to Linux. It provides a finished, trusted and suitable for everyday use system that can be used without expert knowledge.<ref>[https://wiki.ubuntuusers.de/Archiv/Linux_Mint/ Ubuntuusers Mint] (16.01.2026)</ref>

=== Community ===

Through a dedicated community, as it is the case with Linux, the distribution grew steadily. Mint was mostly financed by donations, sponsoring and voluntary support.<ref>[https://mariolema.github.io/Linux-mint/support.html Financing and donations] (16.01.2026) </ref>

Due to this open structure, Mint remains independent and can concentrate on the needs of its users.
== General information ==
Linux Mint is a [[Ubuntu]] based Linux distribution, which was developed specifically for desktop use. It attaches great importance to user-friendliness, stability and a trustful operating concept.<ref>[https://de.wikipedia.org/wiki/Linux_Mint?#Desktop-environments Wikipedia Mint Desktop environments] (16.01.2026)</ref>

Furthermore, there is also the ''Linux Mint Debian Edition'', which sits up on a [[Debian]] kernel.
=== Target group ===
Linux Mint is suitable for newcomers or career changers of other poular operating systems, for example Windows or macOS.

Due to multiple desktop editions, a large software catalogue and practical system tools, Linux Mint offers enough flexibility for advanced Linux users.

=== Philosophy ===
The development of Linux Mint is based on the following philosophy:
*'''Immediate usability''': It was important to the developers to create a distribution with Mint that could be used immediately without extensive reconfiguration.

*'''No terminal force''': Mint should feel familiar to beginners. As with other distributions, it is not necessary to use the terminal with Linux Mint.

*'''Open-Source''': Mint is, as all Linux distributions, open-source. It was developed free of charge, freely available, and developed and financed by the community..<ref>[https://github.com/linuxmint Linux Mint GitHub] (16.01.2026)</ref>

*'''Stability''': Linux Mint places great importance on reliable and error-free everyday use.
Mint attaches great importance to on proven software versions that were tested extensively instead of new functions or experimental technologies.

== Characteristics ==

Linux Mint was specifically developed for the use as desktop operating system. All functions, menus, and applications are designed to make everyday tasks as easy and convenient as possible.<ref>[https://www.opensourcefeed.org/distribution/linuxmint Desktop oriented opensourcefeed.org] (16.01.2026)</ref>

=== Complete multimedia-support ===
Compared to other Linux distributions or operating systems, Linux Mint helps with complete mulitmeda support directly after installation.

Audio and video codecs, that must be installed later on other systems, are included directly in the standard integration.

== Desktop environments ==
Mint attaches great importance to different desktop representations, that are suitable for the user depening on the system. They are quite similar from the setup, so that every Mint user can work with other systems and that the switch is facilitated.

=== Cinnamon ===

[[file:Linux-Mint-Cinnamon-Desktop.png|300x300px|Desktop surface of Linux Mint Cinnamon.]]

Cinnamon is the main edition of Linux Mint and was specifically created for the distribution. The desktop environment offers a modern, classic operating concept with start menu and panel, as it is known from other operating systems.
=== MATE ===

[[file:Linux-Mint-MATE-Desktop.png|300x300px|Desktop surface of Linux Mint MATE.]]

MATE is a desktop environment that reminds of the design from Cinnamon. However, it requires fewer resources and is therefore particularly suitable for older computers or users who prefer a classic user interface without visual gimmicks.

=== Xfce ===

[[file:Linux-Mint-Xfce-Desktop.png|300x300px|Desktop surface of Linux Mint Xfce.]]

The Xfce desktop environment also reminds of Cinnamon. Compared to MATE, Xfce requires less resources and is therefore better for slow and old devices with less performance.

Despite of the less resource consumption, Xfce is functional and flexible customizable.

== Kernel-versions ==

In addition to the versions with Ubuntu kernel, there is also the LMDE version. This is based on a Debian kernel and is perfectly suitable for everybody that does not want to be dependent on Ubuntu. The look of the Debian version is very similar to that of the Ubuntu version, so that users of the LMDE version can also find their way around Ubuntu systems.

[[file:Linux-Mint-Debian-Edition-7-Erster-Start-14-Startmenue.png|300x300px|Desktop surface of Linux Mint Cinnamon LMDE.]]

== Version model ==
Linux Mint publishes its main versions shortly after [[Ubuntu]]-LTS-releases.

Since it is based on [[Ubuntu]], it takes over its kernel and package base and develops the own system on it.

Smaller updates are released between the main versions that contain new functions, adjustments and updates software.

=== LTS-focus ===

Linux Mint relies almost exclusively on long-term support (LTS). This ensures that the system remains usable in the long term without the user having to upgrade frequently.

=== Codenames & name scheme ===

Every Mint version has a female first name that is sorted alphabetically.

This allows different versions to be distinguished without having to rely on version numbers.

== Version overview ==
Linux Mint appears in main versions and interim versions. The [[Ubuntu]]-LTS-output contains multiple years of support.

A detailed overview about Mint versions can be found together with LMDE versions in the Wiki article [[Linux Mint version history]].
{| class="wikitable"
!Version
!Codename
!Base
!Release year
!Support until
|-
|21
|Vanessa
|Ubuntu 22.04 LTS
|2022
|2027
|-
|21.1
|Vera
|Ubuntu 22.04 LTS
|2022/23
|2027
|-
|21.2
|Victoria
|Ubuntu 22.04 LTS
|2023
|2027
|-
|21.3
|Virgina
|Ubuntu 22.04 LTS
|2024
|2027
|-
|22
|Wilma
|Ubuntu 22.04 LTS
|2024
|2029
|-
|22.1
|Xia
|Ubuntu 22.04 LTS
|2025
|2029
|-
|22.2
|Zara
|Ubuntu 22.04 LTS
|2025
|2029
|-
|22.3
|Zena
|Ubuntu 22.04 LTS
|2026
|2029
|}

== Community & Support ==
Linux Mint has a large and engaged user community. The community contributes a lot to the project, as it is common with similar Linux distributions.

Thanks to this contribution, Mint continues to evolve and stays close to the needs of users.

=== Official support ===
Mint offers several official channels where you can get support or information.

* [https://linuxmint.com/ Official website]
* [https://www.linuxmint.com/rel_wilma.php Release Notes] and technical documentations
* [https://blog.linuxmint.com/ Mint-Blog]

=== Community-forum & Communication ===
In addition to the official pages, there are several community projects where users can exchange ideas.

* [https://forums.linuxmint.com/ Forum]
* different Community Wikis
* Subreddits such as [https://www.reddit.com/r/linuxmint/ r/linuxmint]

== References ==
<references />
{{Jfuerst}}
{{Aranzinger}}
[[Category:Linux_Mint]]
[[de:Linux Mint]]

Linux Mint version history

2026-01-19T06:38:51Z

Aranzinger: Created page with "In this article, you will find the latest version history on Linux Mint. An overview about the Linux distribution Mint can be found in the corresponding Wiki article. == Version history == In the following, you will find a version overview about Linux Mint Ubuntu edition. Information on kernel updates for Ubuntu LTS versions can be found in the article Ubuntu LTS Hardware Enablement Stack. === Linux Mint === {| class="wikitable" !Version !Codename !B..."

In this article, you will find the latest version history on Linux Mint. An overview about the Linux distribution Mint can be found in the corresponding [[Linux_Mint|Wiki article]].

== Version history ==
In the following, you will find a version overview about Linux Mint Ubuntu edition. Information on kernel updates for Ubuntu LTS versions can be found in the article [[Ubuntu LTS Hardware Enablement Stack]].

=== Linux Mint ===
{| class="wikitable"
!Version
!Codename
!Base
!Release date
!Support until
!Release Note
|-
| style="background-color:#CCFFCC " |17
| style="background-color:#CCFFCC " |Qiana
| style="background-color:#CCFFCC " |Ubuntu LTS 14.04
| style="background-color:#CCFFCC " |05.2014
| style="background-color:#CCFFCC " |04.2019
| style="background-color:#CCFFCC " |[https://www.linuxmint.com/rel_qiana.php Mint 17]
|-
|17.1
|Rebecca
|Ubuntu LTS 14.04
|12.2024
|04.2019
|[https://www.linuxmint.com/rel_rebecca_cinnamon.php Mint 17.1]
|-
|17.2
|Rafaela
|Ubuntu LTS 14.04
|06.2015
|04.2019
|[https://www.linuxmint.com/rel_rafaela_xfce.php Mint 17.2]
|-
|17.3
|Rosa
|Ubuntu LTS 14.04
|12.2025
|04.2019
|[https://www.linuxmint.com/rel_rosa_xfce.php Mint 17.3]
|-
| style="background-color:#CCFFCC " |18
| style="background-color:#CCFFCC " |Sarah
| style="background-color:#CCFFCC " |Ubuntu LTS 16.04
| style="background-color:#CCFFCC " |05.2016
| style="background-color:#CCFFCC " |04.2021
| style="background-color:#CCFFCC " |[https://www.linuxmint.com/rel_sarah_xfce.php Mint 18]
|-
|18.1
|Serena
|Ubuntu LTS 16.04
|12.2016
|04.2021
|[https://www.linuxmint.com/rel_serena_mate.php Mint 18.1]
|-
|18.2
|Sonya
|Ubuntu LTS 16.04
|06.2017
|04.2021
|[https://www.linuxmint.com/rel_sonya_xfce.php Mint 18.2]
|-
|18.3
|Sylvia
|Ubuntu LTS 16.04
|12.2017
|04.2021
|[https://www.linuxmint.com/rel_sylvia_mate.php Mint 18.3]
|-
| style="background-color:#CCFFCC " |19
| style="background-color:#CCFFCC " |Tara
| style="background-color:#CCFFCC " |Ubuntu LTS 18.04
| style="background-color:#CCFFCC " |06.2018
| style="background-color:#CCFFCC " |04.2023
| style="background-color:#CCFFCC " |[https://www.linuxmint.com/rel_tara.php Mint 19]
|-
|19.1
|Tessa
|Ubuntu LTS 18.04
|12.2018
|04.2023
|[https://linuxmint.com/rel_tessa.php Mint 19.1]
|-
|19.2
|Tina
|Ubuntu LTS 18.04
|08.2019
|04.2023
|[https://www.linuxmint.com/rel_tina_xfce.php Mint 19.2]
|-
|19.3
|Tricia
|Ubuntu LTS 18.04
|12.2019
|04.2023
|[https://www.linuxmint.com/rel_tricia_xfce.php Mint 19.3]
|-
| style="background-color:#CCFFCC " |20
| style="background-color:#CCFFCC " |Ulyana
| style="background-color:#CCFFCC " |Ubuntu LTS 20.04
| style="background-color:#CCFFCC " |06.2020
| style="background-color:#CCFFCC " |06.2025
| style="background-color:#CCFFCC " |[https://www.linuxmint.com/rel_ulyana_cinnamon.php Mint 20]
|-
|20.1
|Ulyssa
|Ubuntu LTS 20.04
|01.2021
|06.2025
|[https://www.linuxmint.com/rel_ulyssa_xfce.php Mint 20.1]
|-
|20.2
|Uma
|Ubuntu LTS 20.04
|07.2021
|06.2025
|[https://linuxmint.com/rel_uma_xfce.php Mint 20.2]
|-
|20.3
|Una
|Ubuntu LTS 20.04
|01.2022
|06.2025
|[https://www.linuxmint.com/rel_una_cinnamon.php Mint 20.3]
|-
| style="background-color:#CCFFCC " |21
| style="background-color:#CCFFCC " |Vanessa
| style="background-color:#CCFFCC " |Ubuntu LTS 22.04
| style="background-color:#CCFFCC " |07.2022
| style="background-color:#CCFFCC " |04.2027
| style="background-color:#CCFFCC " |[https://linuxmint.com/rel_vanessa_mate.php Mint 21]
|-
|21.1
|Vera
|Ubuntu LTS 22.04
|12.2022
|04.2027
|[https://linuxmint.com/rel_vera_mate.php Mint 21.1]
|-
|21.2
|Victoria
|Ubuntu LTS 22.04
|07.2023
|04.2027
|[https://linuxmint.com/rel_victoria_mate.php Mint 21.2]
|-
|21.3
|Virgina
|Ubuntu LTS 22.04
|01.2024
|04.2027
|[https://linuxmint.com/rel_virginia.php Mint 21.3]
|-
| style="background-color:#CCFFCC " |22
| style="background-color:#CCFFCC " |Wilma
| style="background-color:#CCFFCC " |Ubuntu LTS 24.04
| style="background-color:#CCFFCC " |07.2024
| style="background-color:#CCFFCC " |04.2029
| style="background-color:#CCFFCC " |[https://www.linuxmint.com/rel_wilma.php Mint 22]
|-
|22.1
|Xia
|Ubuntu LTS 24.04
|01.2025
|04.2029
|[https://www.linuxmint.com/rel_xia.php Mint 22.1]
|-
|22.2
|Zara
|Ubuntu LTS 24.04
|09.2025
|04.2029
|[https://linuxmint.com/rel_zara.php Mint 22.2]
|-
|22.3
|Zena
|Ubuntu LTS 24.04
|01.2026
|04.2029
|[https://www.linuxmint.com/rel_zena.php Mint 22.3]
|}

=== Linux Mint Debian edition ===
{| class="wikitable"
!Version
!Codename
!Base
!Release date
!Support until
|-
|LMDE 1
| -
|Debian
|03.2014
|01.2016
|-
|LMDE 2
|Betsy
|Debian Jessie
|04.2015
|01.2019
|-
|LMDE 3
|Cindy
|Debian Strech
|08.2018
|07.2020
|-
|LMDE 4
|Debbie
|Debian Buster
|03.2020
|09.2022
|-
|LMDE 5
|Elsie
|Debian Bullseye
|03.2022
|07.2024
|-
|LMDE 6
|Faye
|Debian Bookworm
|09.2023
|01.2026
|-
|LMDE 7
|Gigi
|Debian Trixie
|10.2025
|06.2030
|}

== More information ==
[https://www.linuxmint.com Linux Mint]

{{Jfuerst}}
{{Aranzinger}}
[[Category:Linux_Mint]]
[[de:Linux Mint Versionsverlauf]]

Activation of native NVME driver in Windows Server 2025

2026-01-16T11:00:12Z

Aranzinger:

This article explains how to enable the new native NVMe functionality under Windows Server 2025.

Microsoft has created a native NVMe driver, “StorNVMe.sys,” as part of the redesign of the Windows Storage Stack. This enables more efficient use of NVMe SSDs.

== Prerequisites ==

* Windows Server 2025
* comulative October 2025 update

== Activation of driver ==
In the Registry editor, a DWORD-value (32-Bit) with the name '''1176759950''' and the value '''1''' must be created under '''HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides'''.

This can be easily created using the following PowerShell command:

[[file:Registry NVME aktivate driver.png|frameless]]

'''''reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides /v 1176759950 /t REG_DWORD /d 1 /f'''''

Alternatively, it is also possible to start an MSI program for the group policies, which creates a group policy under: '''Policies for Local Computer > Computer configuration > Administrative templates> KB5066835 251014_21251 Feature Preview > Windows 11, version 24H2, 25H2'''.

[[file:Group Policy NVME aktivate driver.png|frameless]]

This must then be enabled in the Local Group Policy Editor. '''After this, the server must be restarted, so that the changes are active.'''

== Verification of driver ==
You can then check in Device Manager whether the NVMe SSDs are loaded with the new driver.<gallery widths="300" heights="300">
file:Datentraegerauflistung scsi-modus.png|without|small|NVMe SSDs before change
file:Treiberdetails scsi-modus.png|without|small|NVMe SSDs standard driver
file:Datentraegerauflistung nvme-modus.png|without|small|NVMe SSDs after change
file:Treiberdetails nvme-modus.png|without|small|NVMe SSDs NVMe driver
</gallery>

== References ==

* [https://techcommunity.microsoft.com/blog/windowsservernewsandbestpractices/announcing-native-nvme-in-windows-server-2025-ushering-in-a-new-era-of-storage-p/4477353 Announcing Native NVMe in Windows Server 2025: Ushering in a New Era of Storage Performance] (techcommunity.microsoft.com)

{{bstockinger}}
{{Aranzinger}}
[[Category:Windows_Server_2025]]
[[de:Nativen NVME Treiber in Windows Server 2025 aktivieren]]

Supermicro BMC safety instructions January 2026

2026-01-16T08:32:48Z

Aranzinger: Created page with "The manufacturer Supermicro published safety instructions for the BMC-firmware of their mainboards in '''January 2026'''. Some of these security vulnerabilities require '''firmware updates'''. In this article, you will find information on these Security Advisories as well as information on where to obtain updates for products of Thomas-Krenn. == Security Advisories == {| class="wikitable" |- style="background-color: #EFEFEF; font-weight: bold;" ! align="center" |CVE !..."

The manufacturer Supermicro published safety instructions for the BMC-firmware of their mainboards in '''January 2026'''. Some of these security vulnerabilities require '''firmware updates'''.

In this article, you will find information on these Security Advisories as well as information on where to obtain updates for products of Thomas-Krenn.

== Security Advisories ==
{| class="wikitable"
|- style="background-color: #EFEFEF; font-weight: bold;"
! align="center" |CVE
! align="center" |Risk potential:
! align="center" |Title
|-
|align="center" | [https://www.cve.org/CVERecord?id=CVE-2025-12006 CVE-2025-12006]
| align="center" | 7.2 (high)
| align="center" | '''Unsufficient verification of digital signature''' (A security vulnerability in image authentication could allow an attacker to install modified firmware.)
|-
|align="center" | [https://www.cve.org/CVERecord?id=CVE-2025-12007 CVE-2025-12007]
| align="center" | 7.2 (high)
| align="center" | '''Unsufficient verification of digital signature''' (A security vulnerability in image authentication could allow an attacker to install modified firmware.)
|-
|
|}

== Updates for products of Thomas-Krenn ==
Updates on the corresponding system can be found in the <tklink type="sitex" id="440">download are of Thomas-Krenn</tklink>.
The updates in the download area have been tested by us to guarantee the stability and compatibility of our systems.

If you require the latest version for your system and it is not yet available in our download area, you can get it at [https://www.asus.com/de/support/download-center/ Asus] or [https://www.supermicro.com/en/support/resources/downloadcenter/swdownload Supermicro].

== More information ==
* [https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2026 Vulnerabilities in Supermicro BMC firmware, January 2026]
{{Thomas-Krenn.AG}}
{{Aranzinger}}
[[Category:Server-Hardware]]
[[de:Supermicro BMC Sicherheitshinweise Januar 2026]]

Windows Server 2025 feature list

2026-01-16T07:16:14Z

Aranzinger: Created page with "'''Windows Server 2025''' is the latest version of Microsoft's server operating system. This article lists the '''current features''' in a table. 150x150px 150x150px 150x150px == Windows Server 2025 Features == The following table lists all functions of ''Standard'', ''Datacenter'' and ''DC-Azure'' editions<ref>[https://learn.m..."

'''Windows Server 2025''' is the latest version of Microsoft's server operating system. This article lists the '''current features''' in a table.

[[file:MSFT_Server_ProductTiles_Essential.png|150x150px]]
[[file:MSFT_Server_ProductTiles_Standard.png|150x150px]]
[[file:MSFT_Server_ProductTiles_Datacenter.png|150x150px]]

== Windows Server 2025 Features ==
The following table lists all functions of ''Standard'', ''Datacenter'' and ''DC-Azure'' editions<ref>[https://learn.microsoft.com/en-us/windows-server/get-started/editions-comparison?pivots=windows-server-2025 Vergleich von Windows Server Editionen (WS 2025)] (learn.microsoft.com, 15.06.2026)</ref>:
{| class="wikitable sortable"
!Function
!Subfunction
!Standard
!Datacenter
!Datacenter Azure
|-
|.NET Framework 3.5 Features
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|.NET Framework 4.8 Features
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Activation
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|Automatic Virtual Machine Activation
| style="color:#FDFF8F; background-color:#888888; text-align:center" |<big>⚠</big>1
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔2
|-
|
|Key Management Service (KMS)
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#891414; background-color:#f4dcdc; text-align:center" |✘3
|-
|Active Directory Certificate Services
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|Certificate Enrollment Policy Web Service
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|Certificate Enrollment Web Service
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|Certification Authority
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|Certification Authority Web Enrollment
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|Network Device Enrollment Service
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|Online Responder
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Active Directory Domain Services
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Active Directory Federation Services
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Active Directory Lightweight Directory Services
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Active Directory Rights Management Services
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Azure Extended Networking
|
| style="color:#891414; background-color:#f4dcdc; text-align:center" |✘
| style="color:#891414; background-color:#f4dcdc; text-align:center" |✘
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Background Intelligent Transfer Service (BITS)
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|BitLocker Drive Encryption
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|BitLocker Network Unlock
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
|-
|BranchCache
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Client for NFS
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Data Center Bridging
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Device Health Attestation
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|DHCP Server
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Direct Play
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
|-
|DLNA codecs and web media streaming
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
|-
|DNS Server
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Enhanced Storage
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Failover Clustering
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Fax Server
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|File and Storage Services
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|BranchCache for Network Files
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|Data Deduplication
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|DFS Namespaces
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|DFS Replication
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|File Server
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|File Server Resource Manager
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|File Server VSS Agent Service
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|iSCSI Target Server
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|iSCSI Target Storage Provider (VDS and VSS hardware providers)
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|Server for NFS
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|SMB 1.0/CIFS File Sharing Support
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|SMB Bandwidth Limit
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|SMB over QUIC
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|Work Folders
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|Storage Migration Service
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|Storage Migration Service Proxy
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|Storage Spaces
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|Storage Spaces Direct
| style="color:#891414; background-color:#f4dcdc; text-align:center" |✘
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|Storage Replica
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Group Policy Management
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Host Guardian Hyper-V Support
|
| style="color:#891414; background-color:#f4dcdc; text-align:center" |✘
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Host Guardian Service
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Hotpatching
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔5
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔5
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|I/O Quality of Service
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|IIS Hostable Web Core
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|IP Address Management (IPAM) Server
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Management OData IIS Extension
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Media Foundation
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Message Queuing
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|Message Queuing DCOM Proxy
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|Message Queuing Services
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Microsoft Defender Antivirus
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Multipath I/O
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|MultiPoint Connector
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Network ATC
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Network Controller
|
| style="color:#891414; background-color:#f4dcdc; text-align:center" |✘
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Network Load Balancing
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Network Policy and Access Services
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
|-
|Network Virtualization
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Print and Document Services
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|Internet Printing
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
|-
|
|Line Printer Daemon (LPD) Service
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
|-
|
|Print Server
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
|-
|Quality Windows Audio Video Experience
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|RAS Connection Manager Administration Kit (CMAK)
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Remote Access
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|DirectAccess and VPN (RAS)
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|Routing
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|Web Application Proxy
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Remote Assistance
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
|-
|Remote Desktop Services
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
|-
|Remote Differential Compression
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Remote Server Administration Tools
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|RPC over HTTP Proxy
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Setup and Boot Event Collection
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Simple TCP/IP Services
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
|-
|SNMP Service
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Software Load Balancer
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|System Data Archiver
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|System Insights
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Telnet Client
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|TFTP Client
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
|-
|Virtualization
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|Containers
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#891414; background-color:#f4dcdc; text-align:center" |✘
|-
|
|Hyper-V
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|GPU partitioning
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔6
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔6
|-
|
|VM Shielding Tools for Fabric Management
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Volume Activation Services
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Web Server (IIS)
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|FTP Server
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|Web Server
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|WebDAV Redirector
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Windows Biometric Framework
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
|-
|Windows Deployment Services
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Windows Identity Foundation 3.5
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
|-
|Windows Internal Database
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Windows PowerShell
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|Windows PowerShell 2.0 Engine
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|Windows PowerShell 5.1
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|Windows PowerShell Desired State Configuration Service
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|
|Windows PowerShell Web Access
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Windows Process Activation Service
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Windows Server Management enabled by Azure Arc
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔7
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔7
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔7
|-
|
|Azure Update Manager
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔7
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔7
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔7
|-
|
|Change Tracking and Inventory
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔7
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔7
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔7
|-
|
|Azure Machine Configuration
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔7
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔7
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔7
|-
|
|Windows Admin Center in Azure for Arc
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔7
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔7
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔7
|-
|
|Remote Support
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔7
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔7
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔7
|-
|
|Network HUD
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔7
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔7
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔7
|-
|
|Best Practices Assessment
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔7
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔7
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔7
|-
|
|Azure Site Recovery Configuration
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔7
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔7
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔7
|-
|Windows Search Service
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
|-
|Windows Server Backup
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Windows Server Migration Tools
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Windows Server Update Services
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Windows Standards-Based Storage Management
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Windows Subsystem for Linux
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Windows TIFF IFilter
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
|-
|WinRM IIS Extension
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|WINS Server
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|Wireless LAN Service
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|WoW64 Support
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔
|-
|XPS Viewer
|
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
| style="color:#1a821d; background-color:#CCFFCC; text-align:center" |✔4
|}
1 As a guest, when hosted on a virtualization host enabled with Datacenter Edition

2 Datacenter: Azure Edition can be used as a ''nested host'' or as a guest system

3 Activated by Azure and cannot be configured as a KMS host

4 If installed as a server with "Desktop Experience"

5 Available as an ''Azure Arc-enabled'' service

6 Available with Windows Server 2025 Standard. Designed for standalone servers. Live migration of VMs between standalone nodes for planned downtime. If a cluster is required for unplanned downtime, Windows Server 2025 Datacenter must be used instead.

7 Available for machines that are registered for Windows Server management through Azure Arc and have Windows Server licenses with active Software Assurance or Windows Server licenses with active subscription licenses.

== References ==
<references />

{{Sbohn}}
{{Aranzinger}}
[[Category:Windows Server 2025]]
[[de:Windows Server 2025 Feature Liste]]

Version information on XCP-ng

2026-01-15T13:19:40Z

Aranzinger: Created page with "Logo of virtualization software XCP-ng '''XCP-ng''' '''(X'''EN '''C'''loud '''P'''latform - '''n'''ext '''g'''eneration''')''' is an '''Open Source virtualization platform''' that is based on CentOS/Linux. XCP-ng uses the Xen Hypervisor and supports the operation of classic virtual machines. XCP-ng offers a clear webinterface to administrate the system. In this article, you will find..."

[[File:XCP-ng_LOGO.png|alt=Logo of virtualization software XCP-ng.|thumb|284x284px|Logo of virtualization software XCP-ng]]
'''XCP-ng''' '''(X'''EN '''C'''loud '''P'''latform - '''n'''ext '''g'''eneration''')''' is an '''Open Source virtualization platform''' that is based on CentOS/Linux.

XCP-ng uses the Xen Hypervisor and supports the operation of classic virtual machines. XCP-ng offers a clear webinterface to administrate the system.

In this article, you will find '''version information''' on XCP-ng. Information on the installation can be found in the article [[Installation of XCP-ng]].

== XCP-ng 8.3 LTS ==
XCP-ng 8.3 LTS is based on XEN Server Project / and uses a kernel that is based on CentOS:
{| class="wikitable"
!Version
!Releasedatum
!Base
!XEN version
!Kernel dom0 Domain
|-
|style="background-color:#CCFFCC; "align="center"|8.3 LTS
|style="background-color:#CCFFCC; "align="center"|07.10.2024
|style="background-color:#CCFFCC; "align="center"|pbased Xen Server 8 / Citrix HV 8.2 CU1
|style="background-color:#CCFFCC; "align="center"|4.17.5 (+ patches)
|style="background-color:#CCFFCC; "align="center"|4.19 (+ patches/drivers)
|}

== XCP-ng 8.2.x LTS ==
XCP-ng 8.2.x LTS is based on a XEN Server Project / and uses a kernel that is based on CentOS:
{| class="wikitable"
!Version
!Release Date
!Base
!Xen version
!Kernel dom0 Domain
|-
|8.2.1 LTS
|align="center"|28.02.2022
|align="center"|Based Citrix Hypervisor 8.2
|align="center"|4.13.1 (+ patches)
|Kernel 4.19 (+ patches)
|-
|8.2.0 LTS
|align="center"|18.11.2020
|align="center"|Based Citrix Hypervisor 8.2
|align="center"|4.13.1 (+ patches)
||Kernel 4.19 (+ patches)
|}

== XCP-ng 8.1 LTS ==
XCP-ng 8.1.x LTS is based on XEN Server Project / and uses a kernel that is based on CentOS:
{| class="wikitable"
!Version
!Release Date
!Base
!Xen version
!Kernel dom0 Domain
|-
|8.1 LTS
|align="center"|31.03.2020
|align="center"|Based Citrix Hypervisor 8.1
|align="center"|4.13
|Kernel 4.19 (+ patches)
|}

==Version information==
The following table shows the previous XCP-ng versions:
{| class="wikitable"
!Version
!Release Date
!Support Until
!Status
|-
|XCP-ng 7.4
|31.03.2018
| align="right" |31.10.2018
| style="background-color:#FFCCCC;" align="right" |EOL
|-
| XCP-ng 7.5
|10.08.2018
| align="right" |25.07.2019
| style="background-color:#FFCCCC;" align="right" |EOL
|-
|XCP-ng 7.6
|31.10.2018
| align="right" |30.03.2020
| style="background-color:#FFCCCC;" align="right" |EOL
|-
|XCP-ng 8.0
|25.07.2019
| align="right" |13.11.2020
| style="background-color:#FFCCCC;" align="right" |EOL
|-
|XCP-ng 8.1
| 31.03.2020
| align="right" |31.03.2021
| style="background-color:#FFCCCC;" align="right" |EOL
|-
|XCP-ng 8.2.0 LTS
|18.11.2020
| align="right" |16.09.2025
| style="background-color:#FFCCCC;" align="right" |EOL
|-
|XCP-ng 8.2.1 LTS
|28.02.2022
| align="right" |16.09.2025
| style="background-color:#FFCCCC;" align="right" |EOL
|-
| style="background-color:#CCFFCC;" |XCP-8.3 LTS
| style="background-color:#CCFFCC;" |07.10.2024
| style="background-color:#CCFFCC;" align="right" |30.11.2028
| style="background-color:#CCFFCC;" align="right" |Latest
|}

==More information==
*[https://en.wikipedia.org/wiki/XCP-ng XCP-ng] (en.wikipedia.org)

{{wseifert}}
{{Aranzinger}}
[[Category:XCP-ng]]
[[de:XCP-ng Versionsinformationen]]