4.1 Setting up Active Directory LDAP

1. Setup AD certificate via PowerShell (get ldap up and running) Get-WindowsFeature -Name AD-Certificate Install-WindowsFeature ADCS-Cert-Authority -IncludeManagementTools

Install-AdcsCertificationAuthority -CAType EnterpriseRootCa -CryptoProviderName "RSA#Microsoft Software Key Storage Provider" -KeyLength 2048 -HashAlgorithmName SHA512 -ValidityPeriod Years -ValidityPeriodUnits 3

• Verify the certificate works (open in dc1)
• Second Verification netstat -ano | findstr 636

2. Go to administrative area of vsphere client >> Single Sign on Section

3. Join the vsphere client to domain (ryan.local) ]

4. Reboot Node (CLI) (https://portal.nutanix.com/page/documents/details?targetId=vSphere-Admin6-AOS-v6_7:vsp-node-restart-vsphere6-t.html)

• Administration >> deployment >> system configuration >> reboot node

5. Create ou structure (ad users groups on dc1)

6. Create vcenterldap service account (this will be the account that binds to vcenter sso)

7. Create vcenter-admin AD group (add your -adm user) this is the group that will bind to vcenter, if the user is inside the group they will be able to login

8. Copy AD cert to xubuntu-wan (get the cert with the following command) openssl s_client -connect dc1.ryan.local:636 -showcerts

9. Add new SSO Identity source Provider on vcenter (Active Directory over LDAP)

10. Need the proper “DNs” for users and groups OU’s in AD (configure properly, add cert taken from dc1)

11. Add your vcenter-admin account to SSO Users and Groups - Administrators in vcenter (added the vcenter-admins group from step 7 above)

4.2 Creating first clone

Follow Xubuntu dependencies for Powercli and Ansible on xubuntu-wan https://greenmountaincyber.com/docs/topics/vmware/powercli/xubuntu-dependencies Powercli to clone DC1 to make a server2019 base VM https://greenmountaincyber.com/docs/topics/vmware/powercli/extracting-snapshots Repeat steps used for DC1 to make vyos and xubuntu base vms

1. After installing dependecies linked above, should be able to run powershell front xubuntu terminal, set vcenter variable to domain name

2. Connect to vcenter with newly created variable Connect-VIServer -Server $vcenter

3. Quick check of what vms are in vcenter get-vm

4. Set variable to dc1 from get-vm check $vm = get-vm -Name dc1

5. Create snapshot variable and capture snapshot using $vm variable $snapshot = Get-Snapshot -VM $vm -Name "Base"

6. Check vmhost // create vmhost variable

Get-VMhost

7. Create data store variable:

8. Create linked clone variable

9. Create a new linked clone, once the linked clone is made you can create new base VMS

10. Take a snapshot of the base VM

11. Remove the linked clone

4.3 Ubuntu-LinkedClone

1. Create 2 new vmware folders (prod, base VM)

2. Prepare ubuntu-server iso

• Download from: (https://ubuntu.com/download/server)

3. Follow instructions to setup the VM correctly. https://greenmountaincyber.com/docs/topics/vmware/base-vms/ubuntu-server/

4. During installation, create rangeuser

5. Disbale ipv6 sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1 sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1 sudo sysctl -w net.ipv6.conf.lo.disable_ipv6=1

6. pull the following script down, then run the script, after script is done, shutdown, remove CD, take a snapshot called "base" wget https://raw.githubusercontent.com/gmcyber/RangeControl/main/src/scripts/base-vms/ubuntu-server.sh

7. Run the script "clone.ps1" in the code section to easily create linked clone, create base vm based off that linked clone and then delete the linked clone https://github.com/ryanm292002/SEC480/blob/main/clone.ps1