Open Server Manager and Select ‘Features’.  Scroll down to the ‘Windows System Resource Manager’ option and click to select.  If the ‘Add Features Wizard’ opens click the button to ‘Add Required Features’.

Click ‘Next’ and ‘Install’ to begin the installation.  Once the installation is complete click to close the install wizard.

To begin configuring Windows System Resource Manager navigate to Start, Administrative Tools, Windows System Resource Manager.

Ensure This computer is select and click ‘Connect’ in the Connect to computer dialog.

Expand Resource Allocation Policies and select ‘Equal_Per_Session’. On the right hand side click ‘Set as Managing Policy’.  Click ‘OK’ to the message “The calendar will be disabled.  Do you want to continue?”.

Run Performance Monitor as a domain administrator. 

Click the + symbol to add a new performance counter.

Click the Browse button next to “Select counters from computer”

Enter the name of the computer you wish to monitor and click OK.

Press Enter on the keyboard.  There will be a slight delay while you are connected to the remote computer.  To confirm you have been connect the computer should now be in the drop down list.

Select each counter you wish to monitor and click add.  The counter(s) will appear in the Added Counters section on the right hand side with the name of the computer it is collecting information about next to it.

You will now begin to see the counter graphing the information.

Step 1: Generate a Private Key

The openssl toolkit is used to generate an RSA Private Key and CSR (Certificate Signing Request). It can also be used to generate self-signed certificates which can be used for testing purposes or internal usage.

The first step is to create your RSA Private Key. This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text.

Step 2: Generate a CSR (Certificate Signing Request)

Once the private key is generated a Certificate Signing Request can be generated. The CSR is then used in one of two ways. Ideally, the CSR will be sent to a Certificate Authority, such as Thawte or Verisign who will verify the identity of the requestor and issue a signed certificate. The second option is to self-sign the CSR, which is what I will be doing for this lab.

During the generation of the CSR, you will be prompted for several pieces of information. These are the X.509 attributes of the certificate. One of the prompts will be for “Common Name (e.g., YOUR name)”. It is important that this field be filled in with the fully qualified domain name of the server to be protected by SSL. If the website to be protected will be https://private.dlabs.co.uk, then enter private.dlabs.co.uk at this prompt. The command to generate the CSR is as follows:

openssl req -new -key server.key -out server.csr

Country Name (2 letter code) [GB]:GB
State or Province Name (full name) [Berkshire]:Berkshire
Locality Name (eg, city) [Newbury]:Newbury
Organization Name (eg, company) [My Company Ltd]:DLabs
Organizational Unit Name (eg, section) []:Information Technology
Common Name (eg, your name or your server's hostname) []:private.dlabs.co.uk
Email Address []:email.address@dlabs.co.uk
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Step 3: Remove Passphrase from Key

One unfortunate side-effect of the pass-phrased private key is that Apache will ask for the pass-phrase each time the web server is started. Obviously this is not necessarily convenient as someone will not always be around to type in the pass-phrase, such as after a reboot or crash. It is possible to remove the Triple-DES encryption from the key, thereby no longer needing to type in a pass-phrase. If the private key is no longer encrypted, it is critical that this file only be readable by the root user! If your system is ever compromised and a third party obtains your unencrypted private key, the corresponding certificate will need to be revoked. With that being said, use the following command to remove the pass-phrase from the key:

cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

The newly created server.key file has no more passphrase in it.

-rw-r--r-- 1 root root 745 Jun 29 12:19 server.csr
-rw-r--r-- 1 root root 891 Jun 29 13:22 server.key
-rw-r--r-- 1 root root 963 Jun 29 13:22 server.key.org

Step 4: Generating a Self-Signed Certificate

At this point you will need to generate a self-signed certificate because you either don’t plan on having your certificate signed by a CA, or you wish to test your new SSL implementation while the CA is signing your certificate. This temporary certificate will generate an error in the client browser to the effect that the signing certificate authority is unknown and not trusted.

To generate a temporary certificate which is good for n days, issue the following command:

openssl x509 -req -days <number of days> -in server.csr -signkey server.key -out server.crt

Signature ok
subject=/C=UK/ST=Berkshire/L=Newbury/O=DLabs AG/OU=Information
Technology/CN=private.dlabs.co.uk/Email=email.address@dlabs.co.uk
Getting Private key

Step 5: Convert the PEM to PKCS
To convert the certificate and the key into one file that can be used in for example Firefox.

openssl pkcs12 -export -in input.crt -inkey input.key -certfile root.crt -out bundle.p12

Step 6: Installing the Private Key and Certificate

When Apache with mod_ssl is installed, it creates several directories in the Apache config directory. The location of this directory will differ depending on how Apache was compiled.

cp server.crt /usr/local/apache/conf/ssl.crt
cp server.key /usr/local/apache/conf/ssl.key

Step 7: Configuring SSL Enabled Virtual Hosts

SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log \
   "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

Step 8: Restart Apache and Test

/etc/init.d/httpd stop
/etc/init.d/httpd stop

Query the time source being used.

w32tm /query /status

Set the list of time sources

w32tm /config /manualpeerlist:<Time Source> /syncfromflags:MANUAL

update to use the new time source

w32tm /config /update

Query difference to time source.

w32tm /stripchart /computer:<Time Source> /samples:5 /dataonly
w32tm /stripchart /computer:chronos.csr.net /samples:5 /dataonly

Resync with the time source.

w32tm /resync

It is often useful when testing file transfers to have a file of a particular size. Rather than hunting around for a file of the required size why not simply create one of the desired size.

Generating files of any length in Windows

First open the command line interface by clicking Start > Run… and entering “cmd” (without the quotes) in the dialog form. By pressing Enter the command line interface will pop up and you can insert the following string to create a new file:

C:\>fsutil file createnew <filename> <filesize in bytes>

As you see you have to state the specific file size in bytes! For a conversion of megabytes or kilobytes to bytes see this or this conversion tool.

For example this string creates a new file named testfile.txt sized 1 Kb located in the root directory of partition C:

C:\>fsutil file createnew C:\testfile.txt 1024

Generating files of any length in Linux

File generation with Linux is as easy as with Windows. The `dd` tool to (amongst others) create new files comes with virtually every distribution. Here is the example command, intended to be run from within a shell.

dd if=/dev/zero of=<filename> bs=<initial blocksize in bytes> count=<iterations of the blocksize>

The easiest way to create a file of specific length using `dd`is by utilizing suffixes like K (for Kilobytes) or M (for Megabytes) like this:

dd if=/dev/zero of=testfile.txt bs=1K count=1

The command above creates a file of 1KB size in the current working directory.

The man page of `dd`lists the suffixes you may utilize:

BLOCKS and BYTES may be followed by the following multiplicative suffixes: xM M, c 1, w 2, b 512, kB 1000, K 1024, MB 1000*1000, M 1024*1024, GB 1000*1000*1000, G 1024*1024*1024, and so on for T, P, E, Z, Y.

As `dd` is available for all Linux/Unix distributions this applies to Unix Systems (e.g. Solaris) as well.