How to speed up SSL handshake in isolated environments

November 14, 2013 ~ Anton Khitrenovich ~ 1 Comment

Opening an HTTPS URL in the environment that is not connected to the internet may take time. Fortunately, there is a way to speed up this process on the client side. It appears that Windows tries to retrieve fresh CRL (certificate revocation list) from own and third party servers. Obviously, this attempt times out when the client is not connected to the internet. There is no way to disable CRL retrieval completely, but it is possible to reduce retrieval timeout to the minimum allowed. The system will still attempt to contact CRL servers, but it will take less time to go through the whole list of servers.

In addition to SSL handshake, the settings above will speed up any process that involves certificate validation – for example, validation of code signing certificates.

So:

Open Local Group Policy Editor (for example, search for “Edit Group Policy” in the Start Menu)
Go down the tree from “Computer Configuration” => “Windows Settings” => “Security Settings” => “Public Key Policies”
On the right side, double-click on “Certificate Path Validation Settings”
Go to “Network Retrieval” tab
Select “Define these policy settings” checkbox
Change both timeout values under “Default retrieval timeout settings” to 1 second
Click “OK”

For detailed instructions for clients that are part of Active Directory Domain, visit this TechNet topic (although it speaks about increasing timeout and decreasing it).

The instructions above apply to Windows clients, but the same technique may be applicable for the other operating systems.

How to convert VM hard drive from Thick to Thin Provisioning

October 28, 2013 ~ Anton Khitrenovich ~ Leave a comment

Using Thin Provisioning for virtual disks of your VM can save you a lot of useful space on your datastore and significantly speed up maintenance tasks that involve copying or moving of the VMDK files. Apparently, switching from one provisioning format to another can be done easily via Clone Virtual Machine wizard, where Storage tab allows you to specify the virtual disk format for the cloned VM. There you can select either to keep the same disk format as source VM had or choose another one, including Thin Provision. However, the choice of Thin Provision disk format will be silently ignored when the source format is Thick Provisioned and both source and target are located in the same datastore. This behavior is somehow understandable when you think about the underlying implementation, but not user friendly.

So, how can you change the provisioning type of your VM from Thick to Thin anyway? Here is your algorithm.

Do you have more than one datastore available? You can migrate your VM to another datastore, modifying the virtual disk provisioning mode on the way, and then migrate it back if needed. This way is covered in details in the second part of KB2014832 article on VMware Knowledge Base.
Do you have only one datastore or all your datastores are under the same Storage DRS? You can create a clone of your VM with the help of vCenter Converter Standalone. This tool runs on your desktop and allows you to convert one VM format into another, changing most of the VM setting on the way. This includes change of disk provisioning type from Thick to Thin even when both source and destination are located on the same datastore.
Do you prefer the hard and risky ways? If so, dealing with vmkfstools if for you 🙂

Cisco ASA: “Not enough space on device” error fixed

July 11, 2013September 14, 2013 ~ Anton Khitrenovich ~ 2 Comments

Several hours ago I took the ASA device in my lab to the routine software upgrade. I started with the fresh ASDM image upload, but it failed with the error message “Not enough space on device”. The reason sounds obvious, but it is not so trivial – how can you clean up some space on the physical appliance?

It appears that ASA does not clean up old software packages after their installation via ASDM. After several upgrades the flash memory of the device will be full of unused files, with no room to upload new ones. This is the time for manual cleanup. Continue reading “Cisco ASA: “Not enough space on device” error fixed” →

Spring MVC: return view or send error from the same handler

July 4, 2013 ~ Anton Khitrenovich ~ Leave a comment

There are many Spring MVC primers on the web that explains Spring MVC basics to some extent. Example of request handler that creates some model data and returns view name is definitely one of the basics and appears in almost each and every primer. Many of those primers also mention HttpServletResponse.sendError() call as a way to produce custom HTTP error codes. However, I did not find any comprehensive example that combines the two and demonstrates the typical REST flow – respond with data object in some cases and send “204 No Content” in others.

So, here comes the example:

	@RequestMapping( value = "/get/{name}", method = RequestMethod.GET )
	public ModelAndView get( @PathVariable( "name" ) String name, HttpServletResponse resp ) throws IOException
	{
		// Check if we have value
		Object value = map.get( name );
		if ( value == null )
		{
			resp.sendError( HttpServletResponse.SC_NO_CONTENT );
			return null; // no further processing needed
		}
		
		// Continue to the view
		ModelAndView mv = new ModelAndView( "show-value" );
		mv.addObject( "value", value );
		return mv;
	}

Note that it is OK to return null in line 9 – at this point there is enough data in the response object to generate valid output.

How to compare PDF documents (for free)

July 3, 2013July 3, 2013 ~ Anton Khitrenovich ~ 1 Comment

Yesterday I found myself trying to compare multipage PDF documents with code samples. You can imagine how painful and frustrating it was, so I went googling to check what can help me in this task. It appears that there are free alternatives to obvious, but really expensive solution of purchasing Adobe Acrobat license.

My favorite solution for now is WinMerge (yes, it can compare files), accompanied with the xdocdiff plugin that enhances WinMerge with the understanding of the “inner works” of several popular document types.

Here is the installation and configuration procedure:

Download and install WinMerge according to the instructions. Start WinMerge to make sure it is installed correctly.
Download xdocdiff plugin and extract it to some local folder.
Move extracted files according to the instructions in the xdocdiff README file. Ignore the line that says to enable “Automatic Unpacking” – it is still disabled.
Go to “Plugins” → “List…” and select “Enable plugins” checkbox, then click “OK”.
Now you can choose “Plugins” → “Automatic Unpacking” (it is already enabled).

For those who are not familiar with WinMerge – go to “File” → “Open…” and select to files to compare.

Hat tip to this SuperUser answer, that helped me to figure out the correct installation procedure.