Configure FortiGate Firewall VM to Access Internet

KEEP IN MIND

• In this scenario, FortiGate VM is configured in VMware workstation virtual environment to access the internet.
• The tutorial is mainly divided into 04 sections

1. 1. LAN port configuration
   2. WAN port configuration
   3. Static route configuration
   4. Firewall policy configuration

• The DNS is not configured and kept the default configurations as it is.

Refer below link for initial configuration to Configure FortiGate VM to Access from Web-based Manager

https://techencyclopedia.wordpress.com/2020/06/09/configure-port1-interface-in-fortigate-vm-to-access-web-based-manager/

TUTORIAL

1.0 LAN port configuration

To configure the LAN port go to

Network –> Interfaces

Select the port you need to configure

port 2

Provide the appropriate details

Alias: lan port

Role : LAN

IP address: 192.168.2.1 /255.255.255.0

• In this scenario administrative access provided to HTTPS, SSH, PING
• DHCP server also configured (address range 192.168.2.2 – 192.168.2.254)

2.0 WAN port configuration

To configure the WAN port go to

Network –> Interfaces

Select the port you need to configure

port 1

Provide the appropriate details

Alias: wan port

Role : WAN

IP address: 192.168.1.99 /255.255.255.0

3.0 Static route configuration

To configure the static route go to

Network –> Static Routes —> Create New

Provide the details

Subnet: 0.0.0.0/0.0.0.0

Gateway Address: 192.168.1.1

Interface: port1 (this is the previously configured WAN interface)

“IP route 0.0.0.0 0.0.0.0 Fa0/0 in plain English means “packets from any IP address with any subnet mask get sent to Fa0/0″. Without any other more specific routes defined, this router will send all traffic to Fa0/0.”

4.0 Firewall policy configuration

To configure the firewall policy go to

Policy & Objects –> Firewall Policy —> Create New

Provide the details

Name: Internet access

Incoming Interface: lan port (port2)

Outgoing Interface: wan port (port1)

Source: all

Destination: all

schedule: always

Service: Web Access

Firewall/ Network option: NAT

Security profiles: (Not configured in this case)

Useful links

https://docs.fortinet.com/product/fortigate/6.0

Migrate Emails from G Suite to Office 365 with ‘G Suite migration’

This tutorial depicts how to migrate emails from G Suite, Gmail app to office 365. In this scenario, ‘G Suite migration’ is used which allows to migrate contacts, calendars information along with emails. And it allows to migrate batches of users and can be executed in stages.

 

TEST ENVIRONMENT

Test Gmail email account is created in G Suite with emails for migration

 

INTRODUCTION

IMAP migration vs G Suite migration

IMAP migration

Migration from G Suite mailboxes using the Microsoft 365 admin center. You can use the setup wizard in the Microsoft 365 admin center for an IMAP migration. IMPORTANT: IMAP migration will only migrate emails, not calendar and contact information.

Link: IMAP migration in the Microsoft 365 admin center

Link: Migrate consumer G Suite mailboxes to Microsoft 365 or Office 365

Before Microsoft 365 or Office 365 can connect to Gmail or G Suites, all account owners must create an app password to access their account. This is because Google considers Outlook to be a less secure app and will not allow a connection to it with a password alone.

Link: Prepare your Gmail or G Suite account for connecting to Outlook and Microsoft 365 or Office 365.

Link: Enable 2-step verification for your Google apps users

 

G Suite migration (In this tutorial)

For organizations and enterprises interested in migrating G Suite content, including calendar and contacts information in addition to mailbox data. You can migrate batches of users from G Suite to Microsoft 365 or Office 365, allowing a migration project to be done in stages.

Link: Overview of the process

Link: Perform a G Suite migration

 

KEEP IN MIND

For this tutorial,

• G Suite migration is used to migrate G mail emails, calendar and contact information.
• An Office 365 or Microsoft 365 subscription is needed that includes Exchange Online. (link: https://www.office.com)
• Free trial G suit account is created which includes Gmail application. (Visit following link for basic settings of Gmail app in G Suite (Link: basic configuration of G Mail app in G Suite)
• New domain (EX- abcd@com) is bought from internet registrar (EX- GoDaddy) and DNS records should be configured (Link: Add DNS records to connect your domain)

 

TUTORIAL (PERFORM G SUITE MIGRATION)

The entire migration process is divided into 09 steps

(01) Add the Domain to Office 365
(02) Create a Google Service Account
(03) Enable API usage in your project
(04) Grant access to the service account for your Google tenant
(05) Create a sub-domain for mail routing to Microsoft 365 or Office 365
(06) Create a sub-domain for mail routing to your G Suite domain
(07) Provision users in Microsoft 365 or Office 365
(08) Start a G Suite migration batch with the Exchange admin center (EAC
(09) Finalizing your migration

You can migrate batches of users from G Suite to Microsoft 365 or Office 365, allowing a migration project to be done in stages. This migration requires that you provision all of your users who will be migrated as mail-enabled users outside of the migration process. You must specify a list of users to migrate for each batch.

 

Link: https://docs.microsoft.com/en-us/exchange/mailbox-migration/perform-g-suite-migration

 

01 Add the Domain to Office 365

As the first step, the domain bought from GoDaddy Internet Registrar is configured and verified in O365.

Following link will provide you instructions on how to setup DNS records properly.

Link: Set up your domain (host-specific instructions)

Go to office.com

https://www.office.com/

 

Enter the Domain name bought from the Internet Registrar (In this case, I used GoDaddy)

Then click Use this domain to proceed

 

Click Verify for domain verification. This will take you to GoDaddy main website.

 

Sign in using your GoDaddy credentials

 

Click Connect to authorize Microsoft to enable the required services for the domain

 

In this scenario, the option is selected to Let Microsoft add DNS records (If needed manually DNS records can be added)

 

Click Configure to add DNS records

 

The Domain setup is complete message will be visible after the correct configuration

 

In the Microsoft 365 Admin center, go to the configured domain and make sure the domain status is Healthy

 

And also in DNS records section make sure the status is OK

 

02 Create a Google Service Account

 

It is needed to create a Google Service Account in the Developer page for Service Accounts

 

Go to the Developer page for Service Accounts and login as the G Suite admin

https://console.developers.google.com/iam-admin/serviceaccounts

 

Select CREATE PROJECT to create a new project

 

Enter the project name and CREATE a project

 

CREATE SERVICE ACCOUNT

 

Click Create in Service Account details screen after entering following details

• Service account name
• Service account description

 

Click CONTINUE to proceed in Service account permissions (optional) screen

 

Click DONE to proceed in Grant users access to this service account (optional) screen

 

Select the E-mail Address of the service account just created to enter the details

 

Click EDIT to make configuration

Remember the Uniqe ID which is needed later on

 

Tick Enable G Suite Domain-wide Delegation

 

To create a private key select Create new key

 

The private key is created. for the key type JSON is recommended.

 

The JSON file is downloaded. This file is needed later on.

 

Do not forget to SAVE the configuration

 

03 Enable API usage in your project

 

We need to enable the required APIs (Gmail, Google Calendar and Contacts) in the project created in Developer page for API Library.

 

Go to the Developer page for API Library, sign in and enable the following APIs

• Gmail API
• Google Calendar API
• Contacts AP

https://console.developers.google.com/apis/library

 

Firstly, select the project created earlier

 

Search the API (EX- Gmail API)

 

Enable the API

 

Follow the same process for Google Calendar API and Contacts API

 

04 Grant access to the service account for your Google tenant

 

Go to G Suite admin page

https://admin.google.com/AdminHome

 

Select Security

 

Select Advanced Settings

 

Select MANAGE DOMAIN-WIDE DELEGATION

 

Select Add new to add the client ID generated earlier and OAuth scopes

Developers can register their web applications and other API clients with Google to enable access to data in Google services like Gmail. You can authorise these registered clients to access your user data without your users having to individually give consent or their passwords.

Open Authorization (OAuth) is an open standard protocol that allows an end user’s credentials to access third party applications without exposing the user’s password. OAuth acts as the middle man to decide whether to allow end users access to third party applications. For example, say you want to access web application XYZ, and you do not have a user account for accessing this web application. However, XYZ has the option to allow you to log in using the credentials from a social media website ABC. So you access the website using the social media login. – Cisco

 

Add the client ID and comma separated 4 OAuth scopes and click AUTHORISE

• Client ID
• OAuth scopes

https://mail.google.com/,https://www.googleapis.com/auth/calendar,https://www.google.com/m8/feeds/,https://www.googleapis.com/auth/gmail.settings.sharing

 

ADDITIONAL: How to get client ID and OAuth Scopes

Get the Client ID

https://console.developers.google.com/apis/credentials

 

Get Google Calendar OAUTH Scope

https://developers.google.com/calendar/auth

 

Get Gmail OAUTH Scope

https://developers.google.com/gmail/api/auth/scopes

 

The client ID and OAuth scopes are added

 

05 Create a sub-domain for mail routing to Microsoft 365 or Office 365

 

Go to G Suite admin page

https://admin.google.com/AdminHome

 

Go to Domains

 

Select Add a domain

 

Enter the sub domain (ex- 0365.YOUR_PRIMARY_DOMAIN) and click CONTINUE AND VERIFY DOMAIN OWNERSHIP

 

The sub domain is added and Verified

 

Add the domain (o365.techencyclopediatest.online) to O365 and get MX Records verified

Log into your DNS provider and update your DNS records so that you have an MX record at the domain you created above in step 3, pointing to Microsoft 365 or Office 365. Follow the instructions in Add a domain to Microsoft 365 to add the Microsoft 365 or Office 365 routing domain (“o365.fabrikaminc.net”) to your organization and to configure DNS to route mail to Microsoft 365 or Office 365.

 

06 Create a sub-domain for mail routing to your G Suite domain

 

Follow the same steps shown above and Add a domain alias

 

Enter the domain alias (ex- GSUITE.YOUR_PRIMARY_DOMAIN) and click CONTINUE AND VERIFY DOMAIN OWNERSHIP

 

The added domain alias is Verified

 

07 Provision users in Microsoft 365 or Office 365

After, following the steps to configure G Suite environment, using Exchange admin center or Exchange Online PowerShell, you can migrate the mail boxes.

 

Before proceeding with either method, make sure that Mail Users have been provisioned for every user in the organization who will be migrated (either now or eventually). If any users aren’t provisioned, provision them using the instructions in Manage mail users.

For more advanced scenarios, you may be able to deploy Azure Active Directory (Azure AD) Connect to provision your Mail Users. See Deploy Microsoft 365 Directory Synchronization in Microsoft Azure for an overview, and Set up directory synchronization for Microsoft 365 for setup instructions. Then, you need to deploy an Exchange server in your on-premises environment for user management, and mail-enable your users using this server. For more information, see How and when to decommission your on-premises Exchange servers in a hybrid deployment and Manage mail users. Once the Mail Users have been created in Microsoft 365, the Azure AD Connect may need to be disabled in order to allow the migration process to convert these users into mailboxes – see Turn off directory synchronization for Microsoft 365.

 

IMPORTANT

Microsoft recommends that the primary address (sometimes referred to as the “User Id”) for each user be at the primary domain (such as “user@abcd.com”). Typically, this means that the primary email address should match between Microsoft 365 or Office 365 and G Suite. If any user is provisioned with a different domain for their primary address, then that user should at least have a proxy address at the primary domain.

Each user should have their ExternalEmailAddress point to the user in their G Suite routing domain (“user@gsuite.abcd.com”). The users should also have a proxy address that will be used for routing to their Microsoft 365 or Office 365 routing domain (such as “user@o365.abcd.com”).

 

08 Start a G Suite migration batch with the Exchange admin center (EAC)

Once your G Suite environment has been properly configured, you can complete your migration using 2 methods. In this scenario, method 1 is used.

1. 1. In the Exchange admin center (EAC)
   2. Through the Exchange Online PowerShell.

Start a G Suite migration batch with the Exchange admin center (EAC)

Go to Exchange online OR you can use the following link

https://outlook.office365.com/ecp/

 

From EAC Select

Recipients > Migration > Migration to Exchange Online

 

SELECT THE MIGRATION TYPE: The migration type to use depends on your existing email system, how many mailboxes you want to migrate, and whether you plan to maintain some mailboxes in your on-premises organization or migrate them all to the cloud. You’ll also want to consider how long the migration will take and whether user identity will be managed in your on-premises organization or in Office 365.

 

Add the CSV file which contains users email list of the batch.

A CSV file (users.txt) should be created with the users that need to be migrated.

How to create CSV files for migration

You can use any text editor to create the CSV file, but using an application like Microsoft Excel will make it easier to import data and configure and organize CSV files. Be sure to save CSV files as a .csv or .txt file.

It needs two headers.

• EmailAddress (required). Contains the primary email address for an existing Microsoft 365 or Office 365 mailbox.

• Username (optional). Contains the Gmail primary email address, if it differs from EmailAddress.

More at this link:

https://docs.microsoft.com/en-us/exchange/mailbox-migration/csv-files-for-migration

 

Provide the email address of the super admin within the G Suite environment and add the JSON file previously saved.

 

Give a batch name and provide the target delivery domain name (o365.techencyclopedia.test)

 

Following options are selected before starting the batch

• Automatically start the batch
• Manually complete the batch (by clicking the “Complete this migration batch” link on the right pane after the link becomes active)

 

After synch is completed Complete the migration batch

 

09 Finalizing your migration

After you have successfully migrated all of your G Suite users to Microsoft 365 or Office 365, you can switch your primary MX record to point to Microsoft 365 or Office 365. The update to the MX record will propagate slowly, taking up to the length of time in the record’s previous TTL (time to live). At this point, you are free to decommission your source G Suite tenant.

And also make sure to conduct testing ‘to’ and ‘from’ the mailboxes.

 

TROUBLESHOOT

Verify MX records of sub domains

If the sent emails are not received to both G Suite and O365 make sure the MX Records are configured and verified for the added subdomains.

 

Check spam or junk email folder

If emails are not receviced double check the spam or junk email folder

 

IMPORTANT LINKS

The following article provides valubale insight on the topic ‘How to accomplish a smooth email migration‘ by http://www.wireload.net

https://www.wireload.net/news/2010/03/how_to_accomplish_a_smooth_email_migration_for_your_domain.html

1. Create two sub domains
2. Create a forwarding address in new domain
3. After the migration delete the forwarding address

Using above steps will allow us to not worry about the DNS propagation anymore.

The solution is simple, which makes it great. The key is to have two email addresses on separate domains (sub-domains or separate domains). Since this client was on a hosted Exchange plan, they already had two addresses for these accounts: one for their own domain, and one from the email provider (something like username@non-profit.emailprovider.com). Since both these domains have proper MX-records configured, email can be delivered on both addresses. Fairly straight forward, right? (Phase 0 in the illustration below.)

Now let’s move on to the clever part. Since the non-profit was moving to Google Apps, they needed to change the MX-record for their domain to point to Google’s servers. This can usually disrupt the flow of email, as depending on if the sender’s DNS server is using the new updated MX record or not, the email can be delivered to either the new or the old server. However, since the the email accounts can be reached on two separate domains (and therefor two separate MX-records), we can configure the primary domain to forward the emails to the other domain. In Google Apps this means that you have to create forwarding addresses for every user from username@non-profit.org to username@non-profit.emailprovider.com. (Phase 1 in the illustration below.)

Ok, you might think, that just puts us back to square one. Not so fast. What this means is that we do not have to worry about the DNS propagation anymore. We can do this change the weekend before the actual migration and then all we need to do the weekend of the actual migration is to remove the forwarding and set up a real account. Simple and brilliant. You can even break apart the migration into several groups and do one group at the time. (Phase 2 in the illustration below.)

If you do not have a hosted email solution or are moving to Google Apps, you can still use this method. All you need to do is to create a sub-domain on your own domain and configure your email server and MX-record so that you can receive email there too. Setting up a domain alias is fairly straight forward on most SMTP servers. The only thing you need to pay attention to is to make sure that the ‘From’ address is configured to the primary domain and not the sub-domain.

Basic Configuration of Gmail app in Google G Suite

This article provides basic insight of G Suite tool formerly known as Google apps. G Suite is comprised of many apps namely G mail, Google Calendar, Google Vault etc.

INTRODUCTION

WHAT IS G SUIT?

G Suite is a suite of cloud computing, productivity and collaboration tools, software and products developed by Google, first launched on August 28, 2006 as Google Apps for Your Domain.

WHAT IS INCLUDED IN G SUIT?

Go to these links to get a comprehensive insight of the apps included in G suite.

https://gsuite.google.com/

https://en.wikipedia.org/wiki/G_Suite

G mail

Gmail is a web-based email service, launched in a limited beta release on April 1, 2004. With over 1 billion active consumer users worldwide in February 2016, it has become popular for giving users large amounts of storage space, and for having threaded conversations and robust search capabilities.

As part of G Suite, Gmail comes with additional features designed for business use, including:

• • Email addresses with the customer’s domain name (@yourcompany.com)
  • 99.9% guaranteed uptime with zero scheduled downtime for maintenance
  • 30GB of storage space
  • 24/7 phone and email support
  • Synchronization compatibility with Microsoft Outlook and other email providers
  • Support for add-ons that integrate third-party apps purchased from the G Suite Marketplace with Gmail

Google Calendar

Google Calendar is an online calendar intended to help keep track of time and schedules. It was launched in April 2006, and integrates with Gmail for users to easily add events from email messages directly to the calendar.

As part of G Suite, Google Calendar comes with additional features designed for business use, including:

• • Smart scheduling of meetings, where the service finds available times and appropriate locations based on coworkers’ schedules
  • Public calendars for consumers to see a business’ upcoming events
  • Calendar integration with Google Sites
  • Easy migration from Exchange, Outlook or iCal, or from .ics and .csv files
  • Ability to see what meeting rooms and shared resources are available
  • Provides shareable calendars that integrate seamlessly with Gmail, Drive, Contacts, Sites and Meet so you always know what’s next.

Google Vault

Google Vault, an archiving and electronic discovery service exclusively available to G Suite customers, was announced on March 28, 2012.

Vault gives users “an easy-to-use and cost-effective solution for managing information critical to your business and preserving important data”, with Google stating that it can “reduce the costs of litigation, regulatory investigation and compliance actions” by saving and managing Gmail messages and chat logs with the ability to search and manage data based on filters, such as terms, dates, senders, recipients, and labels.

An update in June 2014 let Vault customers search, preview, copy, and export files in Google Drive.

Jamboard

In October 2016, Google announced Jamboard, the first hardware product designed for G Suite. Jamboard is a digital interactive whiteboard that enables collaborative meetings and brainstorming. The Jamboard is connected to the cloud, and enables people in different locations to work together in real-time through multiple Jamboards or connected remotely through a smartphone companion app. The Jamboard recognizes different touch inputs, such as using a stylus to sketch or eraser to start over, and does not require batteries or pairing. The Jamboard is a 55-inch 4K display with a built-in HD camera, speakers and Wi-Fi.

ACCESS G MAIL FROM G SUIT APP

Login to Google Admin Center

https://admin.google.com/

Sign in to Google Admin Center

Choose Apps from the Admin Console

Select G Suite

Choose the Gmail app

(Before proceeding make sure the Gmail app is ON for everyone)

The following link will take you to your email account

https://mail.google.com/a/YOURDOMAIN.COM

Click setup to access MX records that should be configured in DNS records of registrar

The MX records are visible under Setup

DOMAIN CONFIGURATION

Go to Google Admin Center Console and select Domains

https://admin.google.com

Select Manage domains to add a new domain or manage existing domain

Configure a new domain by selecting Add a domain

(A domain can be bought from Internet domain registrar. EX- GoDaddy)

ACCOUNT SETTINGS

Account settings will allow you to change the profile information (name, primary e-mail, secondary e-mail), preferences, add a logo etc.

Select Account Settings from Google Admin Console

https://admin.google.com

Select profile to change profile information

Make necessary changes

How to Migrate E-mails from Outlook.com to Office 365 with IMAP

The tutorial depicts the step by step E-mail migration process from Outlook.com to office 365 using Internet Message Access Protocol (IMAP). To continue with the migration, it is essential to enable two-step verification using Microsoft Authenticator mobile app in a mobile device.

 

INTRODUCTION

What is IMAP migration?

This onboarding migration type migrates mailbox data from an IMAP server (including Exchange) to Microsoft 365 or Office 365. For an IMAP migration, you must provision mailboxes in Microsoft 365 or Office 365 before you can migrate mailbox data.

• You can use the Internet Message Access Protocol (IMAP) to migrate user email from Gmail, Exchange, Outlook.com, and other email systems that support IMAP migration. When you migrate the user’s email by using IMAP migration, only the items in the users’ inbox or other mail folders are migrated. Contacts, calendar items, and tasks can’t be migrated with IMAP, but they can be by a user.
• IMAP migration also doesn’t create mailboxes in Microsoft 365 or Office 365. You’ll have to create a mailbox for each user before you migrate their email.
• After the email migration is done, any new mail sent to the source email isn’t migrated.[Source: Migrate email from another IMAP-enabled email system]

• Users can import their own email, contacts, and other mailbox information to Microsoft 365 or Office 365. [Source : Migrate email and contacts to Microsoft 365]
• If you are migrating your Outlook.com or Hotmail.com account to Microsoft 365 or Office 365, you’ll need to enable two-step verification (also known as two-factor authentication). [Source :Migrating your Outlook.com account to Microsoft 365 or Office 365]
• In this scenario, IMAP migration is performed from the Microsoft 365 admin center [Source : IMAP migration in the Microsoft 365 admin center]

IMAP MIGRATION TECH ENCYCLOPEDIA MICROSOFT EXCHANGE O365

LIMITATIONS

• You can only migrate items in a user’s inbox or other mail folders. This type of migration doesn’t migrate contacts, calendar items, or tasks.
• You can migrate a maximum of 500,000 items from a user’s mailbox (emails are migrated from newest to oldest).
• The biggest email you can migrate is 35 MB.
• If you limited the connections to your source email system, it’s a good idea to increase them to improve migration performance. Common connection limits include client/server total connections, per-user connections, and IP address connections on either the server or the firewall.

[Source : What you need to know about migrating your IMAP mailboxes to Microsoft 365 or Office 365]

IMAP MIGRATION TECH ENCYCLOPEDIA MICROSOFT EXCHANGE O365

THE IMAP MIGRATION PROCESS

The 11 steps stated in Microsoft documentation can be followed to make the email migration process smooth and error free. However, in this tutorial, all the steps are not mentioned in detail.

[Source : What you need to know about migrating your IMAP mailboxes to Microsoft 365 or Office 365]

1. First you have to create your users in Microsoft 365 or Office 365 and assign licenses to them. The mailboxes have to exist in Microsoft 365 or Office 365 to use IMAP migration.
2. Prepare your IMAP source email system and get the information you need to migrate. If you plan to migrate your domain to Microsoft 365 or Office 365, verify that you own your domain with your domain registrar. Depending on which type of email service you are migrating from, you might need to configure some settings or simply record the name of your email server or service to use later. You also need to verify your domain in your domain registry system if you have a custom domain.
3. Communicate changes to users. It’s a good idea to let users know about the email migration and how it impacts them. Give users information about what tasks need to be done before, during, and after migration.
4. Set up admin credentials or get or reset user email passwords. To perform the migration, you need an administrator account that has permissions, or the username and password to each mailbox.
5. If you are using the steps described in Migrate Google Apps mailboxes to Microsoft 365 or Office 365 or Migrate other types of IMAP mailboxes to Microsoft 365 or Office 365, you will create a list of mailboxes to migrate (CSV file). These migrations instructions start from the Exchange admin center, and you will need to create a CSV file that lists the email addresses, usernames, and passwords for the mailboxes you want to migrate. You can also use the migrations page or setup instructions in the Admin center preview to migrate from IMAP systems such as Gmail, Hotmail.com or Outlook.com. These steps are the best if you plan to migrate mail for only a few users (less than 50). If you are migrating mail for more users it is easier to use a CSV file to enter all the information for the accounts.
6. Connect Microsoft 365 or Office 365 to the source email system. To migrate email successfully, Microsoft 365 or Office 365 needs to connect and communicate with the source email system. To do this, Microsoft 365 or Office 365 uses a migration endpoint, the settings that are used to create the connection.
7. Migrate mailboxes and then verify the migration. To migrate mailboxes, you create a migration batch, and then start the migration. After the migration batch is run, verify that the email was migrated successfully.
8. Optimize email settings (optional). There are some settings you can configure so that it doesn’t take as long for email to start showing up in your new Microsoft 365 or Office 365 mailboxes. See Tips for optimizing IMAP migrations.
9. Begin routing email to Microsoft 365 or Office 365. You need to change a DNS record called an MX record so that your email system can start routing mail to Office 365.
10. Verify routing and then stop email synchronization. After you verify that all email is being routed to Microsoft 365 or Office 365, you can delete the migration batch to stop the synchronization between your source email system and Microsoft 365 or Office 365.
11. Send a welcome letter to users. Let your users know about Microsoft 365 or Office 365 and how to sign in to their new mailboxes.

IMAP MIGRATION TECH ENCYCLOPEDIA MICROSOFT EXCHANGE O365

TEST ENVIRONMENT

A test Outlook.com email account is created with emails for the tutorial

KEEP IN MIND

For this tutorial:

• An office 365 subscription is bought that includes Exchange Online.
• New domain (EX- abcd@com) is bought from internet registrar (EX- GoDaddy) and DNS records should be configured.

Link: Add DNS records to connect your domain

IMAP MIGRATION TECH ENCYCLOPEDIA MICROSOFT EXCHANGE O365

TUTORIAL

Before the migration begins, it is needed to enable two factor authentication.

For that log in to the Outlook.com email account

https://outlook.live.com/owa/

Visit Security Settings page

https://account.live.com/Proofs/Manage

Click Set up two-step verification

Press Next to proceed with two-step verification process

TWO FACTOR AUTHENTICATION : STEP 01

As the first, step make sure security info are up-to-date to receive necessary codes

TWO FACTOR AUTHENTICATION : STEP 02

The second step requires to configure the Microsoft Authenticator app for mobile phone

After pressing next in the previous screen and proceeding, you can download the Microsoft Authenticator app for your mobile phone. Else, you can go to Microsoft website to download the app.

You need the access to a mobile device to proceed and download the Microsoft Authenticator app.

Click get the app

Choose the correct store

• Google Play – Android devices
• App Store – Apple devices

Install the Microsoft Authenticator App

After installing click on the Microsoft Authenticator App icon to open the App

After configuring the two-step verification properly, a request will be sent to the mobile phone to be approved when logging to the E-mail account

You also can make sure the account is protected by two-step verification by visiting the Security Settings

Go to the settings page

https://account.live.com/Proofs/Manage

TWO FACTOR AUTHENTICATION : STEP 03

Third step provides the recovery code to recover the access to the account

TWO FACTOR AUTHENTICATION : STEP 04

In the fourth/ last step, create an app password. The app password is also needed to continue the migration process later on

Go to the settings page

https://account.live.com/Proofs/Manage

And, create a new App password

The new App password is displayed which can be used later on

Login to office 365 subscription services using credentials to perform migration.

Go to office.com

https://www.office.com/

Sign in using credentials

Go to Microsoft Office 365 Admin Center

Go to Setup

In Data Migration select View from Migrate your user’s data

Select View migration to view the options available

Select Outlook as the data service

Click Start migration after providing following details

• Source email address
• Previously generated app password

[Or you can generate a new App password here : https://account.live.com/proofs/AppPassword]

The migration status will change as follows.

• Starting
• Queued
• Syncing
• Synced

After syncing is complete, Close the connection.

It is important to make sure the IMAP e-mail migration is successful and the e-mail addresses are working fine by conducting tests.

USEFUL LINKS

Add DNS records to connect your domain

https://docs.microsoft.com/en-us/microsoft-365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider?view=o365-worldwide

Get the name of your source email server by using Outlook on the web

https://docs.microsoft.com/en-us/exchange/mailbox-migration/migrating-imap-mailboxes/setting-up-your-imap-server-connection

IMAP migration in the Microsoft 365 admin center

https://docs.microsoft.com/en-us/exchange/mailbox-migration/migrating-imap-mailboxes/imap-migration-in-the-admin-center

Migration methods

https://docs.microsoft.com/en-US/exchange/mailbox-migration/office-365-migration-best-practices?WT.mc_id=365AdminCSH

Synchronize Users from Windows Server 2019 Active Directory to Azure AD

This tutorial shows you how to migrate user accounts from Windows Server 2019 Active Directory to Azure Active Directory Domain Services via Azure Active Directory Connect.

KEEP IN MIND

• A virtual Active Directory in Windows Server 2019 test environment was created using VMware Workstation to perform the migration process.
• Please note that, for this tutorial, freely available Microsoft Azure subscription is used.
• The tutorial is divided into 5 main sections

1. 1. 1. Create a tenant
      2. Add the domain name
      3. Create a global user
      4. Download Azure AD Connect
      5. Install Azure AD Connect and initiate synchronization

POST CONFIGURATION TASKS

Windows Server 2019 Active Directory is configured to prepare for the synchronization process.

Link to create Active Directory in Windows Server 2019:

https://techencyclopedia.wordpress.com/2020/02/16/how-to-install-active-directory-in-windows-server-2019-step-by-step-guide/

Couple of test users are created in Active Directory for synchronization

01 CREATE A TENANT

To make the project more organized, a new tenant is created to configure the Azure Active Directory users. A tenant represents an organization in Azure Active Directory.

Choose the Azure Active Directory resource from the Microsoft Azure Portal.

Alternatively, you can search from the search bar located at the top of the screen.

Click the + Create a tenant to create a new tenant

Configure the Basics tab

For the tenant type, Azure Active Directory is chosen

Configure the Configuration tab

Provide the Organization name

Provide the Initial domain name (This will be changed later on)

Provide the Country or Region (The Datacenter location will be based on this input)

Review and Create the tenant

After, reviewing the new tenant information, click create to finalize

After creating the new tenant, switch from the default tenant to the new one.

Go to the Azure Active Directory Overview

Click on Switch tenant

Switch to the new tenant

Confirm that you are connected to the new tenant before proceeding forward.

02 ADD THE DOMAIN NAME

The domain is added to the Azure Active Directory. This should be the same domain name that configured the user accounts in on premises Active Directory Domain Services.

Click on + Add Custom domain to add the domain

To verify the domain name there will be a delay since to propagate DNS records it will take up to 72 hours. However, please note that most of the times it will take less than 72 hours.

To complete the domain name verification process, create following 2 DNS records in the domain name registrar (GoDaddy)

• TXT
• MX

TXT record is added to the GoDaddy (add the MX record as well before clicking the verify button)

After verifying the domain name make it the primary domain name.

Click on the newly added verified domain name

Click on the Make primary 

03 CREATE A GLOBAL USER 

As for the next step, you have to create a user account in Azure Active Directory and provide the Global Administrator privileges. Global Administrator possess all the permissions to manage all aspects of Azure AD and Microsoft services that use Azure AD identities.

Go to users in Azure Active Directory

Click on + New user to start creating a new user process

Choose the Create user option

Insert the details under Identity section

Add the User name and make sure the correct domain name is selected.

Configure the password options

In this case, new password is given instead of allowing to generate a password

Groups and roles section is configured

For the role, Global administrator is chosen from the directory roles menu

After changing the role it will look like this

Complete the rest of the configuration

Block sign in option should be ‘no’ and it is selected by default

After completing the user configuration click create to finalize

After the new global user is created using the credentials log back in to the Azure portal. You will have to change the given password and provide phone authentication details to continue. 

Enter the user name to sign in

Enter the previously given Password

Next screen will prompt you to Update your password

After logging in authentication phone details should be given

Now you are logged in as the newly created User with Global Administrator privileges

Search for Azure Active Directory resource to make further configurations

04 DOWNLOAD AZURE AD CONNECT

After logging back in as the global administrator, go to the Azure Active Directory and download Microsoft Azure Active Directory Connect.

Click on Azure AD Connect to proceed

Click on Download Azure AD Connect to go to the Microsoft Download page

Click on Download button to continue

Read the system requirements and install instructions prior to installing the Azure Active Directory Connect. The System Requirements will provide the information of the supported Operating Systems.

The System Requirements

05 INSTALL AZURE AD CONNECT AND INITIATE SYNCHRONIZATION 

Azure AD Connect is installed in the on-premises Windows Server 2019 Active Directory Domain Controller to initiate the synchronization process.

Log in to Windows Server 2019 (Install and configure AD in Windows server 2019)

(Active Directory user should have Enterprise domain administrator privileges)

Double click on downloaded Azure AD Connect setup file to install Azure AD Connect

Agree to the license terms and privacy notice to continue with the instillation

In this case, Express settings are used

Enter the Azure AD global user credentials

Browser window will prompt to sign in to the account using the password

Complete the phone authentication process

Enter the credentials to connect to the on-premises Active Directory

Tick to start the synchronization process right away after completing the installation

Sign in to Azure to check that on-premises Active Directory users are synchronized to the Azure Active Directory. 

Go to Azure Active Directory > All users

By default the sync process is scheduled to run every 30 minutes. You might want to use sync powershell commands to manually run the process.

Azure AD Connect sync: Scheduler

Read more at:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-feature-scheduler

The scheduler is by default run every 30 minutes. In some cases, you might want to run a sync cycle in between the scheduled cycles or you need to run a different type.

To see your current configuration settings, go to PowerShell and run

Get-ADSyncScheduler

If you need to manually run a sync cycle, then from PowerShell run

Start-ADSyncSyncCycle -PolicyType Delta

To initiate a full sync cycle, run

Start-ADSyncSyncCycle -PolicyType Initial

TROUBLESHOOTING

CANNOT DELETE USERS ACCOUNTS

If you get an error that can’t manage or remove objects that were synchronized through the Azure Active Directory Sync tool it can be two reasons.

This issue may occur if one or more of the following conditions are true:

• The on-premises AD DS is no longer available. Therefore, you can’t manage or delete the object from the on-premises environment.
• You deleted an object from the on-premises AD DS. However, the object wasn’t deleted from your cloud service organization. This is unexpected behavior.

Read more at following article

https://docs.microsoft.com/en-au/troubleshoot/azure/active-directory/cannot-manage-objects

Disable Inbuilt Local Administrator Account in Windows Server 2019

This tutorial shows you how to disable the inbuilt local administrator account in Windows Server 2019 operating system.

 

After installing Windows Server 2019 OS (Click here for Windows Server 2019 installation), login to the inbuilt Administrator account using the given password.

We need to create a new user account and provide administrator privileges before disabling the inbuilt local administrator account.

 

Go to Server Manager Dashboard

Select Tools > Computer management

Go to Local Users and Groups > Users

Right click and create a New User

Provide an appropriate username for the new local administrator account.

Provide a strong password and confirm it.

Select Password Never Expires Options (Make sure the Account is disabled option is not selected)

 

After creating the new user account, it is required to add it to the Administrators group. Else, it would not have the necessary permission to alter the settings of the inbuilt local administrator account.

 

To add the new administrator account to administrators group go to

Computer management > Local Users and Groups > Groups

Right click on Administrators group and select properties

Type the new username and select OK to add the new local administrator account

Select apply button to add the new local administrator account to the Administrators group

For the next step sign out from the inbuilt local administrator account and login from the newly created local administrator account to disable the default administrator account.

 

Go to Local Users and Groups > Users

Right click on the inbuilt administrator account and select properties

Select Account is disabled option from General tab

Now the local inbuilt administrator account is disabled and cannot be used to gain access to the server 2019. This will provide improved security since cyber criminals have to guess the administrator account name.

Create Azure Active Directory and Azure Active Directory Domain Services

KEEP IN MIND

• It is recommended to create a Resource Group and configure the rest of the resources under that for easier management.
• The tutorial is divided into 4 main sections

1. 1. Create a resource group
   2. Create Virtual Networks Resource
   3. Create Azure Active Directory
   4. Create Azure AD Domain Services

TUTORIAL

01 Create a Resource Group

Firstly, a resource group is created.

Go to the Azure portal and click on the ‘Resource Groups’ icon. Alternatively, you can search in Azure search bar as well, if needed.

Click on the add plus sign and create a new Azure Resource Group

Enter the Project details such as subscription type (in this case it is free) and the resource group name

Furthermore, in the resource details section, choose an appropriate region.

Confirm the configurations and create the resource group

02 Create Virtual Networks Resource

Go to Azure portal and select and create a ‘Virtual Networks’ resource

Add a new Virtual Network

 

The ‘Create Virtual Network’ windows will open which has 5 different tabs. Configure the tabs to create new virtual network.

Basics

Fill the project and instance details.

Project details

• For ‘Subscription’ free ‘Azure subscription 1’ is selected
• For ‘Resource Group’ RG1 is selected. (If it was not created earlier, an option is given to create a new Resource Group).

Instance details

• The name of the Virtual Network is provided (You have to provide an appropriate name)
• Region: (US) East (It is ideal to choose the nearby region)

 

IP Addresses

• IP address space is given
• A new subnet also created with subnet name and IP address range

Review + Create

Finally, you can Review the configuration and create the Azure Virtual Network.

03 Create Azure Active Directory

In the Microsoft Azure portal, ‘Azure Active Directory’ resource is chosen.

Azure Active Directory (Azure AD)

Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps your employees sign in and access resources in:

What is Azure Active Directory?

Read following article in Microsoft website to learn about A AD:

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis

Create a domain

In a corporate environment, you have to configure the Domain Name. A domain can be bought from a Internet domain registrar like GoDaddy.

Go to ‘Custom Domain Names’ and select the domain name. (In this case, the default available domain name if chosen. If needed you can add your own domain).

Furthermore, make sure the desired domain is the primary domain (the tick sign will tell you) if multiple domain names are listed.

Create Users

Create the user accounts in ‘Users’ section for the Azure Active Directory

Create a ‘New user’

04 Create Azure AD Domain Services

There are five tabs to configure to create Azure AD Domain Services

Azure Active Directory Domain Services (Azure AD DS)

Azure Active Directory Domain Services (Azure AD DS) provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos / NTLM authentication. You use these domain services without the need to deploy, manage, and patch domain controllers (DCs) in the cloud.

MORE AT: https://docs.microsoft.com/en-us/azure/active-directory-domain-services/overview

Basics

Configure the Basics tab to provide Project details

• Subscription is chosen (in this case, it is the subscription 1 which is free)
• Resource group name given (This must be configured and if you need you can create a new resource group or provide a previously created one)

• The previously configured ‘domain name’ is provided.
• The ‘Forest type’ configured in this scenario is ‘User’. (forest synchronizes all objects from Azure AD, including any user accounts created in an on-premises AD DS environment.)

Forest type | User vs Resource 

User forest

By default, a managed domain is created as a user forest. This type of forest synchronizes all objects from Azure AD, including any user accounts created in an on-premises AD DS environment.

User accounts can directly authenticate against the managed domain, such as to sign in to a domain-joined VM. A user forest works when the password hashes can be synchronized and users aren’t using exclusive sign-in methods like smart card authentication.

Resource forest

In an Azure AD DS resource forest, users authenticate over a one-way forest trust from their on-premises AD DS. With this approach, the user objects and password hashes aren’t synchronized to Azure AD DS. The user objects and credentials only exist in the on-premises AD DS.

This approach lets enterprises host resources and application platforms in Azure that depend on classic authentication such LDAPS, Kerberos, or NTLM, but any authentication issues or concerns are removed. Azure AD DS resource forests are currently in preview.

Resource forests also provide the capability to lift-and-shift your applications one component at a time. Many legacy on-premises applications are multi-tiered, often using a web server or front end and many database-related components. These tiers make it hard to lift-and-shift the entire application to the cloud in one step. With resource forests, you can lift your application to the cloud in phased approach, which makes it easier to move your application to Azure.

 

Networking

• New virtual network is created or previously created one is provided. (This must be configured)
• The subnet is provided. (This must be configured)

Administration

You can manage the membership of the AAD DC (Azure Active Directory Domain Controllers) Administrators group

 

Synchronization 

To change synchronization from “all” to “scoped”, the managed domain needs to be deleted and re-created.

Review + create

Review the configured Azure AD Domain Services and click ‘Create’ to proceed

Finalize after the confirmation since you cannot change following after creating Azure AD Domain Services

• DNS name
• Subscription
• Resource group
• Virtual network
• Subnet
• Synchronization
• Forest type

The deployment is completed

 

Create Windows Server 2019 Datacenter Virtual Machine Using Microsoft Azure

KEEP IN MIND

• In this tutorial, Windows Server 2019 datacenter is installed in an Azure virtual machine and accessed via RDP.
• Furthermore, Microsoft Azure free subscription is used to execute the tutorial. The Azure free account includes access to a number of Azure products that are free for 12 months, $280 credit to spend for the first 30 days of sign-up and access to more than 25 products that are always free. READ MORE AT: https://azure.microsoft.com/en-au/free/free-account-faq/
• If you possess paid subscription to Microsoft 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services, you have a free subscription to Microsoft Azure Active Directory.

INTRODUCTION

What is Microsoft Azure?

Microsoft Azure (formerly known as Windows Azure) is a public cloud computing platform—with solutions including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) that can be used for services such as analytics, virtual computing, storage, networking, and much more.

History

Azure was announced in October 2008, started with codename “Project Red Dog” and released on February 1, 2010, as Windows Azure before being renamed to Microsoft Azure on March 25, 2014.

Azure regions

A region is a set of datacenters deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network.

60+ regions worldwide, available in 140 countries

https://azure.microsoft.com/en-us/global-infrastructure/regions/

 

What is Azure Resource Manager?

The Azure Resource Manager, introduced in 2014, enables users to create groups of related services so that closely coupled resources can be deployed, managed, and monitored together.

What is Azure resource?

In Azure, the term resource refers to an entity managed by Azure. For example, virtual machines, virtual networks, and storage accounts are all referred to as Azure resources.

What is Resource Group?

A resource group is a container that holds related resources for an Azure solution.

 

OVERVIEW OF AZURE VIRTUAL MACHINES

Azure virtual machines can be used in various ways. Some examples are:

• Development and test – Azure VMs offer a quick and easy way to create a computer with specific configurations required to code and test an application.
• Applications in the cloud – Because demand for your application can fluctuate, it might make economic sense to run it on a VM in Azure. You pay for extra VMs when you need them and shut them down when you don’t.
• Extended datacenter – Virtual machines in an Azure virtual network can easily be connected to your organization’s network.

 

Requirements to create an Azure virtual machine

READ MORE AT:

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/overview

TUTORIAL

Go to Microsoft Azure portal and select ‘virtual machines’ resource

Configure the tabs to create new virtual machine

Basics

Enter the project and instance details along with administrator account information

Project details

• Subscription: Azure subscription 1
• Resource Group: RG1

Instance details

• Virtual machine name: VM1
• Region: (US) East US [You have several options to choose from the menu as the region]
• Availability Options: No infrastructure redundancy required
• Image: Windows Server 2019 Datacenter
• Size: Standard

• Administrator account details should be given with a strong password to create one
• Inbound port rules are configured to access the Azure virtual machine

HTTP (80), HTTPS (443), SSH (22), RDP (3389)

Disks

Configure disks for storage of the Azure Virtual Machine (VM) that you are going to create

 

Networking

Configure the network interface of the virtual machine

Network interface

• A Virtual network is created (This is a required configuration)
• A subnet is also configured within the virtual network (This is a required configuration)
• The public IP address is used to communicate with the Azure Virtual Network from outside, remotely (This is not a must requirement)

 

 

Management

Configure the management settings

Azure Security Center

• Basic security plan is already enabled by Azure Security Center

Monitoring

• For monitoring purposes ‘Diagnostics storage account’ is created

• If Auto-shutdown is enabled, the Azure Virtual Machine will be shut down daily.
• Backups can be enabled if needed to protect the Azure Virtual Machine from accidental deletion.

 

Review + create

Review the configurations and create the Azure Virtual Machine

 

Connect to the Azure Virtual Machine

Go to Virtual machines

Select the virtual machine that you have installed

 

Select ‘Connect’

 

Download the RDP file to connect with RDP

 

Press ‘Connect’ to initiate the Remote Desktop Connection

 

Enter the credentials that you have provided for the user account when creating the Azure Virtual Machine

 

Now you can access and configure the newly installed Windows Server 2019

 

Configure Port1 Interface in FortiGate VM to Access Web-based Manager

KEEP IN MIND

• This tutorial shows how to configure the FortiGate VM port1 using FortiGate Console. It grants administrative access to the FortiGate Web-based Manager to make further configuration.
• The downloaded VM supports VMWare ESXi platform version 6.4.0.
• This Fortinet product use FortiOS 6.2.

Hypervisor management environments include a guest console window. On the FortiGate VM, this provides access to the FortiGate console, equivalent to the console port on a hardware FortiGate unit. Before you can access the Web-based manager, you must configure FortiGate VM port1 with an IP address and administrative access.

Refer the link

https://docs.fortinet.com/product/fortigate/6.0

DOWNLOAD

Register and download the FortiGate VM image from below link. For this tutorial virtual machine that supports VMWare ESXi platform version 6.4.0 is downloaded.

link: https://support.fortinet.com/Download/VMImages.aspx

Unzip the downloaded zip file and add FortiGate-VM64.hw07_vmxnet3.ovf to VMware

TUTORIAL

Login to FortiGate Console

The system is booted and login screen will appear

Enter ‘admin’ as the username and keep it blank for the password

Hostname login: admin

password: (keep it blank)

This will force you to change the password

New Password:

Confirm Password:

Show default interface configuration

It is a good idea to check the default interface configuration before moving forward

To see all the interfaces

Hostname # show system interface

To see a specific interface (For instance port1 interface)

The port1 settings reveals that it allows ping, https, ssh, http, fgfm

Hostname # show system interface port1

Configure the port1 interface

Enter following commands to configure the port1 interface

Hostname # config system interface

Hostname (interface) # edit port1

This will allow you to assign a static IP address to the port1 interface

Hostname (port1) # set mode static

Assign the desired IP address. This IP address will be used to connect to FortiGate-VM GUI via a web browser from remote computer

Hostname (port1) # set ip 192.168.1.99 255.255.255.0

or

Hostname (port1) # set ip 192.168.1.99/24

Allow http access to login from the web interface

Hostname (port1) # set allowaccess http

You can allows multiple protocols (ssh will give access from putty)

set allowaccess (http https ping ssh telnet)

This command will confirm the configuration

Hostname (port1) # end

Access FortiGate Web-based Manager

You connect to the FortiGate-VM GUI via a web browser by entering the IP address assigned to the port 1 interface

Set up basic configuration

Dashboard –> Status

This basic configuration will allows you to manage FortiGate VM via the web browser and make further configurations in interface, DNS, static route, policy to secure the network from threats.

Fortinet products

FortiExplorer

FortiExplorer is a simple-to-use Fortinet device management application, enabling you to rapidly provision, deploy, and monitor Security Fabric components including FortiGate and FortiWiFi devices from your mobile device.

FortiAnalyzer

FortiAnalyzer is a platform that integrates network logging, analysis, and reporting into a single system, delivering increased knowledge of security events throughout your network. … In short, FortiAnalyzer provides Centralized Logging, Analysis, and Reporting on a Virtual Platform

Install vCSA 7.0 (vCenter Server Appliance) – PART 3 vSphere 7.0

VMware vSphere 7.0 Series

PART 01: How To Install and Configure VMware ESXi 7.0

PART 02: Install Virtual Machines Using ESXi Web Client

PART 03: Install vCSA 7.0 (vCenter Server Appliance)

KEEP IN MIND

• For this tutorial, vCSA 7.0 installer is downloaded and run in a Windows 10 machine (supported Operating systems options are given below).
• The vCSA 7.0 is installed to ESXi host at 192.168.1.50 which was already installed previously (Link: https://techencyclopedia.wordpress.com/2020/05/06/how-to-install-and-configure-vmware-esxi-7-0-part-1-of-vsphere-7-0/).
• The vCSA 7.0 installer and the running ESXi host should be reachable via the network. In addition to that hardware and storage requirement should be supported to install vCSA 7.0.
• The vCSA 7.0 installation mainly comprised of two stages
  • Stage 01 – Deploy vCenter Server
  • Stage 02 – Setup vCenter Server
• vCenter Server appliance package contains Photon OS 3.0, The vSphere authentication services, PostgreSQL, VMware vSphere Lifecycle Manager Extension, VMware vCenter Lifecycle Manager

INTRODUCTION

vCenter Server

There are two vCenter Server versions you can deploy

• Windows vCenter Server (not included in vSphere 7.0)
• vCenter Server Appliance (vCSA) (What we are going to install now)

Windows vCenter Server

vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location. In vSphere 7.0, vCenter Server for Windows has been removed and support is not available.

vCenter Server Appliance (vCSA)

vCenter Server Appliance is introduced with the release of vSphere 5.0. With vSphere 6.5 and subsequently vSphere 6.5 Update 1, the vCSA has become the fundamental building block of a vSphere environment.

https://blogs.vmware.com/vsphere/2017/08/farewell-vcenter-server-windows.html

https://kb.vmware.com/s/article/2091273

vCenter Server vs vCenter Server Appliance (vCSA) 

This is an excellent article which is focused about the difference between vCenter Server and vCenter Server Appliance (Please note that this is focused on VSphere 6.5)

https://www.definetomorrow.co.uk/blog/2018/4/23/why-use-the-vmware-vcenter-server-appliance-vcsa

vCenter Server

“Installing vCenter server has come a long way since the early days of building and configuring a Windows server. Most of the issues I recall were around databases, either running out of space when using SQL express or remembering to configure the ODBC settings before installing vCenter.

vCenter Server Appliance

This is a pre-configured virtual appliance running Linux (Project Photon OS) that has been optimised specifically for vCenter services. The appliance can be deployed in several different sizes (depending on the number of hosts or virtual machines you need to support) and uses an embedded vpostgres database. In terms of scale it can support anything up to 2000 hosts or 35000 virtual machines per appliance

This is another article that focus vSphere 5.5

http://www.vmwarearena.com/difference-between-vcenter-server/

Thin Provisioning vs Thick Provisioning

Thin Provisioning

A thin-provisioned virtual disk consumes only the space that it needs initially, and grows with time according to demand.

Thick Provisioning

Thick provisioning is a type of storage pre-allocation. With thick provisioning, the complete amount of virtual disk storage capacity is pre-allocated on the physical storage when the virtual disk is created. A thick-provisioned virtual disk consumes all the space allocated to it in the Datastore right from the start, so the space is unavailable for use by other virtual machines.

vCenter Server 7.0 installation and setup

Refer the full vCenter Server 7.0 Installation and Setup PDF guide from VMware 

Click to access vsphere-vcenter-server-70-installation-guide.pdf

Services Installed with vCenter Server

These additional components are installed silently when you install vCenter Server. The components cannot be installed separately as they do not have their own installers.

PostgreSQL

A bundled version of the VMware distribution of PostgreSQL database for vSphere and vCloud Hybrid Services.

vSphere Client

The HTML5-based user interface that lets you connect to vCenter Server instances by using a Web browser. This vSphere Client replaces the Flexbased vSphere Web Client in vSphere 7.0.

vSphere ESXi Dump Collector

The vCenter Server support tool. You can configure ESXi to save the VMkernel memory to a network server, rather than to a disk, when the system encounters a critical failure. The vSphere ESXi Dump Collector collects such memory dumps over the network.

vSphere Auto Deploy

The vCenter Server support tool that can provision hundreds of physical hosts with ESXi software. You can specify the image to deploy and the hosts to provision with the image. Optionally, you can specify host profiles to apply to the hosts, and a vCenter Server location (folder or cluster) for each host.

VMware vSphere Lifecycle Manager Extension

vSphere Lifecycle Manager enables centralized, automated patch and version management for VMware vSphere and offers support for VMware ESXi hosts, virtual machines, and virtual appliances. The VMware vSphere Lifecycle Manager Extension is an optional service of the vCenter Server appliance

VMware vCenter Lifecycle Manager

The vCenter Lifecycle Manager automates the process of virtual machines and removing them from service at the appropriate time. vCenter Lifecycle Manger automatically places servers based on their location, organization, environment, service level, or performance levels. When a solution is found found for a set of criteria, the machine is automatically deployed.

Overview of the vCenter Server Appliance

The vCenter Server appliance is a pre-configured virtual machine that is optimized for running vCenter Server and the associated services.

The vCenter Server appliance package contains the following software:

• Photon OS 3.0
• The vSphere authentication services
• PostgreSQL
• VMware vSphere Lifecycle Manager Extension
• VMware vCenter Lifecycle Manager

Hardware requirements for vCSA 7.0

Storage requirements for vCSA 7.0

System requirements for vCSA 7.0

DOWNLOAD

Download vCSA 7.0 from https://www.vmware.com/

Double click on the downloaded installer to proceed

Four main options are available to choose from

• Install: Install a new vCenter server
• Upgrade: Upgrade the existing vCenter Server Appliance
• Migrate: Migrate from Windows vCenter Server to vCenter Server Appliance
• Restore: Restore vCenter Server from a backup

Choose the ‘install’ option

STAGE 01 – Deploy vCenter Server

Introduction will tell you about the process of 2 stages to deploy and setup vCenter Server.

Press ‘Next’ to continue with the stage 1 of Deploy vCenter Server

Read the License Agreement and accept it

Specify the vCenter deployment target settings

Accept and continue

Set up the vCenter server virtual machine

Select the deployment size. Pay attention to the RAM needed for the variety of deployment sizes available.

Select the Datastore to install the vCenter Server 7.0

In this scenario thin provisioning is enabled

Configure the network setting for vCenter Server 7.0

Review the settings and click ‘Finish’ to complete the installation

Wait until the stage 1 is completed

Stage 1 is completed and press ‘Continue’ to proceed to the stage 2.

If you exit, you can go to the link shown to setup the vCenter Server

https://192.168.1.100:5480

STAGE 02 – Setup vCenter Server

Configuration URL

https://192.168.1.100:5480

Press ‘Next’ to proceed to the stage 2: setup vCenter Server

You may log in if your session is expired using the username and password

For the time synchronization mode NTP servers should be given and this needs to be working and accurate or setup might not complete

New SSO domain is created

Configure the VMware’s Customer Experience Improvement Program (CEIP) that collects and analyzes information to improve products and services.

Review the settings and press ‘Finish’ to proceed

Wait until the set up finishes

Setup is completed and use the given link to log in to vCenter Server web client

Login to vCenter Server 

login to the vCenter Server via vCSA Web Client

https://192.168.1.100:443

The vCenter Server Management summary will look like this

TROUBLESHOOT

• Make sure NTP server addresses are working properly when setting up the vCenter server. Else it might give errors during installation.