Manage a Windows Drive Full Situation better

Quick Tutorial: C:\ drive in windows is full or any other drive is full. You may wonder an easy way to get the list of occupancy with the size.

Solution: Use powershell script to get their sizes and perform necessary maintenance

Reference: https://stackoverflow.com/questions/12813826/get-folder-size-from-windows-command-line

$fso = new-object -com Scripting.FileSystemObject
gci -Directory `
  | select @{l='Size'; e={$fso.GetFolder($_.FullName).Size}},FullName `
  | sort Size -Descending `
  | ft @{l='Size [MB]'; e={'{0:N2}    ' -f ($_.Size / 1MB)}},FullName

This is useful in case your running short of disk space in c:\ drive.

The above powershell will get all windows directory and their size in below format:

PS C:\Users\lab\AppData\Local> $fso = new-object -com Scripting.FileSystemObject
PS C:\Users\lab\AppData\Local> gci -Directory `
>>   | select @{l='Size'; e={$fso.GetFolder($_.FullName).Size}},FullName `
>>   | sort Size -Descending `
>>   | ft @{l='Size [MB]'; e={'{0:N2}    ' -f ($_.Size / 1MB)}},FullName
Size [MB]     FullName
---------     --------
12,064.39     C:\Users\lab\AppData\Local\CapCut
1,065.08      C:\Users\lab\AppData\Local\Google
715.57        C:\Users\lab\AppData\Local\Temp
598.92        C:\Users\lab\AppData\Local\AzureFunctionsTools
501.59        C:\Users\lab\AppData\Local\Packages
347.47        C:\Users\lab\AppData\Local\Programs
275.54        C:\Users\lab\AppData\Local\JxBrowser
253.57        C:\Users\lab\AppData\Local\CCleaner Browser
168.46        C:\Users\lab\AppData\Local\R
139.48        C:\Users\lab\AppData\Local\DBeaver
128.05        C:\Users\lab\AppData\Local\npm-cache
45.90         C:\Users\lab\AppData\Local\NuGet
37.03         C:\Users\lab\AppData\Local\CrashDumps
21.21         C:\Users\lab\AppData\Local\Comms
17.31         C:\Users\lab\AppData\Local\Mozilla
12.23         C:\Users\lab\AppData\Local\CEF
10.35         C:\Users\lab\AppData\Local\Auto Screen Capture
6.83          C:\Users\lab\AppData\Local\ConnectedDevicesPlatform
1.27          C:\Users\lab\AppData\Local\Apple Computer
0.51          C:\Users\lab\AppData\Local\D3DSCache
0.20          C:\Users\lab\AppData\Local\Microsoft Help
0.15          C:\Users\lab\AppData\Local\BrowserLock
0.08          C:\Users\lab\AppData\Local\OneDrive
0.05          C:\Users\lab\AppData\Local\cache
0.03          C:\Users\lab\AppData\Local\PlaceholderTileLogoFolder
0.01          C:\Users\lab\AppData\Local\SquirrelTemp
0.01          C:\Users\lab\AppData\Local\Microsoft_Corporation
0.00          C:\Users\lab\AppData\Local\Bytedance
0.00          C:\Users\lab\AppData\Local\VEDetector
0.00          C:\Users\lab\AppData\Local\RStudio
0.00          C:\Users\lab\AppData\Local\McAfee
0.00          C:\Users\lab\AppData\Local\speech
0.00          C:\Users\lab\AppData\Local\.IdentityService
0.00          C:\Users\lab\AppData\Local\VirtualStore
0.00          C:\Users\lab\AppData\Local\Publishers
0.00          C:\Users\lab\AppData\Local\IdentityNexusIntegration
0.00          C:\Users\lab\AppData\Local\ServiceHub
0.00          C:\Users\lab\AppData\Local\DataMigration
0.00          C:\Users\lab\AppData\Local\CyberLink
0.00          C:\Users\lab\AppData\Local\Notepad
0.00          C:\Users\lab\AppData\Local\Apple
0.00          C:\Users\lab\AppData\Local\Apple Inc
0.00          C:\Users\lab\AppData\Local\Acronis
0.00          C:\Users\lab\AppData\Local\Solid State Networks
0.00          C:\Users\lab\AppData\Local\PeerDistRepub
0.00          C:\Users\lab\AppData\Local\Microsoft SDKs
0.00          C:\Users\lab\AppData\Local\Diagnostics
0.00          C:\Users\lab\AppData\Local\ElevatedDiagnostics
0.00          C:\Users\lab\AppData\Local\Microsoft

PS C:\Users\lab\AppData\Local>

YouTube video:

Oracle Key Vault 21.9 prerequisite for installation

Gather Oracle Key Vault Install requirements (same for both 21.8 or 21.9)

Installation requirements:

1. OKV setup can be done using any of the following methods

1. Guest in virtualization platform

2. Guest in OCI compute

3. Oracle Cloud market place as a service

2. OKV needs min. 16 cores (x86_64 architecture) & 16 GB RAM

1. Recommended 24-48cores with intel AENSI (cryptographic acceleration support) & 32GB to 64GB memory

Boot disk needs to a local disk no SAN allowed Memory upsize allowed, downsize not allowed

3. OKV needs 2TB min storage, 6TB recommended [for test install min. 256 GB should be allocated otherwise install will crash in the beginning]

4. OKV allows only 1 network interface

1. QLogic (QL4) isn’t supported

5. OKV supports x86_64 deployment with Oracle Linux 8 update 6 min (embedded OS)

6. No RAID within Oracle Key Vault install. Only hardware RAID in backend storage possible.

7. Restful API endpoint creation requires JAVA min. version 1.7.0.21. Oracle version 12.2.0.1 is already shipped with supported version. Older releases needed exclusive installation. OpenJDK isn’t supported.

Command: namei /usr/bin/java | grep "l java" Output: l java -> /etc/alternatives/java    l java -> /usr/java/jdk1.8.0_131/jre/bin/java

8. No additional software allowed in OKV (like antivirus), oracle doesn’t support OKV with third party software added.

9. FW port exemption list:

Port Number	Protocol	Port Type	Descriptions
22	SSH/SCP port	TCP	Used by Oracle Key Vault administrators and support personnel to remotely administer Oracle Key Vault
161	SNMP port	UDP	Used by monitoring software to poll Oracle Key Vault for system information
443	HTTPS port	TCP	Used by web clients such as browsers and RESTful Administrative commands to communicate with Oracle Key Vault
5695	HTTPS port	TCP	Used by RESTful Key Management commands to communicate with Oracle Key Vault
1521 and 1522	Database TCPS listener ports	TCP	In a primary-standby configuration, listener ports used by Oracle Data Guard to communicate between the primary and standby server. In a cluster configuration, listener ports used to communicate between read-write peer nodes.
7443	HTTPS port	TCP	Listener port used in a primary-standby configuration to run OS commands like synchronizing wallets and configuration files through HTTPS. This port is also used when you add a new node to a cluster.
5696	KMIP port	TCP	Used by Oracle Key Vault endpoints and third party KMIP clients to communicate with the Oracle Key Vault KMIP server
7093	TCP port	TCP	Used by Oracle GoldenGate for transmitting data in a multi-master cluster configuration

10. OS - Supported endpoint config – x64 bit platforms are only supported for online master encryption key. The OS running should be supporting TLS (Transport Layer Security) 1.2

1. Oracle Linux (6, 7, and 8)

2. RHEL (6,7, and 8)

3. Windows Server 2012, 2016, and 2019

11. DB – supported endpoint config

1. DB that needs online master encryption keys to manage their TDE; min. 12.1.0.2 (compatible 12.1.0.0) is required

2. DB that needs just wallet management don’t have such requirement, they can use okvutil upload and download operations.

YouTube Video:

Oracle Key Vault 21.9 download procedure

 Oracle Key Vault Download procedure

1. Go to https://edelivery.oracle.com/

2. Login with usn and psw

3. In the search bar enter text “oracle key vault” and click search

4. Click continue

5. Click continue

6. Agree to license agreement:

7. Read the caution notice highlighted:

8. Click download:

9. Should download a download manager, open it and choose the destination folder where you want the download to go and the click download to see a window like this.

10. Download completion

11. View downloaded file:

As mentioned it is almost 20GB.

12. Validating the physical files:

D:\Downloads\OracleBin\21.8>dir  Volume in drive D is SSD2  Volume Serial Number is 647C-3B8C  Directory of D:\Downloads\OracleBin\21.8 01/07/2024  06:40    <DIR>          . 01/07/2024  06:40    <DIR>          .. 01/07/2024  07:13    20,894,973,952 V1041311-01.iso                1 File(s) 20,894,973,952 bytes                2 Dir(s)  166,817,976,320 bytes free D:\Downloads\OracleBin\21.8>

YouTube:

Oracle Key Vault 21.9 Installation Steps in guest VM

 Oracle Key Vault Installation Steps in Guest VM

Reference: 

https://docs.oracle.com/en/database/oracle/key-vault/21.8/okvig/installing-oracle-key-vault.html#GUID-BCCBB58F-FABD-4CAB-9427-07767D7FEB70

https://docs.oracle.com/en/database/oracle/key-vault/21.9/okvig/installing-oracle-key-vault.html#GUID-BCCBB58F-FABD-4CAB-9427-07767D7FEB70

Please note there is no difference in the install procedure between 21.8 and 21.9, I did compare the install doc using diff utility, there is no concerning change.

1. Ensure prereqs are complete

2. OKV can be installed in either a dedicated physical hardware or a virtual machine

3. Secure a fixed IP address from the network team

IP	192.168.194.121
Subnet mask	255.255.255.0
gateway	192.168.194.1

4. Validate access to the iso file downloaded.

D:\Downloads\OracleBin\21.8>dir  Volume in drive D is SSD2  Volume Serial Number is 647C-3B8C  Directory of D:\Downloads\OracleBin\21.8 01/07/2024  06:40    <DIR>          . 01/07/2024  06:40    <DIR>          .. 01/07/2024  07:13    20,894,973,952 V1041311-01.iso                1 File(s) 20,894,973,952 bytes                2 Dir(s)  166,817,976,320 bytes free D:\Downloads\OracleBin\21.8>

5. Mount the iso file into the DVD drive of the VM and boot it

6. Choose “Press Enter to start the installation of the Oracle Key Vault”

7. On prompt enter root password, remember to note it down, since you will need to set other credentials which manages the OKV at a later stage

8. When prompted enter root password and then press enter again to monitor the installation

9. Re-insert the ISO file if needed

10. Choose classic vs dual-nic mode, since ours is Virtual all, we will choose classic mode (1 interface)

1. Enter ip, subnet mask and gateway details we populated in the beginning

11. The install continues then to complete the installation of self-contained hardened appliance.

12. Once install is complete, use the terminal to login as root and set the password for support user (a user which is used for most of the BAU routines like patching, upgrade etc..)

13. SSH is enabled only to allow support user login.

14. The SSH by default should stay disabled unless upgrade patches are applied.

Post installation steps for OKV:

1. You may not be able to access the appliance you just finished installing using ssh. The ssh to the 192.168.194.122 might fail with below error.

2. But the above error isn’t a concern. Ensure you have already set password for support user in the terminal.

3. The post install mainly involves setting up

1. Setting up administrative user accounts - one time passwords

2. The recovery passphrase

3. DNS and NTP settings

4. Using web browser we need to connect to the below url:

https://192.168.194.122

It will report its not secure, but just proceed, since the certificate isn’t installed yet. This message pops up.

5. Use root password, for the post install (only once) config, the OKV will directly prompt for the root password®. Login with the root password and then create

1. Key admin

2. System admin

3. Audit manager

If there is only OKV admin, you can keep all 3 as same user for instance “admin” for key admin and then reference the same for other 2 admin accounts as well. Grant forward option allows the users to grant their to other users on their own.

6. Recovery passphrase needs to be enabled, the recovery passphrase is very important when it comes to emergency situation listed below…

1. OKV restore

2. Loss or inaccessibility of one of the admin accounts

3. Multimaster node addition

4. To reset recovery passphrase

5. To configure a HSM

7. The root and support user passwords will expire after 365 days, hence we need to ensure they are changed regularly. If you end up logging in 120 days window of the password expiry, you will get a prompt and you can change the password. If not after expiry it is mandatory to change the password before login.

8. Next step involves DNS and NTP config.

9. Alert configuration

YouTube Video: