So, you've created a compute instance (ie, a virtual machine) on Amazon EC2. Next question: does the instance require access to and/or from the Internet?
Protip: just because you created the instance in the public cloud, i.e. the cloud that you get to over the Internet, it doesn't mean that your instances all need to sit on the Internet. They can have direct inbound and outbound Internet access, no Internet access, or something in between (which I'll explain).
The basic building block for networking on AWS is the VPC (Virtual Private Cloud). Within a VPC, you define your IP space, gateways, ACLs, DHCP options, and more. Gateways will be the focus of this article.
Continuing on with the theme of previous cheat sheet articles, this article will help decode the format for Amazon Web Services’ Elastic Compute Cloud (EC2) instance types.
An EC2 instance type provides the definition for the size and certain capabilities of the instance:
Some of this information can be gleaned from the instance type name. For the information that can’t, refer to the links below in the references section.
Here is an example of an instance type name: c5d.2xlarge
c | 5 | d | . | 2xlarge |
family | generation | [optional] presence of local storage (aka instance storage) | “t-shirt size”; defines amount of RAM and number of vCPUs |
Continuing on with the theme of previous cheat sheet articles, this article will help decode the format for Amazon Web Services’ Elastic Compute Cloud (EC2) instance types.
Ok, you’ve just launched an Amazon EC2 instance (ie, a virtual machine) and you’re ready to login and get to work. Just once teeeensy problem though… you have no idea how to actually connect to the instance!
This post will walk through how to log into brand new Linux/BSD and Windows instances (the steps are slightly different for different OS families).
Regardless of the operating system, one requirement must be met: you must have connectivity into the Virtual Private Cloud (VPC) where you’ve launched the instance. This could be by giving the instance a public IP address so it’s reachable via the Internet or it could be via a VPN or other private connectivity into the VPC. The rest of the article assumes that this basic network connectivity is in place.
Linux/BSD instances are accessible via SSH. When the instance is launched, the Amazon Machine Image (AMI)–which acts like the template from which your instance is cloned–is setup to generate the necessary SSH host keys on first boot. You will have to provide the user key.
The Linux/FreeBSD AMIs used to launch the instance must support the generation of SSH host keys on first boot. The AMIs from Continue reading
I’d be lying if I said that since starting my new job at Amazon Web Services (AWS), I wasn’t looking forward to writing about all the new things I was going to learn. Obviously there’s the technology and services that make up the platform itself. But there’s also the architectural best practices, the design patterns, and answers to questions like “how does moving to the cloud improve my performance/security/reliability?”
Admittedly, I have a lot to learn. With my background being mostly in the network space for my entire career, stepping out of that and into a software and cloudy world means I’m ramping up on a lot of new skills and knowledge.
I believe I’m not the only one on this journey of learning and that, like me, there a lot of folks who are having to learn the basics of the cloud and specifically, AWS.
This has inspired me to start a new, open-ended series of blog posts that I’ve dubbed AWS ABC’s, targeted at people who have a lot of experiencing designing, operating, and architecting on-premesis systems but are now trying to up-skill by learning how to do the same in the cloud. These posts will Continue reading
Ok, you've just launched an Amazon EC2 instance (ie, a virtual machine) and you're ready to login and get to work. Just once teeeensy problem though… you have no idea how to actually connect to the instance!
This post will walk through how to log into brand new Linux/BSD and Windows instances (the steps are slightly different for different OS families).
For the past few months I’ve been involved in a case study project with some colleagues at Cisco where we’ve been researching what the most relevant software skills are that Cisco’s pre-sales engineers could benefit from. We’re all freaking experts at Outlook of course (that’s a joke ) but we were interested in the areas of programming, automation, orchestration, databases, analytics, and so on. The end goal of the project was to identify what those relevant skills are, have a plan to identify the current skillset in the field, do that gap analysis and then put forward recommendations on how to close the gap.
This probably sounds really boring and dry, and I don’t blame you for thinking that, but I actually chose this case study topic from a list of 8 or so. My motivation was largely selfish: I wanted to see first-hand the outcome of this project because I wanted to know how best to align my own training, study, and career in the software arena. I already believed that to stay relevant as my career moves along that software skills would be essential. It was just a question of what type of skills and in which specific areas.
For the past few months I've been involved in a case study project with some colleagues at Cisco where we've been researching what the most relevant software skills are that Cisco's pre-sales engineers could benefit from. We're all freaking experts at Outlook of course (that's a joke ?) but we were interested in the areas of programming, automation, orchestration, databases, analytics, and so on. The end goal of the project was to identify what those relevant skills are, have a plan to identify the current skillset in the field, do that gap analysis and then put forward recommendations on how to close the gap.
This probably sounds really boring and dry, and I don't blame you for thinking that, but I actually chose this case study topic from a list of 8 or so. My motivation was largely selfish: I wanted to see first-hand the outcome of this project because I wanted to know how best to align my own training, study, and career in the software arena. I already believed that to stay relevant as my career moves along that software skills would be essential. It was just a question of what type of skills and in which specific Continue reading
I spent a long time creating my first Spark bot, Zpark. The first commit was in August and the first release was posted in January. So, six months elapsed time. It’s also over-engineered. I mean, all it does is post messages back and forth between a back-end system and some Spark spaces and I ended up with something so complex that I had to draw a damn block diagram in the user guide to give people a fighting chance at comprehending how it works.
Its internals could’ve been much simpler. But that was part of the point of creating the bot: examining the proper architecture for a scalable application, learning about new technologies for building my own API, learning about message brokers, pulling my hair out over git’s eccentricities and ultimately, having enough material to write this blog post.
In this post I’m going to break down the different functional components of Zpark, discuss what each does, and why–or not–that component is necessary. If I can achieve one goal, it will be to retire to a tropical island ASAP. If I can achieve a second goal, it will be to give aspiring bot creaters (like yourself, presumably) a strong Continue reading
I spent a long time creating my first Spark bot, Zpark. The first commit was in August and the first release was posted in January. So, six months elapsed time. It's also over-engineered. I mean, all it does is post messages back and forth between a back-end system and some Spark spaces and I ended up with something so complex that I had to draw a damn block diagram in the user guide to give people a fighting chance at comprehending how it works.
Its internals could've been much simpler. But that was part of the point of creating the bot: examining the proper architecture for a scalable application, learning about new technologies for building my own API, learning about message brokers, pulling my hair out over git's eccentricities and ultimately, having enough material to write this blog post.
In this post I'm going to break down the different functional components of Zpark, discuss what each does, and why-or not-that component is necessary. If I can achieve one goal, it will be to retire to a tropical island ASAP. If I can achieve a second goal, it will be to give aspiring bot creaters (like yourself, presumably) a strong Continue reading
Cisco Encrypted Traffic Analytics (ETA) sounds just a little bit like magic the first time you hear about it. Cisco is basically proposing that when you turn on ETA, your network can (magically!) detect malicious traffic (ie, malware, trojans, ransomware, etc) inside encrypted flows. Further, Cisco proposes that ETA can differentiate legitimate encrypted traffic from malicious encrypted traffic.
Uhmm, how?
The immediate mental model that springs to mind is that of a web proxy that intercepts HTTP traffic. In order to intercept TLS-encrypted HTTPS traffic, there’s a complicated dance that has to happen around building a Certificate Authority, distributing the CA’s public certificate to every device that will connect through the proxy and then actually configuring the endpoints and/or network to push the HTTPS traffic to the proxy. This is often referred to as “man-in-the-middle” (MiTM) because the proxy actually breaks into the encrypted session between the client and the server. In the end, the proxy has access to the clear-text communication.
Is ETA using a similar method and breaking into the encrypted session?
In this article, I’m going to use an analogy to describe how ETA does what it does. Afterwards, you should feel more comfortable about how Continue reading
Cisco Encrypted Traffic Analytics (ETA) sounds just a little bit like magic the first time you hear about it. Cisco is basically proposing that when you turn on ETA, your network can (magically!) detect malicious traffic (ie, malware, trojans, ransomware, etc) inside encrypted flows. Further, Cisco proposes that ETA can differentiate legitimate encrypted traffic from malicious encrypted traffic.
Uhmm, how?
The immediate mental model that springs to mind is that of a web proxy that intercepts HTTP traffic. In order to intercept TLS-encrypted HTTPS traffic, there's a complicated dance that has to happen around building a Certificate Authority, distributing the CA's public certificate to every device that will connect through the proxy and then actually configuring the endpoints and/or network to push the HTTPS traffic to the proxy. This is often referred to as “man-in-the-middle” (MiTM) because the proxy actually breaks into the encrypted session between the client and the server. In the end, the proxy has access to the clear-text communication.
Is ETA using a similar method and breaking into the encrypted session?
In this article, I'm going to use an analogy to describe how ETA does what it does. Afterwards, you should feel more comfortable about how Continue reading
For a long while now I’ve been brainstorming how I could leverage the API that’s present in the Cisco Spark collaboration platform to create a bot. There are lots of goofy and fun examples of bots (ie, Gifbot) that I might be able to draw inspiration from, but I wanted to create something that would provide high value to myself and anyone else that choose to download and use it. The idea finally hit me after I started using Zabbix for system monitoring. Since Zabbix also has a feature-rich API, all the pieces were in place to create a bot that would act as a bit of middle-ware between Zabbix and Spark. I call the bot: Zpark.
Instead of relying on Zabbix to initiate an email or SMS to alert me of a new issue, I now route all notifications through Zpark and get notified right within my Cisco Spark client. And since I have the Spark client on all of my devices, I can receive alerts no matter where I am or what I’m doing.
Zpark alerts:
For a long while now I've been brainstorming how I could leverage the API that's present in the Cisco Spark collaboration platform to create a bot. There are lots of goofy and fun examples of bots (ie, Gifbot) that I might be able to draw inspiration from, but I wanted to create something that would provide high value to myself and anyone else that choose to download and use it. The idea finally hit me after I started using Zabbix for system monitoring. Since Zabbix also has a feature-rich API, all the pieces were in place to create a bot that would act as a bit of middle-ware between Zabbix and Spark. I call the bot: Zpark.
Didn’t I just write the 2016 statistics post like…. last week? Another year has flown by and with it another year of attempting to prioritize my writing. I’ll be honest, I’m not optimistic about what I’m going to find when I compare 2017 to 2016. It was a year filled with a lot of change and opportunity so I’ll use that as my excuse as to why I didn’t write as much or as often as I had planned.
I was thinking though: every year I set a goal of writing more posts than the previous year, but that’s only 1 metric to go by. Most of my posts are very detailed and fleshed out. It’s nothing to write a post that’s 1000 words. I regularly eclipse 2000 words and have even hit 3000 words. Perhaps I should be thinking more about word count and not post count? Certainly a 2000 word post takes more effort than a 1000 word post. On the other hand, word count says nothing about quality and could easily lead to excessive wordiness and run-on posts just to tilt the metrics.
Enough musing. Let’s review the data!
Ack. Yep, Continue reading
Continuing in a tradition I started early this year where I take a look back at the year that just passed, I’ve again been very fortunate to have had an amazing year, both in my professional and personal lives. Writing this post is my way of forcing myself to stop and take notice of what I was involved in (something I’m not very good at letting myself do in the moment) and also give readers a chance to see the “me” behind the scenes.
Let’s go through the list!
In January, I joined the CPOC team at Cisco based in Raleigh, North Carolina. This was something I worked towards over the course of many months in 2016 and was offered the position in late 2016. Come January of 2017, I had fully transitioned from my prior role and was working full time for CPOC. This change set the stage for everything that happened in my professional life during 2017 and if my gut can be trusted, will end up being a major turning point in my career.
The first thing that we had to do as a result of this new job…
…was planning to uproot Continue reading
Didn't I just write the 2016 statistics post like… last week? Another year has flown by and with it another year of attempting to prioritize my writing. I'll be honest, I'm not optimistic about what I'm going to find when I compare 2017 to 2016. It was a year filled with a lot of change and opportunity so I'll use that as my excuse as to why I didn't write as much or as often as I had planned.
I was thinking though: every year I set a goal of writing more posts than the previous year, but that's only 1 metric to go by. Most of my posts are very detailed and fleshed out. It's nothing to write a post that's 1000 words. I regularly eclipse 2000 words and have even hit 3000 words. Perhaps I should be thinking more about word count and not post count? Certainly a 2000 word post takes more effort than a 1000 word post. On the other hand, word count says nothing about quality and could easily lead to excessive wordiness and run-on posts just to tilt the metrics.
Enough musing. Let's review the data!
Continuing in a tradition I started early this year where I take a look back at the year that just passed, I've again been very fortunate to have had an amazing year, both in my professional and personal lives. Writing this post is my way of forcing myself to stop and take notice of what I was involved in (something I'm not very good at letting myself do in the moment) and also give readers a chance to see the “me” behind the scenes.
Let's go through the list!
For the benefit of readers who haven’t worked with Flask or don’t know what Flask is, it’s a so-called microframework for writing web-based applications in Python. Basically, the framework takes care of all the obvious tasks that are needed to run a web app. Things like talking HTTP to clients, routing incoming requests to the appropriate handler in the app, and formatting output to send back to the client in response to their request. When you use a framework like this, you as the developer can concentrate a lot more on the application logic and worry a lot less about hooking the app into the web.
As you may have guessed from the title of this post, one of the other tasks that Flask manages is logging within the application. For example, if you want to emit a log message when a user logs in or when they upload a new photo, Flask provides a simple interface to generate those log messages.
Flask has a large community of active users built around it and as a result, there’s tons of best practice information out there on scaling, talking to a database, and even whole tutorials on how to Continue reading