Archive

Category Archives for "Systems"

Technology Short Take 106

Welcome to Technology Short Take #106! It’s been quite a while (over a month) since the last Tech Short Take, as this one kept getting pushed back. Sorry about that, folks! Hopefully I’ve still managed to find useful and helpful links to include below. Enjoy!

Networking

Servers/Hardware

  • The Intel Management Engine (ME) has received a bit of attention as a potential security vulnerability; in this article, authors Maxim Goryachy and Mark Ermolov expose some new concerns around the Intel ME and its undocumented Manufacturing Mode.
  • Serve The Home takes a critical look at the Bloomberg Supermicro stories, debunking or at least calling into question many details of the Continue reading

Introducing Docker Enterprise 2.1 – Advancing Our Container Platform Leadership

Operational Insights with Docker Enterprise

Today, we’re excited to announce Docker Enterprise 2.1 – the leading enterprise container platform in the market and the only one designed for both Windows and Linux applications. When Docker Enterprise 2.1 is combined with our industry-proven tools and services in the new Windows Server application migration program, organizations get the best platform for securing and modernizing Windows Server applications, while building a foundation for continuous innovation across any application, anywhere.

In addition to expanded support for Windows Server, this latest release further extends our leadership position by introducing advancements across key enterprise requirements of choice, agility and security.

Choice: Expanding Support for Windows Server and New Kubernetes Features

Supporting Both Windows Server and Linux

Docker Enterprise 2.1 adds support for Windows Server 1709, 1803 and Windows Server 2019* in addition to Windows Server 2016. This means organizations can take advantage of the latest developments for Docker Enterprise for Windows Server Containers while supporting a broad set of Windows Server applications.

  • Smaller image sizes: The latest releases of Windows Server support much smaller image sizes which means improved performance downloading base images and building applications, contributing to faster application delivery and lower storage costs.
  • Improved compatibility requirements: With Windows Server 1709 and beyond, Continue reading

The Push to Modernize at William & Mary

 

At William & Mary, our IT infrastructure team needs to be nimble enough to support a leading-edge research university — and deliver the stability expected of a 325 year old institution. We’re not a large school, but we have a long history. We’re a public university located in Williamsburg, Virginia, and founded in 1693, making us the second-oldest institution of higher education in America. Our alumni range from three U.S. presidents to Jon Stewart.

The Linux team in the university’s central IT department is made up of 5 engineers. We run web servers, DNS, LDAP, the backend for our ERP system, components of the content management system, applications for administrative computing, some academic computing, plus a long list of niche applications and middleware. In a university environment with limited IT resources, legacy applications and infrastructure are expensive and time-consuming to keep going.

Some niche applications are tools built by developers in university departments outside of IT. Others are academic projects. We provide infrastructure for all of them, and sometimes demand can ramp up quickly. For instance, an experimental online course catalog was discovered by our students during a registration period. Many students decided they liked the experimental version Continue reading

Ansible and Infoblox: Roles Deep Dive

Ansible_and_Infoblox

As Sean Cavanaugh mentioned in his earlier Infoblox blog post, the release of Ansible 2.5 introduced a lookup plugin, a dynamic inventory script, and five modules that allow for Infoblox automation. A combination of these modules and lookups in a role provides a powerful DNS automation framework.

Summary

Today we are going to demonstrate how automating Infoblox Core Network Services using Ansible can help make managing IP addresses and routing traffic across your network easy, quick, and reliable. Your network systems for virtualization and cloud require rapid provisioning life cycles; Infoblox helps you manage those lifecycles. When paired with Infoblox, Ansible lets you automate that work. Ansible’s integration with Infoblox is flexible and powerful: you can automate Infoblox tasks with modules or with direct calls to the Infoblox WAPI REST API.

This post will walk you through six real-world scenarios where Ansible and Infoblox can streamline your network tasks:

  1. Creating a provider in one place that is reusable across a collection of roles.
  2. Expanding your network by creating a new subnet with a forward DNS zone. Ansible modules for Infoblox make this common two-part task simple.
  3. Creating a reverse DNS zone, for example, to flag email from any Continue reading

Docker Certified Logging Containers and Plugins from Partners

 

 

The Docker Certified Technology Program is designed for ecosystem partners and customers to recognize Containers and Plugins that excel in quality, collaborative support and compliance. Docker Certification gives organizations enterprises an easy way to run trusted software and components in containers on the Docker Enterprise container platform with support from both Docker and the publisher.  

In this review, we’re looking at Docker Logging Containers and Plugins. Docker Enterprise provides built-in logging drivers to help users get information from docker nodes, running containers and services. The Docker Engine also exposes a Docker Logging Plugin API for use by Partner Docker logging plugins. The user’s needs are solved by innovations from the extensive Docker ecosystem that extend Docker’s logging capabilities which provide complete log management solutions that include searching, visualizing, monitoring, and alerting.

These solutions are validated by both Docker and the partner company and integrated into a seamless support pipeline that provide customers the world class support they have become accustomed to when working with Docker.

Check out the latest certified Docker Logging Containers and Plugins that are now available from our partners on Docker Store:

Docker Achieves FIPS 140-2 Validation

 

We are excited to share that we have achieved formal FIPS 140-2 validation (Certificate #3304) from the National Institute of Standards and Technology (NIST) for our Docker Enterprise Edition Crypto Library. With this validation and industry-recognized seal of approval for cryptographic modules, we are able to further deliver on the fundamental confidentiality, integrity and availability objectives of information security and provide our commercial customers with a validated and secure platform for their applications. As required by the Federal Information Security Management Act (FISMA) and other regulatory technology frameworks like HIPAA and PCI, FIPS 140-2 is an important validation mechanism for protecting the sensitivity and privacy of information in mission-critical systems.

As we highlighted in a previous blog post, Docker Engine – Enterprise version 18.03 and above includes this now-validated crypto module. This module has been validated at FIPS 140-2 Level 1. The formal Docker Enterprise Edition Crypto Library’s Security Policy calls out the specific security functions in Docker Engine – Enterprise supported by this module and includes the following:

  • ID hashes
  • Swarm Mode distributed state store and Raft log (securely stores Docker Secrets and Docker Configs)
  • Swarm Mode overlay networks (control plane only)
  • Swarm Mode mutual TLS implementation
  • Docker daemon socket Continue reading

Spousetivities at DockerCon EU 18

DockerCon EU 18 is set to kick off in early December (December 3-5, to be precise!) in Barcelona, Spain. Thanks to Docker’s commitment to attendee families—something for which I have and will continue to commend them—DockerCon will offer both childcare (as they have in years past) and spouse/partner activities via Spousetivities. Let me just say: Spousetivities in Barcelona rocks. Crystal lines up a great set of activities that really cannot be beat.

Here’s some details on what’s available in Barcelona for DockerCon EU 18:

  • On Monday, December 3, there will be a private tour of Costa Brava and Girona. Girona is an extremely well-preserved medieval walled city dating back to the first century! If you’re a fan of history, this is one not to miss. The tour will, of course, include an amazing lunch in a traditional local restaurant.
  • Tuesday, December 4, participants will do a combined Barcelona city tour along with a visit to the famous La Sagrada Familia. The city tour will include stops to sample a wide variety of tapas in local venues. You’ll also get to visit La Sagrada Familia, which is a definite must-see if you’ve never visited before.
  • Wrapping up the events on Continue reading

More on Setting up etcd with Kubeadm

A while ago I wrote about using kubeadm to bootstrap an etcd cluster with TLS. In that post, I talked about one way to establish a secure etcd cluster using kubeadm and running etcd as systemd units. In this post, I want to focus on a slightly different approach: running etcd as static pods. The information on this post is intended to build upon the information already available in the Kubernetes official documentation, not serve as a replacement.

For reference, the Kubernetes official documentation has a write-up on using kubeadm to establish an etcd cluster with etcd running as static pods. For Kubernetes 1.12.x (the current version as of this writing), that information is here; for Kubernetes 1.11.x, that same information is here.

When using these instructions for use with Kubernetes 1.11.x, the official guide leaves something out that is very important: reconfiguring the kubelet to operate in a standalone fashion (without the Kubernetes control plane). This information is present in the 1.12.x documentation, but it applies to both versions.

Now, lest you think you can just follow the 1.12.x documentation for a 1.11.x cluster, you need Continue reading

The Top 6 Questions You Asked on Containerizing Production Apps

We recently hosted IDC research manager Gary Chen as a guest speaker on a webinar where he shared results from a recent IDC survey on container and container platform adoption in the enterprise. IDC data shows that more organizations are deploying applications into production using containers, driving the need for container platforms like Docker Enterprise that integrate broad management capabilities including orchestration, security and access controls.

The audience asked a lot of great questions about both the IDC data and containerizing production applications. We picked the top questions from the webinar and recapped them here.

If you missed the webinar, you can watch the webinar on-demand here.

Top Questions from the Webinar

Q: What are the IDC stats based on?

A: IDC ran a survey of 300+ container deployers from companies with more than 1,000 employees and have primary responsibility for container infrastructure in the US and modeled it from a variety of data sources they collect about the industry. 

Q: IDC mentioned that 54% of containerized applications are traditional apps. Is there is simple ‘test’ to see if an app can be containerized easily?

Source: IDC, Container Infrastructure Market Assessment: Bridging Legacy and Cloud-Native Architectures — User Survey Continue reading

Docker Certified Containers from Monitoring Partners

 

The Docker Certified Technology Program is designed for ecosystem partners and customers to recognize Containers and Plugins that excel in quality, collaborative support and compliance. Docker Certification gives organizations enterprises an easy way to run trusted software and components in containers on the Docker Enterprise container platform with support from both Docker and the publisher.

In this review, we’re looking at solutions to monitor Docker containers. Docker enables developers to iterate faster with software architectures consisting of many microservices. This poses a challenge to traditional monitoring solutions as the target processes are no longer statically allocated or tied to particular hosts. Monitoring solutions are now expected to track ephemeral and rapidly scaling sets of containers. The Docker Engine exposes APIs for container metadata, lifecycle events, and key performance metrics. Partner Monitoring solutions  collect both system and Docker container events and metrics in real time to monitor the health and performance of the customers entire infrastructure, applications and services. These solutions are validated by both Docker and the partner company and integrated into a seamless support pipeline that provide customers the world class support they have become accustomed to when working with Docker.

Check out the latest certified Docker Monitoring Continue reading

3 Customer Stories You Don’t Want to Miss at DockerCon Barcelona 2018

One of the great things about DockerCon is the opportunity to learn from your peers and find out what they’re doing. We’re pleased to announce several of the sessions in our Customer Stories track. In the track, you’ll hear from your peers who are using Docker Enterprise to modernize legacy applications, build new services and products, and transform the customer experience.

These are just a few of the sessions in the catalog today. You can browse the full list of sessions here. We also have a few more we’ll announce over the coming weeks (some customers just like to keep things under wraps for a little longer).

Desigual Transforms the In-Store Experience with Docker Enterprise Containers Across Hybrid Cloud

Mathias Kriegel, IT Ops Lead and Cloud Architect

Joan Anton Sances, Software Architect

We’re particularly excited to have a local company share their story at DockerCon. In this session, find out how Docker Enterprise has helped Desigual, a global $1 billion fashion retailer headquartered in Barcelona, transform the in-store customer experience with a new “shopping assistant” application.

 

Not Because We Can, But Because We Have To: Tele2 Containerized Journey to the Cloud
Dennis Ekkelenkamp, IT Infrastructure Manager
Gregory Bohncke, Technical Architect

How Continue reading

Validating RAML Files Using Docker

Back in July of this year I introduced Polyglot, a project whose only purpose is to provide a means for me to learn more about software development and programming (areas where am I sorely lacking real knowledge). In the limited spare time I’ve had to work on Polyglot in the ensuing months, I’ve been building out an API specification using RAML, and in this post I’ll share how I use Docker and a Docker image to validate my RAML files.

Since I was (am) using Visual Studio Code as my primary text editor/development environment these days, I started out by looking for a RAML extension that would provide some sort of linting/validation functionality. I found an extension to do RAML syntax highlighting, which seemed like a reasonable first step.

After a bit more research, I found that there was a raml-cli NPM package that one could use to validate RAML files from the command line. I was a bit leery of installing an NPM package on my system, so I thought, “Why not use a Docker container for this?” It will keep my system clean of excess/unnecessary packages and dependencies, and it will provide some practice with Continue reading

Privacy Policy

Effective date: October 19, 2018

HAMY.IO (“us”, “we”, or “our”) operates the https://hamy.io website (hereinafter referred to as the “Service”).

This page informs you regarding our policies concerning the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible from https://hamy.io

At HAMY.IO, we recognize that privacy of your personal information is important. Here is information on what types of personal information we receive and collect when you use our Service, and how we safeguard your information.

Definitions

  • Service: Service is the https://hamy.io website operated by HAMY.IO
  • Personal Data: Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
  • Usage Data: Usage Data is data Continue reading

The Role of Enterprise Container Platforms

As container technology adoption continues to advance and mature, companies now recognize the importance of an enterprise container platform. More than just a runtime for applications, a container platform provides a complete management solution for securing and operationalizing applications in containers at scale over the entire software lifecycle.

While containers may have revolutionized the way developers package applications, container platforms are changing the way enterprises manage and secure both mission-critical legacy applications and microservices both on prem and across multiple clouds. Enterprises are beginning to see that container runtime and orchestration technologies alone don’t address these critical questions:

  • Where did this application come from?
  • Was the application built with company and/or industry best practices in mind?
  • Has this application undergone a security review?
  • Is my cluster performing as expected?
  • If my application is failing or underperforming, where should I look?
  • Will this environment run the same on the new hardware/cloud that we’re using?
  • Can I use my existing infrastructure and/or tools with this container environment?

Leading Industry Analysts Highlight Container Platforms for Enterprise Adoption

For some time, there was a lot of confusion in the market between orchestration solutions and container platforms. But in 2018, we are seeing more alignment across major Continue reading

Now Open: DockerCon Europe Diversity Scholarship!

Over the last 3 years, Docker has provided over 75 financial scholarships to members of the Docker community, who are traditionally underrepresented, to attend DockerCon. By actively promoting diversity of all kinds, our goal is make DockerCon a safe place for all to learn, belong and collaborate.

With the continued support of Docker and one of our DockerCon scholarship sponsors, the Open Container Initiative (OCI), we are excited to announce the launch of the DockerCon Europe Diversity Scholarship Program. This year, we are increasing the number of scholarships we are granting to ensure attending DockerCon is an option for all.

 

Apply Now!

Deadline to Apply:

Friday, 26 October, 2018 at 5:00PM PST

Selection Process

A committee of Docker community members will review and select the scholarship recipients. Recipients will be notified by the week of 7 November 2018.

What’s included:

Full Access DockerCon Conference Pass

Please note, travel expenses are not covered under the scholarship and are the responsibility of the scholarship recipient.

Requirements

Must be able to attend DockerCon Europe 2018

Must be 18 years old or older to apply

Must be able to travel to Barcelona, Spain

We wanted to check back in with DockerCon Continue reading

Hands-on Learning Opportunities at DockerCon EU

 

The value of attending a conference is measured by how much you can learn and who you will meet. While DockerCon has you covered on both fronts. We know that everyone learns differently so the conference provides three options for you.

Workshops: Starting this year at DockerCon San Francisco, we introduced a track dedicated to workshops where technical experts deliver 2-hour deep dive sessions with hands-on tutorials to deepen your understanding of Docker technology, Kubernetes, Isito and solutions from our ecosystem partners. Included as part of your conference pass, you must pre-register for workshops to save your seat.  

Hands on Labs: I instructor-led isn’t your thing, check out the self-paced Hands-On Labs. Also included with our conference pass, Hands-On Labs are available at any time throughout the conference. Drop in between sessions or anytime – grab a seat and launch a tutorial. Docker moderators will be on hand to help answer questions.

Training: In addition, you can add official Docker training courses to your DockerCon schedule at a discounted rate. Come early to Barcelona for a 2 day training course led by Docker authorized instructors and designed specifically for your role in using containers. Each course features a variety Continue reading

Red Hat Ansible Network Automation Updates

With the recent success of the largest AnsibleFest to date I wanted to take a minute to reflect with a network automation perspective on the colossal enhancements the engineering team at Red Hat has done for the Ansible Engine 2.6 release, the Ansible Tower 3.3 release and the recent Ansible Engine 2.7 release. As a reminder for all Ansible lovers there is a porting guide for every release to make upgrades as easy as possible!

For this blog post I am going to cover the following topics:

  • The httpapi connection plugin
  • Support for Arista eAPI and Cisco NX-API
  • New network automation modules
    • net_get and net_put
    • netconf_get, netconf_rpc and netconf_config
    • cli_command and cli_config
  • Improved Ansible Tower User Experience
  • Ansible Tower credential management for network devices
  • Custom Ansible Environment Support for Ansible Tower 


    • The HTTPAPI connection plugin

    Connection plugins allow Ansible to connect to target hosts so it can execute tasks on them. With the Ansible 2.5 release the network_cli connection plugin was introduced, removing the requirement for the provider parameter and standardizing network modules to allow playbooks to look, feel and operate just like they do on Linux hosts. This also allowed Red Hat Ansible Tower to Continue reading

    Docker Certified Plugins From Networking Partners

    Certified-Badges@2x.png

    The Docker Certified Technology Program is designed for ecosystem partners and customers to recognize Containers and Plugins that excel in quality, collaborative support and compliance. Docker Certification gives organizations enterprises an easy way to run trusted software and components in containers on the Docker Enterprise container platform with support from both Docker and the publisher.  

    In this review, we’re looking at Docker Network Plugins. Networking has long been a vertical in the enterprise cloud and data center that has no shortage of complexity. Just as an overarching goal of Docker Enterprise is to make deploying and operating containers as simple as possible, the same goal applies to making Swarm networking as simple as possible. This powerful abstraction of complexity, is applicable regardless of whether in the customers data center or spread across multiple clouds. In some cases Docker Enterprise solves customer problems by shipping built-in plugins and in other scenarios the user’s needs are solved by innovations from the extensive Docker ecosystem. These solutions are validated by both Docker and the partner company and integrated into a seamless support pipeline that provide customers the world class support they have become accustomed to when working with Docker.

    Check out the Continue reading

    The release of Red Hat Ansible Engine 2.7

    RedHat-Ansible-Engine

    Red Hat Ansible Engine 2.7 is now available, featuring improved stability, speed and performance.

    Preparing for the Future

    Ansible Engine 2.7 continues to improve compatibility with modern versions of Python. As a result of changes to support newer versions of Python, support for running Ansible Engine with Python 2.6 has been removed. Management of systems with Python 2.6 installed is still possible, though the system Ansible Engine is running from must have Python 2.7 or Python 3.5 or later. This means if ansible-pull is being used the system running ansible-pull will need Python 2.7 or Python 3.5 or later.

    A new file locking feature is designed to prevent race conditions when delegating to a central resource. For example, if a play calls for several hosts to write to a single file on a remote host it is likely multiple hosts would attempt to write to the file at the same time. This can now be done in Ansible Engine 2.7.

    Deprecating use of features is often a challenging task. This task can be even more challenging when it involves multiple Ansible core modules. In Ansible Engine 2.7, several modules have Continue reading

    1 46 47 48 49 50 126