Federate oVirt engine authentication to OpenID Connect infrastructure

In this post I will introduce how to integrate OIDC with oVirt engine using Keycloak and LDAP user federation.

Prerequisites: I assume you have already setup the 389ds directory server, but the solution is very similar for any other LDAP provider. As OIDC is not integrated into oVirt directly, we use Apache to do the OIDC authentication for us. The mod_auth_openidc module nicely covers all needed functionality.

Overview

Integrate with external OpenID Connect Identity Provider (IDP) to provide Single Sign-On (SSO) across products that use the IDP for authenticating users. We currently have oVirt SSO for providing unified authentication across Administrator and VM portals. The oVirt engine SSO also provides tokens for REST API clients and supports bearer authentication to reuse tokens to access oVirt engine RESTAPI. With external IDP integration the internal oVirt SSO is disabled and browser users will be redirected to the external IDP for authentication. After successful authentication users can access both Admin and VM portals as they normally do. REST API clients don't have to change, they can still obtain a token from engine SSO and use the token for bearer authentication to access oVirt engine RESTAPI. Engine SSO acts as a proxy obtaining the Continue reading

Enjoy a slice of QUIC, and Rust!

Enjoy a slice of QUIC, and Rust!

During last year’s Birthday Week we announced early support for QUIC, the next generation encrypted-by-default network transport protocol designed to secure and accelerate web traffic on the Internet.

We are not quite ready to make this feature available to every Cloudflare customer yet, but while you wait we thought you might enjoy a slice of quiche, our own open-source implementation of the QUIC protocol written in Rust.

Enjoy a slice of QUIC, and Rust!

Quiche will allow us to keep on top of changes to the QUIC protocol as the standardization process progresses and experiment with new features more easily. Let’s have a quick look at it together.

Simple and genuine ingredients

The main design principle that guided quiche’s initial development was exposing most of the QUIC complexity to applications through a minimal and intuitive API, but without making too many assumptions about the application itself, in order to allow us to reuse the same library in different contexts.

For example, while we think Rust is great, most of the stack that deals with HTTP requests on Cloudflare’s edge network is still written in good ol’ C, which means that our QUIC implementation would need to be integrated into that.

The quiche API can process Continue reading

Community Networks: In Tanzania, Helping to Close the Connectivity Gap

Community established networks, also referred to as “community networks” (CNs), have existed for many years and provide a sustainable solution to address the connectivity gaps that exist in urban, remote, and rural areas around the world. While the global statistics estimate that about half of the world population has access to the Internet, the connectivity gap is wide between the developed and developing countries.

In Tanzania, there are 41.8 million voice telephone subscriptions and only 23 million Internet users. A study by Research ICT Africa reported that when Internet access is compared between rural and urban areas, 86% of rural dwellers remain unconnected to the Internet compared to 44.6% in urban areas. Similarly, in Tanzania, fewer women have access to and use of the Internet than men.

In order to address the connectivity challenges in Tanzania, the Internet Society Tanzania Chapter in partnership with the University of Dodoma, supported by Beyond the Net Funding Programme, has built a pilot project using TV white space as a community network solution. The deployed network has connected four educational institutions in rural Tanzania and at the same time provided Internet access to community members around the schools.

In order Continue reading

Review: 4 open-source network management tools improve usability, performance

Network management tools have come a long way from the early command-line products with arcane, text-based configuration files that kept everyone except the resident (typically Linux) guru in the dark. Today’s management tools, replete with desktop or web-based GUIs, easy installs and configuration wizards, are far more accessible. With each iteration vendors find ways to make these tools more powerful and easier to use. For this review, we evaluated newer versions of three established open-source network management products – OpenNMS, Zenoss Core and NetXMS – as well as a relative newcomer, Sensu Core. All four products are free and open source.To read this article in full, please click here

Review: 4 open-source network management tools improve usability, performance

Network management tools have come a long way from the early command-line products with arcane, text-based configuration files that kept everyone except the resident (typically Linux) guru in the dark. Today’s management tools, replete with desktop or web-based GUIs, easy installs and configuration wizards, are far more accessible. With each iteration vendors find ways to make these tools more powerful and easier to use. For this review, we evaluated newer versions of three established open-source network management products – OpenNMS, Zenoss Core and NetXMS – as well as a relative newcomer, Sensu Core. All four products are free and open source.To read this article in full, please click here

IoT roundup: Security problems galore and a way to track urinary infections

The two things everybody knows about IoT are that A, its use is growing at a pretty spectacular rate, encompassing use cases from the most frivolous of consumer gadgetry to the most heavy-duty of industrial machinery, and B, it is, as a consequence, a gloriously tempting target for malicious hackers.News related to point B has been making headlines lately, including the results of a study from Gemalto, which found that roughly half of all companies using IoT didn’t even have the basic ability to detect outside interference or hacking on their devices. That is, in a word, bad.To read this article in full, please click here

Cannot connect the virtual device … because no corresponding device is available on the host

Recently I've been building some VM templates on my MacBook and launching instances of them in VMware. Each time it produced following error:

Cannot connect the virtual device sata0:1 because no corresponding device is available on the host.


Either button caused the guest to boot up. The "No" button ensured that it booted without error on subsequent reboots, while choosing "Yes" allowed me to enjoy the error with each power-on of the guest.

Sata0 is, of course a (virtual) disk controller, and device 1 is an optical drive. I knew that much, but the exact meaning of the error wasn't clear to me, and googling didn't lead to a great explanation.

I wasn't expecting there to be a "corresponding device ... available on the host" because the host has neither a SATA controller nor an optical drive, and no such hardware should be required for my use case, so, what did the error mean?

It turns out that I was producing the template (a .ova file) with the optical drive "connected" (VMware term) to ... something. The issue isn't related to the lack of a device on the host, but that there's no ISO file "inserted" into the virtual drive.

Here's the Continue reading

When Metaphors Fail

We often use metaphors to describe a particular part of a thing or the thing itself. For instance, we might say “I’m as hungry as a horse,” to describe how much we think we could eat (although a more appropriate saying might be “as hungry as a bird,” as it turns out!). Network operators and engineers are no exception to this making of metaphors, of course.

Metaphors have a reductionistic tendency. For instance, when saying I am as hungry as a horse, I am relating the amount of food a horse might eat to the amount of food I feel like eating. The metaphor reduces the entire person and the entire horse so the turn on a single point—a quantity of food. In using this kind of comparison, I am not claiming to have the same number of legs as a horse, or perhaps a swishing tail like a horse.

The danger in using a metaphor is that you can take the part to be the whole. When this happens, the metaphor says things it should not say, and can cause us to misunderstand the scope, complexity, or solution to a problem. For some reason, we tend to do Continue reading

1 1,291 1,292 1,293 1,294 1,295 3,791