Installing Older Docker Client Binaries on Fedora

Sometimes there’s a need to have different versions of the Docker client binary available. On Linux this can be a bit challenging because you don’t want to install a “full” Docker package (which would also include the Docker daemon); you only need the binary. In this article, I’ll outline a process I followed to get multiple (older) versions of the Docker client binary on my Fedora 27 laptop.

The process has two steps:

  1. Download the RPMs for the older releases from the Docker Yum repository (for Fedora, that repository is here).
  2. Extract the files from the RPM without actually installing the RPM.

For step 1, you can use the curl program to download specific RPMs. For example, to download version 1.12.6 of the Docker client binary, you’d download the appropriate RPM like this:

curl -LO https://yum.dockerproject.org/repo/main/fedora/24/Packages/docker-engine-1.12.6-1.fc24.x86_64.rpm

You’ll note that the URL above appears to be tied to a particular Fedora version (24, in this case). However, that’s only significant/applicable for the entire RPM package; once you extract the specific binaries, you should have no issues running the binaries on a different version (I was able to run older versions of Continue reading

LLDP Information Now Available via the Administration Portal

In oVirt 4.2 we have introduced support for the Link Layer Discovery Protocol (LLDP). It is used by network devices for advertising the identity and capabilities to neighbors on a LAN. The information gathered by the protocol can be used for better network configuration. Learn more about LLDP.

Why do you need LLDP?

When adding a host into oVirt cluster, the network administrator usually needs to attach various networks to it. However, a modern host can have multiple interfaces, each with its non-descriptive name.

Examples

In the screenshot below, taken from the Administration Portal, a network administrator has to know to which interface to attach the network named m2 with VLAN_ID 162. Should it be interface enp4s0, ens2f0 or even ens2f1? With oVirt 4.2, the administrator can hover over enp4s0 and see that this interface is connected to peer switch rack01-sw03-lab4, and learn that this peer switch does not support VLAN 162 on this interface. By looking at every interface, the administrator can choose which interface is the right option for networkm2.

screen

A similar situation arises with the configuration of mode 4 bonding (LACP). Configurating LACP usually starts with network administrator defining a port group Continue reading

Let’s Pretend We Run Distributed Storage over a Thick Yellow Cable

One of my friends wanted to design a nice-and-easy layer-3 leaf-and-spine fabric for a new data center, and got blindsided by a hyperconverged vendor. Here’s what he wrote:

We wanted to have a spine/leaf L3 topology for an NSX deployment but can’t do that because the Nutanix servers require L2 between their nodes so they can be in the same cluster.

I wanted to check his claims, but Nutanix doesn’t publish their documentation (I would consider that a red flag), so I’m assuming he’s right until someone proves otherwise (note: whitepaper is not a proof of anything ;).

Read more ...

Route Filtering Technique: IP Prefix Lists

Today I am going to talk about another route filtering protocol which is widely used in the BGO environment. IP prefix lists are generally used when we need to block or permit the block of the IP addresses in the network.

Before we talk about these protocols,  I would like to tell you guys that we have our own youtube channel for various network videos that can further help you guys to study further. I will going to add many more videos soon on the channel, Please subscribe to the channel for the study network related videos


Subscribe us on Youtube: http://y2u.be/0c4lMYVp9go

Now Let's talk about the route filtering technique named as IP Prefix list. So IP Prefix list is the way to permit and deny the routes with the larger block size.

With the use of two keywords , ge and le we are going to deny or permit the IP Prefix block with the subnet mask. The prefix list is applied to inbound or outbound updates for specific peer by entering the prefix-list command in neighbor address-family mode. 

Prefix list information and counters are displayed in the output of the show ip prefix-list command. Prefix-list counters can Continue reading

Sharing is Caring: Docker Enterprise Edition Access Control

Multi-tenancy has many benefits in organizations. Clearly it increases hardware utilization but it also allows IT roles to specialize more, and provides better separation of concerns. This leads to more manageable infrastructure. Multi-tenancy is a challenging practice though, as it requires strict security control over resources without becoming too cumbersome for application deployment.

This blog post is about the Role-based Access Control (RBAC) enhancements introduced in Docker Enterprise Edition (Docker EE) 17.06. These enhancements allow for much more granular control and also flexible policy modeling that is one giant building block of a multitenant container infrastructure. This post will help you  address questions like:

  • How do I prevent different teams from viewing or interacting with each other’s applications when using shared infrastructure?
  • How can I enforce scheduling on certain nodes in the cluster?
  • How can I manage all the access policies so it’s clearly understandable who has access to what?

Docker EE Access Control is a policy-based model that uses access control lists called grants to dictate access between users and cluster resources. A grant is a rule that ties together who, can do which actions, against what resource.

As shown below, a grant is made Continue reading

Securing Native Cloud Workloads with VMware NSX Cloud Blog Series – Part 1: Getting Started

Introduction As businesses evaluate their applications in the constantly evolving world of IT, new strategies are emerging for delivery. These strategies include keeping applications on-premises or moving them to one or more public cloud providers. These public clouds come with their own networking and security constructs and policy management. This results in a new set of... Read more →

Securing Native Cloud Workloads with VMware NSX Cloud Blog Series – Part 1: Getting Started

Introduction

As businesses evaluate their applications in the constantly evolving world of IT, new strategies are emerging for delivery. These strategies include keeping applications on-premises or moving them to one or more public cloud providers.

These public clouds come with their own networking and security constructs and policy management. This results in a new set of technology siloes that increases expense, complexity and risk:

This blog series will discuss the challenges of providing consistent networking and security policies for native cloud workloads, the value of VMware NSX Cloud, and walk through the process of securing and connecting applications running natively in the public cloud.

VMware NSX Cloud

VMware’s strategy is to enable businesses to create and deliver applications. To support new delivery strategies, VMware NSX Cloud provides consistent networking and security for native applications running in multiple public and private clouds. Utilizing a single management console and a common application programming interface, VMware NSX Cloud offers numerous benefits:

  • Unified Micro-Segmentation Security Policies – VMware NSX Cloud provides control over East-West traffic between native workloads running in public clouds. Security policies are defined once and applied to native workloads. These policies are supported in multiple AWS accounts, regions, and VPCs. Policies are Continue reading

Marvell And Cavium Forge A Datacenter Platform

It has taken what seems like forever, but Arm server processors are starting to get some legs just as a massive consolidation wave, driven as much by the end of Moore’s Law as by the desire to always be bigger, is undertaking the semiconductor industry. All we need is a recession and a price war in the datacenter and a lot of compute, storage, and networking incumbents could be toppled. It wouldn’t be the first time, and it will not be the last.

This is why semiconductor giant Broadcom wants to pay a stunning $130 billion to acquire sometime rival

Marvell And Cavium Forge A Datacenter Platform was written by Timothy Prickett Morgan at The Next Platform.

The loss of net neutrality: Say goodbye to a free and open internet

Update May 17, 2018 Following the U.S. Senate’s 52-47 vote to reinstate net neutrality rules, U.S. Rep. Mike Doyle (D-Pa.) announced the House of Representatives will attempt to also force a vote on the issue under the Congressional Review Act (CRA).“I have introduced a companion CRA in the House,” Doyle said during a press conference yesterday, “but I’m also going to begin a discharge petition, which we will have open for signature tomorrow morning. And I urge every member who supports a free and open internet to join me and sign this petition, so we can bring this legislation to the floor.”To force a vote in the House, the petition needs 218 signatures. The Democrats hold only 193 seats there, so they need 25 Republicans to switch sides.To read this article in full, please click here

Terminology Tuesday Presents: Microservices

Microservices is the philosophy of designing software programs by breaking what used to be a singular function or command into multiple components, known as services.  The ultimate goal is to reduce complexity and increase speed (basically the goal of anything nowadays).

 

Think of Thanksgiving.  A traditional approach would have the same person cook the entire meal.  And likely even do all the dishes.  Think of a world instead where you can assign different individuals (and ovens!) for cooking the turkey, gravy, mashed potatoes, stuffing and anything else that may grace your table.

 

 

Microservices delivers on this dream but also takes the principle to the next level.  Not just breaking up the request (multi-course dinner) into multiple services (turkey, salad, not burning the garlic bread) but making them really really minute.

 

“Services” that used to be inherently linear can now happen concurrently.  To go back to our Thanksgiving example, you could have the potatoes peeled at the same time they’re being mashed.  If we were able to avoid running into one another (part of the magic of software over families in kitchens) everything would become very efficient.

 

Want Continue reading

BrandPost: SD-WAN Vision vs. Acquisition

The migration of applications to the cloud is motivating enterprises to rethink how they architect their WANs, and this in turn has created the SD-WAN market category. The recent acquisition of VeloCloud by VMware, and of Viptela by Cisco earlier in the year, represent attempts by two of the bigger players in IT to stake a claim in this fast-growing new market.While it’s convenient to place products into categories, there are many approaches to SD-WAN, each focused on a different use case or customer base. It was not unexpected to see Cisco go for Viptela. Of all the SD-WAN solutions, Viptela is arguably the one that most closely emulates a traditional router, including conventional device-by-device CLI-based configuration, with a limited amount of central orchestration. It certainly represents the least disruptive approach for Cisco, and gives them an angle to extend the life of the old Swiss army knife known as the ISR.To read this article in full, please click here

How to handle the vanishing radio spectrum: Share frequencies

With the billions of Internet of Things (IoT) devices projected to come on-stream over the next few years, questions are arising as to just where the bandwidth and radio channels are going to come from to make it all work.The sensors need to send their likely increasingly voluminous data back to networks wirelessly to be processed.RELATED: 8 tips for building a cost-effective IoT sensor network But there’s a finite amount of radio spectrum available, and much of it is already allocated to incumbent primary users, such as public safety agencies. Other spectrum is dedicated to mobile network operators who have licensed chunks of it. Some is leftover in the millimeter frequencies, which is thus far pretty much untested in the real world — it’s going to be used for 5G in the future.To read this article in full, please click here

How to handle the vanishing radio spectrum: Share frequencies

With the billions of Internet of Things (IoT) devices projected to come on-stream over the next few years, questions are arising as to just where the bandwidth and radio channels are going to come from to make it all work.The sensors need to send their likely increasingly voluminous data back to networks wirelessly to be processed.RELATED: 8 tips for building a cost-effective IoT sensor network But there’s a finite amount of radio spectrum available, and much of it is already allocated to incumbent primary users, such as public safety agencies. Other spectrum is dedicated to mobile network operators who have licensed chunks of it. Some is leftover in the millimeter frequencies, which is thus far pretty much untested in the real world — it’s going to be used for 5G in the future.To read this article in full, please click here

Worth Reading: Intel moves into 5G

The Intel XMM 8000-series of 5G-capable modems will bring the next generation of wireless connectivity to PCs, smartphones and infrastructure devices with a target consumer-product launch in mid-2019. Intel INTC, -2.23% also updated plans for a new 4G LTE modem that will offer speeds as high as 1.6 gigabits per second, a substantial upgrade from current connectivity options on smartphones (peaking at 1.0 gigabits per second), again with a 2019 target release. — Ryan Shrout @ Market Watch

Your Holiday Cybersecurity Guide

Many of us are visiting parents/relatives this Thanksgiving/Christmas, and will have an opportunity to help our them with cybersecurity issues. I thought I'd write up a quick guide of the most important things.

1. Stop them from reusing passwords

By far the biggest threat to average people is that they re-use the same password across many websites, so that when one website gets hacked, all their accounts get hacked.

To demonstrate the problem, go to haveibeenpwned.com and enter the email address of your relatives. This will show them a number of sites where their password has already been stolen, like LinkedIn, Adobe, etc. That should convince them of the severity of the problem.

They don't need a separate password for every site. You don't care about the majority of website whether you get hacked. Use a common password for all the meaningless sites. You only need unique passwords for important accounts, like email, Facebook, and Twitter.

Write down passwords and store them in a safe place. Sure, it's a common joke that people in offices write passwords on Post-It notes stuck on their monitors or under their keyboards. This is a common security mistake, but that's only because the Continue reading
1 1,830 1,831 1,832 1,833 1,834 3,855