VMware NSX and SRM: Disaster Recovery Overview and Demo

In this post, I’ll briefly expand on the benefits of utilizing NSX as part of a disaster recovery (DR) solution. For additional information check out my prior multi-site and disaster recovery with NSX posts on the VMware Network Virtualization blog. Additionally, I recently presented at 2016 US VMworld and Europe VMworld on multi-site and disaster recovery solutions and recorded sessions can be viewed here: US VMworld, Europe VMworld.

Prior NSX Multi-site and Disaster Recovery Posts:

With disaster recovery, two challenges in general are:

  1. Recovering the application with the same IP address at the recovery site; this is important because typically there are other dependencies on this IP address such as possibly security, load balancer configs, DNS, application dependencies, etc.

  2. Ensuring security for the application is in place for the application upon disaster recovery; traditional solutions rely on manually updating or syncing security policies across the protected and recovery sites which is Continue reading

Happy New Year

Hi Everyone,

I wish you all a Happy New Year!

Currently im very busy studying for my 2nd attempt at the CCDE Practical exam.
I have it booked for the next slot, which is February 22nd in London.

Thankfully there are more and more material available for the CCDE than just a year ago. One of my primary sources are the study group which I have mentioned before, which Daniel (lostintransit.se) and I started way back.

Im also going through the INE scenarios as well as LiveLessons available through a Safari subscription. Those are really good and I highly recommend them.

One of the primary things im practicing at the moment is picking up business requirements from a given scenario. This is quite hard as im at heart an implementation-focused guy. But its good to learn something new and very useful.

If you are not following it just yet, I can highly recommend the “Unleashing CCDE” site on Cisco Learning Network (https://learningnetwork.cisco.com/blogs/unleashing-ccde). There are alot of good posts there on how to pick up these “soft” skills.

I will keep the blog updated with my study progress through February and we’ll see what happens February 22nd ?

Take Care.

/Kim

Device Configurations Are Not a Good Source of Truth

One of my subscribers sent me this question after watching the second part of Network Automation Tools webinar (or maybe it was Elisa Jasinska's presentation in the Data Center course):

Elisa mentions that for a given piece of data, there should be “one source of truth”. It gets a bit muddled when you have an IPAM tool and Git source control simultaneously. It is not hard to imagine scenarios where these get out of sync especially if you consider multi-operator scenarios.

Confused? He provided a simple scenario:

Read more ...

Privacy legislation reintroduced for mail older than 180 days

A bill has been reintroduced in the U.S. House of Representatives that would require that law enforcement agencies get a warrant before they poke around users’ emails and other communications in the cloud that are older than 180 days.The Email Privacy Act, reintroduced on Monday, aims to fix a loophole in the Electronic Communications Privacy Act that allowed the government to search without warrant email and other electronic communications older than 180 days, stored on servers of third-party service providers such as Google and Yahoo.“Thanks to the wording in a more than 30-year-old law, the papers in your desk are better protected than the emails in your inbox,” digital rights organization, Electronic Frontier Foundation said in a blog post Monday.To read this article in full or to leave a comment, please click here

Privacy legislation reintroduced for mail older than 180 days

A bill has been reintroduced in the U.S. House of Representatives that would require that law enforcement agencies get a warrant before they poke around users’ emails and other communications in the cloud that are older than 180 days. The Email Privacy Act, reintroduced on Monday, aims to fix a loophole in the Electronic Communications Privacy Act that allows the government to search without warrant email and other electronic communications older than 180 days, stored on servers of third-party service providers such as Google and Yahoo. “Thanks to the wording in a more than 30-year-old law, the papers in your desk are better protected than the emails in your inbox,” digital rights organization, Electronic Frontier Foundation said in a blog post Monday.To read this article in full or to leave a comment, please click here

NAT is a firewall

NAT is a firewall. It's the most common firewall. It's the best firewall.

I thought I'd point this out because most security experts might disagree, pointing to some "textbook definition". This is wrong.

A "firewall" is anything that establishes a barrier between some internal (presumably trusted) network and the outside, public, and dangerous Internet where anybody can connect to you at any time. A NAT creates exactly that sort of barrier.

What other firewalls provide (the SPI packet filters) is the ability to block outbound connections, not just incoming connections. That's nice, but that's not a critical feature. Indeed, few organizations use firewalls that way, it just causes complaints when internal users cannot access Internet resources.

Another way of using firewalls is to specify connections between a DMZ and an internal network, such as a web server exposed to the Internet that needs a hole in the firewall to access an internal database. While not technically part of the NAT definition, it's a feature of all modern NATs. It's the only way to get some games to work, for example.

There's already more than 10-billion devices on the Internet, including homes with many devices, as well as most mobile phones. Continue reading

Watch Steve Jobs unveil the iPhone and change the world

10 years ago today, Steve Jobs delivered one of the most masterful product introductions in history when he unveiled the iPhone. Though the idea that Apple was working on a phone had been making its way through the rumor mill over the preceding few months, what the iPhone actually delivered to the table surpassed even the most optimistic of expectations.With a multitouch display and intuitive access to the entire web via mobile Safari, the iPhone instantly changed the way people used their smartphones. And that's not to say nothing of the App Store which went live in July of 2008 and quickly turned the smartphone industry on its head.Apple earlier today, naturally, celebrated 10 years of the iPhone with a special splash page on its website.To read this article in full or to leave a comment, please click here

No, Yahoo! isn’t changing its name

Trending on social media is how Yahoo is changing it's name to "Altaba" and CEO Marissa Mayer is stepping down. This is false.

What is happening instead is that everything we know of as "Yahoo" (including the brand name) is being sold to Verizon. The bits that are left are a skeleton company that holds stock in Alibaba and a few other companies. Since the brand was sold to Verizon, that investment company could no longer use it, so chose "Altaba". Since 83% of its investment is in Alibabi, "Altaba" makes sense. It's not like this new brand name means anything -- the skeleton investment company will be wound down in the next year, either as a special dividend to investors, sold off to Alibaba, or both.

Marissa Mayer is an operations CEO. Verizon didn't want her to run their newly acquired operations, since the entire point of buying them was to take the web operations in a new direction (though apparently she'll still work a bit with them through the transition). And of course she's not an appropriate CEO for an investment company. So she had no job left -- she made her own job disappear.


What happened today Continue reading

Stock-tanking in St. Jude Medical security disclosure might have legs

For better or worse, a security firm’s attempt to cash in on software bugs -- by shorting a company’s stock and then publicizing the flaws -- might have pioneered a new approach to vulnerability disclosure.Last August, security company MedSec revealed it had found flaws in pacemakers and other healthcare products from St. Jude Medical, potentially putting patients at risk.However, the controversy came over how MedSec sought to cash in on those bugs: it did so, by partnering with an investment firm to bet against St. Jude’s stock. Since then, the two parties have been locked in a legal battle over the suspected vulnerabilities. But on Monday, MedSec claimed some vindication.To read this article in full or to leave a comment, please click here

Stock-tanking in St. Jude Medical security disclosure might have legs

For better or worse, a security firm’s attempt to cash in on software bugs -- by shorting a company’s stock and then publicizing the flaws -- might have pioneered a new approach to vulnerability disclosure.Last August, security company MedSec revealed it had found flaws in pacemakers and other healthcare products from St. Jude Medical, potentially putting patients at risk.However, the controversy came over how MedSec sought to cash in on those bugs: it did so, by partnering with an investment firm to bet against St. Jude’s stock. Since then, the two parties have been locked in a legal battle over the suspected vulnerabilities. But on Monday, MedSec claimed some vindication.To read this article in full or to leave a comment, please click here

CyberPowerPC’s Oculus-ready system costs $499 — if you buy a Rift

CyberPowerPC's $499.99 Gamer Ultra VR is the first desktop ready for the Oculus Rift headset that is priced under $500, but there's a caveat.You'll need to buy it with the Oculus Rift headset, which costs more than the PC at $599.99.The bundle will put you back $1,099.98, but that's still a good deal for an Oculus Rift plus desktop, which could otherwise get pretty expensive.The Gamer Ultra VR desktop is available on Best Buy and will also be sold by Amazon. The standalone price for the desktop without the headset is $649.99 on both Best Buy and Amazon.To read this article in full or to leave a comment, please click here

Big Changes in 2017

This past June when I was in North Carolina at Cisco's CPOC lab, I learned that there was a chance-albeit a slim one, but a chance nonetheless-that a position would be opening up on the CPOC team in the fall. By that point I had been to CPOC three times and knew many of the engineers who worked there. I spoke to them to get their feedback, met with the newly-hired manager of the team, and just generally did all the things I thought I should be doing to take advantage of my time being face to face with these folks.

Some Reading on Application Containers

One aspect of my pending migration to Ubuntu Linux on my primary laptop has been the opportunity to explore “non-traditional” uses for Linux containers. In particular, the idea of using Docker (or systemd-nspawn or rkt) to serve as a sandbox (of sorts) for GUI applications really intrigues me. This isn’t a use case that many of the container mechanisms are aiming to solve, but it’s an interesting use case nevertheless (to me, anyway).

So, in no particular order, here are a few articles I found about using Linux containers as application containers/sandboxes (mostly focused around GUI applications):

A Docker-Like Container Management using systemd
Running containers without Docker
Containerizing Graphical Applications on Linux with systemd-nspawn
Debian Containers with systemd-nspawn
Using your own containers with systemd-nspawn and overlayfs

I was successful in using Docker to containerize Firefox (see my “dockerfiles” repository on GitHub)), and was also successful in using systemd-nspawn in the same way, including the use of overlayfs. My experiments have been quite helpful and informative; I have some ideas that may percolate into future blog posts.

iPhone after 10 years: Google overwhelms the iPhone like Microsoft overwhelmed the Mac

In 1991, Harvard Business Review article Computerless Computer Company by Andy Rappaport and Shmuel Halevi explained how Microsoft’s PCs overwhelmed Apple’s Macs. Most of the article’s wisdom would hold true today if applied to Google and Android’s domination of the iPhone.Since Steve Jobs orchestrated Apple’s turnaround in the late 1990s, Apple has recovered from the near-death experience when when Jobs returned and Microsoft loaned Apple $150 million. Apple is now one of the world’s richest companies in the world and is no longer in what the authors called a battle for long-term survival when they asked the question:To read this article in full or to leave a comment, please click here

54% off Quicken Deluxe 2017 Personal Finance & Budgeting Software, Disk or Download – Deal Alert

Take control of your finances with Quicken's finance and budgeting software, updated for 2017. Quicken imports your bank transactions safely and automatically, even from loan, investment & retirement accounts. It categorizes your transactions and puts them in one place. Use it to create a plan to pay off your debt or save for college, a down payment or retirement. Quicken has been discounted 54% from its typical list price of $75, so you can buy it on Amazon right now for just $34.56. This software is for the PC disk or software download. Quicken has personal finance & budgeting software for the Mac currently discounted 40% right here.To read this article in full or to leave a comment, please click here

A Postscript to the Leap Second

The inexorable progress of time clocked past the New Year and at 23:59:60 on the 31st December 2016 UTC the leap second claimed another victim. This time Cloudflare described how the Leap Second caused some DNS failures in Cloudflare’s infrastructure. What's going on here? It should not have been a surprise, yet we still see failing systems.

After Two Years, Do I Find Self-Employment Worthwhile?

In March 2015, I started working for myself exclusively. That is to say, I went from working for someone else full-time while also operating my own company full-time to working strictly for my own company. How am I feeling after nearly two years of self-employment?

Fulfillment

Working for myself has proven to be fulfilling. I like the correlations to be found among opportunity, effort, risk, reward, and failure. I can weigh all of those things, make a decision of how to proceed, and benefit (or suffer) directly in accordance with my decisions. That is fulfilling to me.

Suffering, by the way, isn’t a bad thing. We could all stand to do a bit more of it today, so that we do a bit less of it tomorrow.

Process

I am free of silly processes that cripple my ability to get things done, not that I believe process is inherently bad. With my own company, I still have to define processes, but I can keep them both streamlined and fluid. I’m also free to let the people that work with me define their own processes, with me providing only the input required to achieve the desired result.

Balance

When working for other employers as an IT professional, Continue reading

Response: Proposed server purchase for GitLab.com | GitLab

Gitlab is talking about heading into the private cloud after successfully building a cloud-ready application. The savings are substantial for a small, technology-rich company:

The cloud hosting for GitLab.com excluding GitLab CI is currently costing us about $200k per month. The capital needed for going to metal would be less than we pay for 1 quarter of hosting. The hosting facility costs look to be less than $10k per month. If you spread the capital costs over 2.5 years (10 quarters) it is 10x cheaper to host your own. (My emphasis)

This sounds about right but I don’t think this factors in head count for operating the physical infrastructure. Lets say that two extra FTEs at $15K per month are required, this still one third the cost of AWS. The reaility is $2.4MM is a substantial yearly budget for IT Infrastructure and for an application that already cloud-ready it would go a very long way

For a small company that is focussed on technology adding more headcount is good for capacity. In a team of ten people, adding 2 headcount increases diversity of thinking, ideas and approaches and can be important to spreading out the workload e. Continue reading

1 2,405 2,406 2,407 2,408 2,409 3,841