Using an SSH Bastion Host

Secure Shell, or SSH, is something of a “Swiss Army knife” when it comes to administering and managing Linux (and other UNIX-like) workloads. In this post, I’m going to explore a very specific use of SSH: the SSH bastion host. In this sort of arrangement, SSH traffic to servers that are not directly accessible via SSH is instead directed through a bastion host, which proxies the connection between the SSH client and the remote servers.

At first, it may sound like the use of an SSH bastion host is a pretty specialized use case. In reality, though, I believe this is a design pattern that can actually be useful in a variety of situations. I plan to explore the use cases for an SSH bastion host in a future blog post.

This diagram illustrates the concept of using an SSH bastion host to provide access to Linux instances running inside some sort of cloud network (like an OpenStack Neutron tenant network or an AWS VPC):

SSH bastion host diagram

Let’s take a closer look at the nuts and bolts of actually setting up an SSH bastion host.

First, you’ll want to ensure you have public key authentication properly configured, both on the bastion host Continue reading

Open vSwitch 2015 Fall Conference

Open vSwitch is an open source software virtual switch that is popular in cloud environments such as OpenStack. Open vSwitch is a standard Linux component that forms the basis of a number of commercial and open source solutions for network virtualization, tenant isolation, and network function virtualization (NFV) - implementing distributed virtual firewalls and routers.

The recent Open vSwitch 2015 Fall Conference agenda included a wide variety speakers addressing a range of topics, including: Open Network Virtualization (OVN), containers, service chaining,  and network function virtualization (NFV).

The video above is a recording of the following sFlow related talk from the conference:
New OVS instrumentation features aimed at real-time monitoring of virtual networks (Peter Phaal, InMon)
The talk will describe the recently added packet-sampling mechanism that returns the full list of OVS actions from the kernel. A demonstration will show how the OVS sFlow agent uses this mechanism to provide real-time tunnel visibility. The motivation for this visibility will be discussed, using examples such as end-to-end troubleshooting across physical and virtual networks, and tuning network packet paths by influencing workload placement in a VM/Container environment.
This talk is a follow up to an Open vSwitch 2014 Fall Conference talk on the Continue reading

NASA: Crayons and cereal help test set baseline for jet engine tests

One of the most destructive and dangerous materials a commercial or military jet engine can ingest is volcanic ash and one of the least would be crayons and cereal.But those two substances were a key part of testing NASA has been conducting on smart engine sensors that could detect and help pilots avoid a volcanic plume. The new sensors are expected to detect the degradation caused by the volcanic ash, quantify the significance of the event, and aid in identifying which components might require maintenance, NASA stated. NASA The ash plume (the brown streak) from the big 2010 volcanic eruption of Eyjafjallajökull in Iceland contributed to airline disruptions in Europe for almost a week.To read this article in full or to leave a comment, please click here

PlexxiPulse—Networking for Cloud Builders

As the industry transitions into the next era of IT, the flood of data and application growth is forcing cloud-based network architectures to change radically. This week, we announced two new products (Plexxi 2.2 Software Suite and Plexxi Switch 3) that combine to provide cloud builders unprecedented capabilities to bring public cloud flexibility and efficiency to the private cloud. The cloud builder generation needs to make the private cloud as easy to consume as the public cloud—and Plexxi’s solutions do just that. These new solutions expand Plexxi’s go-to-market opportunities in content distribution, high frequency trading, enterprise and government market segments. Take a look at this blog post from our CEO that defines cloud builders and outlines how these new products can help cloud builders construct agile, scalable and reliable networks for the Third Era of IT.

Below please find a few of our top picks for our favorite news articles of the week. Enjoy!

SDX Central: New Plexxi Software Targets the ‘Cloud Builders’
By Mike Robuck
Plexxi CEO Rich Napolitano says Tuesday’s announcement of the company’s new Plexxi 2.2 Software Suite for cloud builders and a new switch are major milestones for the company. As a corollary to the Continue reading

4 simple ways to secure your Internet-connected car

Chances are you heard about the pair of clever guys who earlier this year hacked into a Jeep Cherokee's onboard system over the Internet and turned off the engine while the car was on the highway. Although the hack was a controlled demonstration, it proved that such actions are possible, and that scared a lot of people. Arxan Technologies Click for full size connected car security infographicTo read this article in full or to leave a comment, please click here

Stuff The Internet Says On Scalability For November 20th, 2015

Hey, it's HighScalability time:


100 years ago people saw this as our future. We will be so laughably wrong about the future.
  • $24 billion: amount telcos make selling data about you; $500,000: cost of iOS zero day exploit; 50%: a year's growth of internet users in India; 72: number of cores in Intel's new chip; 30,000: Docker containers started on 1,000 nodes; 1962: when the first Cathode Ray Tube entered interplanetary space; 2x: cognitive improvement with better indoor air quality; 1 million: Kubernetes request per second; 

  • Quotable Quotes:
    • Zuckerberg: One of our goals for the next five to 10 years is to basically get better than human level at all of the primary human senses: vision, hearing, language, general cognition. 
    • Sawyer Hollenshead: I decided to do what any sane programmer would do: Devise an overly complex solution on AWS for a seemingly simple problem.
    • Marvin Minsky: Big companies and bad ideas don't mix very well.
    • @mathiasverraes: Events != hooks. Hooks allow you to reach into a procedure, change its state. Events communicate state change. Hooks couple, events decouple
    • @neil_conway: Lamport, trolling distributed systems engineers since 1998. Continue reading

Zürich, Switzerland: CloudFlare’s 69th data center

Grüetzi Zürich, our 5th point of presence (PoP) to be announced this week, and 69th globally! Located at the northern tip of Lake Zürich in Switzerland, the city of Zürich, often referred to as "Downtown Switzerland," is the largest city in the country. Following this expansion, traffic from Switzerland's seven million internet users to sites and apps using CloudFlare is now mere milliseconds away. Although best known to some for its chocolate and banks, Switzerland is home to many of the most significant developments prefacing the modern internet.

Vague but interesting

It was in 1989 that Tim Berners-Lee, a British scientist at CERN, the large particle physics laboratory near Geneva, Switzerland, invented the World Wide Web (WWW). Tim laid out his vision to meet the demand for automatic information-sharing between scientists in universities and institutes around the world in a memo titled, "Information Management: a Proposal". Amusingly, his initial proposal wasn't immediately accepted. In fact, his boss at the time noted that the proposal was, "vague but exciting" on the cover page.

At least one VC may have said something similar to us once upon a time

The first website at CERN—and in the world—was dedicated to the Continue reading

Show 264: Design & Build 8: NSX Deployment

NSX has become a popular option for data center network virtualization. If you do choose to go with NSX, what should you be thinking about? Our focus for today's show is what to consider when designing an NSX implementation, why planning is so essential, and what will change operationally once NSX is in production.

The post Show 264: Design & Build 8: NSX Deployment appeared first on Packet Pushers.

Risky Business #390 — Crypto derpery abounds in wake of Paris attacks

In this week's feature interview we're checking in with FireEye's Jonathan Wrolstad. He's a threat intelligence guy at FireEye and they've just published a really interesting report about what a threat group is doing in terms of target recon. They're using marketing company tricks to recon all sorts of high value targets. It's very interesting stuff, and it's likely tied to the Russian state.

read more

Eight more years of leap-second problems loom as governments punt decision to 2023

Tick. Tick. Tick. Clang! That was the sound of an intergovernmental conference kicking the leap-second can down the road. Sysadmins will be dealing with the consequences for the next eight years.Just as adding an extra day in leap years helps us keep our calendars in step with the rotation of the earth around the sun, adding occasional leap seconds to Coordinated Universal Time (UTC) allows us to keep this time reference in step with the earth's gradually slowing rotation. Without adjustment, there would be about a minute's difference between the two by 2100. Leap seconds are great if you're using your time reference to note exactly when the sun should be directly overhead, or when certain stars should be in view, but for keeping a bunch of servers or Internet routers in sync around the world, continuity matters more than your place in the universe.To read this article in full or to leave a comment, please click here

1 3,153 3,154 3,155 3,156 3,157 3,755