k8s + opencontrail on AWS

For anyone interested in running a testbed with Kubernetes and OpenContrail on AWS i managed to boil down the install steps to the minimum:

  • Use AWS IAM to create a user and download a file “credentials.csv”
  • Checkout the scripts via `git clone https://github.com/pedro-r-marques/examples.git`
  • Change to the “ec2-k8s-cluster” directory (e.g. /Users/roque/src/examples/ec2-k8s-cluster)
  • Edit “credentials.sh” with the location of you csv file and user name and then “eval” this script.
  • Run ./setup.sh

The setup script will:

  • Create 5 VMs in a VPC on AWS;
  • Run the ansible provisioning script that installs the cluster;
  • Run a minimal sanity check on the cluster;
  • Launch an example;
  • Fetch the status page of the example app in order to check whether it is running successfully.

Please let me know if you run into any glitch… the “setup.sh” script can be rerun multiple times (the ansible provisioning is designed to be idempotent).

Next, I need to wrap this up with a Jenkins CI pipeline. And build permutations for:

  • kubernetes vs openshift;
  • single vs multiple network interfaces;
  • direct internet access vs http-proxy;
  • software gateway or a vSRX (for hybrid cloud interconnect);

The fun never stops !


A Handy GUI Tool for Working with APIs

In this post I’m going to share with you an OS X graphical application I found that makes it easier to work with RESTful APIs. The topic of RESTful APIs has come up here before (see this post on using cURL to interact with RESTful APIs), and RESTful APIs have been a key part of a number of other posts (like my recent post on using jq to work with JSON). Unlike these previous posts—which were kind of geeky and focused on the command line—this time around I’m going to show you an application called Paw, which provides a graphic interface for working with APIs.

Before I start talking about Paw, allow me to first explain why I’m talking about working with APIs using this application. I firmly believe that the future of “infrastructure engineers”—that is, folks who today are focused on managing servers, hypervisors, VM, storage, networks, and firewalls—lies in becoming the “full-stack engineer,” someone who has knowledge and skills across multiple areas, including automation/orchestration. In order to gain those skills in automation/orchestration, it’s pretty likely that you’re going to end up having to work with APIs. Hence, why I’m talking about this stuff, and why Continue reading

BitLocker encryption can be defeated with trivial Windows authentication bypass

Companies relying on Microsoft BitLocker to encrypt the drives of their employees' computers should install the latest Windows patches immediately. A researcher disclosed a trivial Windows authentication bypass, fixed earlier this week, that puts data on BitLocker-encrypted drives at risk.Ian Haken, a researcher with software security testing firm Synopsys, demonstrated the attack Friday at the Black Hat Europe security conference in Amsterdam. The issue affects Windows computers that are part of a domain, a common configuration on enterprise networks.When domain-based authentication is used on Windows, the user's password is checked against a computer that serves as domain controller. However, in situations when, for example, a laptop is taken outside of the network and the domain controller cannot be reached, authentication relies on a local credentials cache on the machine.To read this article in full or to leave a comment, please click here

The secret to a successful identity provider deployment: federate your identity data with a hub

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Companies are securing more users who are accessing more applications from more places through more devices than ever before, and all this diversity is stretching the current landscape of identity and access management (IAM) into places it was never designed to reach. At the same time, security has never been more paramount—or difficult to ensure, given today’s outdated and overly complex legacy identity systems. I call this the “n-squared problem,” where we’re trying to make too many hard-coded connections to too many sources, each with its own protocols and requirements.

To read this article in full or to leave a comment, please click here

How to solve today’s top three virtual environment challenges

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Virtualization is a mature technology but if you don’t have a virtualization wizard on staff managing the environment can be a challenge. Benefits such as flexibility, scalability and cost savings can quickly give way to security risks, resource waste and infrastructure performance degradation, so it is as important to understand common virtual environment problems and how to solve them.

The issues tend to fall into three main areas: virtual machine (VM) sprawl, capacity planning and change management. Here’s a deeper look at the problems and what you can do to address them:

To read this article in full or to leave a comment, please click here

Stupidity rules: Almost 24 aircraft hit with lasers in one night

Maybe it was a full moon or maybe all the dolts just came out at once, but the Federal Aviation Administration reported that lasers hit nearly two dozen aircraft across the US last night. Sadly the average number of laser strikes on aircraft is about 16 per day. FBI The FAA said three laser strikes were reported in the New York City/Newark, N.J early in the evening, followed by three incidents in Texas, where jets were struck while preparing to land at Dallas Love Field. By late evening, pilots reported laser incidents in cities from Dallas to Los Angeles and San Juan.To read this article in full or to leave a comment, please click here

Cops pull over Google driverless car — but not for speeding

Google's self-driving car had a run-in with the law this week.A Mountain View, Calif. motorcycle police officer pulled over a Google autonomous car for driving too slowly, and a photo of the roadside stop posted to Facebook by Zandr Milewski has gone viral. [ Get the latest tech news with Computerworld's daily newsletters. ] Google responded to the hubbub yesterday on its Self-Driving Car Project page on Google+.To read this article in full or to leave a comment, please click here

SC15 live real-time weathermap

Connect to http://inmon.sc15.org/sflow-rt/app/sc15-weather/html/ between now and November 19th to see a real-time heat map of the The International Conference for High Performance Computing, Networking, Storage and Analysis (SC15) network.

From the SCinet web page, "SCinet brings to life a very high-capacity network that supports the revolutionary applications and experiments that are a hallmark of the SC conference. SCinet will link the convention center to research and commercial networks around the world. In doing so, SCinet serves as the platform for exhibitors to demonstrate the advanced computing resources of their home institutions and elsewhere by supporting a wide variety of bandwidth-driven applications including supercomputing and cloud computing."

The real-time weathermap leverages industry standard sFlow instrumentation built into network switch and router hardware to provide scaleable monitoring of the over 6 Terrabit/s aggregate link capacity comprising the SCinet network. Link colors are updated every second to reflect operational status and utilization of each link.

Clicking on a link in the map pops up a 1 second resolution strip chart showing the protocol mix carried by the link.

The SCinet real-time weathermap was constructed using open source components running on the sFlow-RT real-time analytics engine. Download sFlow-RT and see what Continue reading

CISO bets on cloud security services to protect data

In what could be considered an unusual move at a time when most companies choose to keep their cybersecurity tools on-premises, John Graham, CISO for Jabil Circuit, says the manufacturing services company is adopting more cloud security services. Graham says that moving to the cloud lets the company focus on its core business of making high-precision molds, mechanical tools and medical devices. More specifically, it allows his tech staff to focus on threat analytics. Graham expects Jabil’s cloud migration strategy to become the rule rather than the exception. John Graham, CISO for Jabil Circuit.To read this article in full or to leave a comment, please click here

PlexxiPulse—NHHTC Product of the Year

Last night, Plexxi received the Product of the Year Award from the New Hampshire High Tech Council. More than 200 people, including New Hampshire Governor Maggie Hassan, were on hand as we received the award for our Switch 2 solution. We’re proud to be recognized by an organization that values the advancement of innovation throughout the state of New Hampshire. Plexxi is committed to growing the local tech economy by producing dynamic solutions and hiring the best talent the state has to offer. Congratulations to all of the finalists and companies that are dedicated to shaping an ecosystem for technology companies to grow and succeed in New Hampshire.

NHHTC

 Pictured Left to Right: Peter Antoinette, co-founder, president and CEO of Nanocomp Technologies, and prior Product of the Year Award winner; Paul Mailhot, VP of Business Operations at Dyn and chairman of the Council’s board of directors; Michael Welts, VP of Marketing at Plexxi; Toral Cowieson, Senior Director of Internet Leadership at the Internet Society and the Council’s vice chair; and Matt Cookson, president of Cookson Strategies and the Council’s Executive Director.

Our CEO Rich Napolitano penned a byline this week in ITProPortal that chronicles the past three “eras” of IT, and Continue reading

Stuff The Internet Says On Scalability For November 13th, 2015

Hey, it's HighScalability time:


Gorgeous picture of where microbes live in species. Humans have the most. (M. WARDEH ET AL)

  • 14.3 billion: Alibaba single day sales; 1.55 billion: Facebook monthly active users; 6 billion: Snapchat video views per day; unlimited: now defined as 300 GB by Comcast; 80km: circumference of China's proposed supercolider; 500: alien worlds visualized; 50: future sensors per acre on farms; 1 million: Instagram requests per second.

  • Quotable Quotes:
    • Adam Savage~ Lesson learned: do not test fire rockets indoors.
    • dave_sullivan: I'm going to say something unpopular, but horizontally-scaled deep learning is overkill for most applications. Can anyone here present a use case where they have personally needed horizontal scaling because a Titan X couldn't fit what they were trying to do? 
    • @bcantrill: Question I've been posing at #KubeCon: are we near Peak Confusion in the container space? Consensus: no -- confusion still accelerating!
    • @PeterGleick: When I was born, CO2 levels were  ~300 ppm. This week may be the last time anyone alive will see less than 400 ppm. 
    • @patio11: "So I'm clear on this: our business is to employ Continue reading

Intralinks is built from the ground up for secure enterprise file sharing and collaboration

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  Close to 20 years ago I was working with a company in the process of a blockbuster merger with a competitor. The company set up numerous closed-door "clean rooms" at headquarters where teams from both companies could work through the details of the proposed deal. Scores of people from the target company came to town and lived in hotels for weeks on end.Those of us not on the merger team watched daily as boxes of documents were carted into the clean rooms. We assumed the boxes contained each company's most sensitive business information. The people in those rooms were charged with deciding if the merger was the right thing to do. They hoped the answers would be found in those precious documents. Apparently they were because the merger went through.To read this article in full or to leave a comment, please click here

Continuous integration tools can be the Achilles heel for a company’s IT security

Some of the most popular automated software building and testing tools used by developers have not been designed with security in mind and can open the door for attackers to compromise enterprise networks.These so-called continuous integration (CI) tools allow developers to automatically create software builds when code changes are contributed by developers to a central repository. The creation of these builds, which are used for quality control, is coordinated by a CI master server based on predefined rules and done on CI slave machines.If hackers manage to access a CI master server, they can steal proprietary source code, but also gain the ability to execute commands on all the machines that operate as CI slaves, security researcher and penetration tester Nikhil Mittal said Friday in a presentation at the Black Hat Europe security conference in Amsterdam. "This access could be used for lateral movement to get access to more machines."To read this article in full or to leave a comment, please click here

1 3,199 3,200 3,201 3,202 3,203 3,793