An Introduction to Terraform

In this post, I’m going to provide a quick introduction to Terraform, a tool that is used to provision and configure infrastructure. Terraform allows you to define infrastructure configurations and then have those configurations implemented/created by Terraform automatically. In this respect, you could compare Terraform to similar solutions like OpenStack Heat, AWS CloudFormation, and others.

Before I continue, though, allow me to first address this question: why Terraform?

Why Terraform?

This is a fair question, and one that you should be asking. After all, if Terraform is considered similar to OpenStack Heat or AWS CloudFormation, then why use Terraform instead of one of the comparable solutions? I believe there are a couple (related) reasons why you might consider Terraform over a similar solution:

  1. Within a single Terraform definition, you can orchestrate across multiple cloud services. For example, you could create instances with a cloud provider (AWS, DigitalOcean, etc.), create DNS records with a DNS provider, and register key/value entries in Consul. Heat and CloudFormation are, quite naturally, designed to work almost exclusively with OpenStack and AWS, respectively. (Astute readers will know that Heat supports CloudFormation templates, but you get the idea.) Therefore, one reason to use Terraform Continue reading

Hilton says malware targeted its credit card system

Hilton Worldwide says it has identified and removed malware that targeted card payment systems at some of its hotels over a 17 week period from late 2014 to mid 2015. The malware collected cardholder names, payment card numbers, security codes and expiration dates, the company said in a statement. The hotel chain is advising its customers to check their payment card statements for any unauthorized activity. "As a precautionary measure, customers may wish to review and monitor their payment card statements if they used a payment card at a Hilton Worldwide hotel over a seventeen-week period, from Nov. 18 to Dec. 5, 2014 or April 21 to July 27, 2015," the company said.To read this article in full or to leave a comment, please click here

DARPA wants early warning system for power-grid cyberattacks

Developing systems to protect the nation’s electric grid has been a key goal for many public, private and government developers for years – yet exerts say the grid is still largely vulnerable of serious cyberattackers.The Defense Advanced Research Projects Agency (DARPA) is looking to bolster the nation’s grid defenses with a system called Rapid Attack Detection, Isolation and Characterization (RADICS) that will detect and automatically respond to cyber-attacks on US critical infrastructure.+More on Network World: 21 more crazy and scary things the TSA has found on travelers+To read this article in full or to leave a comment, please click here

DARPA wants early warning system for power-grid cyberattacks

Developing systems to protect the nation’s electric grid has been a key goal for many public, private and government developers for years – yet exerts say the grid is still largely vulnerable of serious cyberattackers.The Defense Advanced Research Projects Agency (DARPA) is looking to bolster the nation’s grid defenses with a system called Rapid Attack Detection, Isolation and Characterization (RADICS) that will detect and automatically respond to cyber-attacks on US critical infrastructure.+More on Network World: 21 more crazy and scary things the TSA has found on travelers+To read this article in full or to leave a comment, please click here

And then there were two: Another dangerous Dell root certificate discovered

The plot thickens: After Dell confirmed that one of its support tools installed a dangerous self-signed root certificate and private key on computers, users discovered a similar certificate deployed by a different Dell tool. The second certificate is called DSDTestProvider and is installed by an application called Dell System Detect (DSD). Users are prompted to download and install this tool when they visit the Dell support website and click the “Detect Product” button. The first certificate, which was reported over the weekend, is called eDellRoot and is installed by the Dell Foundation Services (DFS), an application that implements several support functions.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Equinix extends AWS Direct Connect to London, Dallas

Equinix has, over the past several years, played the role of connector between a number of public cloud vendors and organizations' existing IT assets. It's a natural move for Equinix, which, as a global vendor of data center space, is an important utility provider, but obviously doesn't really play much up the value chain. Direct Connect helps them to change that, allowing companies to connect their privately owned and managed infrastructure to AWS. It also performs a similar role for other public cloud platforms, Microsoft Azure for example.The reasons for providing these connections are obvious - privacy, security, throughput, and application performance all benefit from these high-spec pipes. A recent study released by Equinix, titled Enterprise of the Future, found that by 2017, 84% of IT leaders will deploy IT infrastructure where interconnection – defined as direct, secure physical or virtual connections  – is at the core, compared to only 38% today. Don't let it be said that interconnection is not an important part of the modern enterprise IT organization.To read this article in full or to leave a comment, please click here

Aiming to be the Costco of tech research and consulting

I believe the first time I quoted Gary Rowe in a Network World article – a print one at that – was back in July of 1991, when he was an AT&T email services director and the focus was the very glamorous topic of X.500 directories. Fast forward to 2015, I’m still with Network World and Rowe has moved on to form a new consulting and analysis firm called TechVision Research, and sure enough, when we reconnected recently, we found ourselves talking once again about some of the same themes, including identity management and privacy.To read this article in full or to leave a comment, please click here

A Voyage of Discover-E

 

hpe-logo

I’m very happy to be attending the first edition of Hewlett-Packard Enterprise (HPE) Discover in London next week. I say the first edition because this is the first major event being held since the reaving of HP Inc from Hewlett-Packard Enterprise. I’m hopeful for some great things to come from this.

It’s The Network (This Time)

One of the most exciting things for me is seeing how HPE is working on their networking department. With the recent news about OpenSwitch, HPE is trying to shift the way of thinking about a switch operating system in a big way. To quote my friend Chris Young:

Vendors today spend a lot of effort re-writing 80% of their code and focus on innovating on the 20% that makes them different. Imagine how much further we’d be if that 80% required no effort at all?

OpenSwitch has some great ideas, like pulling everything from Open vSwitch as a central system database. I would love to see more companies use this model going forward. It makes a lot of sense and can provide significant benefits. Time will tell if other vendors recognize this and start using portions of OpenSwitch in their projects. But Continue reading

Sponsored Post: StatusPage.io, iStreamPlanet, Redis Labs, Jut.io, SignalFx, InMemory.Net, VividCortex, MemSQL, Scalyr, AiScaler, AppDynamics, ManageEngine, Site24x7

Who's Hiring?

  • Senior Devops Engineer - StatusPage.io is looking for a senior devops engineer to help us in making the internet more transparent around downtime. Your mission: help us create a fast, scalable infrastructure that can be deployed to quickly and reliably.

  • As a Networking & Systems Software Engineer at iStreamPlanet you’ll be driving the design and implementation of a high-throughput video distribution system. Our cloud-based approach to video streaming requires terabytes of high-definition video routed throughout the world. You will work in a highly-collaborative, agile environment that thrives on success and eats big challenges for lunch. Please apply here.

  • As a Scalable Storage Software Engineer at iStreamPlanet you’ll be driving the design and implementation of numerous storage systems including software services, analytics and video archival. Our cloud-based approach to world-wide video streaming requires performant, scalable, and reliable storage and processing of data. You will work on small, collaborative teams to solve big problems, where you can see the impact of your work on the business. Please apply here.

  • At Scalyr, we're analyzing multi-gigabyte server logs in a fraction of a second. That requires serious innovation in every part of the technology stack, from frontend to backend. Continue reading

What you need to know about Dell’s root certificate security debacle

In an attempt to streamline remote support, Dell installed a self-signed root certificate and corresponding private key on its customers' computers, apparently without realizing that this exposes users' encrypted communications to potential spying.Even more surprising is that the company did this while being fully aware of a very similar security blunder by one of its competitors, Lenovo, that came to light in February.To read this article in full or to leave a comment, please click here

Frequent CCIE R&S V5 Questions!

While teaching a CCIE R&S Bootcamp the other day, I realized that I get a lot of the same questions pertaining to the CCIE R&S V5 Lab pretty frequently, so I decided to put together a video series that addresses these questions. I’ve mapped out 4 videos – each of which cover the 3 section in the lab, and an introduction to the general lab concepts and theory. Enjoy, and if there’s anything I can help you with please feel free to email me at [email protected].

JP Cedeno, CCIE R&S V5 (CCIE #47408)
iPexpert’s Sr. CCIE R&S Instructor

Explosions Leave Crimea in the Dark

11988406_541157619375726_6452207849448768237_n

11988406_541157619375726_6452207849448768237_n
Above photo credit: http://varlamov.ru/

Just after midnight local time on 22 November, saboteurs, presumably allied with Ukrainian nationalists, set off explosives knocking out power lines to the Crimean peninsula.  At 21:29 UTC on 21 November (00:29am on 22-Nov, local time) , we observed numerous Internet outages affecting providers in Crimea and causing significant degradation in Internet connectivity in the disputed region.

With Crimean Tatar activists and Ukrainian nationalists currently blocking repair crews from restoring power, Crimea may be looking at as much as a month without electricity as the Ukrainian winter sets in.  Perhaps more importantly, the incident could serve as a flash point spurring greater conflict between Ukraine and Russia.  ua_map

Impacts

The impacts can be seen in the MRTG traffic volume plot from the Crimea Internet Exchange — the drop-offs are noted with red arrows and followed by intermittent periods of partial connectivity.

cr-ix2
Dyn’s latency measurements into Miranda-Media, the Crimean local agent of Russian state operator Rostelecom, show that some parts of the network remain reachable despite the power loss.  However, while backup generators may be keeping the networking infrastructure online, it won’t be of much good for the people of Crimea Continue reading

1 3,235 3,236 3,237 3,238 3,239 3,841