Experimenting with Docker, Registrator, and Consul

Over the last few days, I’ve been experimenting with Docker, Registrator, and Consul in an effort to explore some of the challenges involved in building a robust containerized infrastructure. While I haven’t finished fully exploring the idea (and documenting what I’ve learned), I did discover one interesting—and unexpected—interaction.

Here’s a quick overview of my testing environment:

• I used two OpenStack Heat templates to spin up two clusters of 5 instances each.
• The first cluster is a set of CoreOS Linux instances, customized via cloud-init to not run etcd. These instances are attached to a VMware NSX-powered logical network using IP addresses from the 10.1.1.0/24 subnet.
• On each CoreOS Linux instance, I have Registrator running as a Docker container and listening to the Docker socket (thus listening to Docker events).
• The second cluster is a set of Ubuntu 14.04 instances running Consul. These instances are connected to an NSX-powered logical network using IP addresses from the 10.1.2.0/24 subnet.
• The two logical networks are connected by a logical router and thus have full connectivity.

Registrator, if you’re not already familiar with it, is a service registry tool that listens to the Docker Continue reading

Protecting web origins with Authenticated Origin Pulls

As we have been discussing this week, securing the connection between CloudFlare and the origin server is arguably just as important as securing the connection between end users and CloudFlare. The origin certificate authority we announced this week will help CloudFlare verify that it is talking to the correct origin server. But what about verification in the opposite direction? How can the origin verify that the client talking to it is actually CloudFlare?

TLS Client Authentication

TLS (the modern version of SSL) allows a client to verify the identity of the server it is talking to. Normally, a TLS handshake is one-way, that is, the client is able to verify the server's identity, but the server is not able to verify the client's identity. What about when both sides need to verify each other's identity?

Enter TLS Client Authentication. In a client authenticated TLS handshake both sides provide a certificate to be verified. If the origin server is configured to only accept requests which use a valid client certificate from CloudFlare, requests which have not passed through CloudFlare will be dropped (as they will not have our certificate). This means that attackers cannot circumvent CloudFlare features such as our WAF Continue reading

Personal data on 50,000 Uber drivers exposed in breach

The names and license plate numbers of about 50,000 Uber drivers were compromised in a security breach last year, the company revealed Friday.Uber discovered a possible breach of its systems in September, and a subsequent investigation revealed an unauthorized third party had accessed one of its databases four months earlier, the company said.The files accessed held the names and license plate numbers of about 50,000 current and former drivers, which Uber described as a “small percentage” of the total. About 21,000 of the affected drivers are in California. The company has several hundred thousand drivers altogether.To read this article in full or to leave a comment, please click here

Personal data on 50,000 Uber drivers exposed in breach

The names and license plate numbers of about 50,000 Uber drivers were compromised in a security breach last year, the company revealed Friday.Uber discovered a possible breach of its systems in September, and a subsequent investigation revealed an unauthorized third party had accessed one of its databases four months earlier, the company said.The files accessed held the names and license plate numbers of about 50,000 current and former drivers, which Uber described as a “small percentage” of the total. About 21,000 of the affected drivers are in California. The company has several hundred thousand drivers altogether.To read this article in full or to leave a comment, please click here

iPexpert’s Newest “CCIE Wall of Fame” Additions 2/27/2015

Please join us in congratulating the following iPexpert client’s who have passed their CCIE lab!

This Week’s CCIE Success Stories

• Haroon Raees, CCIE #46529 (Collaboration)
• Evariste Happi, CCIE #46452 (Collaboration)
• Daniel Flieth, CCIE #46067 (Collaboration)
• Majid, CCIE #45866 (Collaboration)
• Rob Lacrosse, CCIE #45283 (Collaboration)
• Devan Lim, CCIE #45991 (Collaboration)
• Clay Ostlund, CCIE #45770 (Collaboration)

We Want to Hear From You!

Have you passed your CCIE lab exam and used any of iPexpert’s self-study products, or attended a CCIE Bootcamp? If so, we’d like to add you to our CCIE Wall of Fame!

As tech and recording industries seek harmony, Google invests in music publisher Kobalt

Google’s venture arm has invested in Kobalt, a music publishing firm that counts Beck, Paul McCartney and the Foo Fighters among its clients.The US$60 million venture round also includes funding from the personal investment firm of Michael Dell, founder and CEO of Dell.Kobalt handles payment of royalties to singers and songwriters from streaming services like Spotify and video sharing sites like YouTube.Artists are concerned about how they’re compensated when people consume music via streaming services, Google Ventures managing partner Bill Maris told the Guardian newspaper. Kobalt’s technology can lessen musicians’ concerns about how they’ll get paid, he said.To read this article in full or to leave a comment, please click here

White House privacy proposal aims to give consumers control over data

U.S. businesses that collect personal data would be required to describe their privacy and security practices and give consumers control over their personal information under a proposed privacy bill of rights released Friday by President Barack Obama’s administration.The proposal would also require companies and nonprofit groups to collect and retain only the personal data they need to operate.However, the proposal allows industry groups to submit their own codes of conduct to the Federal Trade Commission and shields companies that follow those codes from FTC enforcement actions.To read this article in full or to leave a comment, please click here

White House privacy proposal aims to give consumers control over data

U.S. businesses that collect personal data would be required to describe their privacy and security practices and give consumers control over their personal information under a proposed privacy bill of rights released Friday by President Barack Obama’s administration.The proposal would also require companies and nonprofit groups to collect and retain only the personal data they need to operate.However, the proposal allows industry groups to submit their own codes of conduct to the Federal Trade Commission and shields companies that follow those codes from FTC enforcement actions.To read this article in full or to leave a comment, please click here

8 great ways to celebrate Raspberry Pi’s 3rd birthday

Happy Pi Day!Image by Shutterstock/Stephen SauerHas it really been three years? The Raspberry Pi has been through several updates, new models and sold more than 5 million units since its launch in February 2012 – sounds like a good excuse for a party to us! Here are some suggestions for a fun Pi Day.Play EliteOne of the major early backers of the Raspberry Pi project was David Braben, PC gaming pioneer and creator of the classic spaceship title Elite. An open-source version, Oolite, is still available to play for free, but if you’ve got money and a modern computer, you might try the swanky, impressive new reboot, Elite: Dangerous.To read this article in full or to leave a comment, please click here

PlexxiPulse—Demonstrating Big Data Fabrics

If you’ve been following us on the blog or on social media, you know that we announced our partnership with Big Data platform provider Cloudera last month. And, that a few months ago, our own Ed Henry demonstrated how to construct Big Data fabrics that easily integrate with systems like OpenStack and Cloudera during an installation of SDxCentral’s DemoFriday series. That webinar was recently published on SDxCentral’s website. You can watch the full presentation here to see the next generation of data fabrics in action. Enjoy!

Below please find a few of our top picks for our favorite news articles of the week. Have a great weekend!

Enterprise Networking Planet: The Future of White Box Networking in the Enterprise
By Arthur Cole
It seems that the farther along we get on the road to SDx, the more pertinent question is, what role will white box play in an increasingly distributed network environment? To be sure, white box hardware will see a dramatic rise in web-facing hyperscale operations in the years to come, but the advantages the technology brings to the table start to erode as scale drops. This means the traditional enterprise facility, which still has a vital role to Continue reading

With expansion into West Africa, VMK ignites Africa-designed brands competition

By opening its first store in the Ivory Coast, VMK, based in the Republic of the Congo, is taking a big step in its expansion plans and potentially setting up a designed-in-Africa brand competition with RLG.VMK has up to now offered products manufactured in China but has plans to start making phones in Africa. RLG, which has global headquarters in Dubai, runs its West African phone-assembling operation from Ghana.VMK’s move into West Africa from its Central Africa base in Brazzaville coincided with the Ivory Coast’s launch of a project aimed at equipping 500,000 families with a computer or a tablet, plus an Internet broadband connection.To read this article in full or to leave a comment, please click here

With expansion into West Africa, VMK ignites Africa-designed brands competition

By opening its first store in the Ivory Coast, VMK, based in the Republic of the Congo, is taking a big step in its expansion plans and potentially setting up a designed-in-Africa brand competition with RLG.VMK has up to now offered products manufactured in China but has plans to start making phones in Africa. RLG, which has global headquarters in Dubai, runs its West African phone-assembling operation from Ghana.VMK’s move into West Africa from its Central Africa base in Brazzaville coincided with the Ivory Coast’s launch of a project aimed at equipping 500,000 families with a computer or a tablet, plus an Internet broadband connection.To read this article in full or to leave a comment, please click here

Google reverses decision to limit sexually explicit content on Blogger

Google will continue to permit sexually explicit content to be publicly shared on Blogger, reversing a policy change it announced earlier this week.Instead of making blogs with adult content private, the search giant will “step up enforcement around our existing policy prohibiting commercial porn,” Google said Friday in a post on its product support page.On Tuesday, Google said it was adopting a more stringent stance in how adult content was shared on its blogging platform. According to the new policy, after March 23, blogs that displayed either sexually explicit images and videos or graphic nudity would be changed to private blogs. Access to these sites would be restricted to people who received an invitation from the owners. The content, however, would not be deleted. To keep their blogs in the public realm, owners had to delete the explicit videos and images.To read this article in full or to leave a comment, please click here

Thoughts on Building Tools versus “Programming”

A couple weeks ago at Networking Field Day 9, Brocade presented with their usual A-list of networking gurus. One of the presenters was Jon Hudson, a very engaging, visionary speaker. His talk, shown below, was about the state of network programmability.

During the conversation (which is well worth watching), discussion turned to the question of “will network engineers become programmers?” posed by John Herbert of MovingPackets.net. Jon Hudson’s response elicited applause from the room. He said:

“The trouble I have with that statement is, most network engineers I know, like myself, we know how how to code. We went to school for it, and we chose not to.” – Jon Hudson

The conversation went on to discuss the value of programmability for the sake of consistency in the management and configuration of large-scale network fabrics (which I don’t think anyone would really debate as a “Good Thing”), but Jon’s quote about being a programmer and some of the sidebar that flowed from it created a fair bit of activity in the Twitter stream. Following the presentation, my attention was called to a mailing list on which a question was asked about networking engineerings being “given a Continue reading

Apple Watch will start your car one day, Tim Cook says

While we count down the days until the Apple Watch is (presumably) revealed at Apple’s “Spring forward” event March 9, more details about the much-anticipated wearable continue to dribble out. For instance, the smartwatch was designed to be able to replace your car keys—though it’s unlikely that functionality will be turned on at launch. Apple CEO Tim Cook told The Telegraph that when it ships, Apple Watch will let you filter messages, give you credits for meeting exercise goals, and accompany you in the shower. Cook also said the battery life will last all day and will take less time to charge than the iPhone using the new MagSafe-style wireless inductive charger. It’s unclear exactly how long the battery will last—recent reports indicate Apple is aiming for 19 hours of combined active and passive usage—or how long it will take to charge, but we’ll find out soon.To read this article in full or to leave a comment, please click here

Google tests business Hangouts in search results

Using Hangouts, Google is testing a search feature that enables users to conduct live chats with businesses directly from their search results. Google confirmed to Computerworld that it is running a test on the technology, but declined to offer any specific details about the size of the test or which businesses are participating. Matt Gibstein seems to be the first one who spotted the test, tweeting, "Super interesting: @Google search now offering the ability to chat with local businesses (a la @Path Talk)." The feature has a live chat, or Hangout, feature pop up in the search results if a business has someone available to communicate with the user. The Hangout can be launched on a desktop system or mobile device.To read this article in full or to leave a comment, please click here

Funniest video about Boston winter e-vah

I’d pay good money to watch Ken Burns watch this hilarious YouTube video: “Facebook Statuses About the Boston Snowstorm With Sad Civil War Fiddle Music.” (Some NSFW language.) Thanks, Safety Whale Comedy Collective; we needed that.One of the voices on the video, actor and filmmaker Harry Aspinwall, tells me the back story via email: “My friend Luke Palmer made it after I wrote the final quote, about eating dogs and so on, as a Facebook status. He commented by posting Ashokan Farewell (the fiddle piece, which has been used in Ken Burns' stuff about the Civil War) and it sort of went from there. He got me to record the male voices.”To read this article in full or to leave a comment, please click here

Avaya takes a unique approach to ease the pain of SDN migrations

In the movie, Star Trek V: The Final Frontier, Spock's older brother, Sybok, had telepathic abilities and he could feel people's pain by touching them. In the movie he would say, "share your pain with me and gain strength from sharing." Sybok was a deeply religious Vulcan and, in the movie, sought out to find "Sha Ka Ree," the Vulcan equivalent of Eden, where everything began. Nirvana, if you will.In the networking industry, software defined networks (SDN) are supposed to bring the networking equivalent of Sha Ka Ree. However, I don't need to be a Vulcan telepath to understand customers' pain when it comes to SDNs. Almost every network professional I talk to today has an interest in SDN. However, the majority of businesses feel that deploying a software defined network is too complicated.To read this article in full or to leave a comment, please click here

The FCC’s net neutrality rules: What we know so far

The U.S. Federal Communications Commission voted Thursday to pass new net neutrality rules and reclassify broadband as a regulated telecommunications service, but the text of the full order may not be released for several weeks. Here’s what we know so far:What’s next?The new rules take effect 60 days after the full order is published in the Federal Register, the official journal of the U.S. government. The FCC has some procedural hoops to clear before publishing the text, including drafting responses to the dissents by the FCC’s two Republican commissioners. So publication may not come for months.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Smartphones charge in a minute with bio-battery

Better batteries? In the words of one Reddit user: "OMG, not this again."But wait, there's more, as the expression goes. There's a reason that new battery technology piques our interest whenever we hear about it. Batteries are the last insurmountable hindrance to the seductive idea of total nomadism and blissful un-tethered freedom.Murphy's LawBatteries are one technology that haven't really seen a Moore's law-esque periodic doubling of capacity. Moore's law says that the number of transistors in an integrated circuit doubles about every two years.To read this article in full or to leave a comment, please click here