How to set up a new user on your Amazon AWS server

I recently set up a free Amazon AWS server. As I experimented with it, I installed a GUI desktop. Then I encountered some issues that I eventually resolved by creating a new user with its own password and then using that user for the rest of my activities.

For my own reference, and in the hope others will find it useful, here is the procedure I followed:

1. Create a new userid, with password
2. Add the new user to the *sudoers* file
3. Install the AWS server’s public key for the new user
4. Log in as the new user

I posted the details in my blog post, below.

Why do we need a password?

The default ubuntu userid does not have a password. The Amazon AWS documentation on managing users recommends creating new users with password disabled. So, why set up a new user with a password?

After installing a GUI desktop, you need to a use a password to authenticate operations performed by GUI software such as Ubuntu Software Center. I did not see any problems caused by configuring a user password. I found it was best to work in a “normal” Linux user account that has a password.

Create a Continue reading

Apple’s massive solar farm could power its entire California operations

Apple is investing in a vast solar plant in Northern California that will generate as much electricity as the company uses to power all its operations in the state.Apple will invest $850 million in the plant through a partnership with First Solar, CEO Tim Cook said Tuesday. It will cover 1,300 acres—equal to about 1,000 football fields—in Monterey County, about an hour south of Apples Silicon Valley headquarters.The plant will generate enough energy that it could power Apples entire operations in California, including its data center, retail stores and offices. That’s also enough energy to power 15,000 California homes, Cook said.It doesn’t mean Apple’s stores and offices will consume power directly from the plant. But the investment allows Apple to lock in a low, fixed rate for renewable energy, and probably also obtain renewable energy certificates to offset its carbon foot print.To read this article in full or to leave a comment, please click here

FCIP – The Beginning

FCIP is notably a part of the CCIE Data Center lab exam blueprint. It is also a sticking point for a lot of candidates who have not done a whole lot on the storage networking side. Luckily FCIP has many correlations to the modern-day Ethernet networking that we all know and love, as it’s really just another tunneling technology! After some thought, I have decided to break this down into 2 blog posts. This one will cover FCIP basics, and another that will cover some more advanced FCIP options that you might have to use during the CCIE lab examination.

FCIP is used for extending a Fibre Channel (FC) network over an IP backbone. It encapsulates FC in IP so that SCSI and non-SCSI FC frames can be sent over an IP network. Normally most organizations are not going to do this simply for the sake of extending their FC network (why extend a lossless network over a lossy medium?), but rather for backup or replication jobs that need to occur between storage systems that are across some geographical distance. A typical deployment scenario is shown below:

Here we have two SANs separated by an IP network. Now, the Continue reading

What Intel’s $300 million diversity pledge really means

As controversy flares over workforce diversity in tech, Intel’s Rosalind Hudnell is working on an ambitious plan to spark change that could forever alter hiring practices at IT companies.She realizes, though, that change has to start from within the company, and that it won’t come overnight. Hudnell, Intel’s chief diversity officer, is responsible for implementing the company’s much-publicized US$300 million initiative to bring more women and under-represented minorities into its workforce by 2020. The challenges are many.The effort comes as an intense debate rages over what’s perceived as the technology industry’s sexist culture. Microsoft’s CEO Satya Nadella, for example, apologized after igniting a firestorm when he said in a public interview that not asking for pay raises is “good karma” for women.To read this article in full or to leave a comment, please click here

Using Docker with Vagrant

As part of my ongoing effort to create tools to assist others in learning some of the new technologies out there, I spent a bit of time today working through the use of Docker with Vagrant. Neither of these technologies should be new to my readers; I’ve already provided quick introductory posts to both (see here and here). However, using these two together may provide a real benefit for users who are new to either technology, so I’d like to take a bit and show you how to use Docker with Vagrant.

Background

Vagrant first started shipping with a Docker provider as part of the core product in version 1.6 (recall that Vagrant uses the concept of providers to support multiple backend virtualization solutions). Therefore, if you’ve installed any recent version of Vagrant, you already have the Docker provider as part of your Vagrant installation.

However, while you may have the Docker provider as part of Vagrant, you still need Docker itself (just like if you have the VMware provider for Vagrant, you still need the appropriate VMware product—VMware Fusion on the Mac or VMware Workstation on Windows/Linux) in order to provide the functionality Vagrant will consume. Continue reading

The meaning of Cloud

Microsoft fixes IE memory problems

Internet Explorer is getting major repairs, as Microsoft has issued 41 patches to fix memory vulnerabilities in its browser.The Internet Explorer patches are part of the company's routine monthly release of security and bug fixes for its software products, called "Patch Tuesday." Microsoft Office and both the desktop and server editions of Windows are also getting fixes in this batch.Overall, Microsoft issued patches to cover 56 different vulnerabilities, which are bundled into nine separate security bulletins.Three of the bulletins are marked as critical, meaning they fix vulnerabilities that could be exploited by malicious attackers without user intervention. System administrators should tend to critical vulnerabilities as quickly as possible. These bulletins cover Internet Explorer and both the server and desktop editions of Windows.To read this article in full or to leave a comment, please click here

Docker 1.5: IPv6 support, read-only containers, stats, “named Dockerfiles” and more

File storage service Rapidshare to shutter in wake of legal woes

After years of legal trouble, the once-popular online file storage and sharing company Rapidshare is closing up shop.In a message posted to its website Tuesday, Rapidshare said it will stop active service on March 31. "We strongly recommend all customers to secure their data. After March 31st, 2015 all accounts will no longer be accessible and will be deleted automatically," the message said.MORE ON NETWORK WORLD: 12 Free Cloud Storage options It did not say why it is shutting down. However, legal troubles related to copyright infringement have plagued the company for years.To read this article in full or to leave a comment, please click here

Google hands out free Drive space for running quick security checklist

Google today said it would give users of its Google Drive cloud storage service an additional 2GB if they ran a three-step security checkup.The offer was in honor of "Safer Internet Day," a project begun in 1999 and co-funded by the European Union."As our way of saying thanks for completing the checkup by February 17, we'll give you a permanent 2 gigabyte bump in your Google Drive storage plan," wrote Alex Vogenthaler, group product manager of Google Drive, in a blog post Tuesday.Users of Google Apps for Work and Google Apps for Education are not eligible for the extra 2GB.To read this article in full or to leave a comment, please click here

FCC commish knocks Net neutrality plan, warns of stealthy regulations

The chairman of the U.S. Federal Communications Commission has undersold the amount of intrusive new regulations his net neutrality proposal will bring to the Internet and to broadband providers, a Republican commissioner said Tuesday.The net neutrality proposal from FCC Chairman Tom Wheeler would bring “adverse consequences to entire Internet economy,” Commissioner Ajit Pai said during a press conference. “The imposition of these heavy-handed ... regulations is going to present onerous burdens on everybody, across the entire landscape.”The proposal would allow the FCC to define just and reasonable prices for broadband service and to impose in the future common-carrier telecom regulations, like requiring providers to share their networks with competitors, the commissioner said.To read this article in full or to leave a comment, please click here

Rolling out Change

We all know that “Change is Hard.” But often we, as engineers, focus on the technical aspects of that change. How do I minimise customer impact while upgrading those routers? How can I migrate customer data safely to the new system? But we can forget about the wider implications of what we’re doing. If we do, we may struggle to get our changes implemented, or see poor take-up of new systems.

Why Can’t I Make That Change?

I was talking to an engineer who had planned a huge configuration management implementation. Everything had been manually configured in the past, but this was hitting scale issues. So he had worked for months on a fully automated process. It was going to be amazing. It would configure everything, across all systems and applications. Standards enforced, apps deployments done in a repeatable way, etc. It was going to be a thing of beauty. No-one would ever need to login to a server again. Total automation.

It was all tested, and was just waiting for approval to put it into production. But for some reason, no-one was willing to give the go-ahead to roll it out. Weeks were dragging by, and things were going Continue reading

Relevance of SDN in Cloud Networking

SDN (Software Defined Networking) is finally becoming clearer. It is not “Still Don’t Know” nor is it a specific overlay controller. Simply put, it is an open and programmable way to build networks for customers looking at utilizing hybrid combinations of public and private cloud access.

We are witnessing a shift from multi-tier oversubscribed legacy enterprise networks to two-tier leaf-spine or single-tier Spline™ cloud networks with east- west traffic patterns scaling across thousands of servers. Arista was the first to introduce this new architectural “leaf-spine” approach for cloud-based networks and five years later others are still attempting to mimic. Lets review some practical examples.

Facebook: Take an important and familiar social networking application, Facebook. Their public information shows that they deploy a memcache architecture, which allowed them to reduce the user access time to half a millisecond by using fewer network tiers, resulting in lower application latency. As we log into Facebook, the single login request triggers thousands of look-ups on databases and memcache servers. Legacy enterprise multi-tiered networks would result in delayed look-ups and would negatively impact the user experience and interest in a significant way.

Amazon: Shopping couldn’t be easier than online on your favorite site. Have you Continue reading

Arista says it can route VXLAN too, just like Cisco

Cisco’s claim that its Nexus 9000 leaf switches have a VXLAN routing advantage over those based on Broadcom Trident II silicon is meeting some resistance. In announcing support for the BGP EVPN control plane for VXLAN on its Nexus 9000 switches, Cisco said its Nexus 9300 leaf switches, equipped with Cisco’s custom ALE ASIC, can route VXLAN overlay traffic, which the company touts as a benefit over Broadcom Trident II-based platforms from competitors.To read this article in full or to leave a comment, please click here

Scaling Overlay Networks: Distributed Data Plane

“Thou Shalt Have No Chokepoints” is one of those simple scalability rules that are pretty hard to implement in real-life products. In the Distributed Data Plane part of Scaling Overlay Networks webinar I listed data plane components that can be easily distributed (layer-2 and layer-3 switching), some that are harder to implement but still doable (firewalling) and a few that are close to mission-impossible (NAT and load balancing).

How an outsourcing contract can boost IT service provider performance

IT outsourcing customers are increasingly looking for their service providers not just to cut technology costs or improve process efficiency, but to deliver business results. But getting that kind of business value from IT suppliers has proven to be a challenge.The secret getting technology providers on board with delivering innovation may actually be the terms of the IT outsourcing deals. “Most IT services buyers seek compliance, not improved supplier performance” from their contracts, says Brad Peterson, partner in the Chicago office of law firm Mayer Brown. “That’s all that’s necessary for most it services categories. However, IT buyers can create substantially more value by using incentives to deliver innovation, analytics, data security, mobility, cloud and other fast-changing it services categories.”To read this article in full or to leave a comment, please click here

Technology Short Take #48

Welcome to Technology Short Take #48, another installation in my irregularly-published series that collects links, articles, and thoughts from around the web. This time around, the content is a bit heavier on cloud management and applications/operating systems, but still lots of good content all the way around (I hope, anyway).

Networking

• Matt Oswalt recently wrapped up his 3-part “DevOps for Networking” series. I referenced part 1 of the series back in TST #46, and parts 2 and 3 are just as good as the first one. Part 2 talks about source-driven configuration for NetOps (which discusses the use of Git and Gerrit to manage network device configurations), while Part 3 walks through a continuous integration pipeline for networking (which adds Jenkins to the mix described in part 2). Helpful and informative content, no question about it.
• The NFV discussion seems to be heating up a bit, particularly the “networking” part of NFV. Craig Matsumoto of SDxCentral recently published a piece on NFV performance; that article was based largely on a blog post by Martin Taylor of Metaswitch found here. The key takeaway is that NFV networking performance requirements are something that projects like OpenStack and Open vSwitch (OVS) Continue reading

Cumulus Networks CEO JR Rivers on what’s hot for Open Computing in 2015

Over the past few years of blogging, many of my most popular posts have been interviews with industry thought leaders. To that end, I have started a new interview series I call 'the catch-up,’ where I will catch up with interesting thought leaders in the industry.This is the first interview in the series, featuring Cumulus Networks CEO JR Rivers. Over the next few weeks, I will post interviews with Martin Casado, David Meyer, Rob Hirschfeld, Dan Pitt, and many more. In the past I have only posted the text from interviews; now I have also started recording the interviews and will post them on my YouTube channel, OpenNetworking.TV.To read this article in full or to leave a comment, please click here

Would you buy a smartwatch from a watch company?

It's becoming the biggest question in wearable computing – will the future of smartwatches be determined by tech companies making watches or by watchmakers adding technology?Last week, Swiss watch giant Swatch revealed that it's planning to release its own smartwatch within the next few months. Known for cheap, colorful designs, Swatch is hardly a high-end luxury brand, though it owns a few of those (including Tissot, which has some smart-ish watches in its line).According to what Swatch CEO Nick Hayek said to Bloomberg, the device will communicate via NFC and won't have to be charged (most likely powered by a replaceable watch battery). It will also support mobile payments and work with Windows and Android smartphones (no word on iOS).To read this article in full or to leave a comment, please click here

BGP Communities

BGP Communities has to be one of my favorite features added to the BGP protocol.  As you should know by now, BGP passes several attributes between peers that help influence the BGP best path selection algorithm. One of these is the BGP Community attribute. Think of this as another tag placed on the route advertisement that can give us additional information.

This tag is formatted as 32bit value that is typically displayed in two 16 bit parts. The most typical, and most widely accepted best practices treat these as your Autonomous System Number (ASN), followed by a 16 bit attribute. For example, if your ASN was 65248 and you wanted to tag this route with the number 666, you would set something like 65248:666.

As for the second half of our tag, this number is arbitrary. BGP Communities are a transitive attribute that is completely optional. This means that BGP treats these tags as purely information, and that it is up to the network engineer to decide what these values mean, and what to do with them.

RFC 1997 defines some well known communities that have global significance. These values and their operations should be respected by any community Continue reading