New Magento WAF Rule – RCE Vulnerability Protection

Today the Magento Security Team created a new ModSecurity rule and added it to our WAF rules to mitigate an important RCE (remote code execution) vulnerability in the Magento web e-commerce platform. Any customer using the WAF needs to click the ON button next to the “CloudFlare Magento” Group in the WAF Settings to enable protection immediately.

CloudFlare Magento Rule

Both Magento version 1.9.1.0 CE and 1.14.1.0 EE are compromised by this vulnerability. CloudFlare WAF protection can help mitigate vulnerabilities like this, but it is vital that Magento users patch Magento immediately. Select and download the patch for SUPEE-5344.

Starbucks hit by major computer failure

Starbucks suffered what appears to be a major computer system failure late Friday.Stores in Boston, New York, San Diego and other cities appeared to be affected, judging from hundreds of customer and employee posts on Twitter. Some stores are giving away drinks, are only accepting cash, or have closed, according to the messages.In San Francisco, an employee at one store said they were giving away free drinks, though he did not offer many other details. He said he was not sure when service would be restored.Starbucks did not immediately respond to telephone calls and emails requesting comment.To read this article in full or to leave a comment, please click here

Running vSphere on AWS or GCE

By now you’ve probably seen or heard the news about Ravello Systems launching Inception—the ability to run nested VMware ESXi on AWS or GCE, including the ability to run VMs on these nested ESXi instances. (Here’s Ravello’s press release.)

In my opinion, this is pretty cool, and it opens the door to a lot of different possibilities: upgrade testing, automation testing, new feature testing, hosted home labs (aka “Lab as a Service”). Lots of folks are interested in using this new Ravello functionality for “Lab as a Service.” Here’s Andrea Mauro’s take on this topic.

As part of the pre-launch activities, a number of bloggers and community advocates were able to work with Ravello on some very interesting projects:

  • William Lam built both a 32-node VSAN cluster (running vSphere 5.5) as well as a 64-node VSAN cluster (running vSphere 6.0). He posted details here, along with a great walkthrough of setting up vSphere on Ravello.
  • Mike Preston built out an environment that allowed him to perform a vMotion from AWS to GCE.

I was also engaged with Ravello on a project: building a (reasonably) large-scale vSphere environment on Ravello. The original goal was to Continue reading

iPexpert’s Newest “CCIE Wall of Fame” Adaditions 4/24/2015

Please join us in congratulating the following iPexpert client’s who have passed their CCIE lab!

This Week’s CCIE Success Stories

  • Akash Deep, CCIE #48145 (Data Center)
  • Shraddha Bhaskar, CCIE #48147 (Data Center)
  • Claryeliza Gonzalez, CCIE #21961 (Data Center)

We Want to Hear From You!

Have you passed your CCIE lab exam and used any of iPexpert’s self-study products, or attended a CCIE Bootcamp? If so, we’d like to add you to our CCIE Wall of Fame!

Kubernetes and OpenContrail

I’ve been working over the last couple of weeks in integrating OpenContrail as a networking implementation for Kubernetes and got to the point where i ‘ve a prototype working with a multi-tier application example.

Kubernetes provides 3 basic constructs used in deploying applications:

  • Pod
  • Replication Controller
  • Service

A Pod is a container environment that can execute one or more applications; each Pod executes on a host as one (typically) or more Docker processes sharing the same environment  (including networking). A Replication Controller (RC) is a collection of Pods with the same execution characteristics. RCs ensure that the specified number of replicas are executing for a given Pod template.

Services are collections of Pods that are consumable as a service. Through a single IP end point, typically load-balanced to multiple backends.

Kubernetes comes with several application deployment examples. For the purpose of prototyping, I decided to use the K8PetStore example. It creates a 4-tier example: load-generator, frontend, redis-master and redis-slave. Each of these tiers, except for the redis-master) can be deployed as multiple instances.

With OpenContrail, we decided to create a new daemon that listens to the kubernetes API using the kubernetes controller framework. This daemon creates virtual networks on demand, for each Continue reading

Teardown of Apple Watch shows sensor could measure blood oxygen levels

The Apple Watch's sensor may hold more health monitoring functions than Apple has revealed, including measuring blood oxygen levels, a feature that's not enabled on the device and that Apple hasn't talked about.That's one of the findings from iFixIt, which disassembled an Apple Watch Sport Edition on the day the wearables started shipping to customers.U.S. government regulations may prevent Apple from allowing the watch to capture blood oxygen data, according to iFixIt, whose website lets people offer each other advice on how to fix a variety of things, including computer hardware. The site is also known for breaking apart Apple's new products as soon as they go on sale.To read this article in full or to leave a comment, please click here

PlexxiPulse—Breaking Down the Distributed Network

Most networks today (including Plexxi solutions) are built as distributed networks. This type of infrastructure reduces complexity and significantly increases network capabilities. Our own Marten Terpstra took a deep dive into the future of distributed networks this week on the Plexxi blog. He identifies and breaks down the “central command” system of today’s distributed networks, and its impact on the functionality of network solutions as a whole. Give it a read before you head out for the weekend.

Below please find a few of our top picks for our favorite news articles of the week. Have a great weekend!

CIO: Declare Your Independence – Virtualize that Network!
By Paul Gillan
Although a relative newcomer to virtualization compared to its server and storage brethren, virtualized networks – and their companion, software-defined networking (SDN) technology – are a no-brainer for any company that’s virtualizing other parts of its IT infrastructure. Once you move platforms to an internal cloud, you’ll want the underlying transport layer to deliver the same flexibility as the virtual resource. Storage, servers, desktops and software all benefit from a more flexible network.

Re/code: The Third Phase of Big Data
By Sumit Sadana
Back in the pre-Internet era of the Continue reading

Here’s what reply to Google Fi invite request looks like

Just in case you've been curious about Google's new Project Fi wireless service but haven't wanted to get on yet another Google list, I've done the dirty work for you and asked for an invite for myself.After I sent along my gmail address and zip code to ensure Google Fi would be offered in my area (and yes, apparently I'm in 4G heaven), Google was quick to reply, within a few minutes. Below you can see what the invite reply looks like, and if you'd like to apply, here's where to go on the Google Fi site.To read this article in full or to leave a comment, please click here

Technology Short Take #50

Welcome to Technology Short Take #50, the latest in my series of posts sharing various links and articles pertaining to key data center technologies. I hope that you find something useful here!

Networking

  • Tyler Christiansen recently published a post on a network automation workflow that was based on a presentation he gave at the SF Network Automation meetup. The workflow incorporates Ansible, git, Jenkins, and Gerrit. If you’re looking for more examples of how to incorporate these sorts of tools into your own network automation workflow, I’d recommend having a look at this article.
  • This post contains a link to a useful presentation on the essential parts of EVPN. It’s quite useful if you (like me) need an introduction to this technology.
  • Need to reset the CLI privileged mode password on your NSX Manager instance? Here’s a walkthrough. (Warning: as pointed out in the article, this is most likely not supported. Use at your own risk.)
  • This article by Russell Bryant is a great overview and update of the work going on with Open Virtual Network (OVN). I’m really excited about OVN and looking forward to seeing it develop and grow.
  • This is kind of cool, and (in my Continue reading

Show 234 – Design & Build #1 – Network Mergers

This is the first in a series we’re calling “Design & Build,” where we talk through some common network challenges you might face in your network career. Today, we talk about corporate mergers, where the network you know and love needs to work with a network that you don’t.

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 3M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks
TwitterGoogle+LinkedIn

The post Show 234 – Design & Build #1 – Network Mergers appeared first on Packet Pushers Podcast and was written by Ethan Banks.

ADN – Awk Defined Networking

Because I have yet to transition to a completely software-defined network in which everything configures itself (wink wink), I still have to do tasks like bulk VLAN changes.

Thanks to a recent innovation called ADN, or "AWK Defined Networking", I can do this in a shorter time window that the average bathroom break. For example, I just had a request to change all ports on a large access switch stack that  are currently in VLAN 76 to VLAN 64:

# ssh switch_name.foo.com 'show int status | i _76_' | grep Gi | awk '{print "int ",$1,"n","description PC/Phone","n","switchport access vlan 64"}'
Password: ***

int  Gi1/0/25
 description PC/Phone
 switchport access vlan 64
int  Gi1/0/26
 description PC/Phone
 switchport access vlan 64
[many more deleted]

Then I copied and pasted the results into config mode. Back to lounging on the beach.

Not even any Python skills required!

ADN – Awk Defined Networking

Because I have yet to transition to a completely software-defined network in which everything configures itself (wink wink), I still have to do tasks like bulk VLAN changes.

Thanks to a recent innovation called ADN, or "AWK Defined Networking", I can do this in a shorter time window that the average bathroom break. For example, I just had a request to change all ports on a large access switch stack that  are currently in VLAN 76 to VLAN 64:

# ssh switch_name.foo.com 'show int status | i _76_' | grep Gi | awk '{print "int ",$1,"n","description PC/Phone","n","switchport access vlan 64"}'
Password: ***

int  Gi1/0/25
 description PC/Phone
 switchport access vlan 64
int  Gi1/0/26
 description PC/Phone
 switchport access vlan 64
[many more deleted]

Then I copied and pasted the results into config mode. Back to lounging on the beach.

Not even any Python skills required!
1 3,521 3,522 3,523 3,524 3,525 3,841