VWannabe

Author: javirodz

  • Super Tech Resource

    Suddenly you realize it, you are an expert at so many irrelevant things. This happened to you?, if you’ve been on IT for a while and you are still actually doing instead of managing, then you may end up rotting with some technology that is dying. When someone claims is a Cloud XXX, what do you expect from them? Well I found these skills for a Cloud Engineer job from a really cool company:

    • A mastery of Linux. This means: you know why things work on a Linux system, not just how to configure them
    • Experience developing enterprise application architectures to meet business requirements in complex environments
    • Knowledge and experience with large-scale systems integration involving private, hybrid, and public cloud platforms
    • Understanding of cloud orchestration frameworks, enterprise IT service provisioning tools, and their role in IT transformation
    • Experience with public and private cloud, including OpenStack and AWS
    • Experience with configuring: OpenStack Ceilometer, Cinder, Glance, Heat, Keystone, Nova, Neutron, Swift
    • Experience with virtualization, including: KVM, Xen, and VMWare
    • Experience with RabbitMQ / AMQP, Puppet, LDAP, NFS, and RHCS
    • Experience administering CentOS or Ubuntu
    • Able to write software in Python or some other administrative language
    • Able to read and perform debugging of C / C++ / Java programs.  Being able to write programs in these languages is even better!
    • Experience supporting or maintaining MySQL, MongoDB, and Couchbase

    How do I get these? I mean all of them. Is it really something achievable? For example, take virtualization. How much time does it take to be a VMware master? Then learn enough KVM and Xen to be able to master all three. I know it depends on how smart you are, but also on how much hands experience you can get. What if you are an expert in Solaris or AIX, but not Linux. I wonder if such a person exists. I would like to work with this person and learn everything I could. In the meantime maybe I should apply for an internship with this company to be able to master every skill in this list, and then hope they are not replaced by new technology and become irrelevant again.

    As always pardon my English, I just feel that if I write these in Spanish nobody would ever read them (not that anyone read them anyway :P)

  • Just don’t follow your dream

    Ok, I have your attention, now let me explain myself. I come from a home in which my father always worked Monday to Saturday, he doesn’t know what the word vacation means, and he is still working at age 74. He never bought anything that was not essential to us. Good house (of course no mortgage), food and good education. I once asked my parents if they could buy an ATV for me if I obtained good grades, and they said that the good grades were for me not for them (kind of saying there is no way you are going to blackmail us with that), but really just saying that it was in my best interest to do well in school.

    Enough about family history, here is what I mean. You really have to setup a goal, but then stop thinking about the end result and start thinking on how to get there. Dedicate all your resources to those little things that will allow you to reach that goal. Stop daydreaming, be practical and don’t waste your time on things that will not contribute to your mission.

    If you want to be the best basketball player, then research what you have to do and then do it six days a week for the amount of time needed to create results, don’t waste you time playing a video game or fantasizing about wining the slam dunk contest.

    Those of us in the IT business will be challenged multiple times during our career. This is something you learn and relearn, apply the useful stuff and hopefully discard what doesn’t work. Keep your goals clear and well defined, but never hold back, shoot for the moon.

     

     

     

     

  • Cloud Something

    Cloud Something

    The World Cup started, so I will cheer for the one who seems to be wining at any give point. Yes I know it sounds not very loyal from my part, but a man does what a man needs to do, right? Anyway I’ve been out for a while (again) but I want to share my thoughts on the cloud, but the cloud that its beginning to be seen in the TV and movies, yesterday I saw a movie trailer and the actors were saying something about “nobody understands the cloud”. Well that may be the case, I mean probably big companies do, but believe me that some people out there are still trying to understand virtualization so you can imagine.

    The issue is more on whether you continue on the race to the bottom, or do you jump on this big opportunity. I believe that is possible to consolidate beyond what we’ve achieved with virtualization. We are talking about Virtual Data Centers, having a couple of physical locations, but seen as one.

    Who are the players? Well, this looks like the gold rush., everyone have some sort of initiative. So please take a look at you situation. Do you work in an environment (I guess mostly tech) that will be affected by this cloud storm? Make your move now, don’t get caught without an emergency plan.

    Remember when you see clouds, there may be a storm coming.

  • EMCWORLD 2014

    Finally I made it to Las Vegas. It is fantastic!, I’m starting the third day and I’ve enjoyed every single minute of it. Honestly, although I liked all the sessions, Bear Grylls talk on extra-ordinary was my favorite. When you absolutely think there is nothing left on you to give, that is the moment you know you have to give a little bit more., that is the “Q”. We can’t wait to get back home to pass the message, the third platform is here, we as IT professionals need to prepare for the software defined everything. This is just the logical next step, the software have always been there, it is going to be disconnect now. It is all business driven, mobile apps, cloud, time to market, and always on, are some of the drivers or reasons this is happening. I want to make a commitment, I’ll start blogging more, I have a few interesting projects I want to “document” in my vNotepad. But going back to EMCWorld I am impress with the level of cohesiveness about the message at all levels, from Joe Tucci to Urayoan Irizarry down at the Solutions Arcade. I really liked the VPLEX Virtual Edition session, I will setup something here in the next few days.

  • Configuring NTP Services for the VNX / Celerra

    I was performing a nas_checkup on the new system I just installed and found this warning:

    ————Warnings———————

    Blades : Check connectivity to NTP servers

    Warning HC_DM_18800115743:

    * server_2: Only one NTP server is configured. It is recommended to define at least two different NTP servers for a high availability.

    If the clock of the Data Mover is not correct, potential errors during Kerberos authentication may happen (timeskew).

    Action : Use the server_date command to define another NTP server on the Data Mover. Read the man pages for details and examples.

    ——————————————

    So I must have missed the configuration of the second NTP server, but no problem because there is a procedure for that, right? So this is what happened next:

    1. Login into the Unisphere, click on the Home Icon and then of the Domains Tab

    home-domains2. On the right column click the Configure NTP link

    ntp-config-link

    3. Click OK in the Pop-Up Warning Window, and then you can edit you NTP settings, in my case if fact I had only one NTP server defined, so I added the second one

    ntp-config-window

    4. I executed the nas_checkup again, but I still had the same warning. If you log into the control station with ssh user nasadmin, then you can check the NTP status with this command:

    [nasadmin@cs0 tools]$ server_date server_2 timesvc stats ntp
    server_2 :
    Time synchronization statistics since start:
    hits= 45, misses= 0, first poll hit= 2, miss= 0
    Last offset: 0 secs, 0 usecs
    Current State: Running, connected, interval= 60
    Time sync hosts:
    10.1.3.10,

    See above in bold that only the first NTP server appears in the output, I also tried to stop and start the NTP service, I logged as root and executed the /sbin/service ntpd [stop/start], but the system still reported one NTP server and I still had my warning message.

    5. Resolution: I stopped the ntp service and then started it again with both hosts included in the command line.

    [nasadmin@cs0 tools]$ server_date server_2 timesvc stop ntp
    server_2 : done
    [nasadmin@cs0 tools]$ server_date server_2 timesvc start ntp 10.2.3.10 10.1.3.10
    server_2 : done
    [nasadmin@cs0 tools]$ server_date server_2 timesvc stats ntp
    server_2 :
    Time synchronization statistics since start:
    hits= 1, misses= 0, first poll hit= 1, miss= 0
    Last offset: 0 secs, 51 usecs
    Current State: Running, connected, interval= 60
    Time sync hosts:
    10.2.3.10, 10.1.3.10,
    [nasadmin@cs0 tools]$

    Blades         : Checking connectivity to NTP servers…………………. Pass

    And I will be able to sleep tonight.

  • Objective 5.01 Describe the purpose, advantage, use cases, and challenges associated with hardware based application delivery platforms and virtual machines

    Explain When a hardware based application deliver platform solution is appropriate

    (Explain the purpose, advantages, and challenges associated with hardware based application deliver platform solutions)

    BIG-IP 8950 & 11050 Hardware Helps Customers Meet Growing Throughput Demands

    • The new platforms support high throughput levels to meet the application delivery needs of service providers and organizations that put a premium on transactions per second, such as financial institutions. The BIG-IP 8950 platform features a throughput level of 20 Gbps, while the 11050 boasts 42 Gbps.
    • The solutions support 10 Gb Ethernet connectivity to help bandwidth-conscious customers deliver enhanced application services. The platforms provide ideal solutions for customers that have configured their data centers around 10GE or are currently planning to upgrade their infrastructure.
    • With the 8950 and 11050 platforms, customers have the ability to incorporate additional application services (acceleration, high availability, application security, etc.), as their business needs evolve. Because these capabilities can be added to the existing ADN hardware platform, F5 solutions offer both enhanced functionality and optimum performance.

    Explain when a virtual machine solution is appropriate

    (Explain the purpose, advantages, and challenges associated with virtual machines)

    BIG-IP LTM VE Improves ADC Scalability and Simplifies Solution Deployment

    • Virtual ADCs can be rapidly deployed and scaled to support applications as resources are needed. In addition, cloud providers can leverage virtual ADCs to apply specific application policies on a per customer basis to support individual organizations’ business priorities.
    • BIG-IP LTM VE provides improved evaluation, development, integration, QA, and staging for application delivery policies and deployments. By enabling customers to deploy a virtual BIG-IP device in a testing lab, customers can conveniently test how applications and networks will respond in a production environment. This capability also enables customers to evaluate the addition of other ADC services such as SSL offloading, caching, and compression, and seamlessly transfer from testing scenarios into production.
    • BIG-IP LTM VE will be available in a full production version and a non-production lab version, as well as the previously announced trial. The full production version features variable throughput options up to 1Gbps. The lab version enables in-depth testing, and is best suited for efforts around application development, test, QA, and other non-production scenarios.
    • Unlike other virtualized application delivery offerings, BIG-IP LTM VE is part of a comprehensive application delivery architecture platform. This means that it has been designed to operate in tight integration with F5’s broad product portfolio, as well as support solutions from other leading virtualization companies such as VMware.

    Explain the advantages of dedicated hardware (SSL card, compression card)

    HARDWARE ACCELERATION REDUCES COSTS, INCREASES EFFICIENCY

    SSL offloading relieves a Web server of the processing burden of encrypting and/or decrypting traffic sent via SSL, the security protocol that is implemented in every Web browser. The processing is offloaded to a separate device designed specifically to perform SSL acceleration or SSL termination.

    SSL termination capability is particularly useful when used in conjunction with clusters of SSL VPNs, because it greatly increases the number of connections a cluster can handle.

    BIG-IP® Local Traffic Manager with the SSL Acceleration Feature Module performs SSL offloading.

  • Objective 5.02 Describe the purpose of the various types of advance acceleration techniques.

    Describe the purpose of TCP optimization

    TCP tuning techniques adjust the network congestion avoidance parameters of TCP connections over high-bandwidth, high-latency networks. Well-tuned networks can perform up to 10 times faster in some cases. For enterprises delivering Internet and extranet applications, TCP/IP inefficiencies, coupled the effects of WAN latency and packet loss, all conspire to adversely affect application performance. The result of these inefficiencies has inflated the response times for applications, and significantly reduced bandwidth utilization efficiency (ability to “fill the pipe”). 
    F5’s BIG-IP® Local Traffic Manager provides a stat e-of-the-art TCP/IP stack that delivers dramatic WAN and LAN application performance improvements for real-world networks. These advantages cannot be seen in typical packet blasting test harnesses, rather they are designed to deal with real-world client and Internet conditions.
    This highly optimized TCP/IP stack, called TCP Express, combines cutting-edge TCP/IP techniques and improvements in the latest RFCs with numerous improvements and extensions developed by F5 to minimize the effect of congestion and packet loss and recovery. Independent testing tools and customer experiences have shown TCP Express delivers up to a 2x performance gain for end users and a 4x improvement in bandwidth efficiency with no change to servers, applications, or the client desktops.

    TCP Express White Paper

    Describe the purpose of HTTP keep alives

    A keepalive (KA) is a message sent by one device to another to check that the link between the two is operating, or to prevent this link from being broken. The Hypertext Transfer Protocol supports explicit means for maintaining an active connection between client and server. HTTP persistent connection, also called HTTP keep-alive, or HTTP connection reuse, is the idea of using a single TCP connection to send and receive multiple HTTP requests/responses, as opposed to opening a new connection for every single request/response pair.

    Describe the purpose of Caching

    Caching is the local storage of network data for re-use, to cut down on transfer time for future requests. With Web pages, static caching simply serves objects — typically images, JavaScript, stylesheets — as long as they haven’t passed their expiration date. But static caching can generally only be used for about 30 percent of HTTP requests, and that does not typically include high-value dynamic data.
    Dynamic caching completely changes the caching model, making it possible to cache a much broader variety of content including highly dynamic Web pages, query responses, and XML objects. Dynamic caching is a patented technology unique to F5.

    The F5 BIG-IP® WebAccelerator makes dynamic caching possible by implementing two key capabilities: a sophisticated matching algorithm that links fully qualified user queries to cached content, and a cache invalidation mechanism triggered by application and user events.

    Describe the purpose of compression

    In computer science and information theory, data compression, source coding,[1] or bit-rate reduction involves encoding information using fewer bits than the original representation.[2] Compression can be either lossy or lossless. Lossless compression reduces bits by identifying and eliminating statistical redundancy. No information is lost in lossless compression. Lossy compression reduces bits by identifying unnecessary information and removing it.

    Advanced compression increases application performance across a network. In contrast to packet-based compression, advanced compression operates at the session layer (layer 5 of the seven-layer OSI model), compressing homogenous data sets while addressing all application types. This approach generates higher system throughput and minimizes latency.
    F5 BIG-IP® WAN Optimization Module combines advanced compression with a system architecture built for high performance. BIG-IP is specifically designed to address the needs of bandwidth-intensive networks.

    Intelligent compression removes redundant patterns from a data stream to improve application performance. This technique is commonly used for Web applications to help reduce bandwidth needs and improve end-user response times.
    The F5 BIG-IP® product family can target specific applications for compression to give the greatest possible benefit to end users. The BIG-IP system monitors TCP round-trip times to calculate user latency, allowing BIG-IP to devote more power to compressing traffic for those who need it most.

    Describe the purpose of pipelining

    Pipelining is a natural concept in everyday life, e.g. on an assembly line. Consider the assembly of a car: assume that certain steps in the assembly line are to install the engine, install the hood, and install the wheels (in that order, with arbitrary interstitial steps). A car on the assembly line can have only one of the three steps done at once. After the car has its engine installed, it moves on to having its hood installed, leaving the engine installation facilities available for the next car. The first car then moves on to wheel installation, the second car to hood installation, and a third car begins to have its engine installed. If engine installation takes 20 minutes, hood installation takes 5 minutes, and wheel installation takes 10 minutes, then finishing all three cars when only one car can be assembled at once would take 105 minutes. On the other hand, using the assembly line, the total time to complete all three is 75 minutes. At this point, additional cars will come off the assembly line at 20 minute increments.

    HTTP pipelining is initiated by the browser by opening a connection to the server and then sending multiple requests to the server without waiting for a response. Once the requests are all sent then the browser starts listening for responses. The reason this is considered an acceleration technique is that by shoving all the requests at the server at once you essentially save the RTT (Round Trip Time) on the connection waiting for a response after each request is sent. 

  • Objective 4.04 Describe the purpose, advantages, and use cases of IPsec and SSL VPN

    Internet Protocol Security (IPsec

    Is a technology protocol suite for securing Internet Protocol (IP) communications by authenticating and/or encrypting each IP packet of a communication session. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session.
    IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite. It can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host).
    Some other Internet security systems in widespread use, such as Secure Sockets Layer (SSL), Transport Layer Security (TLS) and Secure Shell (SSH), operate in the upper layers of the TCP/IP model. In the past, the use of TLS/SSL had to be designed into an application to protect application protocols. In contrast, since day one, applications did not need to be specifically designed to use IPsec. Hence, IPsec protects any application traffic across an IP network.

    Common IPsec VPN Issues

    SSL VPN

    An SSL VPN (Secure Sockets Layer virtual private network) is a form of VPN that can be used with a standard Web browser. In contrast to the traditional Internet Protocol Security (IPsec) VPN, an SSL VPN does not require the installation of specialized client software on the end user’s computer. It’s used to give remote users with access to Web applications, client/server applications and internal network connections.

    A virtual private network (VPN) provides a secure communications mechanism for data and other information transmitted between two endpoints. An SSL VPN consists of one or more VPN devices to which the user connects by using his Web browser. The traffic between the Web browser and the SSL VPN device is encrypted with the SSL protocol or its successor, the Transport Layer Security (TLS) protocol.
    An SSL VPN offers versatility, ease of use and granular control for a range of users on a variety of computers, accessing resources from many locations. There are two major types of SSL VPNs:

    • SSL Portal VPN: This type of SSL VPN allows for a single SSL connection to a Web site so the end user can securely access multiple network services. The site is called a portal because it is one door (a single page) that leads to many other resources. The remote user accesses the SSL VPN gateway using any modern Web browser, identifies himself or herself to the gateway using an authentication method supported by the gateway and is then presented with a Web page that acts as the portal to the other services.
    • SSL Tunnel VPN: This type of SSL VPN allows a Web browser to securely access multiple network services, including applications and protocols that are not Web-based, through a tunnel that is running under SSL. SSL tunnel VPNs require that the Web browser be able to handle active content, which allows them to provide functionality that is not accessible to SSL portal VPNs. Examples of active content include Java, JavaScript, Active X, or Flash applications or plug-ins.

    Advantages and Risks of SSL VPN

  • Objective 4.03 Describe the purpose and advantages of authentication

    Explain the role authentication plays in AAA(authentication, authorization and accounting)

    Authentication

    Authentication refers to the process where an entity’s identity is authenticated, typically by providing evidence that it holds a specific digital identity such as an identifier and the corresponding credentials. Examples of types of credentials are passwords, one-time tokens, digital certificates, digital signatures and phone numbers (calling/called).

    Authorization

    The authorization function determines whether a particular entity is authorized to perform a given activity, typically inherited from authentication when logging on to an application or service. Authorization may be determined based on a range of restrictions, for example time-of-day restrictions, or physical location restrictions, or restrictions against multiple access by the same entity or user. Typical authorization in everyday computer life is for example granting read access to a specific file for authenticated user. Examples of types of service include, but are not limited to: ip address filtering, address assignment, route assignment, quality of Service/differential services, bandwidth control/traffic management, compulsory tunneling to a specific endpoint, and encryption.

    Accounting

    Accounting refers to the tracking of network resource consumption by users for the purpose of capacity and trend analysis, cost allocation, billing. In addition, it may record events such as authentication and authorization failures, and include auditing functionality, which permits verifying the correctness of procedures carried out based on accounting data. Real-time accounting refers to accounting information that is delivered concurrently with the consumption of the resources. Batch accounting refers to accounting information that is saved until it is delivered at a later time. Typical information that is gathered in accounting is the identity of the user or other entity, the nature of the service delivered, when the service began, and when it ended, and if there is a status to report.

    Advantages of SSO (Single Sign On)

    Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. Conversely, Single sign-off is the property whereby a single action of signing out terminates access to multiple software systems.
    Benefits of using single sign-on include:
    • Reducing password fatigue from different user name and password combinations
    • Reducing time spent re-entering passwords for the same identity
    • Reducing IT costs due to lower number of IT help desk calls about passwords

    Multifactor Authentication

    Multi-factor authentication (also MFA, Two-factor authentication, TFA, T-FA or 2FA) is an approach to authentication which requires the presentation of two or more of the three authentication factors: a knowledge factor (“something the user knows“), a possession factor (“something the user has“), and an inherence factor (“something the user is”). After presentation, each factor must be validated by the other party for authentication to occur.

  • Objective 4.02 Explain the purpose of the cryptographic services

    Cryptographic Services

    Public networks such as the Internet do not provide a means of secure communication between entities. Communication over such networks is susceptible to being read or even modified by unauthorized third parties. Cryptography helps protect data from being viewed, provides ways to detect whether data has been modified, and helps provide a secure means of communication over otherwise non secure channels. For example, data can be encrypted by using a cryptographic algorithm, transmitted in an encrypted state, and later decrypted by the intended party. If a third party intercepts the encrypted data, it will be difficult to decipher.

    Signing

    A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, such that the sender cannot deny having sent the message (authentication and non-repudiation) and that the message was not altered in transit (integrity). Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering.

    Encryption

    Encryption is the process of encoding messages (or information) in such a way that eavesdroppers or hackers cannot read it, but that authorized parties can.
    Certificates and Certificate Chains

    Private/Public Keys

    Public-key encryption uses a private key that must be kept secret from unauthorized users and a public key that can be made public to anyone. The public key and the private key are mathematically linked; data that is encrypted with the public key can be decrypted only with the private key, and data that is signed with the private key can be verified only with the public key. The public key can be made available to anyone; it is used for encrypting data to be sent to the keeper of the private key. Public-key cryptographic algorithms are also known as asymmetric algorithms because one key is required to encrypt data, and another key is required to decrypt data. A basic cryptographic rule prohibits key reuse, and both keys should be unique for each communication session. However, in practice, asymmetric keys are generally long-lived.

    Symmetric/Asymmetric encryption

    There are two basic types of encryption schemes: Symmetric-key and public-key encryption(Asymmetric). In symmetric-key schemes, the encryption and decryption keys are the same. Thus communicating parties must agree on a secret key before they wish to communicate. In public-key schemes, the encryption key is published for anyone to use and encrypt messages. However, only the receiving party has access to the decryption key and is capable of reading the encrypted messages. Public-key encryption is a relatively recent invention: historically, all encryption schemes have been symmetric-key (also called private-key) schemes