Thursday, January 15, 2015

Windows box with Vagrant

Some people have been asking me about Vagrant and Windows environments so today, I'm going to write about the easiest way to create and configure Windows 2008 R2 box in Vagrant.
The documentation is very fragmented along the network and I will try to unify it in this post.

Wednesday, December 24, 2014

Azure Ipsec router ( Static gateway multi site)

The problem:
Multi site VPN on Azure using IKEv1 (CISCO ASA 8.3)
The situation to solve:

We need a connection between our three on premises sites and the production and staging in a vnet on Azure via VPN. Unfortunately we have an old CISCO ASA hardware running IOS 8.3 and it only supports IKEv1.

Sunday, November 30, 2014

Playing with Kubernetes

Last hacknight at Peertransfer we were playing with Kubernetes and Docker. Kubernetes is a Docker cluster orchestrator. In this article there is a very detailed description and explanation of what Kubernetes can do.
Here, I am going to transcribe my notes about how we deployed and tested Kubernetes basics in less than an hour.
First of all you need a DigitalOcean account and you have to deploy the Docker APP VM.  I like DigitalOcean because it is fast, cheap and clean, but you can use Docker installation wherever you want, for example in Kubernetes doc they use OS X.
In this test you need a GCE (Google Computing engine) account too, because we are going to deploy VMs (minions) on this platform.

Tuesday, November 25, 2014

Cisco ASA AnyConnect VPN group lock

I'm going to paste a recipe from Cisco Forum, this recipe explains how to set a tunnel lock into AnyConnect. It is very important because if you don't apply this policy any user with authorised credentials in the radius will be able to login in any VPN tunnel.

Starting with Docker

Definition from Wikipedia

Docker is an open-source project that automates the deployment of applications inside software containers, by providing an additional layer of abstraction and automation of operating system–level virtualization onLinux.[2] Docker uses resource isolation features of the Linux kernel such as cgroups and kernel namespaces to allow independent "containers" to run within a single Linux instance, avoiding the overhead of starting virtual machines.[3]

What about Docker?

Docker reminds me old isolation container technology, such as Solaris Zones, *BSD Jails or even Linux OpenVZ. In fact, it is the same technology. Docker uses LXC linux kernel module that derivates from OpenVZ.
Docker is newer, better and simpler than the old alternatives. It provides you with an API, a Container repository and an easy CLI management interface. These points make Docker really powerful and modern.

Tuesday, November 11, 2014

Deployment tips for Active Directory Certificates Services NDES role

For those who have to setup and environment compliant with SCEP protocol into Microsoft platform, Active Directory Certificate Service has a role called NDES (Network Device Enrollment Service) that simply is the MS implementation for this standard.

I´m not going write a how to, because there are some over internet and the best one, as usual, is the Techect wiki entry that can be found here. My scenario runs on Windows Server 2012 R2.

This guide is quite good, but the product is still, in my humble opinion, in an early stage because the config is based on registry keys (HKLM\Software\Microsoft\Cryptography\MSCEP) and documentation of those keys is limited.

Sunday, November 9, 2014

Why do I hate Nagios?

You either love or hate Nagios, there are no intermediate opinions when you use this application. I am definitely uncomfortable with Nagios. While I'm not a radical SCOM guy, because I like other free (as in freedom) monitoring systems: Zabbix, Sensu even PandoraFMS, I really hate Nagios.
And if you want there are a lot of very good SaaS alternatives too, such as New Relic, Datadog, Monits, etc.

Nagios reminds me of the good old times, when we only had a few machines in our data centers and three or four services and they were easy to manage and monitor.  Do you remember big brother monitoring software? It was quite popular 15 years ago and it was very simple because our projects were very simple comparing with our projects nowadays.