Sunday, November 30, 2014

Playing with Kubernetes

Last hacknight at Peertransfer we were playing with Kubernetes and Docker. Kubernetes is a Docker cluster orchestrator. In this article there is a very detailed description and explanation of what Kubernetes can do.
Here, I am going to transcribe my notes about how we deployed and tested Kubernetes basics in less than an hour.
First of all you need a DigitalOcean account and you have to deploy the Docker APP VM.  I like DigitalOcean because it is fast, cheap and clean, but you can use Docker installation wherever you want, for example in Kubernetes doc they use OS X.
In this test you need a GCE (Google Computing engine) account too, because we are going to deploy VMs (minions) on this platform.

Tuesday, November 25, 2014

Cisco ASA AnyConnect VPN group lock

I'm going to paste a recipe from Cisco Forum, this recipe explains how to set a tunnel lock into AnyConnect. It is very important because if you don't apply this policy any user with authorised credentials in the radius will be able to login in any VPN tunnel.

Starting with Docker

Definition from Wikipedia

Docker is an open-source project that automates the deployment of applications inside software containers, by providing an additional layer of abstraction and automation of operating system–level virtualization onLinux.[2] Docker uses resource isolation features of the Linux kernel such as cgroups and kernel namespaces to allow independent "containers" to run within a single Linux instance, avoiding the overhead of starting virtual machines.[3]

What about Docker?

Docker reminds me old isolation container technology, such as Solaris Zones, *BSD Jails or even Linux OpenVZ. In fact, it is the same technology. Docker uses LXC linux kernel module that derivates from OpenVZ.
Docker is newer, better and simpler than the old alternatives. It provides you with an API, a Container repository and an easy CLI management interface. These points make Docker really powerful and modern.

Tuesday, November 11, 2014

Deployment tips for Active Directory Certificates Services NDES role

For those who have to setup and environment compliant with SCEP protocol into Microsoft platform, Active Directory Certificate Service has a role called NDES (Network Device Enrollment Service) that simply is the MS implementation for this standard.

I´m not going write a how to, because there are some over internet and the best one, as usual, is the Techect wiki entry that can be found here. My scenario runs on Windows Server 2012 R2.

This guide is quite good, but the product is still, in my humble opinion, in an early stage because the config is based on registry keys (HKLM\Software\Microsoft\Cryptography\MSCEP) and documentation of those keys is limited.

Sunday, November 9, 2014

Why do I hate Nagios?

You either love or hate Nagios, there are no intermediate opinions when you use this application. I am definitely uncomfortable with Nagios. While I'm not a radical SCOM guy, because I like other free (as in freedom) monitoring systems: Zabbix, Sensu even PandoraFMS, I really hate Nagios.
And if you want there are a lot of very good SaaS alternatives too, such as New Relic, Datadog, Monits, etc.

Nagios reminds me of the good old times, when we only had a few machines in our data centers and three or four services and they were easy to manage and monitor.  Do you remember big brother monitoring software? It was quite popular 15 years ago and it was very simple because our projects were very simple comparing with our projects nowadays.

Friday, November 7, 2014

Hyper-v capacity report (Powershell). Part 1

I am going to write about capacity. Some days ago one of our managers asked me about the ISO 20.000 and the capacity plan. He was looking for a simple dashboard to display our hypervisors capacity every month. So, I thought that using Powershell and SSRS could be a good idea to display and access this information.
So in this post I am going write about the draft version of the system that will generate this capacity dashboard.

ELK ( Elastic Search, Logstash, Kibana) for Windows and Linux logs for easy data mining

Recently I have been testing ELK (Elasticsearch, Logstash, Kibana) for the visualisation and data mining with Syslog, Windows Event Viewer, Apache, SQUID and IIS logs.