Devops op maandagmorgen

Hello SDN by Hugo Trippaers

Hugo Trippaers talks in this video about the bare essentials of Software Defined Networking (SDN). Almost everybody has a different definition of SDN. It's a concept that makes networking much easier.
SDN was created to deal with a praticular part of problems. I will first tell you somewhat about the history and will show via two labs how to practically use this. read more >

psCloudstack Managing Cloudstack Made Easy

...made easy when working in a Windows environment For managing Cloudstack several methods exist like the Cloudstack web client and the Cloudstack cloudmonkey CLI. A new player in this arena is psCloudstack, a Windows Powershell based counterpart of cloudmonkey, which dynamically creates the api functions you are entitled to. What makes psCloudstack different from other tools? The major difference with other CLI based tools is: it is dynamic. psCloudstack uses the... read more >

How to setup RPKI route validation in JUNOS

Resource Certification (RPKI)



The Resource Certification (RPKI) system allows Local Internet Registries (LIRs) to request a digital certificate listing the Internet number resources they hold. It offers validatable proof of holdership of a resource's registration by a Regional Internet Registry (RIR).



BGP Origin Validation



Origin validation helps to prevent the unintentional advertisement of routes. read more >

How to rate limit unwanted traffic in JUNOS

JUNOS has firewall filtering which is very powerful and flexible. It can be configured for pre-configured protocols and own specified ports. It can be based on source and/or destination direction of the traffic. Many more options are available including tcp-flags, tcp-established, tcp-initial, fragments and so on. Addresses can be configured within the statement or using source or destination address lists preconfigured. read more >

Common pitfalls when following a responsible disclosure policy

The generic WordPress authentication screen
At Schuberg Philis, we take security seriously. Nevertheless, mistakes do happen. An engineer might overlook an option, configuration drifts and what was secure last week is suddenly considered insecure because a configuration somewhere else changed, or new issues are discovered.



While we try to fix these things every time, sometimes things slip through.



We want to tackle security issues on our infrastructure, but we might miss things ourselves. read more >

QCon London: How I Learned to Stop Worrying and Trust Crypto Again

Mother and Infant Bond a CC NC image by Steve Corey
By Graham Steel



The year 2013 is the year we found out that the tinfoil hat people were right and the NSA was actually listening to all our conversations.



However, even Snowden stated that properly implemented strong cryptographic systems will actually safe you.



In reality developers seldom design their own cryptographic engines and implementing your own based on a book like 'Applied cryptography ' is not recommended, so people are read more >

Chef Monitoring

At Schuberg Philis we have a certain way of working which gives every engineer a lot of freedom. That amount of freedom can only be provided and maintained with the right tool-set and auditing capabilities. Auditability and accountability are the main reasons why we need to have our change information out in the open and visible for every engineer. Having that information out in the open enables us to peer review the changes made. No secrets here and no need to hide any information, read more >

OpsCode Chef on Arista EOS switches

Configuring switches can be cumbersome and boring.  At least I find it something  I would really like to automate and make it better available for colleagues.


For coding the infrastructure we have chosen for Opscode Chef and rolled out our own private Chef infrastructure. We can automate an awful lot: roll-out new Hypervisors, applications, configurations, services. But coding the underlay is still something that is in development. read more >