psCloudstack Managing Cloudstack Made Easy

...made easy when working in a Windows environment For managing Cloudstack several methods exist like the Cloudstack web client and the Cloudstack cloudmonkey CLI. A new player in this arena is psCloudstack, a Windows Powershell based counterpart of cloudmonkey, which dynamically creates the api functions you are entitled to. What makes psCloudstack different from other tools? The major difference with other CLI based tools is: it is dynamic. psCloudstack uses the... read more >

How to setup RPKI route validation in JUNOS

Resource Certification (RPKI)

The Resource Certification (RPKI) system allows Local Internet Registries (LIRs) to request a digital certificate listing the Internet number resources they hold. It offers validatable proof of holdership of a resource's registration by a Regional Internet Registry (RIR).

BGP Origin Validation

Origin validation helps to prevent the unintentional advertisement of routes. read more >

How to rate limit unwanted traffic in JUNOS

JUNOS has firewall filtering which is very powerful and flexible. It can be configured for pre-configured protocols and own specified ports. It can be based on source and/or destination direction of the traffic. Many more options are available including tcp-flags, tcp-established, tcp-initial, fragments and so on. Addresses can be configured within the statement or using source or destination address lists preconfigured. read more >

Common pitfalls when following a responsible disclosure policy

The generic WordPress authentication screen
At Schuberg Philis, we take security seriously. Nevertheless, mistakes do happen. An engineer might overlook an option, configuration drifts and what was secure last week is suddenly considered insecure because a configuration somewhere else changed, or new issues are discovered.

While we try to fix these things every time, sometimes things slip through.

We want to tackle security issues on our infrastructure, but we might miss things ourselves. read more >

QCon London: How I Learned to Stop Worrying and Trust Crypto Again

Mother and Infant Bond a CC NC image by Steve Corey
By Graham Steel

The year 2013 is the year we found out that the tinfoil hat people were right and the NSA was actually listening to all our conversations.

However, even Snowden stated that properly implemented strong cryptographic systems will actually safe you.

In reality developers seldom design their own cryptographic engines and implementing your own based on a book like 'Applied cryptography ' is not recommended, so people are read more >

Chef Monitoring

At Schuberg Philis we have a certain way of working which gives every engineer a lot of freedom. That amount of freedom can only be provided and maintained with the right tool-set and auditing capabilities. Auditability and accountability are the main reasons why we need to have our change information out in the open and visible for every engineer. Having that information out in the open enables us to peer review the changes made. No secrets here and no need to hide any information, read more >

OpsCode Chef on Arista EOS switches

Configuring switches can be cumbersome and boring.  At least I find it something  I would really like to automate and make it better available for colleagues.

For coding the infrastructure we have chosen for Opscode Chef and rolled out our own private Chef infrastructure. We can automate an awful lot: roll-out new Hypervisors, applications, configurations, services. But coding the underlay is still something that is in development. read more >

Custom Sort a List of Objects in PowerShell

The Sort-Object Cmdlet can be used in PowerShell to sort a collection or list of objects. But a small sentence in the documentation on MSDN shows us that we can also use a calculated property using a hash table. The syntax would be something like Sort-Object -Property @{Expression={ <some expression }}.

Let’s look at a real life example for this.

Sort Computernames on trailing number read more >

Configure Arista eAPI with Python

It is possible to manage Arista switches with the Beta Devops Extension, however this is not yet production worthy. But Arista has a much more cooler extension which is far better usable; the Arista eAPI.

With Arista eAPI you can use industry standard CLI commands to send requests, and get returned data that is structured and documented. These requests and responses using JSON-RPC, a lightweight data-interchange format that is easy to read and write and to parse and generate. read more >

100% Automation of Java Updates

Oracle’s Java technology has become a favorite target of hackers and malware writers over the past few years. In response, Oracle has increased the frequency of Java updates in an effort to battle them.

For home users this is easy, you can use Java’s built-in auto update mechanism. But as IT Admins you probably want to do this in a controlled manner as Java updates sometimes break applications.

Unfortunately the process of obtaining the Java installables from Oracle isn’t really read more >