Most companies by now have virtualized a large percentage of its datacenter infrastructure.One mistake that may be made is to rely on existing physical security devices only to protect your virtual infrastructure . A physical servers traffic normally traverses our physical network devices but inter vm traffic may never leave your hypervisor hence an intruder who gains access to one improperly secured Virtual Machine may be able to compromise additional virtual machines without being detected by a physical Intrusion prevention system or firewall,since inter vm traffic flows exists within virtual switches.In order to properly protect virtual machines hypervisor level firewalls are required,these Vfirewalls are virtual comstructs managed like a physical device and providing visibility into virtual network traffic flows.
Tag Archives: Jamaica
The use of shared folders as a means of allowing multiple persons to access documents may seem like an efficient approach but in a world where decisions taken minutes too late could cost millions there is a greater need for more efficient solutions.
Enterprise Content Management (ECM) Systems provides a more efficient means of storing, searching and capturing hard and soft copies of your documents. An ECM also allows greater collaboration by allowing the assignment of business rules and workflows to your documents. Unlike traditional shared folders an ECM allows owners of content such as Word files to be able to share their content without the intervention of a Systems Administrator.
Lets say you work in insurance and your business process dictates the following. The collections department collects applications from potential customers and reviews them for completeness. If the collected application is complete route to your risk department, if the application is incomplete reject the application. The risk department will either approve the application and assign an insurance cost or reject the application. The risk departments’ decision can be communicated via email to both the customer and the collections department.
By assigning business rules to these applications, if-then-else logic can be applied to these documents. Metadata can be added to documents to store the validity, the decision taken on a application and any other Metadata deemed useful. This Metadata can be used as conditions in your business logic.
At LTGJAMAICA we want to help your company become as efficient as possible.
The Cloud means many things to many different persons,but personally I view a Cloud as a distinct pool of computing resources that can be manage centrally, provides the ability to scale resources via pre configured policies and lastly provides the ability to automate manual requests such as Virtual Machine creation and deployment.
Though not recommended by many IT professionals, I am planning on making our IT department an internal service provider. In this vain it is my vision to build out a Private Cloud that can provide self service to authorized internal clients such as our developers and application administrators.Currently we utilize a Vmware Vsphere platform, but in another few months this platform will possess all the attributes of a true cloud.To provide the functions necessary I have decided that we will look at the Open Source Eucalyptus platform.
Eucalyptus is Open Source so it reduces our initial capital expenditure ,it is compatible with Vmware and it has the ability to support Amazon based workloads thus providing a Hybrid platform mangement tool.
At Stage one, we will roll out a Private Cloud that will allow authorized internal clients to perform various tasks related to a an assigned blocked of computing resources.
At Stage two we will seek to allow the migration of workloads between Amazon and our Vmware based private cloud,this should provide Disaster recovery and scalability benefits to our group.
Virtual data centers allows enterprises and Service providers to create truly distinct DCs that overlay a single physical infrastructure.The Cisco nexus provides the ability to virtualize all three planes namely the control,forwarding and management planes. For enterprises the ability to create logical virtual networks for testing purposes can provide significant cost savings since the need to buy test equipment is eliminated.
Multi Tenant data centers being used to provide cloud services has led to a number of network requirements that are difficult to meet using VRF, Q-In-Q or other tunneling techniques.A Cloud data center customer needs to be able to provision network resources such as virtual switches and RFC 1918 IP addresses without needing to consider similar resources being used by other tenants. Software Defined networking seeks to provide an END-to-END virtual network that consists of virtual forwarding tables ,virtual routers,virtual switches and controllers. Software Defined Networking can be used to create logical networks that consist of virtual network gear. SDN tracks the state of the underlying physical data center network along with the overlaying virtual networks.
State changes are recorded and the Physical or Logical components affected by these said state changes are configured to have their settings and operations updated to support the changes made by the data center’s customer. Software defined networking’s ability to provide distributed,rule driven control of large physical network elements presents a new way of virtualizing network resources.
Mobile Applications are the rage right now and as they like to say they is an APP for everything or almost everything.
With the move to mobile, users are now able to access services from anywhere using any of three popular Mobile Operating Systems,this convenience is cool but comes with a few disadvantages that i feel will lead to Apps becoming a thing of that past on mobile devices,especially smart phones.
The memory used by some apps make them unsuitable for lower end devices.
The functionality of some mobile apps such as facebook for android is way below that of a Web Browser on a PC
Mobile Apps require frequent updates which have to be downloaded to your device,A HTML5 browser based app can be upgraded from the server side
The development effort required in app development may be a little higher than native wep app development. While most mobile apps are developed in JAVA there will still be some tweaking required on a per OS basis for things to work out. If apps are developed in a device agnostic manner, developers will be able to quickly reach a wide market and a larger ecosystem in one development cycle.
HTML5 has the potential to not only replace FLASH but also to provide app functionality in a web browser. HTML5 supports offline apps, Multimedia APIs and Built-in database support. Drag an drop functionality along with with the ability to utilize existing scripting language means that existing web programmers will still be able to leverage existing skills to create rich application experiences. By executing complex code on the server side,low end phones with a capable browser may be able to provide their owners with the capabilities currently provided by apps.
Server Load Balancing is an advanced feature supported by Cisco Switches in the 45XX and 65XX Line of Multi-Layer Switches.
The Feature allows a Virtual IP address to be configured on the switch. This Virtual Ip Address or VIP will be used to represent a cluster of servers on a given network.Most persons will never require a 65XX or even a 45XX series switch in their Lans but we all would like have highly available systems. While they are Hardware and Software Load Balancing solutions it would be great to leverage your existing investment in your cisco switches so here is an idea may be able to support Server Load Balancing on a Cisco 35XX series switch.
Let say We need to load balance two MS Exchange 2010 front end servers. First Configure a loopback adaptor on each Server. The IP address of the loopback adaptors will be our chosen Virtual IP address. so lets say our VIP is 172.16.1.1 both loop back adaptors will be assigned this address.
On Your 3560 create two Static Routes pointing to our VIP via the Physical Addresses of the Servers.
# Locate VIP
ip route 172.16.1.1 255.255.0.0 172.16.1.2 with 172.16.1.2 being the address of one of the exchange servers
ip route 172.16.1.1 255.255.0.0 172.16.1.3 with 172.16.1.3 being the address of the second exchange front End
Configure CEF Destination Load Sharing by issuing the command IP load-sharing per-destinantion. This command shares traffic based on source/destination address pairs. We can use IP SLA to track the
reachability of the physical hosts and assign a tracking object to the static route above.
Note I have yet to use the technique above but it should work in theory.