Scott's Weblog The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking

Technology Short Take #71

Welcome to Technology Short Take #71! As always, I have a list of links related to various data center technologies found below; hopefully something here proves useful.




  • The use of VMware NSX for microsegmentation is a really popular use case, and so the topic of scripting distributed firewall (DFW) rules often comes up. Dale Coghlan has an article on bulk DFW rule creation that might be helpful in such instances.
  • This blog post on shielded VMs in Windows Server 2016 is a bit light on details, but the embedded video may be more informative (I didn’t watch it).
  • I predicted a couple of years ago that Intel SGX (Software Guard Extensions) was going to be HUGE (see here). I recently saw that at Intel Developer Forum (IDF) Bromium showed off an SGX-enabled prototype that uses SGX to protect sensitive data. This is just the beginning—it’s going to end up going a lot farther, I believe. See this blog post by Simon Crosby for more details.

Cloud Computing/Cloud Management

  • Dmitri Kalintsev tackles the subject of infrastructure as code and why you should care. It’s a good intro to the topic of infrastructure as code (if this is new to you), and I appreciate the fact that Dmitri also took the time to provide reasons why it’s valuable/important to IT professionals. So many times you’ll see various technologies or trends discussed, but the author won’t take the time to explain why it is being discussed.
  • Pradipta Kumar Banerjee has an article on using local storage for instances in OpenStack. Specifically, the article discusses the use of Cinder volumes provided by disks in the compute nodes, so a compute node is both a compute node as well as a Cinder volume node.
  • Chris Smart has a thorough article on setting up OpenStack Ansible all-in-one behind a proxy.
  • While a user of a private cloud shouldn’t have to worry about the details on how the cloud operates or is built, that’s not true for the architect of a private cloud. This seems obvious, I know, but I do believe that this fact is often overlooked in the all-too-common refrains of “OpenStack is too complicated!” (This is not to say that sentiment isn’t true in some areas, by the way.) In any case, have a look at this article by Julio Villareal Pelegrino on architecting an OpenStack cloud.
  • Speaking of OpenStack complexity…I came across this article on YAQL expressions (thanks to the kind folks at Mirantis for the link in their “OpenStack Unlocked” newsletter). Now, I’m likely to take some heat (Ha! No pun intended!) for this, but I have to ask—is this really the sort of thing that should be exposed to cloud consumers? Maybe it’s just me, but it seems that we (the OpenStack community) should be a bit more focused on usability than on adding more nerd knobs. Then again, what do I know?

Operating Systems/Applications

  • Red Hat Enterprise Linux Atomic Host (how’s that for a mouthful?) recently announced version 7.2.6, and it includes the ability to add packages directly to Atomic Host. This is a fairly significant departure from a lot of other container-optimized Linux hosts, which require you to leverage containers for anything not included in the base distribution. See this Red Hat blog has more details on the new “package layering” functionality.
  • VMware vRealize Log Insight (known as vRLI by its friends) now has a MongoDB content pack.
  • CoreOS has extended their online validator to validate both Ignition configurations (Ignition is their tool aimed at machine provisioning) as well as cloud-config configurations.
  • Commenting on the ruckus that arose out of a Twitter conversation between Kelsey Hightower and Solomon Hykes, Matt Asay strikes a bit of a different approach on the topic of container standardization in this InfoWorld article. On the face of it, I agree with Matt’s statement that “design by committee” tends not to work well; however, I also believe that there needs to be some reasonable counterbalance to a single (commercial) entity’s control over an open source project.
  • Is a simple DOCKERFILE a myth, a figment of the imagination? The more I read about creating highly-optimized Docker images, the more I believe this is the case. The latest example is from this article by Denny Zhang.
  • Ajeet Singh Raina has a simple example of how service discovery works in Docker 1.12. (Nice use of Docker Compose in helping illustrate how everything works.)
  • Ryan Brown disputes the Docker claim (from DockerCon) that “Docker is serverless” in this article. While I agree with some of Ryan’s points, I have to wonder if the disagreement isn’t just a matter of different perspectives. I mean, any Function-as-a-Service (FaaS) offering has to have some sort of runtime underneath; who’s to say it isn’t some form of Linux containers? (See the introductory text here.) At the same time, exposing the “plumbing” behind a FaaS offering does “violate” the fundamental concepts of FaaS. Hence, it’s really a matter of just different perspectives.
  • DVM looks handy.


  • A “seething cauldron of technology development” is how this article by Chris Mellor at The Register described the space around NVDIMM, NVMe, XPoint, ReRAM, and DRAM-SSD. (So many new terms! It’s obvious I haven’t paid a great deal of attention to the storage space recently.)
  • If you’re seeking resources related to NVMe, this NVMe bibliography (by J Metz) is a great resource. Not sure where to start? No problem—J has you covered with this NVMe program of study, too.


  • Steve Flanders has made available an ESXi importer manifest for Log Insight.
  • Dale Carter outlines new clustering requirements for VMware Identity Manager in version 2.7.
  • VMworld recently happened (in case you hadn’t noticed), and this year VMware is opening up access to all the VMworld content, even if you didn’t attend the show. (It’s about time.) William Lam has a list of direct playback URLs to make the process of accessing the content easier. Read William’s post here (and get the URLs here).

Career/Soft Skills

I’d love to keep going, but I suppose I’d better wrap it up before this post gets too long! Don’t worry—if this post wasn’t enough, I’ll have another Technology Short Take up for you in just a couple weeks.

Metadata and Navigation

Be social and share this post!