Technology Short Take #74

Published on 9 Dec 2016 · Filed in Information · 876 words (estimated 5 minutes to read)

Welcome to Technology Short Take #74! The end of 2016 is nearly upon us, and it looks as if there will be only one more Technology Short Take before the end of the year. So, let’s get on with the content—time is short!

Networking

If you haven’t heard of Apstra, David Varnum has a great introduction to Apstra available on his site.
Will Robinson talks about how to structure your Ansible playbooks in the context of using Ansible to control your network gear.
This is an interesting project to watch, I think—it’s porting OVN (Open Virtual Network) from a “traditional” OvS back-end to an IOVisor-based back-end (IOVisor implements the data plane in eBPF).
If you’re interested in playing around with OVN, I’ve built a Vagrant-based environment running OVS/OVN 2.6.0 on Ubuntu 16.04. Have a look here.

Servers/Hardware

Nothing this time, but I’ll stay alert for content to include in the future.

Security

Jake Bennett discusses strengthening your AWS security posture by protecting application credentials and rotating EC2 and IAM keys.
Gert van Dijk has a great article on upgrading your SSH keys to take advantage of new key types and enhanced security.
In case you’re interested, here’s more details on CVE-2016-5195, aka “Dirty Cow,” and how it might be used to allow a user to escape from a Linux container (like a Docker container).
Intel has a tutorial series on Intel Software Guard Extensions (SGX). It’s a bit deep in the programming side for me, but developers interested in adding SGX capabilities should give this a look.

Cloud Computing/Cloud Management

Sirish Raghuram has some thoughts on the VMware-AWS announcement (about VMware Cloud on AWS) compared to the “Omni” announcement at the OpenStack Summit in Barcelona. Both announcements are related to AWS, but as Sirish points out they are quite different in nature. I understand Sirish’s point regarding the difference between the two announcements, but I think there’s one thing he’s missing: Cross-Cloud Services.
Yet another OpenStack project related to containers has emerged. I’m pretty clear about Kolla, Kuryr, and Magnum, but I’m not so clear about OpenStack Zun.
Subbu Allamaraju makes his position pretty clear: don’t build private clouds.
I noted that a Vagrant provider for vRealize Automation was recently released as an open source project. While it’s early yet, it will be exciting to see how this continues to develop.
The inimitable “Cloud Opinion” says don’t build private clouds.
Patricia Johnson tries to tackle the task of comparing AWS vs. Azure.
JJ Asghar announces two Chef vRA 7.0+ Blueprints that demonstrate VMware-Chef integration.
Ryan Kelly talks about to enable vRA 7.1’s new scale out/in feature to scale a Kubernetes deployment.

Operating Systems/Applications

In trying to better understand how Git credential helpers work, I stumbled across this article on using both GitHub and AWS CodeCommit credential helpers together. It turns out that you can “scope,” or limit, the reach of a credential helper. That’s handy.
If you’re an Ansible user, here’s one reason you might want to hold off on Ubuntu 16.04.
Consul is a HashiCorp tool I’ve written about before (see my quick introduction to Consul), and I recently saw that the 0.7.1 release added a CLI for interacting with Consul’s key-value store. The addition of a CLI may make integrating with Consul easier in some situations.
And while we are talking about Consul…check out two articles I recently found by Flynn Bundy. First, we have an article on getting to know Consul. Next, Flynn shows how to use Consul and Python to build dynamic inventories for Ansible. Good stuff.
Larry Smith Jr. has an article on using Ansible to provision a Docker cluster in swarm mode.
Here’s a piece by Emmet O’Grady (of NimbleCI) talking about the top 10 new features coming in Docker 1.13.
Thomas Maurer has a write-up looking at Windows Nano Server.

Storage

J Metz recently published an article that helps understand when to use NAS (Network Attached Storage) versus SAN (Storage Area Network). Although the letters in both acronyms are the same, they are different and (typically) have different use cases.

Virtualization

William Lam is back with more nested ESXi goodness, this time discussing virtual NVMe support for nested ESXi 6.5.
This post by Brett Sinclair on using PowerCLI to manipulate DRS rules was a bit of a “blast from the past” for me—I remember discussing stretched clusters, site bias, detach rules, etc., right after the introduction of EMC VPLEX in 2010. Good times.
Rawlinson Rivera has a post on using Chaperone, an Ansible-based deployment tool, to deploy the VMware SDDC stack (vSphere, vSAN, NSX, and VIO).

Career/Soft Skills

Ben Fathi, former CTO of VMware, offers some advice to folks unsure about whether they should stay or leave.
Phocean took my “Reducing the Friction” series and decided to add to it, talking about streamlining keeping up with technology using Netvibes.
Drew Firment has a great article expanding on Simon Wardley’s “pioneer-settler-town planner” trimodal approach (which is, in turn, based on Cringely’s “commandos-infantry-police” model). Like Drew, I tend to think I fit firmly in the “settler” category. What about you?

That’s all for this time. The next Technology Short Take will be published on Friday, December 30, and will be the last Technology Short Take of 2016. Until then, Happy Holidays!

Metadata and Navigation

Networking Storage Security Virtualization AWS VMware vSphere OpenStack Ansible OVN Vagrant Ubuntu SSH Intel Linux Consul Docker NAS SAN
Previous Post: Using OVN with KVM and Libvirt
Next Post: Installing Ansible 2.2 on Ubuntu 16.04

Scott's Weblog The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking