Category Archives: Uncategorized

The Brocade best practices configuration guide

Uncategorized No Comments

Introduction

For many years I’ve been working with Brocade fibre channel equipment and handled from small to very large storage networks. In these +- 18 years a lot of companies I worked for or who’s storage infrastructure I had the pleasure to work on or with have changed their view on design, operational management, performance, and adjusted their policies to incorporate high availability features to ensure optimal business usage of their most valuable asset, their data.

Unfortunately the opposite is also true. The design, implementation and poor overall state of many storage infrastructures I see on a day to day basis very often makes me gasp for air and stun me that these are still operational in a real life production environments. Infrastructures that run billions of financial transactions a day, hospitals, public transport, power-plants and telecommunications often suffer because a single fibre cable is the cause of havoc in network or storage infrastructures. The main reason these do not results in massive outages is often due to people being able to find a problem quickly and, to be honest, this is also a testimony to the flexibility and robustness of the Fibre-Channel protocol combined with rock-solid storage equipment which is able to obfuscate many of the problems that are lingering under the surface of the storage area network. The lack of day-to-day physical and operational maintenance that used to be done by very dedicated sysadmins is often outsourced to companies who do not budge outside their service contracts. These service contracts do not only put the handcuffs on the operational side of the fence but also contain a massive amount of legal restrictions which lead to significant penalties in case of service disruption. This not only puts the contracted service organisation in a straight-jacket for not being able to maintain this environment but also, often unknowingly, elevates the risk of software and hardware defects having a profound impact on the entire IT infrastructure.

This guide tries to walk you through the main configuration steps to create a resilient Brocade storage network environment without having the intent to replace current admin guides, white-papers or best-practise guidelines. This guide will describe what is mentioned in the official manuals but is too often overlooked or forgotten. The guide will be an ongoing series of posts each describing a separate topic and is listed under the Brocade -> Config Guide menu item.

Fairly often blog-posts will be updated. Keep an eye out and check back in regularly.
Fairly often blog-posts will be updated. Keep an eye out and check back in regularly.

 

 

You are on sale at the banks

General Info Uncategorized 2 Comments

Last week I looked at a Dutch news bulletin headlining that ING, one of the largest banks in The Netherlands, is exploring ways to sell their customers data to the highest bidders on the free market. BigData analytics is what they call it. Collect humongous amounts of data from everyone, everywhere on everything. Yes, you are on sale in case you didn’t know it. Two of the institutions massively equipped to do this are government agencies and banks. An organization like the ATO (Tax office here Down Under, like IRS in the US) has insight in your entire life regarding your income and overall generic spending, if you’re on welfare or are claiming benefits etc. Government agencies are under much more scrutiny than commercial entities like, for instance, banks. These agencies are not allowed to do anything with your information besides the task they need to do. Banks however have an exponentially bigger insight in your life. They can even closely guess what you had for dinner last night, what your exact income is, how big your bonus was, how much you pay for fuel and which fuel your car uses, how much you paid for your car, size of your mortgage, at which supermarkets you shop, which clothes your wear from which retail stores,  etc etc etc. Basically every purchase you make or transaction shows up on your back account tells something about you and this is what the banks are exploring to sell off.

“Why would they want to do that” you may ask. Your spending habits creates an “interest profile”. This profile tells in general who you are, what you do and what you are likely to buy. This profile is gold for marketing people to target their marketing campaigns and try to convince you to buy their product and not the competitor’s. This is far more effective than putting an ad in the newspaper since they (the marketing departments) have absolutely no clue who’s reading their ads, what the return on their ad investment is.

Lets take an example. You like to go fishing with your son on early Saturday mornings. You fairly regularly buy fishing gear and you pay with your credit or debit card. At that moment in time the banks know you like fishing. So what is related to fishing? Outdoor stuff, fishing boats, specific clothing, fishing holidays and you name it. As soon as you fit into this profile you can expect very targeted ads which can show up anywhere. Even depending on season these ads can be adjusted. If the autumn is around the corner you can expect ads from clothing shops regarding wet-weather gear, on the monthly bank-statements you can expect a footer which shows you that a fishing-trip to whatever location is on sale etc etc.

You may think this is fairly innocent, after all, you don’t look at ads in the newspaper so why would I look ad those. Statistically seen you are more likely to look at ads that fall into your interest profile. Being a computer engineer myself I’m interested n gadgets and developments in my industry and I don’t pay attention to excavators or restaurant furniture. Basically that means that if I see an ad with a fairly high geek level I’m more likely to read it and buy something. If you can keep a good grip on yourself that is no problem. I only buy what I need.

The biggest issue is that the banks now start to act as a commercial broker with you as trade material. I don not only despise this from a commercial perspective (basically they tell you you’ve become a prostitute and they act as the pimp) but also you have absolutely no way of influencing the way your data is used. The banks will tell you that their first interest is in you as a customer and that it is in your best interest but that is total nonsense. ING did the same over here or in a google translated version here. In the privacy paragraph they state (freely translated):

ING will never share personally identifiable customer data to third parties and customers can be confident that ING will only use their personal info in compliance with the law and our business principles.

ie. this will make them search for every loop-hole available in current legislation (and there are many since there is almost no law which deals with this) plus every business principle goes out the door as soon as 1. money can be made,  2. revenue and operating profit are at risk or 3. when shareholders start to complain.

Bankers are good in only one thing and that is making money for 1. The Bank 2. the Executive Board and 3. its shareholders. You are the method of attaining that goal.

The above may raise some eyebrows and you may refute my standpoint by saying “If the banks only map my habits into a profile and just use that profile then my personal details are not used in public so whats the problem?” I’ll tell you:

Snowden !!

The banks are not allowed to use you personal information for commercial purposes. That means they are not allowed to provide a marketeer with a bank-statement of your spendings over the last 3 years where your name, number, address or anything that might be tied to you personally is shown. Depending in which country you live they are tied by many privacy laws which prevent this. The banks have numerous safeguards in place to protect your personal information however, since they use massive computer farms to create these mappings between you, your profile and their marketing customer base (ie the ones they are selling your profiles to), the algorithm used can be reversed to map profiles back to the individual person/account holder. Although access to the algorithm and compute farms will be pretty restricted on a need-to-know basis there will always be a “Snowden” or “Manning” in the house who, if there is enough at stake, will trip over and is tempted to funnel info away via some back-doors. The algorithm and information it provides will become some sort of NOC-list (in case you’ve seen Mission Impossible) which is worth a massive amount of money in the marketing world. If large multinationals can increase their revenue by only 1% on a 100 billion annual turn over, just because they have this information you can imagine what the stakes are.

Green Field

Banks have very tight guidelines and insurance methods to protect your financial assets so if an employee has plundered your savings account the bank is required by law to compensate you and from a personal perspective no harm is done (maybe some embarrassment at the cash-register in the supermarket when your transaction is rejected but that’s it). Things become VERY different when ALL your personal information is out in public and your neighbor can see that you have been paying a substantial amount on speeding and parking fines or you overspent your credit card massively on numerous occasions. There is no way in the world any organization, either public or private, can fix this. Secondly, if your habits are a little less “kosher” and someone is able to figure this out because they were able to trace it back to you, you might, or very likely will, become susceptible to extortion. Any organization that is currently exploring the options is finding themselves in greenfield scenario’s. There are no “best-practices”, laws, guidelines, safe-guarding mechanisms or whatsoever. To me this looks extremely dangerous and I’m not alone. The majority of political parties in The Netherlands are like-minded and now want to impose restrictions of “who can do what with which information” which reaches far beyond the currently privacy laws.

Just Banks??

Now if you think that only banks do this you’re wrong. Obviously the big internet companies like Google, LinkedIn and Facebook do exactly the same. The difference is though that these companies do not have an exact insight in your spending habits. They do have a interest profile on you when you +1 or ‘Like” a certain page. This gets recorded and pretty soon advertisements regarding that topic will appear on your ‘Wall” or in your search results.

Also you might have seen that supermarkets, large retailers, insurance companies, airliners and many more either have, or will team up with credit-card companies. To lure you into this they promise “attractive benefits” in the form of discounts, special sales and exclusive “member” benefits. Don’t be fooled and know that all these companies are now able to track and trace your exact behavior and life-style. Supermarkets are even able to link your nutrition habits to a health map which they then can sell to health-insurance companies. If they see you buy a packet of cigarettes each day you can be pretty sure you get ads and “spontaneous” advice on “quit smoking” courses and nicotine patches but when laws and regulations are not strict enough you may see a significant increase on your health insurance premium or you may be denied an insurance indefinitely.

Prevention.

“So how do I prevent this from happening at all?” you might ask. Well, that depends on where you live and what the policies in your country or state is but there are a couple of options.

  1. You can start by first sending a letter to your bank that you will not allow them to use any information in any form related to any of your interactions with them or their affiliates.
  2. Secondly start hassling your political representatives to spend significant time on this to make sure sufficient legislation will be developed to prevent this from happening. Let them know you are an individual and not a commercial entity which is for sale. 
  3. Spread your account over numerous banks and/or financial institutions use them each independently. (I know major hassle but when thing go haywire you’ll be glad you did)
  4. Use cash. Banks cannot trace cash in the sense they can’t tie it to an individual or organization. That’s why criminals use it. 🙂
  5. Make sure you don’t have a bad credit-rating. All financial institutions have access to some sort of central database where this is registered and even this might be used for marketing purposes. (lawyers and debt-management companies are more than interested)

All this might look like some “Big Brother” episode but be aware, this is all VERY REAL.

The reason why I massively object in banks starting to sell off this kind of information is that, in my view, they provide some sort of “utility function”. Nobody forces me to take a credit-card from a supermarket or take out an airline membership attached to a financial institution but society does require me to have a bank-account. My boss does not drop by with a bucket of cash every month nor do institutions I deal with, like my power and gas provider, phone company etc,  accept cash. If my current bank shows any signs of even exploring the possibility of embarking on a public sale-campaign and trying to sell my info I’m going to look at other banking options right away.

Regards,

Erwin van Londen

US Government shoots itself in the foot.

Uncategorized No Comments

You have to love the Americans. No country in the world has such a diverse range of people from all over the world as they do. The funny thing is you can easily categorise them into classes.

1. The absolute geniuses. These people account around 0.0001 % of the entire population and they are primarily working in some HiTech industries like IT, Aerospace and others where you need some significant time at University or some other area where you need an more than average brain.
2. The Joe Average who has an ordinary job at an office, wife, maybe some kids and leads a regular life with the usual social engagements in sports, etc. They make around 95% of the population.
3. The useless ones. Have no idea what life is about, don’t contribute to anything and make other peoples lives miserable. Criminals amongst them fall into this category. They can make up to even 4.9% of the population
4. And then we have the complete morons. These people are born with stupidity as a baseline. They have no idea what the others want. Act as headless chickens one any unforeseen event and stand in awe when somebody asks them a question. Others refer this category as Politicians.

From a geographical standpoint they are also easily recognisable. The first category is a bit scattered around some specific areas like Silicon Valley in California, Boston in Massachusetts, some high class suburbs in Seattle, Houston, Austin and a few more.  The second category you find everywhere. You most likely know them very well and drink a couple of beers with during the weekend. I’m one of those. The third category are often in places where category 1 and 2 do not show up and don’t want to be.
And then there is category 4. These people like to hang out with each other and the vast majority is seen in the Washington DC area.

When G.W. Bush took office in the early 2000’s everyone already new he wasn’t one of the brightest minds in the field of politics and after many occasions of making a complete fool out of himself he, and his entire administration, reacted on the 9/11 attacks in only a way morons would do. Most likely being pushed by the security and intelligence agencies they came up with the now notorious “Patriot Act” and as a sideline he started a war against two countries who had nothing to do with the entire affair in New York. The PA is a massive document which can be summarised in one sentence: “I we want, we can go through your entire life without permission, consent or any other form of legal justification.” So basically it means the entire US security and intelligence force can throw your life upside down whenever they feel like it and not having to present any accountability.

So why the subject? 10 Years after the 9/11 attacks and the ratification of the Patriot Act, in the IT industry it was the year of CLOUD. (no they didn’t start to predict the weather, search on cloud computing if you want to know what it is.) Companies like Rackspace, HP, Amazon, Google, Microsoft and many more were building huge data-centre’s were other companies could rent computing and storage space. This provides many great options for business who wanted to outsource all (or part) of their IT infrastructure and thus be able to significantly save on capital and operational expenditures. (Refer to other sites on the technicalities.)

The problem

This may seem a fantastic solution for any company to be able to off-load a significant portion of non-core business to those hosting companies however the problem is that the moment your data reaches one of the servers of the hosting provider it immediately falls under the scrutiny of the US Security and Intelligence agencies via the PA.

The Patriot Act shows that any company based in the US OR HAS THEIR HEADQUARTERS ON US SOIL automatically falls under the PA legislation. This even means that US based companies who have data-centre’s in India, Europe, or any other country in the world had to provide all data either owned or managed by them to the US government without any means to appeal to the request. Even agreements between the EU and US (like the “Safe Harbour agreement”) does not prevent this.

Now if your have a small logistics firm and want to host your applications with these providers you might not have a problem with it. You often don’t compete with anyone in the US if you’re located in Spain. If, however, you are working in an industry with highly sensitive information, either from a security perspective or other industry competitive areas like defence, IT, aerospace you name it, you have absolutely no guarantee that your data will not show up, via whatever obscure way, on a desk at a US security agency for “investigation”.

Given the fact that these agencies have proven in the past they are not the most trustworthy government departments in the world I would think not twice but 10 times which data I would send to “the cloud”. You should not be surprised if companies like GE, Northrop Grumman, Intel and you name them, suddenly bring a product to market which look extremely similar to your design.

Even EU politicians have asked via the EU counsel to provide a formal response on this very delicate matter but up to today nobody has received anything. Also senior executives of these “cloud companies” will NOT give any guarantee your data will be safe with them and not leave your countries soil.

As can be seen in many articles around the web, the majority of medium to large scale business are holding off dealing with US based cloud companies because of this “catch 22” situation. This in turn means that these US based companies are missing millions, if not billions, of $$ each day since they are not able to get customers in countries and industries as mentioned above.

To rephrase and emphasize the subject line, the US government has, without them even realising the ramifications of ratifying the PA, closed off a huge portion of international business and thus losing a significant amount of money which could have helped creating new wealth, jobs and other much needed facilities the US economy and people are screaming for.

Great job, morons.

Regards,
Erwin

P.S. a six part short analysis is done by Jennifer Van Bergen and can be found over here. http://www.truthout.org/docs_02/04.02A.JVB.Patriot.htm

She starts of with “The USA Patriot Act is an insult to Americans. The name, itself, is insulting, given what the Act contains and what it will someday be known for: its complete abdication of democratic law and principles. It should be called the Constitution Shredding Act. “. Recommended reading.

If you have 2 hours to spare take a look at “Zeitgeist, The Movie“. Wait a while past the religious part and see an analysis of US politics in history. Another one is “Fahrenheit 9/11”.

Redundant on a 457

Uncategorized 2 Comments

In the storage world the verb “redundant” means that your data is safe, secure, copied multiple times, backed-up and it gives you the feeling that if you make a mistake or something happens to your data it can be retrieved from these other places. This more or less make you sleep at night when you worked on a large project for a couple of months and if you would loose that data it’s no big deal.


However in the Human Resources world the word “Redundant” has a totally different meaning. It more or less means that if somebody from HR approaches you and asks if you have a couple of minutes it’s time to get worried. As said the word “Redundant” in HR terms has a 99% chance that you’ll be out the door before you can have your next cup of coffee.

So here you are, living in a foreign country (Melbourne, Australia) as a highly skilled storage architect and on a certain moment you’re being told that your position is made redundant. Now if you’re an Australian citizen and/or on a permanent visa you take your severance pay, register at a lot of recruitment agency’s and probably within one or two months you’re back in the game.

Things start to change when you’re on a temporary business sponsorship visa (a so called 457) because that one is cancelled right away as well and you have about 28 days to pack your things up and leave the country (whereto? that is your problem as long as your not within Australian borders.) So when you are in my position with a wife and kids who go to school here and have a flourishing social life you can imagine this has quite some impact. You have to sell you house, get rid of the lease car and all other commitments you’ve taken on in the period you’ve worked here. In my case when I sum this all up it’s around AUD$70,000 that I lost on one day and that is a lot of money.

To go back to the Australian policies, your profile matches at least two of the most wanted people Australia is after (have a look on the Department of Immigration website and search for MODL) w.r.t IT skills however there is no arrangement for you get some sort of bridge visa to stay in the country and apply for a permanent one.

The only option is to get a new job with a company who is willing to sponsor you for a new 457 visa (remember this all has to take place within the notice period + 28 days the government grants you for packing up your stuff) . Since this option is not really appealing for companies given the responsibilities that they have to take (buy you a couple of plane tickets back home) most of the companies are not keen on doing that. The main reason being the hassle that is involved. (sign two documents and pay around $500.00 on admins fees). The exact wording are on the Department of Immigrations website as well. Click here

This all happened back in 2009 so for me it was a very exiting time but I hope it never repeats itself. Anyway, I managed to circumvent the entire situation due to the fact that other departments in my company did want/need my skills and as such my visa didn’t need cancellation after all. In the mean time I was able to get a permanent visa so besides the stress of visa termination when your position is made redundant a permanent visa gives you some more option w.r.t. social security and medical care here in Oz.

So why is this 457 so dangerous? This temporary visa was instantiated by the Australian government after many complaints of large international companies who had massive problems getting workers from oversees to do a temporary job in Australia. Think of companies who need temporary expertise from elsewhere in the world to complete a project in a relatively short timeframe. Previously they had to apply for a permanent visa which, by regulation, requires a lot more scrutiny and therefore takes a lot longer to get. This became an economic burden since many projects in Australia took far longer than essentially needed. To overcome this situation the Australian government introduced a short term, very restrictive visa with the well known number 457. This one is valid for 4 years, it allows you to work and live in Australia and that’s about it.

You’re not eligible for any social security arrangements, government funded medical arrangements (Medicare) or anything else besides the human rights. (so yes, you are allowed to call the police when there are buglers in the house. :-)) 

The intention of this visa was, as I described above, to let companies complete their projects and the workers would return to their original country to rejoin their old position with that company. The problem however now is that almost every company, and even recruiting agencies, offer this 457 to lure people from overseas to come to Australia to work here. They do not tell you all the above things I just wrote up. So many folks believe they are granted at least a 4 year stay but this may not be the case, It can be as bad as 2 months if you’re really unlucky.

To give some advise:

1. If you’re single and willing to take the risk to work for a maximum of 4 years in Australia you’re good to go on a 457.
2. If you do enter the country on a 457 visa you have to take private medical insurance unless this is taken care of by your company.
3. Do not engage into long term financial commitments like buying a house, leasing a car for an extended period or other financial transactions which might get you into serious problems. (Believe me it will almost kill you when you get “the message”.
4. Live on “inflatable” furniture because an international move back does cost a lot of money. The less you have to take back home the cheaper it will be of course.

5. If you have a family which you want to take with you, wait for a permanent visa. It’s just not worth the risk, stress and hassle that will take place when you employer cancels your sponsorship (another word for being made redundant) and your visa stops in 28 days.
6. Also remember that in addition of your employer having to inform the department of immigration of your status change, you are obligated to do the same. If you don’t, you’re treated as an illegal immigrant which most likely will prohibit any chance of obtaining a permanent visa in the future.

6. If you’re being sent here by your employer overseas make sure he provides you written consent that your job is still available when you return.
7. If you’re on the job for 2 years on a 457 visa and your employer still wishes to keep you ask him immediately to assist you in applying for a permanent visa. He might be willing to even pay for it. If your skills are good most of the times he/she will cooperate. The cost for my family was around AUS$6500.– which included all paperwork, levies, and the fees for the immigration agent. In addition you are required to do an English language test if your not from a native English speaking country which is around 350 per adult. Also a medical examination is required for ALL applicants including children which added another $1200 to the bill.

8. You can apply for the visa yourself however it’s much more effective to hire an agent to take care of the paperwork. The problem is that many questions might be incorrectly interpreted by you. If your application is received by the department of immigration and it does have errors or irregularities in it your  application will be sent back and you’ll end up at the bottom of the pile again. On average the waiting time is between 6 months and a year so you’re better off with an agent.

If you work in Australia your employer is obligated to deduct a so called Medicare levy. This is the premium you have pay for medical coverage under the public medical system however when you’re on a 457 you’re not eligible for this coverage and as such you can deduct the total amount of 1.5% of you’re taxable income. Secondly, the Australian government more or less encourages private health insurance and allows you to deduct 30% to 40% (depending on age) of your premiums from your taxable income.
If you have children who require school necessities like books, uniforms, stationary etc you are NOT allowed to deduct that from your taxable income. As I said before you don’t get any social benefits on a temporary visa.

Let the above not stop you from the experience of living and working in Australia. It’s a great country with lots to do and see but make sure you are fully covered for all aspects when your 457 gets cancelled for whatever reason.

Kind regards,
Erwin

OpenDNS with DNS-O-Matic

Uncategorized No Comments

A while ago I wrote a short article that I found a nice way to “secure” or at least be able to monitor my childrens’ web behavior called OpenDNS. I soon found out that you have at least one problem and that is dynamic IP addresses which your ISP shoves to you when you link up your router. Problem is these are never the same and the DHCP lifetime is 0 seconds. So even in a small link bounce of 2 or 3 seconds you get a new IP address on your WAN side.

This renders the security features of OpenDNS (DNS Domain blocking) more or less useless since the DNS queries that are now made from one of your PC on the LAN side are now exposed to the OpenDNS with another public IP address and OpenDNS can therefore not link your profile to this address.

So lets take an example:
Your internal LAN is using 10.1.2.0/24 and is NAT-ed on your router to the outside world. Your ISP provides you with an adress of, let say, 152.43.50.2.

On the OpenDNS website you create a profile called “My Home network” and you link  this address to the profile. The profile also allows you to block certain websites manually or entire categories like Adult, Weapons, Gambling etc. so all in all important to keep this away from your children.
Now what happens if one of your computers does a DNS query is that OpenDNS takes the from address (ie your public IP address 152.43.50.2), link this to your profile to verify if your requested page/domain falls in one of the criteria you configured and if the action is for this site to be blocked it redirects you to a page which just shows an explanation why this site is blocked. You can customize this as well.

The problem is however that if your ISP provided address changes OpenDNS cannot link this WAN (152.43.50.2) address to your profile anymore and will just return the IP address of that site after which your computer just connects to it and shows the page.

This so called Dynamic IP address problem is also acknowledged by OpenDNS and their recommendation is in these cases to install a little tool which on regular intervals checks if this address changes or not and if it has it updates your OpenDNS profile with the new address. “Problem solved” you might say. Well, not exactly. The problem is that this little tool has to be installed on a PC which either runs Windows or MaxOS. Secondly this PC has to be secured from tampering since kids become smarter as well and it gives them the option to just remove this or fumble around as they seem fit which in essence renders it useless. I also don’t want too much of these tools installed on PC’s since I’m being seen as the household admin I want to do as little as possible. Admins should be lazy. Improves effectiveness 🙂 I decided not to use this agent so this has put me in some sort of catch22 situation. Again I should be lazy from an admin standpoint so I don’t have the time nor urge to check the OpenDNS website every 10 minutes if my address has changed so I worked something out with another service from OpenDNS which is called DNS-O-Matic (DOM). This service allowed me to write a simple script which enbled me to automate the entire process.

So In my case I’ve done the following.
I have an OpenDNS account with a network profile which blocks certain categories of websites.
Next to that I created an DOM account and linked the OpenDNS service to the DOM account. This basically means that if I update DOM with my new, ISP provided, IP address it will propagate this to my OpenDNS account. (DNS-O-Matic provides many more options to link this service to but I leave this up to you to check this out.)

Now you might say “How does this fix things?”. Well, the solution is easy. DOM provides a simple API which you can write a script or program against. This allows you to update DOM automatically via this API which in turn updates your OpenDNS profile with your new IP address. So the first thing you need to do is obtain your current IP address. If you query the OpenDNS servers with the myip.opendns.com destination it will always return your actual (ISP provided) IP address. (This is basically the source address on which the OpenDNS service should return the answers to).
Next thing you need to do is to verify if this address is the same as your “old” address and if not, update DOM with this new address.

I made a little script which I hooked up to cron so it does this for me automatically every 5 minutes.

#!/bin/bash
## Script to update OpenDNS and DNS-O-Matic
## Check www.dnsomatic.com. opendns is linked to this.
##
## Documentation
## https://www.dnsomatic.com/wiki/api
##
##
## This script runs in cron every 5 minutes.

## First get your public IP address
ip=$(dig @208.67.222.222 myip.opendns.com +short)
## Get my IP I know I use to have from a hidden file
oldip=$(cat /home/erwin/.oldip)

## If needed update the IP address on the web. If not do nothing.
if [ $ip != $oldip ]
then

curl https://:@updates.dnsomatic.com/nic/update?hostname=all.dnsomatic.com&myip=$ip&wildcard=NOCHG&mx=NOCHG&backmx=NOCHG

## Write the new IP address to the hidden file again.
echo $ip > /home/erwin/.oldip

fi

That’s it. I’m sure this can be achieved on Windows as well with either batch files or commandlets and vb script but I just had bash at hand.

My crontab entry looks like this:

*/5 * * * * /home/erwin/Desktop/scripts/DNS-O-Matic/update.sh

And it works perfectly I must say.

Now there are two “Gotchas”:

  1. How do you prevent from kids just choosing another DNS service like the default ones that come with your ISP.
  2. This still requires you to have your computer online.

The answer to 1 is to create a frame redirect rule in your router firewall so that every DNS query (UDP port 53) is directed to OpenDNS. And the answer to 2 is “You are correct :-)”. Since I work from home my Linux box is always on. (At least during the time I’m working and during the time my kids are allowed on the net.

Some newer generation routers have this functionality build in so its a one time setup on your router and you wouldn’t have to worry about it anymore.

Hope this helps in one of your situations.

Regards,
Erwin

Beyond the Hypervisor as we know it

General Info Uncategorized No Comments

And here we are again. I’ve busy doing some internal stuff for my company so the tweets and blogs were put on low maintenance.

Anyway, VMware launched its new version of vSphere and the amount of attention and noise it received is overwhelming both from a positive as well as negative side. Many customers feel they are ripped off by the new licensing schema whereas from a technical perspective all admins seem to agree the enhancements being made are fabulous. Being a techie myself I must say the new and updated stuff is extremely appealing and I can see why many admins would like to upgrade right away. I assume that’s only possible after the financial hurdles have been taken.

So why this subject? “VMware is not going to disappear and neither does MS or Xen” I hear you say. Well, probably not however let take a step back why these hypervisors were initially developed. Basically what they wanted to achieve is the option to run multiple applications on one server without having any sort of library dependency which might conflict and disturb or corrupt another application. VMware hasn’t been the initiator of this concept but the birthplace of this all was IBM’s mainframe platform. Even back in the 60’s and 70’s they had the same problem. Two or more applications had to run on the same physical box however due to conflicts in libraries and functions IBM found a way to isolate this and came up with the concept of virtual instances which ran on a common platform operating system. MVS which later became OS/390 and now zOS.

When the open systems guys spearheaded by Microsoft in the 80’s and 90’s took off they more or less created the same mess as IBM had seen before. (IBM did actually learn something and pushed that into OS/2 however that OS never really took off).
When Microsoft came up with so called Dynamic Link Libraries this was heaven for application developers. They could now dynamically load a DLL and use its functions. However they did not take into account that only one DLL with a certain function could be loaded as any one particular point. And thus when DLL got new functionality and therefore new revision levels sometimes they were not backward compatible and very nasty conflict would surface. So we were back to zero.

And along came VMware. They did for the Windows world what IBM had done many years before and created a hypervisor which would let you run multiple virtual machines each isolated from each other with no possibility of binary conflicts. And they still make good money of it.

However also the application developers have not been pulling things out of their nose and sit still. They also have seen that they no longer can utilize the development model they used for years. Every self respecting developer now programs with massive scalability and distributed systems in mind based on cloud principles. Basically this means that applications are almost solely build on web technologies with javascript (via node.js), HTML 5 or other high level languages. These applications are then loaded upon distributed systems like openstack, hadoop and one or two others. These platforms create application containers where the application is isolated and has to abide by the functionality of the underlying platform. This is exactly what I wrote almost two years ago where the application itself should be virtualised instead of the operating system. (See here)

When you take this into account you can imagine that the hypervisors, as we know them now, at some point in time will render themselves useless. The operating system itself is not important anymore and is doesn’t matter where these cloud systems run on. The only thing that is important is scalability and reliability.  Companies like VMware, Microsoft, HP and others are not stupid  and see this coming. This is also the reason why they start building these massive data centres to accommodate the customers who adopt this technology and start hosting these applications.

Now here come the problems with this concept. SLA’s. Who is going to guarantee you availability when everything is out of your control. Examples like outages with Amazon EC2, Microsoft’s cloud email service BPOS, VMware’s Cloud Foundry outage or Google GMAIL service show that even these extremely well designed systems at some point in time run into Murphy and the question is do you want to depend on these providers for business continuity. Be aware you have no vote how and were your application is hosted. That is totally at the discretion of the hosting provider. Again, its all about risk assessment versus costs versus flexibility and other arguments you can think of so I leave that up to you.

So where does this take you? Well, you should start thinking about your requirements. Does my business need this cloud based flexibility or should I adopt a more hybrid model where some applications are build and managed by myself/my staff.

In any way you will see more and more applications being developed for both internal, external and hybrid cloud models. This then brings us back to the subject line that the hypervisors as we know them today will cease to exist. It might take a while but the software world is like a diesel train, it starts slowly but when it´s on a roll its almost impossible to stop so be prepared.

Kind regards,
Erwin van Londen

HP ends Hitachi relationship

General Info Uncategorized No Comments

Well, this maybe a bit premature and I don’t have any insights in Leo’ s agenda but when you apply some common sense and logic you cannot draw another conclusion than within the foreseeable future this will happen. “And why would that be?” you say, “They (HP) have a fairly solid XP installed base and they seem to do sell enough to make it profitable and they also have embarked on the P9500 train”.

Yes, indeed, however take a look at it from the other side. HP has currently 4 lines of storage products, the MSA inherited thru the Compaq merger which comes out of Houston and specifically targeted at the SMB market, the EVA, from the Digital/Compaq StorageWorks stable, which has been the only HP owned modular array which has done well in the SME space, the XP/P9500 obviously thru their Hitachi OEM relationship and, since last year, the 3-Par kit. When you compare these products they do have a lot of overlap in many areas especially in the open systems space. It is therefore that the R&D budgets for all the 4 products eat up a fair amount of dollars. Besides that, HP also has to set aside a huge amount of money for Sales, Pre-Sales, Services and Customer support in training, marketing etc to be able to provide a solution of which a customer will only choose the one which fits their needs. So just from a product perspective there is a 1:4 sales ratio. I don’t even mention the choices customers have from the competition. For the lower part of the pie (MSA & small EVA) HP heavily relies on their channel but from a support and marketing perspective this still requires a significant investment to keep those product lines alive. HP just has released their latest generation of the EVA but as far as I know has not commented on future generations. It is to be expected that as long as the EVA sells like it has always done the development of it will continue.

With the acquisition of 3-Par last year HP has dived very deep in their money pit and paid 2.3 billion dollars for them. You don’t make such an investment to just keep a certain product out of the hands of a competitor (Dell in this case). You do want this product to sell like hotcakes to be able to shorten your ROI as much as possible. Leo has quite some shareholders to answer to. It then depends where you get the most margins from and it is very clear that when you combine the ROI needs of 3-Par and the margins they will obviously make on that product HP will most likely prefer to sell 3-Par before XP/P9500 even if the latter would be a better fit for the solution needed by the customer. When you put it all together you’ll notice that even within the storage division of HP there is a fair amount of competition between the product lines and no R&D department for either of those want to loose. So who needs to give??

There are two reasons why HP would not end their relation ship with Hitachi, Mainframe and Customer demand. Neither of the native HP product have Mainframe support so if HP decides to end the Hitachi relationship they will certainly loose that piece as well as obtaining the risk that same customer chooses the competition for the rest of the stack as well. Also if XP/P9500 customers already have made significant investment investment in Hitachi based products, they most certainly will not like a decision like this. HP, however is also not reluctant to make these harsh decisions. History proves they’ve done it before. (Abruptly ending and OEM relationship with EMC as an example.)

So, if you are an HP customer who just invested in Hitachi technology, rest assure you will always have a fallback scenario and that of course is to deal with Hitachi itself. Just broaden your vision and give HDS a call to see what they have to offer. You’ll be very pleasantly surprised.

Regards,
Erwin

(post-note 18-05-2011) Some HP customers have already been told that 3-Par equipment is now indeed HP preferred solution they will offer unless Mainframe is involved.

 (post-note 10-07-2011) Again more and more proof is surfacing. See Chris Mellor’s post on El Reg over here

Something different

Uncategorized No Comments

Do you have kids crawling around the internet and you don’t have a clue of what they’re doing. (I know this has nothing to do with storage but I couldn’t leave this one just for myself.)

I’ve had that same problem and I’ve tried numerous things however last week I came across a very nifty service called Open DNS. The good thing is you don’t have to install anything and it works right out of the box. What is basically does is checking on DNS queries and if a query from your ipadress matches a site defined in one of the categories it returns a blocked page. You can even modify this page if you want.


The thing you have to do is change your ISP DNS server to one of theirs and you’re done. The best way to do this is modify your routers configuration (and they have lotst of examples to do that).

Now smart kids obviously know that if you change this DNS server back to your ISP’s ones they can circumvent that. The way to overcome that is to restrict the rights on your PC so they can’t.

Have a look at http://www.opendns.com and start having your kids be safe on the net.

Now be aware that this doesn’t mean it captures all so having multiple security measures like antivirus and a firewall in place is always advisable.

Regards,
Erwin