Category: General information

General information

Cloud: Monitoring as a Service (MaaS)

Cloud: Monitoring as a Service (MaaS)

Introduction-

Cloud computing has been evolving into different technology areas such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). These technology areas are finding increasing adoption in the marketplace.

A recent report published by International Data Corporation (IDC) has indicated that the Cloud Computing market is expected to cross $70 billion in 2015. Ref- https://www.idc.com/getdoc.jsp?containerId=prUS25797415

The economic drivers for adoption of Cloud Technologies have been well understood in the market.

Lower Investments: Cloud offerings typically have very low upfront costs. All SaaS product offerings are charged on a pay per use monthly subscription basis, which implies lower cost of ownership.
No Infrastructure Costs: Cloud service offerings use cloud based infrastructures such as Amazon or Rackspace or a private cloud. Hence the customer does not have to bear the cost of the infrastructure setup with cloud services.
Outsourced Technology Expertise: With cloud offerings, customers get a ready to use product that can be immediately consumed by the end user. Customer does not need to invest in an in-house IT team having that particular technology expertise.
Simplified Management: With offerings in the cloud, the service provider deals with on-going management, maintenance and upgrades of technology. The customer can focus on his core business needs.

So Why I’m telling this story to you? As infrastructure engineer I believe that this is going to change how we do things in Traditional vs Could Infrastructure. Let us take example of “Monitoring”. Here in this blog, I’m going to talk about monitoring of Infrastructure and applications in Traditional vs Cloud. Adoption of “Cloud computing” is going to change they way we do monitoring of our servers and applications.

Monitoring as a Service (MaaS) in the Cloud! –

What does Monitoring-as-a-Service (MaaS) mean?
Monitoring-as-a-service (MaaS) is one of many cloud delivery models under anything as a service (XaaS). It is a framework that facilitates the deployment of monitoring functionalities for various other services and applications within the cloud. The most common application for MaaS is online state monitoring, which continuously tracks certain states of applications, networks, systems, instances or any element that may be deployable within the cloud. MaaS offerings consist of multiple tools and applications meant to monitor a certain aspect of an application, server, system or any other IT component. There is a need for proper data collection, especially of the performance and real-time statistics of IT components, in order to make proper and informed management possible.

IT infrastructure monitoring should an essential part of the IT Management Policy for an organization that is reliant on IT infrastructure. Proactive monitoring provides business continuity, quicker disaster recovery and easier capacity planning for all mission critical applications.

Monitoring as a Service (MaaS) in the Cloud is a concept that combines the benefits of cloud computing technology and traditional on-premise IT infrastructure monitoring solutions. MaaS is a new delivery model that is suited for organizations looking to adopt a monitoring framework quickly with minimal investments.

Traditional On-Premise Monitoring Framework-

On premise monitoring is the traditional deployment model for monitoring private networks (internal IT infrastructure). This has been a very effective model over the years and works well for organization that can afford to implement this monitoring framework. On-premise monitoring involves purchase of software tools and investing in monitoring infrastructure and skilled IT personnel.

On-Premise monitoring provides the following benefits:

In-House Monitoring Infrastructure:Customers can own the in-house infrastructure for monitoring. This implies more control over the infrastructure with regards to upgrades, maintenance and management
Higher Levels of Security:Since the monitoring infrastructure is located in-house, customer gets better security where the monitoring tool does not need to cross firewall domains and connect over the open internet.
Inherent Connectivity to Internal Assets:Monitoring infrastructure is already a part of the internal network (LAN and MPLS). Hence connecting to all the infrastructure assets is easy.
Real Time Monitoring Data:On-premise monitoring provides real-time data where alerts are generated and shown to the customer immediately. The monitoring dashboard and email servers are all within the customer premise and hence there are no delays.
Customization and Extensions:On-premise monitoring solutions can be heavily customized to meet the exact needs of a specific customer environment. This could be in the form of monitoring of custom applications or personalized dashboards and escalation matrices.
The Adoption of Cloud and Software as a Service Delivery Models

Monitoring as a Service Offering –

The monitoring as a service (MaaS) offering provides a monitoring solution based on a monitoring infrastructure in the cloud. The MaaS vendor invests in the monitoring framework including the hardware, monitoring software and specialized IT personnel on behalf of the customer. The customer just needs to pay for the service he wants to use – on a subscription model similar to any SaaS product offering.

Benefits of Monitoring as a Service (MaaS)

The following are the benefits of a monitoring as a service (MaaS) product:

    Ready to Use Monitoring Tool Login: The vendor takes care of setting up the hardware infrastructure, monitoring tool, configuration and alert settings on behalf of the customer. The customer gets a ready to use login to the monitoring dashboard that is accessible using an internet browser. A mobile client is also available for the MaaS dashboard for IT administrators.
    Inherently Available 24x7x365: Since MaaS is deployed in the cloud, the monitoring dashboard itself is available 24x7x365 that can be accessed anytime from anywhere. There are no downtimes associated with the monitoring tool.
Easy Integration with Business Processes: MaaS can generate alert based on specific business conditions. MaaS also supports multiple levels of escalation so that different user groups can get different levels of alerts.
Cloud Aware and Cloud Ready: Since MaaS is already in the cloud, MaaS works well with other cloud based products such as PaaS and SaaS. MaaS can monitor Amazon and Rackspace cloud infrastructure. MaaS can monitor any private cloud deployments that a customer might have.
Zero Maintenance Overheads: As a MaaS, customer, you don’t need to invest in a network operations centre. Neither do you need to invest an in-house team of qualified IT engineers to run the monitoring desk since the MaaS vendor is doing that on behalf of the customer.
    Price Sensitive Customers: For small and medium enterprises, MaaS provides cost effective pay per use pricing model. Customers don’t need to make any heavy investments neither in capital expenditures (capex) nor in operating expenditures (opex).

Monitoring as a service (MaaS) is an attractive choice for the following scenarios:

Cloud Based SaaS and PaaS offering Add-On: MaaS provides a better technology fit for monitoring cloud based SaaS and PaaS offerings. MaaS can be provided as an add-on product offering along with SaaS and PaaS.
Distributed Infrastructure Assets: In scenarios where the IT infrastructure assets are distributed across different locations and branch offices, MaaS is a good option since the monitoring infrastructure is centralized in the cloud and can easily monitor all distributed infrastructure assets.
Mixture of Cloud and On-Premise Infrastructure: MaaS is already in the cloud. Hence in deployments where customer has a mix of on-premise and cloud infrastructure, MaaS provides good monitoring options for the hybrid environment.
Multitenant Monitoring Requirements: For vendors offering multi-tenant functionality on their hosted services, MaaS provides a strong backend framework for monitoring the multi-tenant services and their availability.

Thank you,

Arun Bagul

A. P. J. Abdul Kalam – Great Son of India

A. P. J. Abdul Kalam – Great Son of India

Introduction

A. P. J. Abdul Kalam (Avul Pakir Jainulabdeen Abdul Kalam) was the 11th President of India from 2002 to 2007. He was great engineer,scienctist and Leader.

I pay tribute to him and May his soul rest in peace.

 

 

 

 

 

 

ॐ असतो मा सद्गमय ।
तमसो मा ज्योतिर्गमय ।
मृत्योर्मा अमृतं गमय ।
ॐ शान्तिः शान्तिः शान्तिः ॥
Om Asato Maa Sad-Gamaya |
Tamaso Maa Jyotir-Gamaya |
Mrtyor-Maa Amrtam Gamaya |
Om Shaantih Shaantih Shaantih ||

 

Thank you,

Arun Bagul

Shellshock ‘Deadly serious’ new tech bug found!

Shellshock ‘Deadly serious’ new tech bug found!

This issue affects all products which use the Bash shell and parse values of environment variables. This issue is especially dangerous as there are many possible ways Bash can be called by an application. Quite often if an application executes another binary, Bash is invoked to accomplish this. Because of the pervasive use of the Bash shell, this issue is quite serious and should be treated as such.

All versions prior to those listed as updates for this issue are vulnerable to some degree.

My infected OS version is CentOS-6 and bash version 4.1.2

[root@host75 ~]# lsb_release -a
lsb_release -a
LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch
Distributor ID: CentOS
Description: CentOS release 6.4 (Final)
Release: 6.4
Codename: Final

[root@host75 ~]# bash --version
bash --version
GNU bash, version 4.1.2(1)-release (x86_64-redhat-linux-gnu)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Diagnostic Steps:

To test if your version of Bash is vulnerable to this issue, run the following command:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the output of the above command looks as follows:

vulnerable
this is a test

hmm, I got infected!

[root@host75 ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test

You are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Thus, if you run the above example with the patched version of Bash, you should get an output similar to:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

If your system is vulnerable, update to the most recent version of the Bash package by running the following command:

$yum update bash

This fix my bash ??????

[root@host75 ~]# yum update bash
Loaded plugins: fastestmirror, security, tmprepo
Loading mirror speeds from cached hostfile
epel/metalink | 15 kB 00:00
* base: centos.eecs.wsu.edu
* epel: mirrors.kernel.org
* extras: centos.chi.host-engine.com
* updates: mirror.raystedman.net
base | 3.7 kB 00:00
epel | 4.4 kB 00:00
epel/primary_db | 6.3 MB 00:05
extras | 3.3 kB 00:00
updates | 3.4 kB 00:00
updates/primary_db | 5.3 MB 00:04
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package bash.x86_64 0:4.1.2-14.el6 will be updated
---> Package bash.x86_64 0:4.1.2-15.el6_5.1 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================================================================================
Package Arch Version Repository Size
================================================================================================================================================
Updating:
bash x86_64 4.1.2-15.el6_5.1 updates 905 k

Transaction Summary
================================================================================================================================================
Upgrade 1 Package(s)

Total download size: 905 k
Is this ok [y/N]: y
Downloading Packages:
bash-4.1.2-15.el6_5.1.x86_64.rpm | 905 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : bash-4.1.2-15.el6_5.1.x86_64 1/2
Cleanup : bash-4.1.2-14.el6.x86_64 2/2
Verifying : bash-4.1.2-15.el6_5.1.x86_64 1/2
Verifying : bash-4.1.2-14.el6.x86_64 2/2

Updated:
bash.x86_64 0:4.1.2-15.el6_5.1

Complete!

Test if update fixed to patch your bash

[root@host75 ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

How does this impact systems:
This issue affects all products which use the Bash shell and parse values of environment variables. This issue is especially dangerous as there are many possible ways Bash can be called by an application. Quite often if an application executes another binary, Bash is invoked to accomplish this. Because of the pervasive use of the Bash shell, this issue is quite serious and should be treated as such.

All versions prior to those listed as updates for this issue are vulnerable to some degree.

See the appropriate remediation article for specifics.

Functions written in Bash itself do not need to be changed, even if they are exported with “export -f”. Bash will transparently apply the appropriate naming when exporting, and reverse the process when importing function definitions.

Ref:
http://www.bbc.com/news/technology-29361794
https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability
https://access.redhat.com/articles/1200223
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
http://lists.gnu.org/archive/html/bug-bash/2014-09/threads.html
https://rhn.redhat.com/errata/RHSA-2014-1306.html

Mangalyaan – India’s race for space success

Mangalyaan – India’s race for space success

Introduction-

Many many congratulations to ISRO (Indian Space Research Organisation) team for making Mangalyaan successful!. we are proud of you all!

 

Short story of Mangalyaan!-

India’s maiden mission to Mars, the Mangalyaan, has arrived in orbit after a 300-day marathon covering over 670 million kilometres.

“India will become the first Asian country to have achieved this and if it happens in the maiden attempt itself, India could become the first country in the world to have reached distant Mars on its own steam in the first attempt,” said Isro chairman K Radhakrishnan as it approached.

“We have gone beyond the boundaries of human enterprise” – Narendra Modi (PM. India)

Ref Links-  http://www.isro.org/mars/home.aspx

http://en.wikipedia.org/wiki/Mars_Orbiter_Mission

Thanks you,
Arun Bagul

Selecting virtual SCSI Controllers for Disks (VMware VM)

Selecting virtual SCSI Controllers for Disks (VMware VM)

Introduction-
To access virtual disks, a virtual machine uses virtual SCSI controllers. Each virtual disk that a virtual machine can access through one of the virtual SCSI controllers resides in the VMFS datastore, NFS-based datastore, or on a raw disk. The choice of SCSI controller does not affect whether your virtual disk is an IDE or SCSI disk.

Following virtual SCSI controllers commonly used…

A) BusLogic
– This was one of the first emulated vSCSI controllers available in the VMware platform.
– No updates and considered as legacy or for backward compatibility…

B) LSI Logic Parallel
– This was the other emulated vSCSI controller available originally in the VMware platform.
– Most operating systems had a driver that supported a queue depth of 32 and it became a very common choice, if not the default
– Default for Windows 2003/Vista and Linux

C) LSI Logic SAS
– This is an evolution of the parallel driver to support a new future facing standard.
– It began to grown popularity when Microsoft required its use for MCSC within Windows 2008 ore newer.
– Default for Windows 2008 or newer
– Linux guests SCSI disk hotplug works better with LSI Logic SAS
– Personally I use this
D) VMware Paravirtual (aka PVSCSI)
– This vSCSI controller is virtualization aware and was been designed to support very high throughput with minimal processing cost and is therefore the most efficient driver.
– In the past, there were issues if it was used with virtual machines that didn’t do a lot of IOPS, but that was resolved in vSphere 4.1.

* PVSCSI and LSI Logic Parallel/SAS are essentially the same when it comes to overall performance capability.
* Total of 4 vSCSI adapters are supported per virtual machine.  To provide the best performance, one should also distribute virtual disk across as many vSCSI adapters as possible
* Why not IDE? – IDE adapter completes one command at a time while SCSI can queue commands. So SCSI adapter is better optimized for parallel performance. Also Maximum of 4 IDE Devices per VM (includes CDROM) but SCSI allows 60 devices.

Thank You,
Arun

How to Import/Export GNU GPG Keys

How to Import/Export GNU GPG Keys

How to Import/Export GPG Keys-

Step 1) List GPG Keys –

[root@test-host ~]# gpg -kv
/root/.gnupg/pubring.gpg
————————
pub  1024D/F9F17DC2 2012-09-27 Test GPG key (Created by Arun) <arun@my.com>
sub  2048g/F173E2CC 2012-09-27

pub  1024D/5A6C12B1 2013-02-25 Test2 <abagul@my.com>
sub  1024g/CA7BF220 2013-02-25

Step 2) How to Export GPG Key –

[root@test-host ~]# gpg –armor –export  –output /tmp/mykey.pub -r ‘5A6C12B1’
[root@test-host ~]# cat /tmp/mykey.pub
—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: GnuPG v1.2.6 (GNU/Linux)

[root@test-host ~]# gpg –armor –export-secret-key  -r 5A6C12B1 –output /tmp/mykey.pri
[root@test-host ~]# cat /tmp/mykey.pri
—–BEGIN PGP PRIVATE KEY BLOCK—–
Version: GnuPG v1.2.6 (GNU/Linux)

Step 3) How to Import GPG Keys –

[arunb@test-host2 ~]$ gpg –import   /tmp/mykey.pri
gpg: keyring `/saba/arunb/.gnupg/secring.gpg’ created
gpg: key 5A6C12B1: secret key imported
gpg: key 5A6C12B1: public key Test2 <abagul@my.com> imported

[arunb@test-host2 ~]$ gpg –import   /tmp/mykey.pub
gpg: key 5A6C12B1: key Test2 <abagul@my.com> 2 new signatures imported
[arunb@test-host2 ~]$

Step 4) Now Test GPG Encryption/Decryption –

[arunb@test-host2 ~]$ echo “arunb” |gpg -v –no-tty  –passphrase-fd 0 –output /tmp/output.csv –decrypt /tmp/mytest.csv.pgp
gpg: public key is CA7BF220
gpg: using secondary key CA7BF220 instead of primary key 5A6C12B1
gpg: using secondary key CA7BF220 instead of primary key 5A6C12B1
gpg: encrypted with 1024-bit ELG-E key, ID CA7BF220, created 2013-02-25
“Test2 <abagul@my.com>”
gpg: AES256 encrypted data
gpg: original file name=’mytest_1_1.csv’
[arunb@test-host2 ~]$

Thank you,
Arun Bagul

Choosing a NIC (Network Adapter) for VM in Vmware ESXi environment

Choosing a NIC (Network Adapter) for VM in Vmware ESXi environment

Introduction-

NIC types available for VM  are depends on VM Hardware version and Guest OS (Operating System). When you configure a virtual machine, you can add network adapters (NICs) and specify the adapter type…

The following NIC types widely used:

E1000 –
Emulated version of the Intel 82545EM Gigabit Ethernet NIC, with drivers available in most newer guest operating systems, including Windows XP and later and Linux versions 2.4.19 and later.

E1000e – This feature emulates a newer model of Intel Gigabit NIC (number 82574) in the virtual hardware. This is known as the “e1000e” vNIC. e1000e is available only on hardware version 8 (and newer) virtual machines in vSphere.

VMXNET2 (Enhanced)

Optimized for performance in a virtual machine and has no physical counterpart. Because operating system vendors do not provide built-in drivers for this card, you must install VMware Tools to have a driver for the VMXNET network adapter available.
Based on the VMXNET adapter but provides high-performance features commonly used on modern networks, such as jumbo frames and hardware offloads. VMXNET 2 (Enhanced) is available only for some guest operating systems on ESX/ESXi 3.5 and later.

VMXNET3

Next generation of a paravirtualized NIC designed for performance. VMXNET 3 offers all the features available in VMXNET 2 and adds several new features, such as multiqueue support (also known as Receive Side Scaling in Windows), IPv6 offloads, and MSI/MSI-X interrupt delivery. VMXNET 3 is not related to VMXNET or VMXNET 2.
– VMXNET 3 is supported only for virtual machines version 7 and later.
– Support 10Gpbs ie 10Gig Network
– Jumbo frame supported

I would suggest to use  “VMXNET3”

Thank you,
Arun

Rigs of Rods

Rigs of Rods

Introduction-

First of all thanks to “sourceforge.net” for hosting open source software. I’m follower “sourceforge.net” of project of the Month.

“Rigs of Rods is project of month for November 2012. This is one of the best and rocking open source project.
Rigs of Rods is a 3D simulator game where you can drive, fly and sail various vehicles using an accurate and unique soft-body physics engine.

 

 

 

 

 

 

* I love this Software!

Thank you,
Arun Bagul