WAN Optimization

Hi folks, here’s something that I think we should all pay more attention to…WAN Optimization! There are numerous products on the market for WAN optimization and acceleration, and they do cost a little bit of money but when compared to the long term cost savings of monthly WAN link costs you can start to see the value.

In most cities the telcos also have IT divisons that come in and consult and tell you that you need more bandwidth when you find that data isn’t moving from point A to point B fast enough. Now in some cases this might be very true, but a lot of the time I see people getting recommended to buy bigger/better/faster lines to address their bandwidth issues when more often than not the issues could be solved with proper configuration of QoS and the use of WAN acceleration/optimization.

I encourage network administrators to look into the myriad of products out there in this space, from Citrix, F5, and Cisco to name a few. Usually the telcos don’t like it when you suggest products like this because it takes away from their bottom line.

-RP

Rules not working in Cisco ASA as you thought they should

Hi folks, as you know I’ve been doing a lot of work with the Cisco ASA firewall products lately and I wanted to address an issue I’ve seen a few administrators run into when setting up a new ASA.

Often when you setup an ASA you are not just setting up inside out external access but you might also want to set some incoming rules for some of your servers such as web servers or mail servers. The problem I see administrators run into is that after they setup these rules they still can’t get access to the servers from the outside world.

If you take a look at the rules closely, at first look it seems like everything was configured ok and everything should be working. What I’ve found in these situations is that someone specified an inside interface outgoing rule, or an outside interface outgoing rule. By doing that you’re implicity allowing that one rule and automatically denying all else. In order to fix this, create a specific rule for the device to allow it out or just remove all the outgoing rules altogether and then the Cisco ASA will allow it by default. Which way you chose will depend on how you want to secure your network of course. Hope this helps!

-Cheers, RP

Overlapping Static NAT and Cisco ASA Firewalls

Hi folks, I just wanted to discuss a key difference in some firewalls. One of the things you might find yourself doing, especially in a hosting scenario is creating static NAT entries. The entries are a one-to-one relationship between an external public IP address and an internal private IP address on your local or dmz network.

In some firewalls you can assign multiple public IP addresses to your external interface and in some firewalls you can’t. For the ones that you can, you can easily create multiple static NAT entries for the same internal IP. So one local IP address, but multiple public IP addresses on the same port. For example a web server that listens on port 80 for multiple public IPs.

But for firewalls that don’t bind the IP to the external interface such as the Cisco ASA, you cannot do this. If you try and do this you will get a static overlapping NAT error. How do you fix this?

You have to assign multiple internal IP addresses to your internal web server as well and then map each internal IP to an external IP. This will fix your problem!

-Cheers, RP

vSphere Announced!

Hi folks, so the vSphere annoucement is now out and we have a ton of cool new features to look forward to! The announcement was all the buzz on Tuesday!

The virtual machines themselves seem beefed up with access to more RAM and CPU, and VMware is capable of more IOPS now as well. Backup is made easy with vSphere, as well as more security features introduced into the product. A more refined networking strategy was also introduced with the concept of Cisco’s virtual switch embedded in vSphere.

The editions available now are:

• Essentials
• Essentials Plus
• Standard
• Advanced
• Enterprise
• Enterprise Plus

VMware has given the customer a lot more choice and flexibility with these options and every size business should be easily able to find the right product to fit their needs.

If you own a current version of VMware with support, you will be eligible for the upgrade the moment it is released. Even though the announcement was on Tuesday, the actual software will only be available within little less than a month. I’m assuming after that happens we will see a rush for individuals to download and get quickly upgraded. Just remember to leave some older VMware servers lying around in case your upgrades don’t go as smooth as you’d like so you have somewhere to roll back. This is just part of good patching practice!

-Cheers, RP

vSphere coming soon to a theatre near you!

Hi folks, looks like we have an announcement on the horizon! VMware has announced that they are going to be making a major announcement for vSphere on April 21st, 2009!

For those of you that don’t know, vSphere is the next version of VMware ESX (ESX 4.0). They have renamed it vSphere and it’s coming out soon. This does not bode well for Microsoft and Citrix as they will now have to play catch up again with all of VMware’s new features!

Some of the features they are announcing? vStorage and vSwitches for starters! Things are really going to start to heat up once vSphere comes out and it will be interesting to see how the competition responds. Like I always say, this competition is going to be great for the consumer!

-RP

Epic Technology Day is here again!

Hi folks, once again it’s time for Epic Technology Day! This is the day long conference my company holds twice a year. Unfortunately due to many ongoing projects I won’t be presenting this year, but I will be in attendance.

Lots of new things to look forward to at Tech Day this year, including the Cisco Now Van which will showcase some of the cool equipment from Cisco.

Also VMware will be there as per usual speaking about their great products. HP and Citrix will also be there touting their wares. Technology day is a great opportunity to network in the Manitoba IT community and learn a lot about what’s new and wonderful in the world of technology. You can register for it here.

Hope to see you there!

-RP

Microsoft’s Mythbusting of VMware

So you guys might have seen the Microsoft Video by now of their top 10 VMware myths they wanted to mythbust. Two guys in a video from Microsoft listing their top 10 list and then Microsoft’s response.

You know, I don’t mind mythbusting if it’s done properly, but these guys were all over the place. They were referencing products that aren’t even out yet and generally making fools of themselves. It’s no secret that I am a VMware fan and believe that VMware is the best solution for virtualization, but I still do believe that the other solutions have their place. I sincerely wish that Microsoft had taken their time to release something like this properly without making it look like they were shooting from the hip. It’s just embarrasing.

One of the things they talk about is memory overcommit and how it’s not really a big deal. Wow, is that a bunch of hot air or what. The moment Microsoft figures out how to do this themselves they will be talking about the virtues of Memory overcommit, just like they’re doing with Live migration now.

You can see VMware’s response to this video here.

Anyways, make sure you watch the video, it’s great for a laugh and shows you how desperate Microsoft really is.

-RP

BlackBerry App World is here!

Hi folks! The wait is finally over! BlackBerry App World is here! It launched today!

What’s that you might ask? It’s RIM’s answer to the ITunes app store! RIM realized that what they were lacking with the BlackBerry devices was a single portal where users could go to get all their apps. They were also lacking a ton of apps too!

So RIM started the App Store initative and opened it up and sent a call out to developers everywhere to start developing applications for the BlackBerry in anticipation of the launch of the BlackBerry App World site. Now that it is launched, I can tell you I love it!

I’ve already downloaded quite a few free apps, and if you want to download pay-for apps you can do that via paypal and it’s all integrated quite nicely! If you haven’t checked it out yet, what are you waiting for!?!?!

You can check it out here: http:/www.blackberry.com/appworld

-Cheers, RP

Hot imaging Linux servers to a virtual environment

Hi folks, I wanted to discuss hot imaging of Linux servers. Often you will run into a situation where you need to migrate an existing Linux server into a virtual environment.

The downside is that you might not want to power it down to do this and use something like VConverter or PlateSpin Migrate. These products can hot image Windows servers but can’t hot image Linux servers. So what do you end up doing? Acronis!

Acronis True Image Echo Enterprise Server can hot image a server and then you can use the program to convert the image into a VMDK file which you can then import into an existing virtual machine. Then presto, you have a virtualized Linux server without ever having to down the existing older Linux server.

The only caveat is you have to install an Acronis agent on the Linux server to accomplish this. In order for the agent to install successfully you will require the kernel source to be installed. But then you can install the agent without requiring any reboots.

Happy imaging!

-RP

China accused of spying on people with GhostNet

So you guys may have heard. Big brother is watching! Recently some researchers at the University of Toronto here in Canada have uncovered a GhostNet network of spying that reports back to China!

Apparently computers get compromised via a trojan called Ghost Rat which allows complete control of the infected PC. Apparently the attacker can even gain control of peripherals such as microphones and web cameras.

This kind of spying is absolutely horrifying and whomever did this should be prosecuted to the fullest extent of the law. Invasion of privacy at this level is absolutely shocking and whomever the people are that were guilty in perpertrating this should go to jail for a very long time! Unfortunately I highly doubt that anyone will ever catch who actually did this. I’m sure there will be tons of politics and misdirection and in the end the perpertrators will get away scott free.

-RP