It was eight years ago, almost to the day, when I wrote my first blog on building a secure web server using the LAMP stack with CentOS 5. I have since updated it in 2015 and again in 2017 for CentOS 7. But almost decade later and are we still hosting WordPress sites on LAMP web servers. Sure we can harden the web server but there are so many components to think about. Apache, MySQL / MariaDB, PHP, IPTABLES, SELINUX, SSH for admin access and file transfer, then the ultimate attack vector. WordPress itself. [Read more…] about Static Sites with Azure Blob Storage, CI/CD and Jekyll
I’ve been using Microsoft Visio for a very long time, and it’s still my tool of choice when creating architecture diagrams. Since PowerPoint on the Mac has been massively improved I do use that more often, but you can’t beat Visio for the more detailed diagrams. With that, it has been almost 3 years since I shared my last EUC Visio stencil set so I decided it’s time for an update for 2018. I do intend to add a lot more shapes to this set as I create them. Many of these are from existing Visio Stencils available online (see links below), whereas others are ones I’ve collected over the years or had to create myself. You can see all of the shapes and icons included in this Visio Stencil Set in the image above.
If you feel like creating some icons yourself you can either do it the old fashioned way in Adobe PhotoShop (like I do), or use the open-source icons from VMware Project Clarity. Lilia Kim (VMware Sr Visual Designer) has done a great write-up on Clarity here: https://medium.com/claritydesignsystem/how-to-design-clarity-icons-a443b19ad84b
Update: I had to remove this post for a short time and remove some company logos for legal reasons. The shapes I have removed can easily be found online with a Google search anyway.
These are NOT official VMware stencils.
Earlier this month (January 2018) VMware released Horizon 7.4, and with that I wanted to share some updates in regard to the network port requirements. My good colleagues over in the EUC Technical Marketing team are doing a fine job of maintaining the diagram and have recently published a white paper PDF which you’ll find here. It’s a beast of a document and highly recommended if you are deploying a VMware Horizon architecture in your environment.
An important consideration when using this network ports diagram, is that it doesn’t necessarily contain all non-VMware related ports such as Active Directory, DNS, NTP, SMB and so on. In fact one of my colleagues in the Office of the CTO mentioned this, since one of his customers ran into an issue where TCP port 135 was blocked, but this was required when joining a Pod to a federation (Cloud Pod Architecture). I thought this would be a good opportunity to describe what Cloud Pod Architecture is doing behind the scenes and provide some updates. [Read more…] about VMware Horizon 7.4 Network Ports for Cloud Pod Architecture
After writing a series of blog posts and guides on CentOS for several years now, as part of my Essential Linux Skills with CentOS 7 series, I have decided to publish a free eBook covering the complete guide on setting up your own highly secure web server for blogging (WordPress). Linux is still a hobby, and while it comes in handy for my day job, it has been long since I was a Linux administrator. I once remember someone describing it as an art.
While many of my readers and followers are highly skilled technical consultants and VMware architects, building and maintaining a secure and stable web server for WordPress can pose some challenges. For one, it requires a solid understanding of the Linux operating system and nuances of security with mechanisms such as SELinux. Also it takes time to learn, master and manage. However, I feel the many benefits outweigh these challenges and running your own WordPress blog can be very rewarding. One area I decided to focus heavily on is SELinux. It is often disabled and ignored, and often misunderstood.
Many of us are also on a budget, so simply using AWS Route53, some EC2 nodes and a load-balancer with CloudFront can be costly when considering egress bandwidth charges. I have used various VPS (Virtual Private Server) providers in the past, and recently decided to move back to Linode. I was a customer for several years until I moved to another provider following their ‘Twelve Days of Crisis‘ nightmare. However, the fact that Linode have been so open and having received excellent support in the past I opted to move back and I’m really pleased I did. They are currently offering a $10 a month Linode 2GB plan which comes with 1 vCPU core, 30GB SSD storage, and 2TB transfer per month. For $20 you’ll get 4GB RAM, 2 vCPU cores and 3TB of network transfer.
We’re 18 days away from another VMworld in Las Vegas, and it’s going to be another amazing year, with a packed agenda crammed with sessions on our SDDC stack, including vSAN, NSX and vSphere, in addition to VMware on AWS and Cloud Foundation, all being my favorite topics at the moment. You’ll also find me discussing Cross-Cloud Architecture along with Adrian Roberts and Victor Sandoval, in the Ask the vCloud Air Network Cloud Experts [LHC1566PU] session which is on Monday at 12.30 so feel free to bring something to eat and drink for an hour of technical discussion!
I was also fortunate enough to be invited to the Virtustream Global Developer conference in Florida last week, and one of the topics I presented was titled ‘Cloud Momentum: Cross-Cloud Services and Architecture’. I must say that the team at Virtustream have some amazing talent so be sure to check them out at VMworld!
While I’m on the subject of Cross-Cloud architecture, there is a real challenge that I think customers are trying to solve. Firstly, cloud consumers have choice, but with that it’s inevitable that things don’t always turn out to be clear-cut. For example, let’s say we have a customer that wants to migrate their workload to the cloud. Most of their applications today have a traditional deployment with a database back-end, reliance on certain versions of Microsoft SQL and legacy dependencies which makes scale difficult. These traditional applications are not going to suit Azure, AWS or Google Cloud, but with VMware on AWS they can expand their existing vSphere infrastructure that they have on-premises, to an AWS data center.
As customers then introduce cloud native applications to their organization, they can take advantage of AWS services such as S3 and DynamoDB. What makes this relationship so unique is there traditional workloads can be placed side-by-side in the same AWS region and availability zone (AZ). This avoids network traffic having to occur over a VPN or Direct Connect, and they can keep the traffic internal to the AWS network. Taking things one step further, workloads can easily be moved using vMotion from their on-premises data center to AWS and visa-versa.
There will be much more to reveal at VMworld where you’ll hear the latest news on Cross-Cloud services and architecture.
See you in Las Vegas!