In this video I take you through configuring NVIDIA vGPU with a GRID K2 card on a Microsoft Remote Desktop Services Host (RDSH) with VMware Horizon 6.2. In less than 10 minutes you can configure your RDSH virtual machine with a vGPU profile to deliver high performance 3D applications.
Following the theme for ELS (Essential Linux Skills) with CentOS 7 (see part 1), today I want to share what I consider to the the most important topic of the lot. Firewalls. Securing your Linux host is, in my opinion, the first thing you should be doing before hosting any web services. In my last post, you learned all about systemd and hopefully are now comfortable with the switch from SysV init.
If you are responsible for building Linux hosts for web applications then this will be an especially important topic for you. The same applies if you want to master security with Linux. This might get a little technical, but hang in there.
RHEL (RedHat Enterprise Linux) and CentOS 7 introduces firewalld which is now installed by default instead of iptables. Another newcomer, but not yet loaded by default with CentOS 7 is nftables. What’s the difference? Well firewalld is new to the user-space, but it doesn’t replace iptables. Nftables will eventually replace iptables.
Confused? I don’t blame you, so let me explain the iptables architecture. It’s important to understand how iptables works in order to understand the changes that firewalld and what nftables brings to the table (pun intended).
We’ll start with this basic architecture diagram for netfilter:
This is the first of two Essential Linux Skills for CentOS blogs (see part 2). For many years I’ve become used to using service and chkconfig commands to manage services with RHEL (RedHat Enterprise Linux) and CentOS. In fact I first got my hands on a Unix system back in 1993, then got my first ever job as a Unix admin in 1996. I learned about SystemV runlevels, and then became used to using /etc/init.d/<service> to manage services. It takes a while to shake
bad old habits, but CentOS 7 now uses systemd as the default init system.
Init (short for initialization) was the first process to start and the last to stop on a SysV (System V Unix) Linux system, and therefore we have the concept of runlevels. Each runlevel represents the state of the system, with runlevel 0 being shutdown (halt), 3 being multiuser mode (in other words it has now booted), and runlevel 5 is running the desktop environment if you use one (X Server starts and you have a desktop). Oh and runlevel 6 restarts the system.
Why is this important? Well, whether you like it or not, having core Linux skills is essential in the IT world we live in. In fact just a few weeks ago I was presenting at VMworld in San Francisco on VMware Horizon for Linux Virtual Desktops technical deep dive. I was approached after the session by a customer that has a project to deploy RHEL virtual desktops to hundreds of students in a college. He thanked me as he had to go home the following week to configure some of those virtual desktops with direct pass-through to NVIDIA GRID graphics cards. The process of doing that requires installation of the driver at runlevel 3, but he had no idea what it meant despite it being a simple command (init 3). It also meant that he learned about how to optimize RHEL by disabling unnecessary services that start at runlevel 3.
At VMware I see more and more customers deploying Linux desktops, but also server workloads are often running Linux (such as the server hosting this blog!), and virtual appliances.
SysV is still present on CentOS 7, but you’ll not find much there. If you run the following command, you can see which services are enabled at boot (runlevel 3). [Read more…] about Essential Linux Skills with CentOS 7 – Managing Services with systemd
Becoming a VCDX (VMware Certified Design Expert) doesn’t mean you have reached the path to enlightenment or qualify you for an immediate pay rise. There, I said it. That is the reality. Yes it is the highest level of certification by VMware but it should NOT be your end game. The VCDX should be an incremental goal to where you want to be, you just might not realize it yet.
I’ve had a lot of time recently to catch up with the latest tweets and blogs from the virtualization community and I’ve noticed a few misconceptions about the VCDX. I have also seen some excellent comments from other VCDX’s that reflect what I am about to say.
In The Beginning
Back in the early days when the VCDX was in low double digits, there were awards, branded beer, and songs around the camp fire under the star lit sky. Well maybe not the last one but it was a big celebration and rightly so. The number of VCDX title holders are in the hundreds now and I wouldn’t think it is practical to have such a merry dance and award ceremony each time someone achieves their VCDX. Don’t get me wrong I would love this to be case, camp fire songs included, but that just isn’t going to happen.
As tempting as it is, I have no intention of jumping on the ‘Shellshock’ band wagon and writing a vague post on the subject. However, I do find this recent bash exploit interesting and worthy of investigation as it’s simple to test and has a plethora of vectors that could be exploited. I’ve read many media reports on this and unfortunately some of their layman’s terms are inaccurate or do not provide the full picture. The purpose of this blog post is for my own reference and anybody that needs starting point of where to look. For an in-depth look at this then I would recommend you read Troy Hunt’s article. For a quick technical reference then feel free to read on… [Read more…] about Shellshock Vulnerability and Potential Exploitation (not another blog post on CVE-2014-6271 / CVE-2014-7169)