Saturday, February 6, 2016

Xen Orchestra 4.13 [feedly]



----
Xen Orchestra 4.13
// Xen Orchestra

Welcome to XO 4.13! This one is all about security, stability and fixes, plus UI improvements. One of the major feature is the possibility to use SMB remote for full backups.

SMB remotes

You can add SMB (ex-CIFS) remotes for your backups. It doesn't work yet with Continuous Delta backup, but it will be the case soon.

So you can export now your backups to a Windows share if you like!

Checksum for backups

Making backups is great. But what about corrupted files between the backup operation and the restore? We are now recording the MD5 hash of any delta file, and save it along the file itself.

This way, when you restore your backup, you can know if it's corrupted or not!

The only thing left is to check the hash of the full image: this is not trivial, because making a MD5 sum of a big file will take a lot of bandwidth (imagine your full disk image of 1 TiB is on a remote NFS share: it means reading the whole file to make the sum). We focused on delta file protection, which is far faster.

More HTTPS security

Thanks to Helmet library, we can now offer more security to HTTPS inside XOA! HSTS, XSS & click jacking protections and more!

We also got HTTPS redirection for admins who want to redirect automatically from HTTP to the secure protocol.

Health view

This view is now regrouping data about XenServer anomalies, like orphaned VDIs or VM snapshots. Filled SR are also displayed here:

Orphaned elements could happen when migrating VMs or VDIs to other SRs.

This way, you can't miss them anymore!

Those orphaned VDIs are also displayed individually in the SR view:

UI improvements

A lot of small improvements, from tooltips to a complete live migration handling (selecting the destination storage, the migration network etc.), removing old backup logs etc:

You also have now a dedicated field for units, which is way user friendly than typing the unit yourself:

What's next

We started to work on the self service portal, and we are currently writing it. This is now a priority, and will be out for the next release!


----

Shared via my feedly reader


Sent from my iPhone

The Cloudcast #237 - Cloud Native SDN [feedly]



----
The Cloudcast #237 - Cloud Native SDN
// The Cloudcast (.NET)

Brian talks with Chris Marino (@chris_marino, Founder/CEO of Pani Networks) about the his new startup, the evolution of networking for Cloud Native applications, and the opportunities to change networking as application models radically change.

Show Notes:


Topic 1 - We've known each other for a while, but give our audience some details about your background and what you're building with Pani.

Topic 2 - You highlight that there are 4 types (use-cases) of SDN in the market today: Enterprise, Carrier (NFV), SD-WAN and now Cloud Native. Let's talk briefly about each one.

Topic 3 - Let's talk about the basics of how the Romana Project works - addressing, tenants, IPAM, service discovery

Topic 4 - There's an interesting trend happening where more intelligence and awareness is getting pushed up into higher-level systems like OpenStack, Kubernetes, etc. - how does this align to an application team vs. an operations team?

Topic 5 - How can people learn more about Pani and Romana, and start to play with the technology?

----

Shared via my feedly reader


Sent from my iPhone

Two late-announced security advisories [feedly]



----
Two late-announced security advisories
// The Apache CloudStack Blog

Today I sent out two CloudStack-related security advisories: CVE-2015-3251 (related to VM credential exposure) and CVE-2015-3252 (related to VNC authentication). Details about these issues can be found on the CloudStack user and dev mailing lists, as well as on the Full Disclosure and BUGTRAQ security mailing lists.

While these vulnerabilities are of moderate and low severity (respectively), the reason for this post is because the advisories were announced approximately 5 months after the first release of the patches in 4.5.2. This is personally embarrassing, unacceptable, and in a more severe case could be downright dangerous.

What happened?

The CloudStack security team worked through the related vulnerabilities through the summer of 2015. We had advisory drafts, patches, and mitigations all ready well before the release. Far enough ahead, actually, that we forgot about the release and weren't paying attention to the release (at least I wasn't - I know others were), and didn't send out the advisories at the appropriate time. Part of this is due to me having become an unofficial lead/spokesperson for the security team; In the past there has been at least one occasion when others released advisories when I was not available, but usually I'm coordinating issues and publishing announcements.

Luckily, the CloudStack Security Team works with and under the direction of the ASF security team. During one of their periodic reviews, they noticed CloudStack had loose ends on these two advisories, and asked for an update. Earlier today I realized the advisories had not been released, so here we are.

How will we improve?

Obviously, we don't want to be in this situation again. Here's some steps we're taking to minimize the chance of a repeat performance:

  • I've modified the Release Procedure to specifically request the release manager give the security team a heads up that a release is about to be announced. This can be a simple non-blocking email that shouldn't slow down the release process, but still ensure that we're aware of the upcoming release.
  • I'll be ensuring that other members of the security team feel comfortable crafting and releasing advisories. Like the rest of CloudStack and other ASF projects, the CloudStack security team does not have a named leader and should be able to operate if I or others are unavailable.

In the past I've referred to CloudStack as "critical infrastructure" - CloudStack powers infrastructure clouds for many large cloud providers. We take information security seriously, realizing that many depend upon our work. Vulnerabilities happen in most software at some point in time - the important part is how they are responded to. While in this case we did respond quickly to the issues and created and applied patches, we let the community down by not quickly releasing the advisories. This is an unfortunate chink in our armor, but we'll be taking steps to ensure it doesn't happen again.


----

Shared via my feedly reader


Sent from my iPhone

Getting started with policy-driven development and DevSecOps [feedly]



----
Getting started with policy-driven development and DevSecOps
// Puppet Labs

Learn how Puppet can help you define, deploy, test and enforce security and compliance policies.


----

Shared via my feedly reader


Sent from my iPhone

Making Life with Puppet and AWS or Other Cloud Services Easier [feedly]



----
Making Life with Puppet and AWS or Other Cloud Services Easier
// Puppet Labs

I'm pleased to share with all of you our new white paper, AWS Node Lifecycle Management with Puppet. This white paper is an encapsulation of best practices using new capabilities we've added to Puppet over the last two years that make working with AWS or any cloud platform much easier. In it, we cover the latest technologies we've introduced and examples you can adapt to your own organization's environment.


----

Shared via my feedly reader


Sent from my iPhone

DSC Deep Dive: Get Up and Running with the DSC Module [feedly]



----
DSC Deep Dive: Get Up and Running with the DSC Module
// Puppet Labs

This is the first post in our new DSC Deep Dive series and we're starting with the basics before moving on to more complex use cases. The first thing you'll want to do is install our newly supported PowerShell DSC module. The DSC module extends the Windows management capabilities of Puppet by allowing you to write Puppet code to manage DSC resources. With this integration, Puppet users have access to an additional 200+ modules created by Microsoft and the Microsoft community.


----

Shared via my feedly reader


Sent from my iPhone

Managing Kubernetes with Puppet at the London Kubernetes Meetup [feedly]



----
Managing Kubernetes with Puppet at the London Kubernetes Meetup
// Puppet Labs

Get the slides from Gareth Rushgrove's presentation at the recent London Kubernetes Meetup.


----

Shared via my feedly reader


Sent from my iPhone

MySQL Cluster 7.5 [feedly]



----
MySQL Cluster 7.5
// MySQL - New Product Releases

MySQL Cluster 7.5 (7.5.0 m1, published on Friday, 05 Feb 2016)
----

Shared via my feedly reader


Sent from my iPhone

Compose 1.6: New Compose file for defining networks and volumes [feedly]



----
Compose 1.6: New Compose file for defining networks and volumes
// Docker Blog

In the previous version of Docker Engine we added a completely new system for managing networks and volumes, and we're pleased to announce full support for these features in Docker Compose. Compose files used to describe just one thing: the … Continued
----

Shared via my feedly reader


Sent from my iPhone

Containers as a Service (CaaS) as your new platform for application development and operations [feedly]



----
Containers as a Service (CaaS) as your new platform for application development and operations
// Docker Blog

Developers don't adopt locked down platforms. That one simple statement summarizes decades of tension between IT operations and development teams. Along the spectrum of control versus agility are the desires and needs of IT operations teams responsible for keeping environments … Continued
----

Shared via my feedly reader


Sent from my iPhone

Docker Engine 1.10 Security Improvements [feedly]



----
Docker Engine 1.10 Security Improvements
// Docker Blog

It's been a crazy past few months with DockerCon and the holidays but yet we are still hacking away on the Docker Engine and have some really awesome security features I would like to highlight with the release of Docker … Continued
----

Shared via my feedly reader


Sent from my iPhone

Docker 1.10: New Compose file, improved security, networking and much more! [feedly]



----
Docker 1.10: New Compose file, improved security, networking and much more!
// Docker Blog

We're pleased to announce Docker 1.10, jam-packed with stuff you've been asking for. It's now much easier to define and run complex distributed apps with Docker Compose. The power that Compose brought to orchestrating containers is now available for setting … Continued
----

Shared via my feedly reader


Sent from my iPhone

Skype for Business – A Cyber Pirates’ Paradise? [feedly]



----
Skype for Business – A Cyber Pirates' Paradise?
// Citrix Blogs

So, you've decided to ditch your old PBX phone system and enter the world of Unified Communications. Good for you. Now, here's what you should know to keep your Skype data safe from cyber pirates and more … because it's not just your fingerprints you leave on your tablet. Whether you made your decision to […]

----

Shared via my feedly reader


Sent from my iPhone

A Receiver for Skype for Business: It’s as Easy as Pie [feedly]



----
A Receiver for Skype for Business: It's as Easy as Pie
// Citrix Blogs

Last month, Citrix and Microsoft launched a new joint solution for delivering Skype for Business from XenApp and XenDesktop, and the response from the market has been that this is just what our mutual customers were waiting for. The new "v2 architecture" of the HDX RealTime Optimization Pack delivers a truly native UI experience while maintaining […]

----

Shared via my feedly reader


Sent from my iPhone

Welcome CTP–Citrix Technology Professional–Class of 2016!! [feedly]



----
Welcome CTP–Citrix Technology Professional–Class of 2016!!
// Citrix Blogs

The Citrix Technology Professionals (CTP) Program award recognizes the contributions of individuals who have invested significant  time and resources to become experts in Citrix products and solutions. They have also selflessly shared their expertise with others in a wide variety of Citrix technical communities. You think this is an easy award to achieve? It's not. […]

----

Shared via my feedly reader


Sent from my iPhone

Delivery’s Bitbucket (Stash) Integration Released [feedly]



----
Delivery's Bitbucket (Stash) Integration Released
// Chef Blog

deliveryandstashOhai Chefs!  We are delighted to announce the release of a new feature in Chef Delivery. Delivery now supports integration with Atlassian Bitbucket v3.x (formerly known as Stash) as a Source Code Provider. With this feature you can create and manage PRs in Bitbucket via Delivery.

Information about setting up the link and the project workflow it enables can be found here. This feature is released as of 0.3.606, which has been promoted to stable and is available for upgrade via delivery-cluster.

In addition to this new integration, if you haven't upgraded in a while, we have implemented a number of usability enhancements in the dashboard and change pages of the web application.

We hope you enjoy using the Bitbucket integration. As always, we welcome your feedback and invite you to contact us directly or participate in our feedback forum.  Thanks for using Chef Delivery!


----

Shared via my feedly reader


Sent from my iPhone

Citrix NetScaler Rocks Networking Field Day 11 [feedly]



----
Citrix NetScaler Rocks Networking Field Day 11
// Citrix Blogs

On Friday, January 22, Citrix hosted its first event for Networking Field Day. If you have been looking to get up to speed on the latest innovations from NetScaler and wanting to learn about where we are going with the product, the NetScaler team has you covered with five recorded video presentations from the Networking Field […]

----

Shared via my feedly reader


Sent from my iPhone

Send SMS Alerts from Citrix Products via Email (and Octoblu) [feedly]



----
Send SMS Alerts from Citrix Products via Email (and Octoblu)
// Citrix Blogs

Have you ever wanted to send an SMS message from Director, Sharefile, Podio, or NetScaler? If so, we have great news! Octoblu allows you to automate virtually anything (APIs, smart devices, wearable devices, etc) using our simple drag-and-drop designer. Since Octoblu's triggers support both webhooks and email addresses, this makes it super simple to send an […]

----

Shared via my feedly reader


Sent from my iPhone

Supermarket 2.3.3 Release [feedly]



----
Supermarket 2.3.3 Release
// Chef Blog

supermarket-release-wide

Supermarket 2.3.3 is now available. This release contains bug fixes, minor enhancements, and security updates. Supermarket version 2.3.3 is a recommended update for all users running their own instances of Supermarket. Packages are available in the stable repository. If you are using the Supermarket omnibus cookbook, upgrading to this version can be as simple as a chef-client run on your hosts—if you've left the version of Supermarket at the default :latest—or updating your wrapper cookbook's attributes to ['supermarket_omnibus']['package_version'] = '2.3.3'. The community Supermarket has already been updated.

Security Fixes:

  • Upgraded OpenSSL in omnibus package
Bug Fixes:
  • Fixed display of dependencies for past cookbook versions
Enhancements:
  • Added Partner Cookbook badge and search. The upcoming Chef Partner Cookbook program will allow users to find cookbooks jointly developed with Chef by the vendors providing those products.
  • Added chef_versions and ohai_versions to metadata parser in effort towards implementing RFC037
  • Increased the number of contributors shown per page.
Tidying Up:
  • Upgraded RSpec
  • Added rake task to spin up Docker containers for PostgreSQL and Redis in development
  • Added guard for RSpec and Rubocop watchers in development

----

Shared via my feedly reader


Sent from my iPhone

Thursday, February 4, 2016

Containers as a Service (CaaS) as your new platform for application development and operations [feedly]



----
Containers as a Service (CaaS) as your new platform for application development and operations
// Docker Blog

Developers don't adopt locked down platforms. That one simple statement summarizes decades of tension between IT operations and development teams. Along the spectrum of control versus agility are the desires and needs of IT operations teams responsible for keeping environments … Continued
----

Shared via my feedly reader


Sent from my iPhone