• Centreon simplifies Nagios management

    20Aug
    Author: chris Categories: Infrastructure, Ramblings Comments: 0

    If you’ve been reading the Barking Seal for a while, you probably already know that we use Nagios to monitor a variety of things here at AppliedTrust.  It’s been a great platform for us, and we’ve put a lot of time and energy into writing custom plugins, integrating performance graphing tools, and generally making it work for us.  I’m a huge fan of Nagios because of its stability, openness (the documentation is truly excellent), and flexibility.  Historically though, Nagios has had two weak spots.  The first is auto-discovery, and the second is usability.  Unfortunately, the first issue is likely to be with us for quite some time — it seems like the process of going out over the network and automatically discovering and configuring servers and services is just too complex for the moment.  Or perhaps it just hasn’t been worthwhile for anyone to solve that problem yet… either way, I haven’t found a good solution as of now.  But amazingly, the last couple of years have seen a lot of development in the second area.  There are now several different open source projects that provide easy-to-use GUI interfaces for configuring Nagios!

    Centreon Configuration Screen

    Read more »

    Tags: , ,

  • Essential Cacti Plugins

    16Aug
    Author: jim Categories: IT Management, Infrastructure Comments: 0

    We’ve blogged in the past about Nagios, the open source monitoring software. Another great open source alternative is Cacti. Both Nagios and Cacti do a great job of graphing system resources.

    Like Nagios, Cacti is capable of monitoring your servers, as well as processor, memory, network, and disk utilization on your networking devices. After initial installation, adding hosts to be monitored can be completed using nothing but the web interface.
    Read more »

    Tags: , ,

  • An important year for Open Source Software

    13Aug
    Author: chris Categories: IT Management, Infrastructure, Ramblings Comments: 0

    Network World is reporting that 2010 will be the year of Open Source.  According to the article, half of the organizations surveyed are using Open Source Software in some capacity already, and the vast majority (71% in the US) said they are planning to greatly increase their use of OSS in the coming year.

    More interestingly, perhaps, many of the participants in the survey reported that they are switching to OSS for non-financial reasons such as:

    Read more »

    Tags: , ,

  • Slow network performance for Windows Server 2008 guest on vmware ESXi 4.1

    28Jul
    Author: trent Categories: Infrastructure Comments: 4
    tcp lego header

    TCP header, Lego (tm) style

    The older I get, the more lessons I seem to learn (or, not learn) over and over.  Have you ever seen TCP offload work correctly?  Of course not!  I’ve been bitten by a TCP offload (aka TCP Offload Engine or TOE) problem in just about every environment I’ve touched in the last 20 years, and sadly this week was no exception.

    To make a long story short, we have a production vmware ESXi 4.1 host with both Linux (CentOS) and Windows Server 2008 guests.  No problems were reported (or measured) with the Linux guests, but the Win 2008 guests suffered from extremely choppy network connections, for common services like Remote Desktop and backups (including lost connections).  As you probably know, I’m big into actually investigating the underlying cause of a problem rather than randomly throwing darts at it, and as such I grabbed some packet traces with wireshark.  Check this out:

    Read more »

    Tags: , ,

  • The Barking Seal Q3 2010 is Here and Filled with Goodies!

    09Jul
    Author: katief Categories: IT Management, Infrastructure, Ramblings Comments: 0

    The latest version of The Barking Seal is here , and it is filled with a variety of applicable and accessible treats.  Want some? Keep reading for a taste…

    Goodie #1: Learn why version control is important for all businesses across the board.

    Goodie #2: Get some assistance in deciding “Git or Subversion? Git or Subversion? Git…?”

    Goodie #3 (otherwise known as the cherry on top): Meet Jim Turpin, one of our fabulous network engineers, who embodies the concept of multi-discipline to a T both inside and outside of the office.

    Click here to read Q3 2010, and, as always, enjoy the treat!

    We’d love to hear from you, so please post your comments and questions here.

    [Slashdot] [Digg] [Reddit] [del.icio.us] [Technorati] [StumbleUpon]
    Tags: , , , , , , ,

  • A Gentle Infrastructure Monitoring Reminder

    06Jul
    Author: ned Categories: IT Management, Infrastructure Comments: 0

    The fine folks at Twitter Engineering recently posted about the performance issues they have had over the holiday weekend. Since Saturday, the site has been slow for users and API calls. While AppliedTrust hasn’t (yet) made the leap to Twitter, we recognize how important it is for delivering World Cup news. I give Twitter Engineering tons of credit for being so transparent about the details of the problem – they say:

    In brief, we made three mistakes:
    * We put two critical, fast-growing, high-bandwith components on the same segment of our internal network.
    * Our internal network wasn’t appropriately being monitored.
    * Our internal network was temporarily misconfigured.

    Twitter is well known for great application-layer monitoring and instrumentation, so this gap in monitoring is a surprise. It exposes a common misconception among social software companies – that their server and network infrastructure is “covered” by their hosting provider.  As web applications scale to even 1/1000 the size of Twitter, software becomes critically interdependent on the underlying network. Infrastructure should be instrumented and monitored at least as closely as the software that depends on it.

    For more The Barking Seal articles on monitoring and troubleshooting, see:

    [Slashdot] [Digg] [Reddit] [del.icio.us] [Technorati] [StumbleUpon]
    Tags: ,

  • AppliedTrust Goes Drupal!

    30Jun
    Author: ned Categories: Infrastructure Comments: 0

    This month, AppliedTrust re-launched our web site on the CMS called Drupal. Although the “look and feel” of the site hasn’t changed much, this upgrade has been a breakthrough in terms of both performance and manageability. I would give our previous CMS, Joomla, a grade of a B- in comparison to Drupal’s solid A. Here are six reasons why Drupal is a great fit for www.appliedtrust.com:

    Read more »

    Tags: , , ,

  • AppliedTrust featured on One Day, One Job!

    27Apr
    Author: ned Categories: Infrastructure, Ramblings, Recruiting Comments: 0

    I’m very excited to announce that AppliedTrust is being featured today on One Day, One Job, the popular site that highlights a different hiring employer every day.  Created by Willy Franzen, One Day, One Job is a unique resource for college students beginning their careers.  This is awesome exposure for our company and a great opportunity for us to find the perfect new Seal to join our team!

    As our regular readers know, AppliedTrust is looking for a great infrastructure engineer who wants to work in Boulder, Colorado. This role is a “Jack of all trades” within the broad field of Information Technology – they get to play with networks, servers, software, and security.  One ideal candidate for this job would be a graduating Computer Science or Engineering major who has experience with Windows and Linux system administration and doesn’t want to spend all day programming.  We would definitely also consider someone with more work experience.  If you are interested, or know of a good candidate, please check out our jobs page: http://www.appliedtrust.com/jobs

    [Slashdot] [Digg] [Reddit] [del.icio.us] [Technorati] [StumbleUpon]
    Tags: , , ,

  • issues.apache.org compromised by XSS vulnerability

    13Apr
    Author: ben Categories: Infrastructure, Security Comments: 1


    As discussed in detail by the Apache infrastructure team, a cross-site scripting vulnerability in Atlassian’s JIRA led to a full root account compromise on the ASF’s issue and request tracking server. If you don’t care to read the full story from the infrastructure team, the following sequence of events led to the compromise:

    1. Attackers opened a new JIRA issue with a malicious tinyurl.com link that led to the JIRA page with an XSS vulnerability
    2. Simultaneously, attackers launched a brute force attack on the JIRA login form
    3. Several administrators clicked the tinyurl link, which compromised their cookies (giving the attackers JIRA admin access)
    4. Attackers uploaded malicious a JAR file that collected JIRA passwords at login. One of the compromised passwords had also been used for a local account with full sudo privileges.

    There’s more to the story, but those points capture the bulk of the attack.

    This compromise interests me because it’s an explicit, targeted, successful attack against a security conscious and capable next-generation web technology team. Several techniques were used in this attack:

    • Social engineering. The attackers opened an issue as if they were a trusted source posting a legitimate link. The Apache administrators trusted them.
    • Web application security flaw. XSS is #2 on the OWASP top 10 list.
    • Lack of vigilance. As the infrastructure team points out, the same password was used in a number of cases, and the JIRA user was overly privileged.

    I hear a lot of grumbling when I highlight XSS vulnerabilities in a penetration testing report. “Is this really a serious problem?” and “we’re not a target” and “it doesn’t matter if they steal the cookie” are common complaints. Let’s face it – if the Apache team can be powned, we should all be wary.

    [Slashdot] [Digg] [Reddit] [del.icio.us] [Technorati] [StumbleUpon]
    Tags: , ,

  • Don’t Forget to Vote to Bring Google Fiber to Boulder by March 21!

    18Mar
    Author: beth Categories: Infrastructure, Ramblings Comments: 1

    In case you haven’t heard, Google is offering to build an experimental network in a community with speeds up to 100 times faster than current Internet speeds, and at an affordable price.  This new network is expected to radically change how communities access information and interact with the world.

    Boulder is one of many communities vying to be the lucky recipient of this experimental network. As a city known for its smart people, progressive policies, and high tech companies, we are a great fit for a project like this. To capitalize on this, the City has stepped up efforts to get as many people as possible to vote, both by setting up a fan page on Facebook and by declaring this weekend “Boulder Fiber Weekend.”  Although nominations are being accepted until March 26, the City is hoping to have everyone vote before midnight on March 21.

    This is an awesome opportunity for us to bring in more jobs, boost our local economy, and enhance communications across all sectors of our community. And, of course, having lightning-fast Internet speeds would be pretty sweet, too. So, what are you waiting for? Vote now!!

    

    [Slashdot] [Digg] [Reddit] [del.icio.us] [Technorati] [StumbleUpon]
    Tags: , ,
« Previous Page

Subscribe:

Popular Posts