In my previous series of articles on OpenStack networking, I mentioned that there are ways of doing things in the virtual world that can’t be done in the physical world. Because of that, we shouldn’t let the physical server limitations control our thinking in the virtual world -- but often we do.
There are many ways to approach the broad topic of "security automation". After repeatedly trying new approaches, evaluating them against my assumptions and goals, and modifying them as I learn new things, I've come up with a number of helpful insights. I hope you find them useful in thinking about your own security automation goals.
Modern application environments can be complex and include many discrete elements that can all affect the end user's experience. Because of this, it can be challenging to develop an effective monitoring strategy that allows you to be alerted during potential performance problems and also to use these metrics from a variety of systems to proactively address potential bottlenecks and slow points before they cause end user impact. In this article, we'll be discussing several best practices for ensuring that your environment is effectively monitored.
Long running threads, application locks, thread contention, and other problems can all cause significant performance problems in Java applications (up to and including a complete lock up of the Java Virtual Machine (or JVM)!) Thread dumps are a vital tool in analyzing and troubleshooting performance problems in Java applications. They represent a point-in-time snapshot of the stack traces for all active threads that exist within the JVM. Typically, in order to troubleshoot these issues and get to the root cause, an engineer takes several thread dumps approximately 5-15 seconds apart. In this way, we can compare the state of all threads to determine commonalities -- namely, threads that are long running, blocking other threads, leading to circular deadlocks, and so on. In large applications, you may have thousands of threads, which can make this analysis a challenging prospect. In this article, we'll discuss how we can use a tool called fastthread.io in order to offload most of the heavy lifting and give us immediate insight in to the state of the application threads.
Rackspace Application Services provides application support and management to a wide variety of customers ranging in size from small environments with only a few application servers to customers that run thousands of Java Virtual Machines (or JVMs) across their environment. To help facilitate this, we heavily rely on Ansible to help us automate implementation, troubleshooting, and maintenance tasks. While Ansible is quite powerful and easy to use, many organizations do not take full advantage of some of the features that it provides. In this article, we'll be discussing how you can extend Jinja2 and Ansible's built-in filter plugins and how you can craft a completely new filter plugin to make specific tasks easier.
Last year, we shared the foundation Rackspace uses for Sitecore security hardening in a blog on this site. We're due for an update now that Sitecore has published additional best practices, and, here at Rackspace, we've folded those recommendations into our PowerShell process for securing environments. The Rackspace Managed Services for Sitecore team incorporates this into our provisioning work program for enterprise Sitecore projects.
As more web application workloads move to the cloud, organizations need to be concerned about attacks from the internet. External threats are scanning public IP ranges to find known vulnerabilities and exploit businesses. Let's take a look at the Azure Application Gateway (WAF), and see how it can be a part of our toolset for protecting our web applications.
As OpenStack projects grow its likely that a given project will spawn several repositories and will share code snippets across them.
Azure SQL is Microsoft's answer to Platform as a Service for SQL Server. It extracts a lot of the day to day administrative tasks of managing an installation. Let’s take a look how a consumer of Azure SQL can export data to restore to a local on-premise installation.
The OpenStack-Ansible inventory system is the glue connecting the Ansible playbooks that do the installation to the hosts they manage. It is vital to deploying and maintaining an Ansible-based cluster.
This system has undergone several changes since the initial Icehouse release. Learn what's happened since and what's in store for the future.