Main Page: Difference between revisions

From Essential
Jump to navigation Jump to search
Line 199: Line 199:
*95^16÷150÷24÷365 > 1000×10^22 is the total number of years of brute force attempts required (95 possibilities per char, minimum 16 chars, 150 attempts per hour, assuming I never change the password  !)
*95^16÷150÷24÷365 > 1000×10^22 is the total number of years of brute force attempts required (95 possibilities per char, minimum 16 chars, 150 attempts per hour, assuming I never change the password  !)


*2022-03-14 By analyzing the statistics of the latest ssh attacks, we can say that there is almost only one person trying from multiple locations.
*2022-03-14 By analyzing the statistics of the latest attacks, we can say that there is almost only one person trying from multiple locations.

Revision as of 10:25, 17 March 2022

My name is Antonio DA SILVA PACHECO (CV_PACHECO Website LINKEDIN).
With this site, I want to share my projects.

NEWS

LAB CLOUD

I want to share my LAB project.

Infocepo.drawio.png

Audit servers

I made ServerDiff.sh script to audit servers. You can track configuration drift. You can check if your environments are the same.

Example of my process of migration CLOUD

  • 1.5 days: physical and virtual target CLOUD architecture diagram
  • 1.5 days: physical compliance of 2 CLOUD (6 hypervisors, 6TB memory)
  • 1 days: installation of the 2 CLOUD
  • .5 day: stability check
ACTION RESULT OK/NOK
Disable all nodes minus one. (maintenance mode) All resources started whitout disruption
Activate all nodes.Power off all nodes minus one, different from the previous test. All resources started
Power off simultaneous all nodesPower on simultaneous all nodes All resources started on all nodes
  • 1.5 days: CLOUD automation study
  • 1.5 days: 6 templates (2 CLOUD, 2 OS, 8 environments, 2 versions)
  • 1 day: migration diagram

Diagram-migration-ORACLE-KVM-v2.drawio.png

  • 1.5 days: process stabilization
  • 1.5 days: CLOUD benchmark vs old INFRA
  • .5 days: calibration of unavailability time per unit migration
  • 5 minutes (effective load): 82 VM (env, os, application_code, 2 IP)
Total = 15 man-days

How to improve your application in the cloud

WebModelDiagram.drawio.png

  • Formalize your infrastructure as much as possible for more flexibility, low complexity and less technology lock.
  • Use a name server able to handle the position of your customers like GDNS.
  • Use a minimal instance and use a network balancer like LVS. Monitor the global load of your instances and add/delete dynamically as needed.
  • Or, many providers have dynamic computing services. Compare the prices. But take care about the technology lock.
  • Use a very efficient TLS decoder like the ATS decoder without blocking.
  • Use very fast http cache like VARNISH.
  • Use a big cache for big files like ATS.
  • ...
  • Use serverless service for standard runtimes like Java, Python and PHP. But beware of certain incompatibilities and a lack of consistency over time.
  • ...
  • Each time you need dynamic computing power think about load balancing or native service from the providers (caution about providers services!)
  • ...
  • Try to use open source STACKs as much as possible
  • ...
  • Use cache for your databases like MEMCACHED

CLOUD vs HW

Function KUBERNETES OPENSTACK AWS Bare-metal HPC CRM OVIRT
DEPLOY HELM/ANSIBLE/SH HELM/ANSIBLE/SH TERRAFORM/CLOUDFOUNDATION ANSIBLE/SH XCAT/CLUSH ANSIBLE/SH ANSIBLE/PYTHON/SH
BOOTSTRAP API/CLI PXE/API/CLI API/CLI PXE/IPMI PXE/IPMI PXE/IPMI PXE/API
Router API/CLI (kube-router) API/CLI (router/subnet) API/CLI (Route table/subnet) LINUX/OVS/external XCAT/external LINUX/external API
Firewall INGRESS/EGRESS/ISTIO API/CLI (Security groups) API/CLI (Security group) LINUX (NFT) LINUX (NFT) LINUX (NFT) API
Vlan DANM API/CLI (VPC) API/CLI (VPC) OVS/LINUX/external XCAT/external LINUX/external API
Name server coredns dns-nameserver Amazon Route 53 GDNS XCAT LINUX/external API/external
Load balancer kube-proxy/LVS(IPVS) LVS Network Load Balancer LVS SLURM Ldirectord
Storage many SWIFT/CINDER/NOVA S3/EFS/FSX/EBS OPENSTACK SWIFT/XFS/EXT4/RAID10 GPFS SAN NFS/SAN

CLOUD REF

CLOUD REF

aws-azure-gcp service comparison

Top Infrastructure model

IT salaries

Recent attacks ;)

attack map : Virtual position from people trying to attack my CLOUD.

  • 95^16÷150÷24÷365 > 1000×10^22 is the total number of years of brute force attempts required (95 possibilities per char, minimum 16 chars, 150 attempts per hour, assuming I never change the password  !)
  • 2022-03-14 By analyzing the statistics of the latest attacks, we can say that there is almost only one person trying from multiple locations.