All Posts in “vDM30in30”

Making decisions about traveling for work

When so much time is spent on the road you learn that the time at home needs to matter that much more. You realize that weekends on the couch aren’t going to cut it, and you have to invest time in date nights or fun activities with the kids. This can be exhausting. Believe me, I get it, after a week traveling to 4 cities in 5 days and eating out every night the last thing you want to do is go out to dinner. Your own bed and favorite chair are like nirvana to you. But you have to get up and get going.

It’s funny I have traveled for the past 6 years of my career, there are those that have done it much longer, and are closer to 90% than just 60% that I am at. This of course is a personal matter. I realized that I could have a job in an ops center, 10 mins from my house. I could operate and manage a 50 – 100 host environment with maybe a 1000 vms. But even the thought of that bores me to tears. Not that there is anything wrong with that sort of role, and they are definitely necessary they just aren’t for me. So I travel, that’s my call, and one that the wife and I have discussed and fought about. She knows that if I were stuck in a cube now I would be miserable and that would effect things at home. She doesn’t love that I am gone but she understands the place that my career has in my life and definition of self.

I guess the reason I am writing this is because I have seen friends struggle with making this decision. They want to travel less, or be home more, some of my best friends refuse to leave the datacenters we used to work in together because they prefer to be home every night. To each their own.

If you decide that travel is for you, here are a couple of “Pro-Tips”.

  • Get a solid bag for your laptop or primary device, I love my Ogio side load backpack, I have had it for 7 years and it’s held up well.
  • Get Global Entry – seriously people who travel and don’t have this need to be smacked, and you get TSA Pre-Check for free as part of it
  • Sign up for travel reward programs,
    • Hotel points accrue faster than anything else use these for weekend trips with your family.
    • Airline miles vary by airline.
    • American\United\JetBlue\Delta tend to be more slanted towards personal upgrades and comfort,
    • while Southwest you can earn companion passes faster.
    • Flights cost bookoo points so don’t expect that to add up quickly
    • Rental Car points add up don’t forget about them they can help you with family trips with free days
  • Organize, organize, organize did I say organize? Get a Grid-IT, make sure you have extra battery power, spare charging cables, and any adapters\dongles you need for your devices
  • Get and carry at least 2 pairs of headphones, flights aren’t fun they are worse with screaming babies
  • Get Social – no one likes to eat dinner alone, get on twitter\facebook\linkedin let folks know you are in town see if anyone wants to grab dinner or a drink. You will be surprised sometimes strangers turn out to be friends
  • Sleep – you will quickly learn that hotel sleeping isn’t awesome most of the time. I use a white noise machine on my phone, melatonin helps too. You will also figure out how to sleep on planes and whenever you get a chance. Travel is exhausting remember so sleep when you can.
  • In flight wifi – I love it but honestly it can screw with #7. I find that it depends on the trip, if I have had no time to catch up on other work I will connect on my flight and see what I can get done. Then there are times where I work 15-20 hr days and I hit the flight and think it can all wait.
  • Receipts – ok so every company is different my approach is I keep physicals after I submit them into the expenses system just in case. CYA
  • Expense reports – the bane of most travelers existence all I can say is do them as close to the date of travel as you can. It helps to get them done earlier rather than later.
  • Meals – I suck at this, but try to eat healthy when on the road. The opportunity to go out and eat bad for you is always available. But if you are on the road enough that will end up being your only option. Eat fruits and vegetables, mix in a salad every now and again. You gotta take care of yourself.
  • Luggage – get something durable it will get beat to hell, also make sure it’s carry on approved. It’s a rookie move to check luggage for short trips (ie 1 week or less). I have an awesome bag from Genius Pack now that has an integrated suiter.
  • Two kinds of ID – this is a new one for me but I now carry my license and my passport even for domestic travel. Just in case

That’s about all I can think of, am I missing something? What do you travel pro’s do?

 

NSX and Securing Multi-tenancy Policy

Discussing security and multi-tenant cloud environments both public and private consumes so much of my time. This time though let’s get into how micro-segmentation and the coolness that is VMware’s NSX. At least it’s a different angle so I don’t get bored writing about it J.

From an Operations perspective I want my environment to be as simple as possible, and consistently deployed. As I add tenants to my infrastructure this becomes even more imperative, right? Think about it this way if you are a car mechanic you can be a mechanic at a dealership and see similar vehicles all day let’s say Audi for example. Or you can work at a boutique shop and see every kind of vehicle. The benefit of the dealership is they can roll through more cars per day on average than a boutique shop because all of the cars are roughly the same lay out and use the same size nuts and bolts etc. Essentially the mechanic has the blueprints for the cars they are servicing.

In Operations if we have the same management stack across everything we have the blueprint and it’s simple. Enter the security team …

In security simple is also important, BUT, we also need to have gates and gate keepers. In a multi-tenant environment regardless of the M&O be it vRA or XStream we need to ensure that one tenant’s data can not corrupt another’s. Equally important we have to make sure that if\when a tenant is compromised (get your head out of the gutter) that compromise doesn’t trickle to my core infrastructure or to other tenants.

“Obvi Mike!”

Yeah I get it but that’s not as obvious to everyone, because think about what this means. First it means you need separate attack surfaces. In VMware terms this means two vCenters, one to manage the core infrastructure and another to manage the tenant infrastructure. This ensures that in the event that you get attacked and your tenants get PWND you still have a layer between the tenants and the core infrastructure that manages it all. It also means you have a stretched network for management. This creates a vulnerability in and of itself because it stretches across the core infrastructure and tenant architectures. However, we do not provide access to this management network from tenants directly rather we create jump servers or dual homed transitional boxes.

In NSX terms: We have controllers spanned across the environment, each tenant has it’s own NSX Edge and it’s own set of VXLANs. The Management network is linked off of whatever the M&O service is and provides visibility into the tenant for management but does not allow tenant traffic to jump across to other tenants. This is done by creating a distributed Firewall with ACLs for specific traffic on one of the M&O VM’s vNICs. It would be possible to also NAT this traffic across the Edge Gateway from tenant to management for the necessary monitoring and orchestration traffic.

If that all sounds good, then your next question is how does this work? Rather than reinventing the wheel I would recommend you read Matt Berry & Anthony Burke’s post on zero trust solution architecture with NSX. I think it best captures the right way to segment environments for security.

What do you think? Is this a little to security crazy or is this the way you would architect your multi-tenant environments?

DevOps more than a buzzword

DevOps isn’t just a buzz word. Ok it’s a little buzz wordy, DevOpsCatbut the movement is real and Enterprises need to look at it. That’s a bit of a stretch many enterprises are looking at DevOps already. It’s a part of a strategy which is key, you have to have a strategy to be successful otherwise it’s just dumb luck and guessing. Those will only take you so far.

Enterprises need to avoid lock-in, that means having multiple concurrent solutions, with contingencies. A VMware strategy, an OpenStack strategy, a PaaS and an IaaS, various public clouds, etc; all of that is necessary as businesses grow and expand. Beyond the infrastructure or cloud play there is a need to determine how application development should be performed, waterfall and agile approaches are each needed depending on the application you are trying to deliver.

Yet, there are more than just technical drivers for incorporating DevOps into your environment. From a business perspective, DevOps have proven to provide faster time to market, higher new customer capture, larger revenue gains, and better user adoption. These are key metrics to make the C levels happy and to help drive IT as a critical cog in the gears of the business.

So while as engineers we too often hear buzzwords bounce around conference rooms, social networks, and corporate emails, take the time to look into DevOps. It’s worth your time, even if it doesn’t apply to every project you are working on.