Piszki Lab | EN

My case study in the clouds…

2017/09/18
by Piotr Pisz
0 comments

Trend Micro Deep Security – SSL Traffic Inspection

About Trend Micro Deep Security on this blog I wrote many times, but I have not mentioned yet one of the features of this solution, ie SSL traffic inspection. According to recent Google statistics, more than 70% of network traffic is already encrypted. This means that all IDS/IPS/WAF solutions that can not sniff SSL traffic and inspect it are immune to attacks! For Deep Security, we have the ability to enable SSL inspection at the Intrusion Prevention module level. Of course, we will not achieve such efficiency and effectiveness as in the case of BIG-IP F5 , but we will clearly increase the level of security of the protected services.

pobrane

Continue Reading →

2017/09/04
by Piotr Pisz
0 comments

vSphere Integrated Containers 1.1.1 – create base image and push it into Harbor (and run container with persistent volume)

For how to install and configure vSphere Integrated Containers I recently wrote here. Today we will create our own base docker image (with CentOS 7 system) with any application, and load it into the registry (image repository) on Harbor. In addition, we will create a persistent volume that will connect to our new container. The topic of VIC is quite new, so there is not much information on the Internet related to it, this article was created as an attempt to systematize the knowledge associated with it.

doc8

Continue Reading →

2017/09/04
by Piotr Pisz
1 Comment

vSphere Integrated Containers 1.1.1 – Installation and configuration

VMware has long been unable to react to the Docker revolution. Ultimately, it was decided that no changes had been made to ESXi so that the containers would not run directly in the ESXi kernel. VMware went the other way, interesting enough to look at it. Their own interpretation of the containerization is based on the PhotonOS project (CentOS-based ultra-light Linux system) and is called vSphere Integrated Containers. In this solution, VMware allows you to run a single container as an ultralight virtual machine. Sounds like a denial of the Docker idea? No, its development, with this approach, Docker host  is a whole vSphere environment, not a single Linux machine. From the viewpoint of the vSphere Administrator, machines with running dockers are the same problems, they are large, loaded, it is not known what is running on them. Using VMware’s approach, it is much easier to manage containers in a vSphere environment. In this article, I will show you how to install VIC, how to start VCH docker host, and how to use Admiral and Harbor.

vic1

Continue Reading →

2017/03/13
by Piotr Pisz
0 comments

Trend Micro Deep Security 10 – What’s new?

On this blog many times I wrote about Trend Micro Deep Security, I believe this product to be one of the most interesting on the market. Deep Security provides a comprehensive protection to VMware vSphere. Here we have agents and agentless anti-virus protection, HIDS, IPS, inspection logs, and the newly introduced, application control. Trend Micro develops its product in a sustainable manner, new versions appear not too often but quite regularly. In this post I will try to describe briefly what’s new in Trend Micro Deep Security 10.

deep2

Continue Reading →

2017/01/18
by Piotr Pisz
0 comments

My Lab network design with DD-WRT and Cisco SG300-10

Building at home test environment often start with a very basic configuration. A small computer, NAS and router from your ISP are perfectly adequate. From the time when knowledge and skills grow, so are the demands that we make against the environment also grow. As we know, have fun with virtualization sooner or later will lead us to the point where we find that several tagged VLAN that is what we would like to have. In this post I will present what I had initial configuration and how it expanded with the behavior of existing functionality. The idea of what I guided mainly to get rid of the ISP router as the primary device on the network, and the introduction of tagged network (VLAN X) with maintaining existing non tagged network (VLAN 1). Described configuration applies to specific hardware, but it can be successfully used with the equipment of other suppliers (eg. TP-Link + Netgear).

C50-2008-call02-ro

Continue Reading →

2016/11/10
by Piotr Pisz
0 comments

VMware vSAN at home and crossflashing Dell Perc H200

I will not conceal that this is my second attempt to vSAN at home Lab. The first ended in total failure which can be summarized by the word “too short queue depth.” The second approach is more solidly prepared and technology in the meantime changed. Instead the first version of vSAN now we have vSAN 6.2 that has been heavily redesigned in terms of performance and generated load on the device. In the meantime born faster SSDs based on 3D-NAND and a little easier on the controller with appropriately long queue commands (queue depth). In my Lab I have only one server (for now), I decided to build vSAN based on Dell PERC H200 controller, disk Samsung Evo 840 120GB and HGST 7K1000 disk. Controller H200 is the cheapest controller that can be bought on the open market (Ebay), even though it was out of the VMware vSAN HCL is still well suited to this task (queue depth a length of 600, current recommendation is not less than 256 and preferably 1000 or higher). Disk Samsung 840 Evo does not have to represent, class of its own, I bought a 120GB (recommendation is 10% SSD in the total pool, but it depends on how much we have hot data). HGST drives K71000 is a quick drives to laptops with 32MB cache (I have a two and perfectly suited as a local datastore in ESXi), are quiet and do not heat up too much. It remains to answer the question: why? Of course, in order to improve performance as shown below!

vsan2

Continue Reading →