Monthly Archives: January 2014

MultiSSH: Productivity Multiplier for Managing Multiple Servers like ESXi

As I develop software, I rarely need to manage several servers using SSH at same time. If I do, I just manually connect to each server and type same commands over and over. Of course, it takes much time for the repeated work. More importantly, it’s very hard to repeat the steps consistently across multiple servers especially when there are more than 4 servers.

Posted in Applications & Tools | Tagged | 2 Responses

User Authentication with Thrift Service: Comparing Different Approaches

We’ve covered Apache Thrift in last few articles from simple HelloWorld sample, Python Thrift client, to the securing Thrift traffic. Here I am going to discuss more on user authentication, which is a must for protecting the services and user authorization. This is in general a weakness of Thrift, but could be solved with different approaches. Having said that, if you have chosen Thrift, you probably build internal system where user access control is not important.

Posted in Uncategorized | Leave a comment

Securing Thrift Traffic: Uncommon But Important Use Case

Thrift is mostly used for distributed systems which run mostly in house. There is no strong demand for securing the traffic on the wire. There are however use cases in which the Thrift services are exposed as a public service. In these use cases, the Thrift traffic should be secured with SSL/TLS. It comes with a price which more work on client and server on encryption and decryption. This is not a big deal for light load server, but for heavy load server it could be a problem. It can be mitigated with hardware acceleration on load balance servers between which and the client can be SSL, but not after that to the Thrift server.

Posted in Software Development | Tagged , | Leave a comment

Thrift Client in Python: Hello World Sample

As mentioned in my last post, Thrift is a cross-language and cross platform RPC framework. We’ve seen how a Java based Thrift server and client work there. Let’s take a look how to write a quick python script that connects to the Java Thrift server. It’s all possibe to write a Python based Thrift server, but probably not what most people want to do due to performance and scalability.

Posted in Software Development | Tagged , , | Leave a comment

Apache Thrift Hello World Sample

Thrift is one of the RPC frameworks that are widely used nowadays. It’s originally developed at Facebook and then open sourced under Apache Foundataion. It’s supported by major programming or scripting languages like Java, C++, Python, Ruby, etc. The typical use case is for building distributed systems, mostly in house.

Posted in Applications & Tools | Tagged , | 2 Responses

Tomcat Behind Proxy: How to Block Direct Access

As discussed in my last post, after installing and configuring Nginx as the reversed proxy server for Tomcat, it’s necessary to block remote access to the original port served by Tomcat. To achieve this, iptables should be a good solution. Simpler solution is to change one line in the Tomcat server configuration file so that Tomcat accepts only requests from local host.

With Tomcat 7 on Ubuntu, the configuration file is /var/lib/tomcat7/conf/server.xml. Just add address=”″ into the related Connector section as follows:

Posted in Applications & Tools | Tagged , , | Leave a comment

Linux Firewall with iptables Command

After proxying a service with Nginx, it’s always a good idea to block the service from direct remote access. For example, you have a tomcat server running on port 8080, and you’ve configured Nginx to proxy requests from port 80 to port 8080. The port 8080 should then be blocked from any host except localhost.

To do this on Linux, one of the ways is to just install iptables. On Ubuntu, issue the following commands to install and add rules:

Posted in Applications & Tools | Tagged , , | 1 Response

Announcing vijavaNG: Much Lighter and Faster with Commercial License and Support

Since I left VCE four months ago, I have been working intensively on a commercial version of the open source vijava API supporting all versions of vSphere APIs (5.5 is the latest). If you have used the open source API, you know the vijava is much faster than other alternatives. Since its debut, it has been used in many commercial products from companies like Cisco, EMC, HP, etc.

Posted in Software Development, vSphere API | Tagged , | 17 Responses

Nginx with PAM Authentication

As I introduced in last article, Nginx is a lightweight Web and reversed proxy server that is gaining momentum. If you have URLs to be accessed only by authenticated users, you can have many options. In this article, I just introduce a very easy way for the Nginx to leverage the PAM (Pluggable Authentication Module) for user authentication. We will use OS user for authentication (there are many more methods supported by PAM). If you have a valid user with the Linux on which Nginx runs, your request will pass through; otherwise, it would be blocked.

Posted in Applications & Tools | Tagged , , , | 7 Responses

Configuring Nginx as Reversed Proxy Server for HTTPS

Nginx (pronounced as ‘engine x’) is a light-weight HTTP/reverse proxy/mail proxy server written by Igor Sysoe. It is flexible, lightweight compared, and high-performant with Apache. The official nginx site is here. The beginner guide is a very good starting point. The following is based on my hands-on experience with Nginx. If you have similar requirement, you can copy over the scripts and configuration for your environment.

Installing and running Nginx

Posted in Applications & Tools | Tagged , , | 2 Responses

Three Ways to Get Certificate and Thumbprint from ESXi

Happy New Year 2014!

When adding a new ESXi host to vCenter server via vSphere API, you can supply the certificate thumbprint of the ESXi server expected to have. Before calling the vSphere API, you can get the thumbprint directly or indirectly from the ESXi server to be added. Here are three different ways to do that. The first two approaches retrieve SSL certificate with which you can generate thumbprint.

Posted in Uncategorized | Tagged , | 2 Responses

    My company has created products like vSearch ("Super vCenter"), vijavaNG APIs, EAM APIs, ICE tool. We also help clients with virtualization and cloud computing on customized development, training. Should you, or someone you know, need these products and services, please feel free to contact me: steve __AT__

    Me: Steve Jin, VMware vExpert who authored the VMware VI and vSphere SDK by Prentice Hall, and created the de factor open source vSphere Java API while working at VMware engineering. Companies like Cisco, EMC, NetApp, HP, Dell, VMware, are among the users of the API and other tools I developed for their products, internal IT orchestration, and test automation.