Archive

Posts Tagged ‘security’

A Little Known Security Feature in vCenter: Certificate Based Authentication

May 18th, 2015 No comments

Although we are all familiar with the username and password based login to the VMware vSphere, it’s also possible to login into vSphere with just certificates. If you are a third party vendor, either IHV (independent hardware vendor) or ISV (independent software vendor), the certificate based login is actually a better and preferred alternative to the one using username and password.

Let me explain why it’s the case, and how it can be done painlessly.

Nginx with PAM Authentication

January 7th, 2014 6 comments

As I introduced in last article, Nginx is a lightweight Web and reversed proxy server that is gaining momentum. If you have URLs to be accessed only by authenticated users, you can have many options. In this article, I just introduce a very easy way for the Nginx to leverage the PAM (Pluggable Authentication Module) for user authentication. We will use OS user for authentication (there are many more methods supported by PAM). If you have a valid user with the Linux on which Nginx runs, your request will pass through; otherwise, it would be blocked.

Categories: Applications & Tools Tags: , , ,

What Roles Does A User Have in vSphere?

November 30th, 2011 8 comments

If you have read my previous article on vSphere security model, you know how it works. Still, you may wonder what roles a particular user may have, as asked in a recent email from one of my former VMware colleagues.

In an operating system, a user is assigned to a group or multiple groups therefore granted a certain permissions. In vSphere, a role is simply a set of privileges and that is it. It’s natural to think of a role as a group sometimes, but it’s really not.

Categories: vSphere API Tags: ,

Tech Talk: Secure Multi Tenancy In the Cloud

May 26th, 2011 No comments

This is by Boris Strongin, VP Engineering and Co-founder, Hytrust Inc at our first community meetup on May 18. He reviews new security, auditing, and compliance challenges coming with cloud multi-tenancy, and approaches to address them.

Check out these slides for his insights:

Tech Talk: Automating Security in Dynamic Virtual Environments

May 26th, 2011 No comments

This is the tech talk by Elsa Bignoli, who is now a Software Engineer at Altor Networks (part of Juniper now). Elsa is one of the contributors to our open source vSphere (VI) Java API.

Check out her presentation slides below:

Introducing VMware vShield REST API

February 22nd, 2011 6 comments

One of my colleagues asked me about vShield API and pointed me to the vShield API Programming Guide. I have of course heard about the vShield many times, but haven’t tried it out, let alone its API. But that doesn’t mean I cannot read it on demand. In fact, such questions motivate me to learn more beyond vSphere API. So keep your questions coming if you have one.

Here is what I found out after reading the programming guide. I have to admit I haven’t written any code connecting to a vShield test-bed, so I just share some basics of the API. Overall I found it’s similar to the vCloud API that I had worked with before in format and protocol.

Somehow the API does not, but I think should,

How to Enable or Disable Copy and Paste to Remote VM Console?

February 14th, 2011 No comments

In my previous post, I introduced how to change a virtual machine’s vmx file programmatically and promised to post a full sample in my presentation at VMware Parter Exchange 2011. Now that the conference is over, it’s time to post it.

The sample is based on guideline VMX03 in vSphere security hardening guide: disable copy/paste to remote console. To me, allowing copy and paste to remote console like vSphere Client is a nice feature which can save you a lot of time. When security is a concern, however, you may want to disable it.

I will not discuss when you should disable/enable it because it really depends on your requirements. In most cases, security and convenience contradict with each other. I leave it for you to decide the right balance, but show you how you can check the setting and change it here.

Like most samples I write,

Securing Your Applications with Apache Shiro

June 2nd, 2010 No comments

Security is a very important aspect of application development. Tonight I learned a new security framework called Apache Shiro, the successor to the JSecurity project.

It’s a great talk given by the founder and lead of the project, Les Hazlewood, who relocated to Bay area not long ago for starting his company katasoft. The presentation ran over for one hour but still got most people seated.

Building Trusted Datacenters in the Cloud

March 6th, 2010 No comments

RSA just had its annual conference at San Francisco this past week. Intel, VMware and RSA demoed how to build up layers of trust in data centers in the conference.

A New Member Joined vCloud Initiative For Cloud Computing

February 20th, 2010 No comments

newScale recently announced it would support VMware vCloud API in a press release.

San Mateo, Calif. February 17, 2010 – newScale®, Inc., pioneers of the self-service IT storefront for the enterprise, today announced it will support the VMware vCloud API, a key component of the VMware vCloud initiative. Enterprises and service providers integrating with the VMware vCloud API can now use the newScale FrontOfficeTM Suite to effectively manage and control self-service requests for cloud resources as well as their physical and virtual environments. 

This announcement underscores newScale’s continuing commitment to supporting multi-vendor, cross-platform data center and cloud infrastructures. The newScale FrontOffice Suite –  a complete set of Service Catalog solutions for managing IT services from cradle to grave –  integrates with VMware vSphereTM 4 and VMware vCenterTM Server. newScale is also a member of the VMware Technology Alliance Partner (TAP) program. By leveraging the VMware vCloud API, newScale demonstrates its ongoing support for a wide range of virtualization and cloud infrastructures, giving newScale customers maximum flexibility, efficiency, and agility in their data center deployments.

Learning Spring Faces, Security, Testing and Grail

February 19th, 2010 No comments

Done with the four day training, finally! It’s pretty exhausting given that I had to get up two hours earlier to match the Central time schedule.

Spring Faces

I talked about JavaScript and AJAX two days ago. They are all good to some extent, but seemingly disconnected from the server. You have to think and manage the Web app as two pieces, bad for the productivity.

JavaServer Faces (JSF) technology was created to solve this problem. It a server-side framework, which provides GUI components, manages their states from the server side, handles events, and etc. You can then develop a web app more like the standalone application in some sense. Because JSF manages the state from the server side, it uses more resources and less performant than it’s JS/AJAX equivalent.

Spring Faces is not a replacement for JSF, but complements in the “Spring” way. It facilitates deeper JSF and Web Flow integration, manages JSF components’ states, and provides more lightweight JSF components. Therefore, you can get leaner web application than using pure JSF.

Debugging

Several tools can be handy for your debugging: