Ads 468x60px

15 de enero de 2018

Creating your virtual Data Center

One of my first projects as a system administrator at Ariadnex was for the Government of Extremadura where I managed virtual machines, datastores and virtual networks into virtual data centers. Therefore, I learnt a lot about virtual infrastructures under XenServer and VMware. However, today, virtual data centers are moving from on-premise to the cloud, either Public Cloud, Private Cloud or Hybrid Cloud, where you can even pay-as-you-go (PAYG). For instance, we can deploy our data center into the major cloud providers such as Microsoft Azure, Google Cloud Platform or Amazon Cloud “easily” and pay as we use.

Lately, I’m reading, learning and working with AWS Cloud where I’ve created a virtual data center with firewalls, Elastic Load Balancer, WAF, EC2 instances, etc and there are a lot of things to take into account to deploy a virtual data center into Amazon Cloud. For instance, VLAN and ARP protocols don’t exist into AWS Cloud. Instead, VPC (Virtual Private Cloud) is used to isolate traffic, where we can create subnets into Availability Zones. What’s more, /24 subnets have 251 addresses available, instead of 254 addresses, because AWS needs three IP addresses for internal routing.

Choosing IP address ranges for your subnets

Routing is another mess into AWS, if we are used to traditional routing. VPC comes with a default route table but we can assign different route tables to different subnets, which contain rules for which packets go where. In addition, there are Internet Gateways where packets are sent if we want them to reach the Internet. On the other hand, we can deploy NAT instances in a public VPC subnet to enable outbound Internet traffic from instances in a private subnet. By default, private VPC subnets are routable internally while public subnets reach Internet through an Internet Gateway.

NAT access to Internet

Security is important too when we are creating a virtual data center. There are two kind of firewalls into AWS. The deprecated one, which is a stateless firewall, where we can create Network ACLs to allow or deny ports and IP addresses. On the other hand, the traditional one, which is a stateful firewall, where we can create Security Groups to allow or deny traffic to instances. For example, the Security Group “MyWebServers” to allow all traffic from the Internet, and the Security Group “MyBackends” to allow only traffic from “MyWebServers”. Moreover, dedicated cloud firewall AMI can be deployed from AWS Marketplace like FortiGate, Palo Alto and CheckPoint which offer many additional and important security functions, like IDS/IPS.

Security Groups = Stateful Firewall

Each organization will have their own requirements thus we’ll have to design the virtual data center accordingly. For instance, if we have several VPCs and we want to exchange information between them, we should configure VPC peering, or if we have to connect our on-premise data center to AWS, we can use Virtual Private Networks (VPN), AWS Direct Connect or both. Router 53 is another AWS Service interesting for DNS resolution, and VPC Flow Logs are useful for visibility and troubleshooting. As you can see, there are many infrastructure services into AWS and we’ll have to choose the right services to deploy a reliable and cost-effective virtual data center.

AWS Direct Connect
I think, this is just the beginning of the real cloud computing, where you deploy services around the world and you pay-as-you-go. They, I mean Amazon, Google and Microsoft, are changing the paradigm of systems, networks and storage, and we should pay attention of this amazing world.

What do you think about the future of Cloud Computing?

7 de enero de 2018

Video Selfie in French language

One of my wishes for this year is to improve my French language skills because I’ve already passed A1 level of French language and I want to apply for A2 level this year. Speaking Spanglish and Frañol is already a fact for me, I can do it, but when we have to speak a non-native language in a meeting, webex or conference is a must to speak properly because if we say “Relaxing cup of café con leche”, maybe, someone are going to laugh too much. Therefore, do you need languages? Are you happy studying languages? Because, although it’s a challenge, it’s also rewarding when you realise you can speak with someone in other language.

From time to time, my friends ask me why I studied English language and why I’m now studying French language. Actually, there are a lot of reasons but I always tell the tipping point was 10 years ago when I went to England for learning English language with a government grant and my wallet was stolen in London. I didn’t have passport, I didn’t have my ID, I didn’t know to speak English language, I didn’t know how to return to Spain without my identification. My plane took off the next day. I didn’t know what to do. It was my first trip abroad. I was nervous. At the end, a Spanish boy helped me to go to the police station to request a compliant. They allowed me to return to Spain the next day.

Two years later, I finished my studies at University and I started working as IT engineer at Ariadnex where I realised most technologies were made in EEUU thus technical guides were written in English language. Nobody told me about the importance of English language when I was at University. I remember the first weeks working as IT engineer, I had to read technical guides of load balancers. I didn’t understand anything. Therefore, I had to start learning English language at Official School of Languages.

However, today, I’m no longer studying English language but French language. Why? First, because I studied French language at high school, second, because French language is one of the main languages, along with English and German languages, into the European Commission. Indeed, there are lots of European Institutions in France and Belgium.

In fact, you can watch my last speech for the Official School of Languages. I have to improve. I know. This is my second year learning French language but I think it’s no bad.

Bonjour, je suis ici pour parler du Temple de Diane. Il est au core de la ville de Merida, à côte de la célèbre rue commerçante Santa Eulalia, qui est seulement une minute à pied d'ici. Le Temple de Diane est de l’époque de l'empereur Auguste du premier siècle. C'est une constructions religieuses qu'il est aujourd'hui connu pour son invocation à Diane, déesse de la chasse dans la mythologie romaine. Il s'agit d'un édifice en bon état de conservation, de plan rectangulaire avec six colonnes. On peut voir sa façade ici. J'aime beaucoup venir en été pour s'asseoir ici avec ma copine où on mange une crème glacée et on boit des bières. Enfin, on peut remarquer que le temple est un beau et joli lieu où on a prendre une photo. Au revoir.

Do you want to learn languages? Why are you learning languages?

1 de enero de 2018

My wishes!!

Today is the first day of the new year 2018, it’s time to write our wishes, it’s time to make a plan for the new year. I wrote I wanted the three kings brought me an AS for 2016 and I got it because Ariadnex manages the Autonomous Systems where Ariolo Cloud is hosted. I also wrote I didn’t want more toys for 2017 but procedures, methodologies, methods and security policies and it seems some companies have realised they need information security specialist to protect their services instead of spending their money in more appliances. Therefore, I’m going to write about my wishes for this new year, which perhaps are a little bit ambitious but I have to try.

This year is going to be my fourth year with the CISA certification and my third year with the CISM certification thus I need to keep learning about Information Security to be updated and to maintain these certifications through CPEs (Continuing Professional Education). As a result, I need to attend webinars and conferences, I need to deliver training courses, I need to keep studying. The Importance of Security at CUM was my unique speech last year but Security Courses on Networks and Systems, and the Ethical Hacking Course were enough to get my annually CPEs. Therefore, I would like to maintain these certifications delivering security courses again.

When I was at high school, I failed English exams from time to time, today, I’m writing in English language and I’m also able to speak in English. When I was at high school, I learnt a little bit of French language, today, I’m learning French at Official School of Languages and I passed A1 level of French last year. Learning a new language is time-consuming but it’s rewarding, thus, this is another wish for 2018, I want to pass A2 level of French.

I think security engineers have a lot of work to do into Industrial Control Systems (ICS) because most ICS are outdated, they were designed without taking into account the security, and they are increasingly connected to networks. In addition, the last malwares designed to attack ICS, like Stuxnet, Havex, Blackenergy2, CrashOverride, and now TRITON, are powerful malwares which can cause damage to the society. Therefore, I would like to go deeper into ICS to protect Critical Infrastructure Systems for this new year 2018.

I would like to learn a lot of thing but I want to learn further about Ethical Hacking. In fact, I would like to apply for OSCP certification. We’ll see. On the other hand, my CCNP certification expires next year, 2019, thus I don’t know yet if I’m going to start studying for another certification like CCNP Data Center because I would like to know how Nexus switches work. We’ll also see. Security and networking into a cloud computing environment is challenging thus I would like to learn how to deploy Web Apps safer into a cloud computing infrastructure like AWS Cloud. Once again, we’ll also see.

To sum up, CISA and CISM certification maintenance, studying French language, working with ICS and Critical Infrastructure Systems, and studying ethical hacking, networking and cloud computing. Maybe, I’m a little bit ambitious but I have 365 days to get it.

Do you want to tell us your wishes?
Related Posts Plugin for WordPress, Blogger...

Entradas populares