Tips And Tricks Posts

September 19, 2016

Speed up your WordPress with SoftLayer

WordPress is one of the most popular content management systems available—lots of websites and blogs use it. But one of its biggest problems is speed. As users install plugins and add blog content, site speed decreases over time. There are many factors contributing to this, from PHP execution time, database load, CPU load, memory, and of course, website traffic. This, in turn, can lead to revenue loss, traffic bounce, and decreased conversions and click-throughs.

To combat these issues, the team at Prime Strategy created the Kusanagi Ready Project. Kusanagi is a compilation of images of server-side configurations that sets up the perfect environment for any WordPress installation. The images come with an easy-to-setup GUI that allows users to select multiple configurations, carefully prescreened for an optimized WordPress experience. The customized image not only benefits WordPress installations but your general site as well. You can select between Nginx or Apache. You can take advantage of PHP5, PHP7, or Facebook's ultra-fast HHVM PHP handlers and optionally add APCu or OPCache.

If that sounds interesting, you'll be excited to learn that the team at Prime Strategy compiled this on the latest centOS, centOS 7! Some of the few reasons why you'd want to try out Kusanagi include increased caching, optimized PHP handlers, and custom configurations for both Apache and Nginx, offering a stable OS with long-term support.

In tests conducted by the Kusanagi team using the ab benchmark, the optimized WordPress loaded an impressive 1,000 percent faster than a regular installation. Now that is performance! What's even better is that SoftLayer now offers Kusanagi images for our customers to order servers from. You can choose between monthly or hourly virtual servers and have blazing fast servers without wasting too much time at your fingertips.

The steps to deploy Kusanagi through SoftLayer can be found here.

 

-Stanley

Categories: 
August 29, 2016

Setting Up OpenVPN on a SoftLayer Vyatta Device

The following is a step-by-step guide on how to utilize your SoftLayer Vyatta gateway device as your own personal VPN to access any server behind the Vyatta device with even more freedom than the SoftLayer VPN. In the following example, we will be using the built-in OpenVPN daemon that comes installed with Vyatta. This means you can upload large files to your servers that are behind the Vyatta device using the speed of your public interface, rather than trying to depend on the SoftLayer VPN’s speeds—which are throttled for management, not file transfer. You will also have more control over how your VPN behaves, which subnets your users can access, how you manage your VMware environment, and more.

What we will review in the following guide, however, are just the basics. This will give you a basic level VPN working in client/server mode and using SSL keys as authentication rather than passwords.

What you will need for this guide

  • 1 Vyatta gateway device
  • 1 Windows 7/8/10 computer or 1 Apple device running OS X 10.10+
  • 1 portable private/28 subnet that is on a VLAN already associated and routed to your Vyatta (the smallest you can order is 16 portable private IPs from the portal)
  • A little patience

OpenVPN Client/Server Implementation

The first thing you’ll need to do is to copy the easy-rsa folder to your /config/.

cp -r /usr/share/easy-rsa/ /config/easy-rsa

Then you’ll need to edit the vars file to personalize your certificates.

nano –w /config/easy-rsa/vars

...

# Increase this to 2048 if you

# are paranoid.  This will slow

# down TLS negotiation performance

# as well as the one-time DH parms

# generation process.

export KEY_SIZE=2048

 

# In how many days should the root CA key expire?

export CA_EXPIRE=3650

 

# In how many days should certificates expire?

export KEY_EXPIRE=3650

export KEY_COUNTRY="US"

export KEY_PROVINCE="TX"

export KEY_CITY="Houston"

export KEY_ORG="IBMCloud "

export KEY_EMAIL="me@us.ibm.com"

Now you’ll need to load your variables from the vars file you just modified.

cd /config/easy-rsa

source ./vars

You’ll want to run the ./clean-all to start fresh in case there is something old lingering around in the directory.

./clean-all

Now build the certificate authority files. (Just press Enter to everything.)

./build-ca

Now build the Diffie-Hellman key exchange.

./build-dh

Now build the key file for the server. (Enter to everything again, enter password if asked, and Y to both questions.)

./build-key-server my-server

Next, you’ll need to copy the certificates and keys into the /config/auth/ folder.

sudo cp /config/easy-rsa/keys/ca.crt /config/auth/

sudo cp /config/easy-rsa/keys/dh2048.pem /config/auth/

sudo cp /config/easy-rsa/keys/my-server.key /config/auth/

sudo cp /config/easy-rsa/keys/my-server.crt /config/auth/

Now you can build the key for the client and distribute it to them. Use the ./build-key to generate a certificate that will connect to the VPN without a password, using an SSL key instead.

./build-key myname

Answer all questions accordingly and be sure to answer YES to sign the certificate and when it asks you to commit.

Now copy the keys and certificates and create a configuration for the client. First, you’ll need to make the directory for the client, though, for easier tracking.

cd /config/easy-rsa/keys

mkdir myname

cp myname* myname/

cp ca.crt myname/

Next, you’ll need to create a client config that you will be using on your local machine later.

nano –w myname/myvpnserver.ovpn

client

proto tcp

remote-cert-tls server

nobind

verb 2

dev tun0

cert myname.crt

key myname.key

ca ca.crt

remote 123.45.67.89 11994

float

From your local computer, you can download the config directory directly from your Vyatta.

scp –r vyatta@123.45.67.89:/config/easy-rsa/keys/myname .

This copies the client directory to the current directory on your local machine, so make sure you are in the directory you want to store the keys in.

Setting up the OpenVPN Server

The server subnet needs to be a different subnet from your LAN; for this example, we are using a portable private/28 (16 IPs on the 10.x.x. network), because it will assign an IP from that subnet to your clients as they login, giving them access to everything behind your Vyatta. You will also notice we are setting the resolvers to the SoftLayer DNS resolvers, as well as a Google DNS resolver. This ensures that your VPN-connected users still have full Internet access, as well as internal access.

You will also see that there is a push-route added for the other private subnets behind the Vyatta device. For this example, we wanted to give the users logged-in access to more than just the subnet from which it is assigning IPs. You will need to adjust the push-route lines to fit your environment, though. 

We will also be assigning a non-standard port of 11994, due to many ISPs blocking port 1194, and changing the protocol to TCP because UDP is also blocked in many places.

set interfaces openvpn vtun0 mode server

set interfaces openvpn vtun0 server subnet 10.134.247.0/28

set interfaces openvpn vtun0 server name-server 8.8.8.8

set interfaces openvpn vtun0 server push-route 10.135.8.0/26

set interfaces openvpn vtun0 server push-route 10.134.198.80/28

set service dns forwarding listen-on vtun0

set interfaces openvpn vtun0 tls cert-file /config/auth/my-server.crt

set interfaces openvpn vtun0 tls key-file /config/auth/my-server.key

set interfaces openvpn vtun0 tls ca-cert-file /config/auth/ca.crt

set interfaces openvpn vtun0 tls dh-file /config/auth/dh2048.pem

set interfaces openvpn vtun0 local-port 11994

set interfaces openvpn vtun0 protocol tcp-passive

Now that the interface is set, we just need to open the firewall for it (note: you will need to adjust for the firewall name that you use so that it applies correctly).

set firewall name wan-local rule 40 action accept

set firewall name wan-local rule 40 destination port openvpn

set firewall name wan-local rule 40 protocol tcp

commit

save

That’s it! Your OpenVPN is set up on the Vyatta device. Now it’s time to install OpenVPN GUI on Windows or Tunnellblick on OS X.

Install either program as directed by the installer, then simply open the .ovpn file you downloaded earlier via scp with that program and it will connect. If you are on OS X, the default firewall will block ping requests from your Vyatta and a few other things. For my personal use, I used Murus Lite and loaded the Murus Predefined Configuration to make it work correctly.  Windows may need the Windows firewall adjusted to allow traffic to pass on TCP 11994 as well.

Congratulations! You now have a working OpenVPN setup connecting you to your SoftLayer environment. You can test it by pinging one of the servers behind your Vyatta on the private network.

If you need to create more than one client key, simply follow these steps.

source ./vars

./build-key newclient

cd /config/easy-rsa/keys

mkdir newclient

cp newclient* newclient/

cp ca.crt newclient/

Then run the same scp command from earlier (but fix the path to the newclient) and you're set!

-Shawn

August 23, 2016

Finally, Reset Your Own Password!

If you’re anything like me, you have more than 25 accounts, personal and business, with different passwords for most or all of them. You’ve probably even forgotten a password to some of them throughout the years. Would you believe that the average number of “password reset” emails per email account is around 37? Yes, 37! And what’s even worse than forgetting your password is having to contact someone to get your password changed. We were guilty of that—but not anymore!

Now at SoftLayer

We’ve implemented the Customer Password Reset Self-Service feature to the customer portal. This gives you even more control over your SoftLayer account.

Start using it today

If you need to reset your portal password, follow the secure, online self-service process. Additional authentication factors are required for portal login to apply the password reset functionality. These additional factors will be explained in instructions included in the password reset email you receive.

Password reset

Please note: In order for master users to reset their passwords, they still need to contact the SoftLayer Revenue Services team for additional account verification. Safety first!

-Christopher

Categories: 
June 27, 2016

Disaster Recovery in the Cloud: Are You Prepared?

While the importance of choosing the right disaster recovery solution and cloud provider cannot be understated, having a disaster recovery runbook is equally important (if not more). I have been involved in multiple conversations where the customer’s primary focus was the implementation of the best-suited disaster recovery technology, but conversation regarding DR runbook was either missing completely or lacked key pieces of information. Today, my focus will be to lay out a frame work for what your DR runbook should look like.

“Eighty percent of businesses affected by a major incident either never re-open or close within 18 months.” (Source: Axa Report)

What is a disaster recovery runbook?

A disaster recovery runbook is a working document that outlines a recovery plan with all the necessary information required for execution of this plan. This document is unique to every organization and can include processes, technical details, personnel information, and other key pieces of information that may not be readily available during a disaster situation.

What should I include in this document?

As previously stated, a runbook is unique to every organization depending on the industry and internal processes, but there is standard information that applies to all organizations and should be included in every runbook. Below is a list of the most important information:

  • Version control and change history of the document.
  • Contacts with titles, phone numbers, email addresses, and job responsibilities.
  • Service provider and vendor list with point of contact, phone numbers, and email addresses.
  • Access Control List: application/system access and physical access to offices/data centers.
  • Updated organization chart.
  • Use case scenarios based on DR testing, i.e., what to do in the event of X, and the chain of events that must take place for recovery.
  • Alert and custom notifications/emails that need to be sent for a failure or DR event.
  • Escalation procedures.
  • Technical details and explanation of the disaster recovery solution (network layouts, traffic flows, systems and application inventory, backup configurations, etc.).
  • Application-based personnel roles and responsibilities.
  • How to revert back and failover/failback procedures.

How to manage and execute the runbook

Processes, applications, systems, and employees can all change on a daily basis. It is essential to update this information in the DR runbook on a regular basis to ensure the accuracy of the document.

All relevant employees should receive DR training and should be well informed of their roles and responsibilities in a DR event. They should be asked to take ownership of certain tasks, which should be well documented in the runbook.

In short, we all hope to avoid a disaster. But when it happens, we must be prepared to tackle it. I hope the information above will be helpful in taking the first step towards preparing a DR runbook. Please feel free to contact me for additional information or guidance.

-Zeb

 

June 23, 2016

Meet the Integrated IBM Cloud Platform: SoftLayer and Bluemix

Did you know that you can complement your SoftLayer infrastructure with IBM Bluemix platform-as-a-service? (Read on—then put these ideas into practice with a special offer at the end.)

When you pair Bluemix with SoftLayer, you can buy, build, access, and manage the production of scalable environments and applications by using the infrastructure and application services together. 

Whether you need insight on the effectiveness of a multimedia campaign, need to process vast amounts of data in real-time, or want to deploy websites and web content for millions of users, you can create a better experience for your customers by combining the power of your SoftLayer infrastructure with Bluemix.

Bluemix solutions and services allow you to:

  • Optimize campaigns in real-time based on customer reaction using Watson Personality Insights and Insights for Twitter.
  • Run scalable analytics using Streaming Analytics to retrieve results in seconds.
  • Improve outcomes with Watson Alchemy API and Retrieve and Rank paired with high performance bare metal servers.
  • Automate hundreds of daily web deployments using SoftLayer and Bluemix APIs.
  • Securely store, analyze, and process big data using Cloudant database service with Apache Spark.

You can see the value of an integrated SoftLayer/Bluemix experience by looking at insights and cognitive, big data and analytics, and web applications.

Insights and Cognitive

Forty-four percent of organizations say customer experience will be the primary way they seek to differentiate from competitors.

The scenario: Marketing organizations and advertising agencies want to release a large, worldwide marketing campaign, complete with embedded ads. With the explosive growth of mobile, social, and video, those ads are often image- and video-intensive. Not only are these enterprises worried about how to run such a high-performing workload where customer data needs to stay in-country, but they have no idea how effective their campaign will be—and whether those receiving it are the users they’re trying to target—until it’s too late.

The solution: A media-rich campaign workload can run on high-performing bare metal servers in SoftLayer data centers. Cognitive services are added to understand in real-time the impact of campaign and target customers, whose personal data is stored in proximity to the user.

  • SoftLayer bare metal servers run media-rich (video, image) campaign workloads.
  • Bluemix’s Insights for Twitter service is used to understand in real-time the impact of the campaign.
  • Watson’s Personality Insights allows you to see, based on 40 calculated attributes, if users viewing ads match the target customers.
  • Globally diverse block storage enables data storage across the world.

Personality portrait

Big Data and Analytics

The value of data decreases over time. On average, it takes two weeks to analyze social data.

The scenario: Customers need to harness vast amounts of data in real-time. The problem is many data streams come too fast to store in a database for later analysis. Further, the analysis needs to be done NOW. From social media, consumer video, and audio, to security cameras, businesses could win or lose by being the first to discover essential patterns from these real-time feeds and act upon them.

The solution:  Customers can use Streaming Analytics and get results in seconds, not hours. Alchemy API and Retrieve and Rank services can improve decisions and outcomes all from bare metal servers with scalable IBM Containers.

•       Streaming Analytics can run scalable analytics solutions and get results in seconds, not hours.

•       Patterns that are found can be stored with the associated stream content in object storage and transferred around the world using CDN to be co-located with their customers.

•       Watson’s Retrieve and Rank service can improve decisions and outcomes.

•       Run services from high-performing, low-latency bare metal servers that can scale as activity swells using IBM Containers.

Hadoop, data warehouse, NOSQL diagram

Web Application

It can take several weeks for a DBMS instance to be provisioned for a new development project, which limits innovation and agility.

The scenario: Customers deploying websites and web content for millions of users need fast infrastructure and services so they can focus on their users, not spend their time managing servers and infrastructure. This is especially true for commerce sites that need to be constantly available for orders. These also need a reliable database to securely store the data. The problem is these customers do not want to manage their database, and need an infrastructure provider that is worldwide, reliable, and screaming fast.

The solution: Customers can host web applications on VMs and bare metal with a broad range of needs, including sites that require deep data analysis. Apache Spark can be used to spin up in-memory computing to analyze Cloudant data and return results 100x faster to the user.

  • Automate hundreds of web deployments using SoftLayer APIs.
  • Cloudant DB offloads DB management, reallocates budget from admins to application developers.
  • Apache Spark analyzes Cloudant data 100 times faster using in-memory computing cluster.
  • Bare metal servers provide a high-performing environment for the most stringent requirements.
  • Load balancers manage traffic, helping to ensure uptime.
  • Virtual servers with the Auto Scale service grow and shrink environment to consistently meet needs of application without unnecessary expenditures.
  • Object storage open APIs speed worldwide delivery via CDN.

Cloudant diagram

Exciting Offer

Put these ideas into practice by trying Bluemix today. To get you started, we are offering you a $200 Bluemix spending credit for 30 days when you link your SoftLayer account with a Bluemix account. When you link your Bluemix and SoftLayer billing accounts, you receive a $200 credit toward Bluemix usage. The credit must be used within 30 days of linking the accounts.

Follow these easy instructions to get started:  

  • Visit the SoftLayer customer portal and log into your account.
  • Open a ticket to request the ability to enable the ability to link your Bluemix account.
  • Once activated, the “Link a Bluemix Account” button will appear at the top of the SoftLayer customer portal page.
  • Click on the “Link a Bluemix Account” button. 
  • Follow the on-screen instructions to link your SoftLayer account to a Bluemix account.

This offer expires on December 30, 2016.

Learn More

Bluemix Intro Demo

Watson Personality Insights

Real Time Streaming Analysis

Hybrid Data Warehouse



 

-Thomas Recchia

June 20, 2016

VMware on SoftLayer Just Got Even Easier

SoftLayer customers have been bringing VMware workloads and VMware add-ons to the infrastructure as a service (IaaS) platform for years. With the roll-out of per-processor monthly licensing and the automation of vSphere and vCenter deployment, the provisioning process has never been easier. 

Now SoftLayer has taken the next step by allowing customers to order and manage VMware add-ons with the same per-processor monthly pricing model. To celebrate, the sales engineering team has updated KnowledgeLayer and added a new section focused on VMware 6, including step-by-step guides for getting started on the platform. VMware vSphere 6 Getting Started, for example, details how to get vSphere servers up and running. It gives a detailed instructions on how to create from scratch, what VLAN and IP addresses customer should use, and the recommended network structure.  

Let’s review what else is new.

SoftLayer has added the vCenter Server Appliance to the catalog to allow customers to fully scale their environments up on their own. We’ve also added instructions on how you can deploy vCenter as an appliance. For smaller environments, customers can still deploy vCenter as a Windows add-on and get up and running in under an hour.

To make the vCenter appliance and other add-ons possible, SoftLayer has enhanced the customer portal to allow customers to order and manage all VMware licensing add-ons in a simple panel. Customers use this system to order and manage licenses for vCenter Server Appliance, Virtual SAN, NSX-V, Site Recovery Manager, and vRealize Operations/Automation/Log Insight. Combined with speedy SoftLayer bare metal server provisioning times, customers can stand up or extend their VMware footprint across the globe in no time.

VMware NSX on SoftLayer is nothing new, but the capabilities of the latest version and the month-to-month pricing make it an option worth considering. Between the edge gateways and distributed networking enhancements, customers can build security and standardization into the platform that follows their workloads from server to server and site to site. Customers can span a private layer 2 domain across completely different locations by using a VXLAN overlay across a layer 3 routed network. This is particularly useful for disaster recovery and for bursting on-premises workloads out to SoftLayer. Customers also leverage NSX to isolate workloads in a multi-tenant environment without the need for additional VLANs from SoftLayer. VMware 6 NSX Getting Started is your first stop to learn about micro-segmentation and best practices with NSX at SoftLayer.

VMware Virtual SAN is our latest addition to the platform and provides customers with a great option for hosting mission-critical workloads on single-tenant infrastructure with software-defined storage (SDS). Customers can leverage common x86 compute available on SoftLayer to build reliable, high performance, and scalable dedicated storage pools. It was designed for performance (caching and local disk access), affordability (mixing solid state and capacity SATA drives), and supportability without the need for a storage architect. It is tightly integrated with vSphere administration and brings features like snapshots, linked clones, vSphere Replication, and vSphere APIs for data protection. 

If you have questions about VMware on the SoftLayer cloud, get in touch with our sales representatives on live chat or phone. They’ll be happy to help and can also coordinate a consultation with the SoftLayer sales engineering team if you need one. You may find some of your initial questions have already been answered in our VMware FAQ.

I’m also delighted to share some video tutorials our sales engineering team created, entitled, “Getting Started With VMware 6.0 (Parts 1, 2, 3, 4).” This series will give you examples of deploying VMware and get some of your initial questions answered.

With that said, why not start deploying your VMware solution—or expanding your current VMware workloads with feature rich add-ons? Now is the best time for you to take advantage of our promotion to spin up your VMware solution at SoftLayer. Ask a SoftLayer sales representative on live chat to get more details.

-Rick Ji

June 3, 2016

Mount SoftLayer Object Storage in a Docker Container

The popularity of Docker containers has many organizations wanting to host containers in their cloud environments. They’re looking for ways to “marry” their existing cloud storage options with Docker containers, which offers application portability. SoftLayer offers persistent data (structured or unstructured) with its object, file, and block storage.

Of the three storage options, object storage is usually more popular in the cloud world as a pay-as-you-go option. It provides persistent storage for numerous workloads with image, video, and audio files, such as mobile and web applications. Combine persistence with the power of Docker containers, and the result is a highly portable and flexible application platform on the cloud. I’d like to showcase mounting SoftLayer object storage inside a Docker container using Cloudfuse. This example can, of course, be extended for further automation of the mount process as needed.

The following are steps for mounting object storage to a Docker container:

  1. Know your SoftLayer object storage credentials, which can be retrieved from your SoftLayer account.
username (Your SoftLayer Object Store Username or password string)
api_key (Your SoftLayer API Key
authurl (Authorization URL of the data center where your object store is hosted)
  1. Install Docker on your host machine. Click here for installation instructions.

     
  2. Create a new folder named SLObjectStoreTest and make it your current directory.

     
  3. Copy the following into a file named Dockerfile and store it in the SLObjectStoreTest folder. You can also clone it from GitHub.
# Dockerfile : Mount SoftLayer Object Store inside a container
# Version 1.1
 
# Pull base images
FROM ubuntu
 
# Set working directory
WORKDIR /root
 
# Install Python
RUN apt-get update && \
apt-get -y upgrade
 
# Install pip
RUN apt-get install -y python-pip && \
pip install softlayer-object-storage
 
# Install cloudfuse
RUN apt-get install -y build-essential libcurl4-openssl-dev libxml2-dev libssl-dev libfuse-dev && \
apt-get install -y curl && \
curl -L https://github.com/redbo/cloudfuse/tarball/master > cloudfuse.tar && \
tar -xzvf cloudfuse.tar && \
apt-get install -y libjson0 libjson0-dev && \
cd redb* && \
./configure && \
make && \
make install
ENTRYPOINT [/bin/bash"]
 
# Build the Docker image from the Dockerfile
$docker build

You should see the Docker image being built. It will take a couple of minutes.

  1. Check that the image exists once it’s built by typing $docker images.

     
  2. Use the following command to spin up a Docker container from this image:

docker run –cap-add SYS_ADMIN –privileged –device /dev/fuse:/dev/fuse:mrw -i -t <imageid></imageid>

You should see the bash command of the Docker container.

  1. Create a new folder where the SoftLayer Object Storage should be mounted, e.g.,

mkdir /storage

  1. Create a new file in /root directory named .cloudfuse.
  2. Enter your SoftLayer object storage credentials (from Step 1) in the .cloudfuse file like below :
username (Your SoftLayer Object Store Username)
api_key (Your SoftLayer API Key or password string)
authurl (Authorization URL of the data center where your object store is hosted)
  1. Mount the SoftLayer object storage at /storage by running

cloudfuse /storage

You should see your SoftLayer object store mounted at /storage in your Docker container!

You can now configure this image to run your application, which can leverage this container—or use the container as a Docker volume container, composed with other containers running your application.

In case you want to experiment with an already built Docker image, you can pull it from the softlayerobjectstore_mount repository.

-Sravan K Yallapragada

Categories: 
May 27, 2016

Data Security and Encryption in the Cloud

In Wikipedia’s words, encryption is the process of encoding messages or information in such a way that only authorized parties can read it. On a daily basis, I meet customers from various verticals. Whether it is health care, finance, government, technology, or any other public or privately held entity, they all have specific data security requirements. More importantly, the thought of moving to a public cloud brings its own set of challenges around data security. In fact, data security is the biggest hurdle when making the move from a traditional on-premises data center to a public cloud.

One of the ways to protect your data is by encryption. There are a few ways to encrypt data, and they all have their pros and cons. By the end of this post, you will hopefully have a better understanding of the options available to you and how to choose one that meets your data security requirements.

Data “At Rest” Encryption

At rest encryption refers to the encryption of data that is not moving. This data is usually stored on hardware such as local disk, SAN, NAS, or other portable storage devices. Regardless of how the data gets there, as long as it remains on that device and is not transferred or transmitted over a network, it is considered at rest data.

There are different methodologies to encrypt at rest data. Let’s look at the few most common ones:

Disk Encryption: This is a method where all data on a particular physical disk is encrypted. This can be done by using SED (self-encrypting disk) or using a third party solutions from vendors like Vormetric, SafeNet, PrimeFactors, and more. In a public cloud environment, your data will most likely be hosted on a multitenant SAN infrastructure, so key management and the public cloud vendor’s ability to offer dedicated, local, or SAN spindles becomes critical. Moreover, keep in mind that using this encryption methodology does not protect data when it leaves the disk. This method may also be more expensive and may add management overhead. On the other hand, disk encryption solutions are mostly operating system agnostic, allowing for more flexibility.

File Level Encryption: File level encryption is usually implemented by running a third-party application within the operating system to encrypt files and folders. In many cases, these solutions create a virtual or a logical disk where all files and folders residing in it are encrypted. Tools like VeraCrypt (TrueCrypt’s successor), BitLocker, and 7-Zip are a few examples of file encryption software. These are very easy to implement and support all major operating systems.  

Data “In Flight” Encryption

Encrypting data in flight involves encrypting the data stream at one point and decrypting it at another point. For example, if you replicate data across two data centers and want to ensure confidentiality of this exchange, you would use data in flight encryption to encrypt the data stream as it leaves the primary data center, then decrypt it at the other end of the cable at the secondary data center. Since the data exchange is very brief, the keys used to encrypt the frames or packets are no longer needed after the data is decrypted at the other end so they are discarded—no need to manage these keys. Most common protocols used for in flight data encryption are IPsec VPN and TLS/SSL.

And there you have it. Hopefully by now you have a good understanding of the most commonly encryption options available to you. Just keep in mind that more often than not, at rest and in flight encryption are implemented in conjunction and complement each other. When choosing the right methodology, it is critical to understand the use case, application, and compliance requirements. You would also want to make sure that the software or the technology you chose adheres to the highest level of encryption standards, such as 3DES, RSA, AES, Blowfish, etc.

-Zeb Ahmed

May 3, 2016

Make the most of Watson Language Translation on Bluemix

How many languages can you speak (sorry, fellow geeks; I mean human languages, not programming)?

Every day people across the globe depend more and more on the Internet for their day-to-day activities, increasing the need for software to support multiple languages to accommodate the growing diversity of its users. If you work developing software, this means it is only a matter of time before you get tasked to translate your applications.

Wouldn't it be great if you could learn something with just a few key strokes? Just like Neo in The Matrix when he learns kung fu. Well, wish no more! I'll show you how to teach your applications to speak in multiple languages with just a few key strokes using Watson’s Language Translation service, available through Bluemix. It provides on-the-fly translation between many languages. You pay only for what you use and it’s consumable through web services, which means pretty much any application can connect to it—and it's platform and technology agnostic!

I'll show you how easy it is to create a PHP program with language translation capabilities using Watson's service.

Step 1: The client.

You can write your own code to interact with Watson’s Translation API, but why should you? The work is already done for you. You can pull in the client via Composer, the de-facto dependency manager for PHP. Make sure you have Composer installed, then create a composer.json file with the following contents:

composer.json file



We will now ask Composer to install our dependency. Execute one of the following commands from your CLI:



Installing the dependency



After the command finishes, you should have a 'vendor' directory created.

 

Step 2: The credentials.

From Bluemix, add the Language Translation service to your application and retrieve its credentials from the application's dashboard (shown below).



From Bluemix, add the Language Translation service to your application and retrieve its credentials from the application's dashboard.



 

Step 3: Put everything together.

At the same level where the composer.json file was created in Step 1, create a PHP file named test.php with the following contents:

test.php file





Save the file, buckle up, and execute it from the command line:

Execute test.php

 

Voilà! Your application now speaks French!

Explore other languages Watson knows and other cool features available through Watson's Language Translation service.

 

-Sergio







 

April 5, 2016

When in doubt with firewalls, “How Do I?” it out

Spring is a great time to take stock and wipe off the cobwebs at home. Within the sales engineering department at SoftLayer, we thought it was a good idea to take a deeper look at our hardware firewall products and revamp our support documentation. Whether you’re using our shared hardware firewalls, a dedicated hardware firewall, or the FortiGate Security Appliance, we have lots of new information to share with you on KnowledgeLayer.

One aspect we’re highlighting is a series of articles entitled, “How Do I?” within the Firewalls KnowledgeLayer node.  A "How Do I?" provides you with a detailed explanation about how to use a SoftLayer service or tool with the customer portal or API.  

For example, perhaps your cloud admin has just won the lottery, and has left the company. And now you need to reorient yourself with your company’s security posture in the cloud. Your first step might be to read “How Do I View My Firewalls?” which provides step-by-step instructions about how to view and manage your hardware firewalls at SoftLayer within the customer portal. If you discover you've been relying on iptables instead of an actual firewall to secure your applications, don't panic—ordering and securing your infrastructure with hardware firewalls can be done in minutes. Be sure to disable any accounts and API keys you no longer need within the Account tab. If you're new to SoftLayer and our portal, take a look at our on-demand webinars and training video series.

Now that you’ve identified the types of firewalls you have protecting your infrastructure, fel free to drill in to our updated articles that can help you out. If you’re running a dedicated hardware firewall and want to know how to manage it within the portal, this “How Do I?” article is for you. We’ve also tailored “How Do I?” entries for shared hardware firewalls and the FortiGate Security Appliance to help you beat the heat in no time. The SoftLayer customer portal also provides you with the ability to download firewall access logs in a CSV file. See for yourself how the Internet can truly be a hostile environment for a web-facing server. Every access attempt blocked by your firewall has saved your server from the work of processing software firewall rules, and keeps your application safer.  

We know that not all issues can be covered by how-to articles. To address that, we’ve also added a number of new entries to the Firewalls FAQ section. 

Keep the feedback coming! We’re here to help answer your sales-related technical questions. And be sure to check out our latest Sales Engineering Webinar: Creating a Digital Defense Plan with Firewalls. 

Subscribe to tips-and-tricks