Articoli

Pubblicato il

Modern Applications – Episod 2: Ports & Networking

As written in the last article a container can manage more images.

Picture 1 shows an example of three different workloads running in a single container.

Picture 1

It’s possible to work with different versions of the same image also.

For example, MySQL has several images that can be installed and run to the same container.

Note 1: Nowadays MySQL available images are:

  • 8.0.25, 8.0, 8, latest
  • 5.7.34, 5.7, 5
  • 5.6.51, 5.6

Picture 2 shows a container where three different images run with two kinds of version applications.

Picture 2

Let’s digress slightly talking about how a service is built.

Most of the time it is made by grouping applications that means grouping several types of images.

The question is: How do images talk to each other?

The answer is quite easy. They talk through the networks, where IP addresses and ports are in charge of the communication to and from the applications (picture 3).

Picture 3

There is just a simple rule to remember when a container network architecture is deployed.

As shown in picture 4, if the ports used by a running image can be the same for different applications (in example 161616), the port assigned to the back-end server must be always different (4000,40001,4002).

Note 2: The port numbers are just an example also because the port with the higher number is 216 = 65535.

Picture 4

Wrap-up: The binding network architecture is completely allowed but the host back-end port can’t expose the same port number to more than one service.

Let’s go deeper into networking in the Container environment:

The network’s topology is defined by the used drivers.

They can be:

1. Host

When the container comes up it attaches its ports to the host network directly.

In this way, it shares the TCP/IP stack and the Host NameSpace.

The segregation is guaranteed by Docker technology (Picture 5)

Picture 5

2. Bridge

This is the default network mode.

It creates an isolated bridge network where the containers run inside a range of IP addresses.

In the previous scenario, the containers can talk to each other but no connection is allowed from outside.

To allow communication with external service in Docker, it’s necessary to start docker with the -p option.

docker run -pserverport:containerport nameservice (ie: docker run -p2400:2451 mysql)

port 2400 is now working with 2451

From a security point of view, it is amazing. You can monitor and select which ports are going to be used for a service (Picture 6)

Picture 6

3. Overlay

If the previous technologies are single-host networking topology, the Overlay allows communication among the container hosted in different hosts.

This scenario requires cluster intelligence to manage the traffic and guarantee segregation. It could be Swarm or Kubernetes (picture 7)

The technology core that allows it is vxlan that creates a tunnel on top of the underlay network and it is part of the operating system

The traffic is encrypted (AES) with a rotating password.

When a service is exposed (-p option wrote before), all traffic is automatically routed, nevermind where the service is running

More interesting details: each container has two IP addresses: the first one insists on the overlay network and is used by the containers to talk to each other (internal). The second address is for vxlan and allows the traffic to outside.

Picture 7

4. Null (Black box)

No network connection

5. MacVLan

It’s possible to implement a MacVLan through a driver. The scope is giving to the network container the behaviour of a traditional network. It’s necessary that the network accepts the promiscuous mode.

That’s all for now. Take care and see you soon.

Pubblicato il

Thanks -Grazie – Merci – Gracias

Thank you (different languages): Amazon.it: Appstore per Android

Dopo 14 mesi di attività a supporto del bridge online e con il ritorno alle normali attività di gioco dei circoli, da lunedì 17 maggio il sito non ospiterà con regolarità i servizi di prenotazione e classifica dei tornei online.

Ringrazio tutti coloro che hanno collaborato e reso possibile continuare a praticare il nostro gioco di carte preferito, durante uno dei momenti più tristi e sfidanti della nostra vita.

Arrivederci al tavolo 🙂

Gable

——

After 14 months of activities in support of online bridge and with the return to face-to-face activities of the clubs, from Monday 17th May the site will not regularly host the booking and ranking services of online tournaments.

I thank all those who collaborated and made it possible to continue practicing our favorite card game, during one of the saddest and most challenging moments of our life.

See you at the table 🙂

Gable

Pubblicato il

Modern Applications – Episod 1: Foundamentals

Introduction

This is the first of a group of articles about the technologies that can modernize the applications.

The scope is helping the reader to understand the potentiality of this new way to make business allowing the Companies to be more competitive.

These articles follow my personal approach and studies of Kubernetes.

I’m paying attention to how to make services available and protected by exploiting internal and external native technologies

Let’s start !!!

What is a container

It’s a way to package the applications with their pertinent dependencies and configurations in just one block.

There are at least two big advantages of this approach:

  • The container for his native architecture is portable. It means you can run it in any architecture wherever they are located. (please read the  article Digital Transformation and Cloud Mobility to get all detail)
  • Deploying services prove easier and more efficient than in the traditional world because there are already plenty of software images ready to be used.

Where can I download images to run to the containers?

There are public and private Repositories (please do not mess it with a VBR Repository).

The most famous container technology is Docker that has a public repository called docker hub.

What is a container exactly?

A container allows isolated images to run to an operating system.

Container vs Virtual Machine

The difference between the two architecture seems to be very tiny but actually, they represent two worlds.

The two technologies are virtualization tools but if Docker focuses on the applications layer (picture 1),  VM puts its attention to Kernel and application (picture 2)

Picture 1

Picture 2

Which are the main advantages of this new approach:

  • The container has a small footprint (few MB compare to GB).
  • The boot is faster.
  • Easier compatibility list.
  • It can run in all common operating systems, such as Windows, Mac-OS, Linux.

Container vs Image

It’s crucial to the next articles to have very clear the difference between a container and an image.

Let’s help ourselves through picture #3 that shows the application composition.

There are four main elements:

  1. Image: It’s the code written by developers. It is downloaded from Repositories.
  2. Configuration: It represents the setup created to allow the application to run.
  3. File System: It’s the place where the application and its data are stored.
  4. Network: It allows all components to talk to each other.

The container is where the application runs.

Picture 3

Note 1: Images are part of the container. Think of the container as a multitasking OS specialized to run applications simultaneously.

Note 2: To get info about Docker, please refer to the official website.                I.E.: to run an image just launch the following command:                                  docker run image-name

Note 3: There are more Container technologies; the most common are:

  • RTK (CoreOS)
  • LXC
  • LXD (Canonical)
  • Linux VServer
  • OpenVZ/Virtuozzo 7
  • runC

That’s all for now,  see you soon and take care.

Pubblicato il

Veeam Backup Office 365 & Cloud Connect

In the last few days, I have been contacted by a Service Provider to design a solution to back up the Microsoft Office 365 environment.

Actually, four months ago, I wrote three articles to show how to set up the environment using a great job of Niels and Timothy, creators and deployers the Martini project.

All details are available clicking  Veeam Backup Office 365 & Cloud Connect,

https://lnx.gable.it/home-page/2020/11/02/vbo-365-portal-a-nice-project-just-behind-the-corner/

Why the Service Provider needs a different way to implement this service?
I think that the two main reasons were:

1) SP has already a Cloud Connect architecture and it wants to use it in all possible scenarios.
2) SP needs always official support from Vendor before implementing any project and the Martini is not. To be clearer, the RestFul Api technology inside VBO is totally supported, the Martini portal isn’t because it is not a Veeam product.

Before continuing the read, there is one requirement to respect: VBR Cloud Connect and VBO-365 have to be installed on the same server (a Windows Server).

Let’s start!

Picture 1 shows the high-level architecture.

Enhanced Self Service Restore in Backup for Office 365 v2.0 - VIRTUALIZATION IS LIFE!Picture 1

The service provider architecture is shown on the right part of picture 1 and it is composed of VBO-365 and the Cloud Connect architectures, while the left part shows the tenant architecture where VBR Server has been installed.

Which are the actions that can be performed by the Tenant?

Backup: the tenant can’t access the VBO-365 console. It means the Tenat can’t set up or launch any sort of backup. In other words, the backup tasks are a managed services.

Restore: The tasks can be driven by the administrator of the Microsoft Office 365 organization through the use of Veeam Explores. The Cloud Connect technology creates the tunnel to connect the two entities.

Note 1: When VBR is installed by default all Veeam Explorers are installed.

I mean that not just the traditional Veeam Explorers (for Active Directory, SQL, Oracle, Exchange, Share-points) are installed but also the Explorer for One Drive and Teams. that are specific for Microsoft 365 technology.

Note 2: Does this scenario require  VBR license?

Yes, but you can use the free community edition.

The point to highlight during the setup is the authentication task that allows the explorer to communicate with VBO-365:

From the VBO-365 console selecting “General Options” (Picture 2) and from the  authentication tab enabling the tenant authentication  you can catch your goal (please for security reason use your own certificate) (Picture 3)

Picture 2

Picture 3

Let’s switch to my demo environment:

1. The Service Provider VBO-365 console, has three Microsoft 365 organizations with a backup job each  (Picture 4). Two of those use modern authentication, the third the basic one.

Picture 4

2. The Cloud-Connect architecture has been set up in order to create a tenant called  Demo-VBO (Picture 5).

Picture 5

  • The VBR Tenant Console shows how the connection towards the service provider has been set up (Picture 6).

Picture 6

The following video shows the tasks performed by the tenant to restore his data (Exchange/Sharepoint/One-Drive/Teams items) located at the Service Provider site.

Video 1

That’s all for now, take care and see you soon

Pubblicato il

VDrO v.4 – Run a DR plan

This is the last article about how to integrate the Continuous Data Protection (CDP)  technology (available from VBR v.11) and VDrO v.4 (former VAO).

In this part, we are going to see what happens when an orchestration plan is launched.

Yes, I wrote the word “see” because I created a short video showing the tasks that are automatically completed when a Disaster Recovery is occurring.

If you need more details about how to set up the environment, please read the previous articles.

Let me know if videos and youtube platform are a good way to expose technological valuable topics.

Thx for reading and watching and take care

Pubblicato il

VDrO v.4 – Create a DR plan

C. Create an Orchestration Plan

The DR plan is a sum of more Orchestration plans. This article is going to explain how to create them.

Just a small and important note before continuing: it’s mandatory to have already completed the steps described in the last article.

Let’s start!

From the main menu of the VAO server select the Manage button.

Now click on New as shown in picture 1.

Picture 1

The easy wizard is going to ask to choose a scope.

In our example, we use Linux-CDP as shown in picture 2.

Picture 2

Now fill up the plan info with the Plan Name, the description, the contact name of the plan (picture 3),

Picture 3

Select the type of Plans. In this article choose the CDP replica (picture 4)

Picture 4

In the next step please check if the correct “VM Group” appears.
If it doesn’t, it’s necessary to go back to the setup phase (please read the previous article) and fix the issue.

In our example, it appears correctly (Ubuntu-CDP) as shown in the next two pictures (5 and 6).

Picture 5

Picture 6

The next step shows the VM Recovery options (picture 7).

It gives the operator control of the plan. For example, stopping the plan if something goes wrong.

Picture 7

In “New VM Template” menu the VAO user can add additional steps to the orchestration process; for example, starting the CDP replica job first and shut down the source VM after (Picture 8)

Picture 8

Tips I: I created a customized script to change the IP Address of the VM.

Tips II: it’s possible to set up the access credential directly from this page by clicking the button on the bottom of the page. It is available for Windows VM only.

The next step defines the RTO & RPO.

The most important thing to remember here is that the RPO has to be equal or major than the RPO set in the CDP replica job (picture 9).

https://lnx.gable.it/wp-content/uploads/2021/03/vao-cdp-45.jpgPicture 9

The last steps define when the plan report shall be automatically generated (picture 10) and if the readiness check has to run at the end of every single wizard (recommended option) (picture 11).

Picture 10

Picture 11

The result is shown in picture 12

Picture 12

The next article is going to be a video to see VDrO in action.

Take care and see you soon