Category: IT

Haproxy SSL support

Finally. Haproxy added native SSL support. You could always use stunnel which made for a pretty ugly configuration, though I tended to prefer Nginx, which does a pretty effective job at SSL termination.

In any case, assuming the performance is on par, this is a key new feature in a product which is already a rock solid load balancer and is as good at core functions as any commercial product.

http://blog.exceliance.fr/2012/09/04/howto-ssl-native-in-haproxy/

 

 

System definitions

I’ve ran into another example of this recently. I really don’t get why this concept so hard for so many people. You have to have a definition of your system in some form that can be consumed or taken as an input. No automation will happen without it. It doesn’t really matter what it is. You can use Puppet or Chef or CFengine or VMWare templates or SCCM or even Visio…..the list is endless. What you absolutely don’t do is have a form asking someone to fill out their system details in a free text box. That scales to about 4 systems. Hell, just type it like this in a word processor of your choice:

{

“servername”: “MySuperSever”

“OS”: “Favorite Linux distro”

“APP”: “Super Widget for TPS reports”

}

Even as a completely stand-alone approach, at the very least you’re creating a blueprint of your systems and a foundation for the future. Something that can be replicated, analyzed, plugged in, transformed and consumed down the road.

 

 

Where IT goes to die

I spent the better part of the last decade at different startups and web companies, but one of my recent consulting gigs led me to a Fortune 500 company. I’ve done work at large enterprises before, but I really did forget what it’s like and it amounted to a rather jarring experience. I’ve entered a deep and dark world of enterprise architecture, frameworks, meaningless acronyms and a cesspool of “enterprise” software where it seems to breed and reproduce uncontrollably. It’s a place with abstraction at every layer, except anywhere that’s relevant.

Sometimes I got a sense that I was warped in time at least 10 years back and that everyone around me was moving at different speed. To paraphrase a famous quote: “It’s not that they are lazy, it’s just that they don’t care”.

I do have to mention some caveats. These are purely observations on IT/Ops and I had barely any idea what was happening on the dev side (which is a problem in itself). I also didn’t have visibility into every part of the organization, so perhaps everything is wonderful in other areas, though I have my doubts.

Continue reading

Security & Devops

That’s a good post about the inherent conflict between devops and security. I like his points and I think the most relevant item is automation. WAF policies should be one of the core requirements during the development process and similar to identifying everything else. Ideally, it would almost be a unit test during the workflow between qa/dev/staging/prod.

 

https://securosis.com/blog/pragmatic-waf-management-application-lifecycle-integration

Enterprise IT adoption

This is hilarious and exactly how it goes in enterprise IT. Though I do think things are even worse. The paradigm in the past used to be that new technology trickled down from government/research to big vendors to enterprise and then to SMBs and consumers. This is entirely reversed now and not only from a consumer perspective. Startups and smaller companies is where innovation happens. The problem with (most) enterprises is not just the late adoption cycle. It’s the lack of culture and processes that can support innovation and rapid iteration.

http://blog.gardeviance.org/2012/07/adoption-cycles.html