Migrating from WordPress to Hugo Part 4: Securing the Site with SSL

I originally drafted this in June 2018. Following on from Sam McGeown’s recent migration to Hugo, I thought I’d finally publish this in case it’s useful for anyone rather than sitting on it until I complete the process!

Why SSL?

It’s only a blog, so why SSL? It’s going to be static content, so why SSL?

In this article I’ll deal with those questions and go through the process of requesting an SSL certificate using AWS Certificate Manager.

Let’s Go Secure!

If you recall, our finishing point is going to end up being a collection of static HTML files served out by AWS. There’s nothing particularly risky about serving up or requesting such static files, it’s how the internet started out after all. What’s different now though are people’s perception of risk and privacy and how that’s reflected in the technology we use.

Google, for example, promote SSL sites slightly higher in their search rankings than non-SSL sites and have been doing so since 2014. Some modern browsers have started flagging warnings about non-SSL sites and this will likely become more obvious over time. Users are becoming more picky and aware as a result, or perhaps they’re driving the changes to an extent. SSL is here to stay though and it’s worth setting it up, especially if it’s free!

AWS off public SSL certificates for free. Let’s go set one up!

We could either do this via the AWS console, or using the CLI. At this time I haven’t worked out how to do it completely via the CLI, but I’m going to start there. (Note: Fro CloudFront, I think that the certificate has to be in the us-east-1 region regardless.)

This command will requests a new SSL certificate with a subject name of “mpoore.uk” and alternative names of “www.mpoore.uk”, “michaelpoore.com” and “www.michaelpoore.com”. The validation method of DNS will require us to validate that we own the domain by making certain DNS entries.

What you get back, is the reference to the certificate. I’ll need that later.

Looking at the AWS Console though, you’ll see that the certificate is not yet issued and must be validated.

To validate each of the domains in the certificate, you need to get some DNS CNAMEs created. Luckily, for mpoore.uk there’s a button for that. For michaelpoore.com though, I had to do these manually as the DNS for that is still with 1&1 for the time being.

Once they’re all done, the validation will eventually complete and the certificate will be issued. Just save the certificate ARN value from earlier as it’ll be needed later.

Sadly, this is as far as I got in the process before other things (life, eh) got in the way. I will be back to revisit and complete the the process though.

Migrating from WordPress to Hugo Part 3: Hosted Zones in Route53

I originally drafted this in June 2018. Following on from Sam McGeown’s recent migration to Hugo, I thought I’d finally publish this in case it’s useful for anyone rather than sitting on it until I complete the process!

It’s Always DNS

When things go wrong in the IT world DNS misconfiguration is one of those things that often sits at the root of your problems. It’s important to get it right not only for correct functioning, but also because some of the subsequent steps depend on it.

As part of my migration of this blog to Hugo, I’m placing one of the two domains I’ll be using under the control of the AWS Route53 (Amazon’s DNS service). I’ll move the other one in time as well.

Creating a Hosted Zone

I tend to use separate providers for domain registration and hosting as I’ve found it easier to move my site(s) around when you can just update the domain’s nameserver (NS) records to point to the new provider rather than have to transfer the domain as well. Practically all of my domains (I host a couple of sites for local community interests too) are registered through FastHosts.

AWS cater for this sort of arrangement too in Route53 (their DNS service). From the Route53 dashboard, all I had to do was select “Hosted zones” from the menu and then click the “Create Hosted Zone” button.

All you need to enter is the domain name and leave the type at its default value (“Public Hosted Zone”).

The zone is created for you and helpfully tells you what namesservers need to be set:

All I then had to do was apply those nameservers to the domain in FastHosts:

Once the dust settles, DNS requests for mpoore.uk will go to AWS for resolution. Which is important as I want to set my site up with an SSL certificate (as Amazon will give you them for free) but validation requires DNS.

So let’s do that next…

Migrating from WordPress to Hugo Part 2: Basic Tooling

I originally drafted this in June 2018. Following on from Sam McGeown’s recent migration to Hugo, I thought I’d finally publish this in case it’s useful for anyone rather than sitting on it until I complete the process!

Summary of Tools Used

These are the tools I’ll be using during my migration of my WordPress blog to Hugo (in AWS):

  • Github
  • SourceTree (git client)
  • Homebrew
  • Hugo
  • AWSCLI
  • Sublime (text editor)
  • AWS S3
  • AWS CloudFront
  • AWS Certificate Manager
  • AWS Route53
  • Filezilla

Building a Toolkit

I’m a Mac user. I have been for a number of years and I don’t plan to switch anytime very soon. Most of the tools that I’ll be using either have Windows / Linux versions or there are similar tools available for those OSs. I’ll try not to go in to too much OSX specific detail about any of them, and, if you’re following this process, you might have to adapt to whatever tooling works best for you.

A good number of tools listed above are web-based or cross-platform so shouldn’t present a big problem for anyone. I will be using the command line when I can, hence the inclusion of AWSCLI.

Probably the most OSX specific tool in that list is Homebrew (aka “Brew”). It’s a package manager for OSX and I’ll be using it to install Hugo and AWSCLI on my laptop. If you’re a Windows user, try Chocolatey instead. If you’re a Linux user, you should use whatever package manager comes with your distro.

Naturally, the use of AWS services means that you need an AWS account of your own. I’m going to assume that you have one and have got it to a point where you can consume the services above.

Installing AWSCLI and Hugo

Let’s assume that we’ve got Brew installed (it’s easy, the instructions are right there on the homepage). Installing AWSCLI and Hugo is straightforward too!

First, AWSCLI. Just type the following in to a terminal window:

Once installed, you’ll need to execute the following command to configure AWSCLI with your Access Key ID and Secret Access Key:

Now let’s do Hugo. Can you guess the command? (I still managed to mistype it!)

Start Your Engines

So, we know how our journey will start and what we expect to find when we get there. We’ve just packed the car. Let’s get going!

Unitrends announces VM Backup Essentials (vBE)

If you’re working for an Enterprise with your workloads based purely on VMware vSphere, then there’s a new launch from Unitrends that you may be interested in looking at for your virtual backup / business continuity solution that I have learned about.

vBE (short for VM Backup Essentials), converges enterprise-grade backup software, ransomware detection, and cloud continuity into a powerful, easy-to-use, all-in-one platform boasting the following features:

  • Total Protection – No limits on the number of virtual machines that can be protected on a host
  • No License Tiering – No tiering of licenses based on the number of cores in the CPU socket.
  • Only License what you need! – Only occupied sockets require a license, but ALL occupied sockets of the host must be licensed to protect its virtual machines.
  • Infinite retention!– Retention is directly proportional to the amount of storage that can be provided by the customer for backup. The license has no limits on retention.
  • Replication to the Cloud – Site-to-site replication is not supported at this time. vBE does support replication to the cloud – both hyperscale clouds such as AWS, Google and Rackspace as well as clouds pur­pose-built for DRaaS services.
  • Advanced Ransomware Protection– New ransomware variants are emerging every day and your ransomware protection needs to evolve to keep up.

Unitrends are billing vBE as an “all-in-one solution” that provides a disruptive approach to backup. It offers complete vertical integration (including the cloud), fast time to value and an all-in-one solution provided by a single vendor with industry-leading customer service. vBE includes all the software and features you would find in an enterprise-level data protection and recovery solution. vBE includes operating system, security, backup software, WAN acceleration, replication, cloud integration, and archiving. Continue Reading

0

vRetreat: Cohesity Overview

At the recent vRetreat at Silverstone, I experienced three technical presentations / Q&A sessions from the event sponsors. One of these, Cohesity, I was charged with writing a little more about. Up until that point, my experience and knowledge of Cohesity’s solutions was very limited as I’ve had my head buried in several large projects over the recent months. Ezat Dayeh‘s presentation at the vRetreat was therefore a great introduction for me to Cohesity’s mission and value proposition.

Cohesity was founded in 2013 by Mohit Aron, former co-founder of Nutanix and a Google File System lead developer. With this DNA, it’s no real surprise that Cohesity’s solutions have a storage focus. The difference with Cohesity is that its focus is not around primary storage (production virtual machines, databases etc), but secondary storage (file shares, backups, archives etc). Their mission is to redefine that secondary storage market.

What is secondary storage

Cohesity estimate that around 80% of an enterprise’s storage needs are for secondary data and that the majority of the storage market incumbents are focussed on primary storage. Obviously the picture will differ from customer to customer, but in many cases this secondary storage will be distributed across various platforms and, in some cases, may be stored more than once. This could lead to problems with regulatory compliance, operational costs and even just having a view on what data is being retained.

The Cohesity solution

Cohesity’s solution is based on a hyper-converged infrastructure platform built from commodity hardware. Of course the hardware isn’t the whole story, not even close to it. But we’ll come on to the software part of it in a minute.

The C2000 series chassis offers 4 HA nodes in 2U of rack space and there are no stated limits when it comes to scalability. The obvious advantage to this over some of the more “traditional” storage solutions is of course that you can start small and grow it. This is a model that many newer solutions are opting for and it seems to work well for them, so why not Cohesity too 🙂

Cohesity’s special sauce, its software, is where the clever stuff happens. One of of the primary use cases for Cohesity is as a backup target or to provide an alternate backup solution. Cohesity can be a backup target for your existing backup software (Veeam being one of the cited examples and another of vRetreat’s sponsors). Alternatively, Cohesity can pull in the inventory from vCenter so that it can be backed up as part of a schedule using snapshots. Protected virtual machines can be restored swiftly and even used for test and development workloads. Restoration jobs are placed and on the Cohesity platform initially and then storage vMotioned back to the correct location later.

Cohesity’s CloudArchive solution opens up the option of archiving cold data up to public cloud services like Amazon S3 or NFS based services. Once enabled, it’s all automated.

CloudReplicate is a version of Cohesity that runs in the public cloud and enables a number of interesting use cases. One is DR in the cloud, Azure is supported with AWS coming soon. Another is using such cloud services for test and development environments, particularly for geographically dispersed teams.

Another area that Cohesity are actively working on is that of data analytics. They predict that in 3 to 4 years’ time, it’ll be a huge use case. Add in deduplication, an “API first” development approach and built-in HA to the mix and you have an interesting solution emerging.

My thoughts on Cohesity? Based on Ezat’s presentation, Cohesity looks to have found an area that isn’t fully exploited yet. Most other vendors so far have been focussed on the cream at the top of the bottle (I had a manager once who raved about gold top milk) and, in some cases, happy to drink the rest too. Cohesity almost seem to be saying “You have the cream, we’ll have the rest of the bottle.” Will they be successful? I think they will. Ezat shared with us that their EMEA sales operation was doing well in the first four months of operating. But I’d wager that their successes will draw other players in to the space they’re trying to carve out.

I’d like to hear from some of Cohesity’s customers at some point to understand how it’s helped them. There’s nothing better than a good customer use case! Of course, some potential customers are going to be wedded to other vendors and some may be doing just fine managing their data with their primary storage. But it’s a big marketplace out there if the USP is right.

As a final word, I’d like to thank Cohesity for sponsoring the vRetreat last month. And, if you happen to be around for the South West UK VMUG in Bristol on February 22nd, they’ll be there then too.

0

Removing the whitespace from text files in Sublime

I like Sublime Text, it’s my favourite text editor. Handily available for OSX and Windows.

What’s annoying though is when you get given or open a text file that has loads of whitespace at the end of the lines. Aside from messing with my compulsive sense of order, there are cases when extra whitespace can cause problems for some applications.

Just in case, there’s a handy configuration option that can strip out trailing whitespace when a file is saved. Here’s how to set it up…

  1. Open Sublime’s preferences – in OSX this is done by “cmd + ,”
  2. Add the setting “trim_trailing_white_space_on_save” and set it to “true”
  3. Save the preferences file

Bingo! Whitespace will be trimmed when files are saved in future.

Just for clarity, the full setting in a fresh config file looks like this:

0

Some other TimeMachine exclusions

In my other post on the topic I excluded my local Mail app files from my TimeMachine backups because they were tripping over McAfee AntiVirus. I thought that it might be sensible to add a few other exclusions to trim down the total amount backed up and reduce the impact of frequent TM backups on my laptop.

201511324_151165-CapturFilesAs you can see, my total backup size is about 380Gb. Included in that are a fair few transient / temporary files that aren’t needed as well as some files that are backed up elsewhere anyway plus a handful of things that maybe I don’t need or want to back up.

Caches

Really, you want to keep them? I thought not. They include the browser caches for Safari and Firefox amongst other things.

  1. Click the “+” button.
  2. In the finder window that’s displayed, press Cmd + Shift + G.
  3. Enter ~/Library/Caches in to the path field and click Go.
  4. Click Exclude.

Downloads

You can download them again, right?

  1. Click the “+” button.
  2. In the finder window that’s displayed, select your Downloads folder.
  3. Click Exclude.

Trash

  1. Click the “+” button.
  2. In the finder window that’s displayed, press Cmd + Shift + G.
  3. Enter ~/.Trash in to the path field and click Go.
  4. Click Exclude.

Virtual Machines

This is a choice really. The VMs that I have can easily be rebuilt.

  1. Click the “+” button.
  2. In the finder window that’s displayed, select Documents / Virtual Machines.
  3. Click Exclude.

Sleep File

It’s a bit like the Windows hibernation file.

  1. Click the “+” button.
  2. In the finder window that’s displayed, press Cmd + Shift + G.
  3. Enter /var/vm in to the path field and click Go.
  4. Click Exclude.

Results

That’s better! TM is backing up 40Gb less than before and fewer of the transient files that really aren’t needed but change often.

201511324_171126-CapturFilesI could go further and exclude my Dropbox folder and iTunes Media too (as they’re stored elsewhere if I need them). That would shave another 200+Gb off.

0

Infected email breaking OSX TimeMachine backups

Having been away from home a lot recently, it had been a while since my laptop had been backed up by TimeMachine. After a few attempts though it got a bit annoying as McAfee kept interrupting the process. The problem seemed to be that the backups contained infected emails:

201511324_151187-CapturFilesMcAfee was blocking TM from writing infected emails to the backup drive.

As it turns out, I recalled fixing this once before (although I never blogged about it). So how could it have come unpicked? Looking at my TM backup exclusions, the exclusion that I added was still in place:

201511324_151132-CapturFilesBut my whole mail folder should be more than 8KB!… Then it clicked. I hadn’t done a TM backup since updating to OSX El Capitan.

After clicking the “+” button to add a new rule, I navigated to my mail folder.

  1. In the finder window, hit Cmd + Shift + G.
  2. Enter ~/Library/Mail
  3. Click Go

Aha! There’s now a “V3” folder…

201511324_151100-CapturFiles

I selected it and clicked “Exclude”. Bingo! 5.5Gb sounds more like it.

201511324_151165-CapturFilesAnd like that, TimeMachine works again.

0

Unitrends Free – Review: Part 2

In Part 1 of this review, I walked through the deployment and initial configuration of the Unitrends Free backup appliance.

I’m now going to touch briefly on some of the other features of the product before summarising my thoughts.

Recovery

There’s no point taking backups if they don’t work, right? Well there are a few options available here. The first of them is a file level recovery. This mounts a VM’s backed up disks as file shares on the backup appliance. To test it, I created a couple of test VMs to backup and selected to restore from one.

201504118_130496-CapturFiles

 

A file level recovery “job” is started and a share is created using the backup job number.

 

201504118_130479-CapturFiles

 

It’s pretty easy to browse to the share and the required files could be recovered from there.

201504118_130407-CapturFiles

Another restore option is an Instant Recovery. This creates a new virtual machine from the stored backups for a VM. Again, I tried it out on my test VM. The first step is to select the backup that you want to restore from.

201504118_130417-CapturFiles

 

Next up are the recovery options. I’ve selected “Audit Mode”. This creates a virtual machine that runs from a disk image located on the backup appliance. The intention is that it allows you to test if a recovery is possible without putting the VM back in to your virtual datacenter. The VM in Audit Mode will have no network connectivity.

201504118_130478-CapturFiles

 

It took a few minutes to create and boot up but it worked. Note that the VM has no network connectivity.

 

201504118_130419-CapturFiles

 

And here is the VM that got created in vCenter during the restore:

201504118_130454-CapturFiles

Some minor issues

There were a couple of little annoyances that cropped up during my testing. They may already have been fixed and none of them are major. Firstly, when trying to configure SMTP settings, each time the configuration dialog is opened, a new email recipient row is added – even if that’s not what I opened it for. And you can’t close the window until you remove the row (or add an email address).

201504116_130456-CapturFiles

 

Quite a few of my VM backups failed several times to begin with so I checked to see if there were any software updates via the update feature. Lucky me, there were.

201504118_080444-CapturFiles

 

But after closing the dialog and reopening it, they were gone. I had to reboot the appliance to get them to show up again. After applying the updates my backups were more reliable (although one of my Active Directory servers still refused to backup).

Do you recall the NTP settings that I made when first configuring the appliance? If not, here’s a reminder:

201504115_220413-CapturFiles

I used my own, local NTP server. It’s open and reachable from the network that I installed the Unitrends appliance to. But, when I viewed the appliance options… not there.

201504116_130491-CapturFiles

 

I noticed this due to the discrepancy between the times that I thought I had configured backup jobs to run and the time that they were running. Fortunately, changing the options via this dialog worked.

The initial installation and configuration only allows you to specify a primary DNS server. Personally, I’d prefer it if I could specify a secondary DNS server at installation time. You can add one later though.

201504118_090424-CapturFiles

Finally, it’d be nice if the backup jobs could clean up after themselves. When there is a backup failure, vCenter gets littered with lots of messages like this:

201504118_080421-CapturFiles

 

It’s easy to fix manually of course, by annoying. I might see if I can schedule a vRO workflow to take care of it.

My Thoughts

It’s not perfect (what software ever is). Aside from the issues I had above, the only other thing that bothers me a little is the installer. It’s delivered as a single .EXE file that is 2.2Gb in size. The process, once the file is open, is fine but it can take a while to open a file that big. Possibly, given who is likely to use Unitrends Free, it might be the simplest option. It’s just not the quickest.

As far as features go, the important ones are there. VMs can be backed up and restored. Individual files on a VM can be easily recovered as well. If you have a small Virtual Infrastructure, the sizing limitations aren’t likely to be an issue. And if you get bigger, it’s not unreasonable to pay for more features and capabilities.

On the whole, kicking the tyres on Unitrends Free has been a pleasurable experience. It was fairly easy to setup and use without having to read the manual.

0

Unitrends Free – Review: Part 1

I was asked to give a new, free backup tool a quick road-test recently.

Unitrends have had an Enterprise version of their backup software for some time. And, as I’ve used it a bit in my lab with an NFR license in the past I was only too happy to give Unitrends Free a go.

Features

As a free edition, you expect a basic set of features. The goal of such offerings is normally to get you hooked, but wanting more.

Unitrends Free offers the following features:

  • Backup from VMware vSphere or Microsoft Hyper-V
  • Unlimited VMs and host CPU sockets supported
  • Instant VM recovery (allows you to run a VM directly from the backup files) – this feature also allows for recovery verification testing and use of backups for test and development purposes
  • Unlimited incremental backups (subject to storage space of course)
  • Free forum support

There are limits however. For instance, backups are scheduled daily. You can choose the time and you can choose the days but they’re once per day. Storage is space is also limited, up to 1TB of data is supported. These limitations position the product as ideal for PoCs, labs, smaller deployments (such as for small businesses) etc. For more features and dedicated support, of course there’s the Enterprise version.

Download

To download Unitrends Free, a simple registration form needs completing on the Unitrends site. The software is offered as a pre-built appliance (there’s one download for VMware and one for Hyper-V) only that is comprised of a single file. There are also users guides and release notes files available.

Installation

As you’d expect with a solution that’s based on a Virtual Appliance, there aren’t many steps involved in getting it deployed and running. In keeping with a growing number of products that provide some form of installer to deploy their solution, Unitrends Free is packaged in such a way as to make deployment straighforward. The supplied single executable (.EXE file) can be run from a Windows desktop or server as long as you can reach your virtual infrastructure from it.

1. Once the installer starts, you’re presented with a prompt for login credentials to vCenter or an ESXi server.

201504115_220400-CapturFiles

2. I pointed the installer at my vCenter server and was next asked to choose a host and a datastore and supply IP address details (note that it’s sensible to have a DNS entry created prior to deployment).

201504115_220475-CapturFiles

3. You’re given the option to create some storage for backups to reside on during deployment. It’s turned on by default but I upped the default 128Gb to something more sensible.

201504115_220411-CapturFiles

4. That’s it for now and deployment commences.

201504115_220412-CapturFiles

201504115_220452-CapturFiles

5. A quick check in vCenter reveals the created appliance.

201504115_220429-CapturFiles

That’s all that’s required to install the appliance. However, it does require some basic configuration before it can be used.

Initial Configuration

1. Clicking Finish in the installer fires up a web browser pointed at the new appliance where you’re greeted by a License Agreement.

201504115_220493-CapturFiles

2. You’re then greeted by a configuration wizard. The first stage is setting the date and time. I chose to use my local NTP server, although this later transpired to be an issue.

201504115_220413-CapturFiles

3. The second stage is setting the hostname (note that it’s set to VMware_CE_UEB on deployment) and password for the root account.

201504115_220477-CapturFiles

4. Finally, the SMTP configuration is required.

201504115_220490-CapturFiles

Once these configurations are saved, the appliance should be all set to go. Except we need to define what needs protecting and to setup some backup jobs.

Backup Protection

What use is a backup appliance without any backup jobs? When you first hit the appliance’s dashboard, there’s a popup displayed containing a couple of tasks that help you to get started. The first of these is registering a host (to protect).

201504116_120489-CapturFiles

Since we already know that I’m using vCenter, let’s protect that and all of its VMs by clicking on “Register a Host”.

201504116_120408-CapturFiles

The details required are fairly straightforward. As part of the process of adding the host, a quick inventory is performed. Now we’re ready to create a backup job.

This is accomplished either from the same popup or via the “jobs” option on the left of the dashboard.

201504116_120445-CapturFiles

Step 1 of creating a backup job is choosing what you’re going to backup. I selected my vCenter server and then excluded the Unitrends appliance – it’d be interesting to find out if it’s intelligent enough to do that by itself later.

Step 2 is defining the schedule etc. This is all fairly simple to accomplish. In theory, that’s my lab VMs protected.

Fast forward to Part 2 to find out how I got on with the backups and my thoughts on the solution as a whole.