SIngle sign-on protocol is a way to authenticate the users one only time avoiding to reinsert continually username and password for accessing to other services. The process is comfortable from user point of view, secure and scalable for who will manage it. The father of all authentication protocols is the kerberos, standard de facto in ..
High availability and scalability are increasingly demanded requirements for modern applications that can be implemented by a software cluster. The service availability is guaranteed even if one node of the cluster crashs for software or hardware issue. There are different type of cluster depending on the layer where it’s provides its functionality. The goal of this ..
This article describes how to configure pacemaker software (an open source high availability cluster) for designing a NFS service in high availability using drbd for mirroring the volume data. The cluster is configured in Active/Standby way on two Centos 7.3 nodes. The reference architecture is the following: The resources software are configured in active standby. The ..
WordPress is the content management system most used for creating web sites. It’s a php web application based with MySql database hosted under apache or nginx. The web site is stored in the mysql database; the images and other files like java scripts are stored in the file system. The php is the logical part that returns ..
KVM is a virtualization solution for linux largely used in enterprise environment. It’s permits to define overlay networks scalable over public network by open virtual switch. Layer 2 networks encapsulated over udp packet, by VXLAN or GRE tunnel, enable an use efficient and versatile of network infrastructure. Docker is a open platform that permits to run applications ..
The DNS is a critical service often exploited by hackers for gathering information about the company attacked or for distributed deny of service (DDOS). It’s possible to be protected from these attacks configuring opportunely the service. The actions to implement are very easy and it will be explained in this article. The laboratory implemented is described in the following picture. ..
Docker Overlay Network is a good way to create isolate layer two networks where the containers are distributed on different physical hosts. It’s possible to define two equal subnets without any overlap because the network interfaces of containers are in different namespaces. The frame between hosts are tunneled by vxlan protocol that manages until to 16777216 vlan: much ..
Nginx is a robust and fast reverse proxy. Haproxy is a fast application load balancer. Together can be used for publishing to internet web services in security way. For this reason this article has the objective to explain how to secure web services using nginx and haproxy. The haproxy, in addition to application load balancer functionality, has a ..
The need to trust freeipa identity management with active directory is very interesting. It permits to centralize the user management leaving in freeipa the authorization process. Very useful for system administrator to have to manage one only user account. In this context this article explains how to integrate Freeipa with Active Directory describing all the kerberos packets involved in ..