Blog | Optimus Solutions https://os-br.com/en Fri, 14 May 2021 13:01:51 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.4 https://os-br.com/wp-content/uploads/2023/05/cropped-Optimus-techservices-6-copy-23Apr-Copy-32x32.png Blog | Optimus Solutions https://os-br.com/en 32 32 Ransomware Defense: The Immutable Files System https://os-br.com/en/ransomware-defense-the-immutable-files-system/ Sat, 17 Apr 2021 11:27:35 +0000 https://os-br.com/?p=1902 You’ve probably heard a lot about ransomware attacks — when hackers take over a computer’s data with encryption and will only unlock it when the victim has paid the “fee.” It’s not as uncommon as you might think, especially in recent times: both the number of attacks and the amounts hackers are seeking are on the rise.

So how are you supposed to protect against this? Well, one way is to always have a backup of all of your data to turn to in the case of an attack. However, hackers have even found their way around this measure too. And even if you have an off-system backup — such as a tape, for example — it could take a long time (and therefore, a lot of lost productivity) to restore it.

The answer that you may not yet heard of is to create an immutable file system. Sam Tenorio, the President of Seamless Advanced Solutions, takes a closer look at what this means and how it can protect your data from prying eyes.

More Backing For Your Backups

This solution is meant to protect backup data, which can also be the target of ransomware attacks — essentially rendering the user helpless until they comply (and even in that case, maybe not so much).In short, if your backup data is as vulnerable as your primary data, then there’s not much point in having it, notes Sam Tenorio.

The backup data in an immutable files system cannot be altered or deleted (or even read for that matter). Basically, it makes the backup data untouchable by anyone on your network, unless accessed by a user through authenticated APIs, which are independent of existing user permissions.

When adding new data to the backup, the system can be designed so it doesn’t overwrite any existing data — therefore not vulnerable to corruption or even accidental deletion.

Protection Even During Recovery

If you’re using an immutable files solution and you’re the subject of a ransomware attack, you can quickly restore the files from the most recent usable version (which are time-stamped), whether they’re stored on-site or in the cloud, notes Sam Tenorio.

This eliminates the need to wait for time-consuming restorations from another source, while your operations grind to a halt. Immutable files provide protection to data that is stored or is being transferred through encryption. Even when accessing backup data, the files are never presented in a read/write state to users.

Final Thoughts

The bottom line, so to speak, is to weigh the time and cost to recall stored data compared to that of having immutable file solutions in place (or doing it yourself manually), says Sam Tenorio. With the right approach, immutable data can be recalled in an instant, meaning you can continue to do business without interruptions (or paying a ransom for that matter).

Having safeguards in place such as software that can detect ransomware is only one layer of protection. If someone with bad intentions gets through, immutable files are an iron defense.

]]>
Sam Tenorio III Explores the Benefits of Edge Computing https://os-br.com/en/sam-tenorio-iii-explores-the-benefits-of-edge-computing/ Sun, 21 Mar 2021 13:21:48 +0000 https://os-br.com/?p=1897 Edge computing is a distributed and open IT architecture and topology in which servers, processors and data storage arrays are positioned as close as possible to the people whoneed to access, use or consume information. What’s more, distance is not necessarily based on geography. Rather, it is often determined by routing expediency.

According to Sam Tenorio III, the CEO at Seamless Advanced Solutionswhich specializes in the design, deployment and support of virtualized networks, data centers and related solutions.

There are five key benefits of edge computing: reduced latency, less expensive cooling, enhanced security, scalability, and greater business continuity. Each of these is briefly discussed below.

Reduced Latency

The most importantand for many companies, the most essential benefit of edge computing is that it enables data to be processed and stored faster than through conventional topology, which can mean the difference between a positive user experience or a frustrating one. Take for example smart street lighting systems, which leveragesedge computing to evaluate environmental conditions in real-time — such as light levels, fog, smog, and so on — and automatically adjust illumination in order to provide safer conditions for drivers, cyclists and pedestrians. If latency becomes an obstacle, then the prevailing environmental condition may dissipate or change by the time the illumination adjusts — thus rendering it useless at best, and dangerous at worst.

Less Expensive Cooling

Most people outside the IT world would be surprised, if not shocked, to realize just how much it costs to keep large data centers from overheating and basically sending vast amounts of data — not to mention millions of dollars in hardware and other infrastructure — up in smoke.

The good news is that this threat is addressed through industrial-level cooling. The bad news is that this is very expensive. Edge computing can help lower costs, since it allows companies to cool multiple smaller data centers instead of a single large one.Fundamentally, any approach to computing that is done more efficiently is going to reduce the processing burden, which in turn is going to reduce energy consumption — and hence cooling costs.

Enhanced Security

Edge computing positions applications, storage and data processing across multiple data centers and devices, which makes it easier and more streamlined for businesses to fortify vulnerabilities without taking the entire network offline. In addition, more data is processed on local devices, which means less data is transmitted to data centers.

Even if bad actors compromise a device, they will not have access to the contents of a centralized server.With this being said, edge computing does expand the overall threat surface. As a result, data must be encrypted through multiple encryption methods, and businesses need to shift from a centralized top-down infosec infrastructure to a decentralized trust model.

Scalability

Large data centers are expensive to build, maintain, secure and keep updated. Edge computing allows businesses to afford the computing, storage and analytics infrastructure they need, but at a cost level that is feasible and sustainable.

“Cloud computing helps businesses avoid paying for more computing capacity than they need,” commented Sam. “They can adjust and adapt based on shifting requirementsand target new markets without being obligated to expand their infrastructure.”

]]>
How the Cloud and Datacenters Support Your Digital Transformation https://os-br.com/en/how-the-cloud-and-datacenters-support-your-digital-transformation/ Sun, 07 Mar 2021 16:38:17 +0000 https://os-br.com/?p=1887 Businesses have had to always adapt to new hardware, software and processes, but perhaps never as quickly as they do now in the digital age.

Digital transformation is about more than just switching from analog to digital It’s about completely changing your business processes to get the most of your digital technologies to increase productivity and your customers’ experience.

Leveraging Data Analytics

One key to digital transformation is managing the sheer amount of data that is available. But it’s not just about having equipment that can handle the increased capacity —it’s having access to vast amounts of data that can help businesses make smarter decisions through analytics.

Cloud analytics is particularly useful for data consolidation. More specifically, it can pull together all sources of data in order to best perform advanced analytics to examine customer behaviors and demographics, as well as improve internal processes.

Improved Internal and External Collaboration

Aside from learning how to better market to potential customers and make their experiences more personal, data analytics can improve how your team communicates.

For example, employees can share internal notes and documents to facilitate collaboration while working remotely, which is an increasing trend, especially in this Covid 19 era of the new normal.

One major component of digital transformation is how you followup with your customers and resolve issues. For example, cloud-based chatbots are becoming a popular way of interacting with customers using artificial intelligence capabilities.
A chatbot isn’t just making the service process faster: it’s a different approach from using phone representatives

Digital Transformation is Within Reach.

For smaller businesses, building a sophisticated data center may be too expensive and complicated to manage. However, while many enterprises choose a data center as part of their digital transformation strategy, cloud-based services allow smaller businesses to cost-effectively scale its services as needed.

Many businesses have aging IT infrastructure that will not quickly handle upgrades or large amounts of data. In fact, older equipment that uses a lot of power and requires a lot of maintenance can eat into an IT budget that could be put to better use. However, in-house data centers also require IT professionals that know the equipment, as opposed to cloud-based applications where much of the technical burden is put on the provider, which saves costs. Today, businesses can cost effectively utilize data center services from various vendors without having their own facility

Deciding whether a data center or cloud (or both) is right for your operation depends on your budget and what you’re trying to achieve. However, having one or both can greatly enhance your digital transformation strategy.

]]>
VMware NSX SD-WAN by VeloCloud is a Game-Changer https://os-br.com/en/vmware-nsx-sd-wan-by-velocloud-is-a-game-changer/ Thu, 11 Feb 2021 05:03:41 +0000 https://os-br.com/?p=1822 Software-Defined Wide Area Network (SD-WAN) is a technology that secures and manages multiple types of connections and offers a flexible Wide Area Network connectivity. Its main advantage is to reduce costs, improve network performance, and provide an easy-to-use management interface.

Enterprises looking to gain more control over their networks can greatly benefit from this software revolution. To date, technology companies such as VeloCloud from VMware are promoting SD-WAN software for businesses who rely heavily on connectivity performance. NSX SD-WAN by VeloCloud can be a game-changer.

Transport Flexibility

NSX SD-WAN by VeloCloud gives businesses total flexibility when it comes to accessing the internet, ethernet, serial, Wi-Fi and more. NSX SD-WAN by VeloCloud increases bandwidth economically by aggregating WAN circuits of any type, providing faster response, even for single application flows. Thanks to the WAN being virtually accessible, its transport-independent design allows for businesses to take advantage of any transport protocol that is needed at anytime and anywhere. Data plane function and orchestration are delivered in the cloud to provide direct and optimized access to cloud as well as on-premises resources

Better Security Features

NSX SD-WAN by VeloCloud software is configured to possess certified cryptography and malware defenses to protect sensitive data and information. SD-WAN includes in-box security functions minimizing concerns when accessing the information directly from a website. In addition to this, users are able to create policies to enforce heightened security measuresfor its services like Voice over IP (VoIP). SD-WAN’s integrated cloud also offers web content filtering services to ensure further protection.

Dynamic Pathway Control

From one central control dashboard, SD-WAN also provides intelligent path control to process and direct traffic. This allows users and IT professionals to easily gain visibility into the network pathways. As a result, they are able to decipher where any processing, queuing, or transmission delays are coming from in order to ensure optimal traffic flow in real-time.

Automates Branch Deploymentsand Orchestration

Centralized monitoring, visibility and cloud control enable zero-touch branch deployment while delivering automatic business policy and firmware updates, link performance, and capacity measurements. You can deploy a branch in minutes with NSX SD-WAN Edge activation from the cloud. Automatic WAN circuit discovery and monitoring eliminates link-by-link and branch-by-branch configuration.

In the past, before SD-WAN, making changes to the network would require complex manual configurations. Now, we have the ability to manage and control our network with new technology capabilities. Today’s SD-WAN software solutions can be key to a businesses’ network transformation.

]]>
Nexus ISSU Upgrades – the Hard Way vs the Easy Way https://os-br.com/en/nexus-issu-upgrades-the-hard-way-vs-the-easy-way/ Tue, 14 Apr 2020 09:40:34 +0000 https://os-br.com/?p=1727 In the modern, data-driven world it’s not uncommon for IT infrastructure to be running both hardware and software that is several generations behind the current technology.

Competing priorities can make getting downtimes approved difficult and often nearly impossible for hardware that isn’t actively showing a problem. Nonetheless preventative upgrades are an important part of the extending the lifecycle of the infrastructure, which is where the benefits of in-service software upgrades (ISSU) really shine.

The monolithic hardware systems from the past used to require full reboots and cold stops to upgrade software, but those days are behind us now. Even in lower cost, single supervisor switches we can achieve software upgrades that leave the users unaffected.
The Cisco Nexus top-of-rack platform is an excellent example of this technology. The Cisco Nexus 9300s only have a single supervisor, but during an ISSU upgrade the Nexus allows the data plane to run unmanaged briefly as the supervisor CPU resets loads the target upgrade image. Once the control plane is updated and booted successfully it syncs with the runtime state pre-upgrade and reconciles that with the data plane. This allows traffic to continue to pass, unaffected by the in-progress system upgrade.

Of course, before beginning with any sort of ISSU procedure compatibility should be checked to ensure that there is no chance of disruption to the services provided.

The first step should be checking the release notes for the target release. This will have a list of ISSU supported releases. If you’re current version is not listed you may need to stair-step the version up, so pick one of the ones off the list, check its release notes and work backwards.

Once you’ve got your firmware picked and you’ve loaded it onto the switch you’ll also want to check and make sure there are no incompatible features and that all modules will be non-disruptive. This can be achieved by running the show incompatibility system bootflash: command as well as the show install all impact kickstart bootflash: command. Once these are checked off you’re all clear to begin your ISSU upgrade!

]]>
NSX-T 2.4 Simplified GUI versus the Advanced Networking and Security GUIby Vince DeFiore https://os-br.com/en/nsx-t-2-4-simplified-gui-versus-the-advanced-networking-and-security-gui/ Tue, 21 Jan 2020 06:09:26 +0000 https://os-br.com/?p=1640 NSX-T

With the release of VMware’s NSX-T 2.4 (and expanded upon in 2.5) we saw the introduction of the Simplified GUI, which aimed to reduce the amount of user input, have more user guidance, and all around have fewer clicks and page hops to get various tasks accomplished.

The 2.3 GUI remained as well though and was migrated to a tab labeled “Advanced Networking and Security.” In today’s post we will be exploring a few quirks and best practices around working with these two disparate GUIs.

The first thing we need to understand, is that the two GUIs are not just separate designs driving the same back end, but two entirely separate management engines, two entirely different REST APIs, running on the NSX Management Controller cluster. This creates an odd, and not obvious issue where anything created in the Simplified GUI is not editable in the Advanced GUI and vice-versa.

Thankfully, the 2.5 release ported just about all the functionality found in the Advanced GUI into the Simplified GUI so if you are aware of this quirk, and stay in the Simplified GUI, it should not be an issue. However, there are a few pieces of core functionality that reside only in the Advanced GUI.

As of the current 2.5.1 release, the ability to create, edit, tag, or otherwise manage IPsets is only found in the Advanced GUI. As many of you know, the IPset is an integral part of achieving Microsegmentation and having it obscured in this way has been a confusing issue for many users. Furthermore, much of the official NSX documentation still points to the Advanced GUI to use a feature even though the feature exists in the Simplified GUI; the DHCP helper feature being a particularly egregious example.

All in all, I am sure as future releases become available more and more features will arrive in the Simplified GUI, hopefully leading to the complete removal of the Advanced GUI. I hope this post helped shed some light on the duality of the NSX-T GUIs and proves useful in your day to day experience.

If you have any questions, please feel free to reach out to us at contactus@sas-us.com. We are always available to discuss your needs and recommend solutions.

]]>
Selecting a Routing Protocol for NSX-V by Vince DeFiore https://os-br.com/en/selecting-a-routing-protocol-for-nsx-v/ Tue, 15 Jan 2019 12:40:58 +0000 https://os-br.com/?p=426

There are two routing protocol options for VMware NSX-V: Border Gateway Protocol (“BGP”) and Open Shortest Path First (“OSPF”). In most cases BGP is the preferred option for several reasons that are covered below. However, OSPF can also be a viable option for some customer environments.

This Technical Article does not dive into the details of how these protocols operate. Rather, it can assist with selecting the appropriate routing protocol for a customer.

Regardless of the routing protocol selected, VMware NSX can be considered a stub network and therefore only requires a default route. The physical network should advertise a default route to the NSX perimeter ESGs which is passed down to the uDLR/DLR. Conversely, NSX should only advertise a unique block of IP space to upstream routers.

How to Choose Between OSPF and BGP

Customers that have a single data center location and are currently using OSPF may be a good candidate for OSPF running in NSX-V. The customer may already be comfortable with OSPF and introducing a new protocol like BGP can add to the learning curve. However, if there are plans to expand to a multi-site architecture, the complexity with OSPF can greatly increase in terms of influencing traffic ingress/egress.

Additional consideration should be given to OSPF area design. It is recommended that the ESGs are not positioned as an ABR. An ABR is a router that is connected to one or more areas. The physical router/L3 switch should provide the ABR function and the ESG has both uplinks and transit interfaces in an NSSA area. The DLR would also uplink to the NSSA area.

Additional considerations:

  • MTU mismatches will affect neighboring. Always give extra attention to path MTU between neighbors to ensure it matches end-to-end.
  • Neighbors are not statically defined, instead hellos are transmitted onto an L2 segment to discover neighbors. This is a major disadvantage compared to BGP because OSPF routers can sometimes neighbor with other routers that are unnecessary or unintended.
  • The cost metric does not influence egress (as you would expect) due to the fact that route redistribution generates external type 2 (E2) routes which ignore the cost metric. For this reason, egress traffic steering can be a challenge.

When to Choose BGP vs. OSPF

When designing NSX for multi-site data center architectures, BGP is almost always recommended. NSX egress path preference can be easily influenced using the weight metric. Ingress path preference must be handled by the physical network using a method such as AS-Path prepend or local preference If using local preference, this assumes the customer is using a single ASN across both DC locations physical core routers. A significant advantage to BGP is that neighboring is statically defined by IP address. This ensures deterministic behavior for route propagation. It also allows for granular control on a per-neighbor basis.

Additional considerations:

  • Typically, a single BGP ASN is used for all NSX components which includes both sites ESGs and DLRs. This means that iBGP is configured within NSX
  • eBGP should be configured between the NSX perimeter ESGs and the physical network
  • The default hello and hold timers are 60/180. Consider tuning these down to lower values to improve routing convergence time. Common options include 1/3, 4/12, 10/30, 20/60. Check with the customer to understand requirements for HA and also check if the physical network vendor has capabilities for tuned timers.

If you have any questions, please feel free to reach out to us at contactus@sas-us.com. We are always available to discuss your needs and recommend solutions.

]]>