Wednesday, September 29, 2010

Ubuntu 10.04 on VMware on Windows 7 - Want a keyboard with that?

Here at Vordel we support our Gateway on a wide variety of platforms and operating systems, including many Linux distributions. Often the work of running the Gateway on a new Linux distribution largely taken up by installing the distribution and once you've done that the Gateway "just works". In the case of Ubuntu 10.04 running on VMware on Windows 7, this was certainly true. When I installed Ubuntu 10.04, the keyboard would not work and I had to resort to using the accessibility on-screen keyboard to type anything in at the console. Googling the problem, I ran through the tips mentioned on the "Reformed Musings" blog, but to no avail. But when I followed the link to SGiff's thread on the VMWare Communities site about this issue, I saw the clue at the bottom of the thread, although it doesn't specify which file to edit. The file is xorg.conf. I opened xorg.conf (using the command sudo vi /etc/X11/xorg.conf) and then commented out these lines:

Section "ServerFlags"
Option "NoAutoAddDevices"
EndSection

What this does is allow Ubuntu to auto-detect the VMware keyboard at bootup. Rebooting the Ubuntu image then had the effect of bringing the keyboard back to life.

So it turned out that getting the keyboard working was the hard part. Installing the Vordel Gateway was a matter of untarring, putting in a valid license, then starting the process. Then I could point a browser to the Real-Time Monitoring interface and view the Gateway in action:

Thursday, September 16, 2010

Sarah Friar on Oracle

Sarah Friar is the Goldman Sachs cloud analyst (an analyst covering the cloud, rather than a "cloud-based analyst" that is) who is speaking at Vordel's event next Wednesday evening at Oracle Open World. She is quoted recently in Barrons on the topic of Oracle's hiring of Mark Hurd:
“We believe Oracle shares offer both offense in an improving macro environment, given its leverage to application spending, and defense against a choppier backdrop with its high degree of sticky maintenance revenue,” Friar writes in a research note. “We expect rising estimates as the company digests the Sun acquisition to drive the shares higher and view the hiring of ex-HP CEO Mark Hurd as a positive near-term catalyst to get the shares moving.”

Friar writes that she likes the move to hire Hurd, who she notes “has experience selling storage and hardware systems, very relevant to Oracle following its Sun acquisition and he will likely be well-received by the Oracle customer base.” She adds that Hurd is “a good fit with Oracle’s culture of strategic M&A, effective integration and cost discipline,” and notes that the Hurd “gives Oracle more executive firepower at a time when the company is pursuing new areas of growth and is branching out into areas outside its expertise.”
http://blogs.barrons.com/techtraderdaily/2010/09/07/oracle-added-to-goldman-conviction-buy-list-after-hiring-hurd/
Come along next Wednesday to hear Sarah speak, to have some good conversation about cloud and SOA (and other topics too!). The registration form is here.

Wednesday, September 8, 2010

Vordel Party at Oracle Open World

Oracle Open World is bigger than ever this year, encompassing JavaOne and Oracle Develop. And Vordel is making it even bigger with our party on Wednesday evening at Townhall on Howard Street, just a short walk from the Moscone Center. The evening includes a conversation-starting talk by Sarah Friar, analyst from Goldman Sachs who provides insightful comment on Oracle and also Cloud Computing. Do Oracle and Cloud Computing go together like cocktails and canapés? Discuss this with Sarah and others over actual cocktails and canapés on September 22nd. Click on the image below to register free. See you there!

Filtering JSP and Flash (SWF) with the Vordel Gateway

As well as filtering API and SOA traffic, the Vordel Gateway can also filter more traditional Web traffic such as JSP (Java Server Pages), images (e.g. JPGs) and Flash files (SWFs) such as those used by Adobe Flex. To illustrate this, in the screenshot below I am accessing a JSP through an SSL interface being provided by the Vordel Gateway. The JSP serves out an Adobe Flex apps as a Flash (SWF) object, and also a JPEG image. The Vordel Gateway is layering on SSL in front of a back-end JSP which is being served out over HTTP.



Now, if I try to put a Cross-Site Scripting attack into the JSP invocation, the Vordel Gateway detects and blocks this, and all I see is the 403 "Access Denied" message:



Over on the Vordel Gateway's Real-Time Monitoring, I can see clearly that the JSP request was blocked because of the detection of harmful content in the request. I can also make use of Real-Time Monitoring to see the response times my JSP pages are providing, as well as any alerts being raised by the Vordel Gateway.



For more info about the management of Adobe Flex and JSP pages, contact Vordel at info@vordel.com

Thursday, September 2, 2010

Case study of SOA and Web Services in government in Belgium

One Magazine has a great case study about Web Services and SOA usage in provincial government in Belgium. The solution was rolled out by Belgacom and includes Vordel products.

“Vordel turned out to be one of the most user-friendly solutions. At the same time, Belgacom’s project based approach has worked out well here.” - Project leader Wim Van Gelder from the Department of Projects and Development, Provincial Government of Vlaams-Brabant, Belgium.

Full case study here:
http://www.onemagazine.be/2010/08/20/how-to-share-information/#more-5212

Wednesday, September 1, 2010

Cloud Security Podcast - The question of API Keys

I had a really good discussion with Kaitlin Brunsden from EbizQ on the topic of Cloud Security in general, and API Keys in particular. All too often, CISOs and IT managers do not realize that if their organization is using Amazon Web Services (AWS), for example, then the Secret Key ID used to authenticate to AWS is often sitting on a hard drive or coded into an application. This Secret Key ID, in combination with the Access Key ID (which is readily available through traffic logs) can be used by a malicious user to provision or terminate virtual machines, to access data in Cloud-based queues or databases, or just simply to run up a large charge which will then hit the credit card linked to the API keys. Vordel can help, by protecting the API keys in the same way that our products protect keys used in other contexts (e.g. private keys for SSL).

The podcast (complete with transcription) is here: http://www.vordel.com/news/articles/31-08-10.html