New updated ScreenOS Signing Key, Boot Loader and ScreenOS images

Alert Description:

Juniper Networks has identified a potential exposure of the digital key used to sign NetScreen devices that run ScreenOS software images. While there is no evidence of a compromise, Juniper has taken proactive steps to revoke the old signing key and move to a new signing key for all NetScreen devices that run ScreenOS software. This measure applies only to NetScreen devices that run ScreenOS software, and does not apply to any other Juniper products.

Solution:
Customers who have installed any upgrades or patches to their ScreenOS products since 1 June 2014 are being advised to install the new signing key, ScreenOS and Boot Loader (when applicable) immediately; this will confirm the authenticity of the upgrades or patches completed since 1 June 2014. All customers will need to install these components to support future upgrades or patches to their ScreenOS products.


Customers are being asked to review the TSB16495 carefully and follow instructions for installing the new signing key, as necessary.

RHEL Brings Software Defined Storage to Big Data

Cache tiering divides the data cluster so that hot data being accessed regularly can be held on faster storage, typically SSD's, while erasure-coded cold data sits below on cheaper storage media. Image credit: Ceph.

Red Hat last month released the latest version of Inktank Ceph Enterprise, their object and block storage product based on the upstream open source Ceph project. It's notable not only as the first release since Red Hat acquired the two-year-old startup, Inktank, in April, but also for two key features that help open up a

new market for Ceph.

While Ceph gained prominence as the open source software-defined storage tool commonly used on the back end of OpenStack deployments, it's not strictly software for the cloud. With the latest new enterprise feature addition, Ceph has begun to see adoption among a new class of users interested in software-defined storage for big data applications.
The new enterprise features can be used in both legacy systems and in a cloud context, “but there's almost a third category of object storage within an enterprise,” said Sage Weil, Ceph project leader, in an interview at OSCON. “They're realizing that instead of buying expensive systems to store all of this data that's relatively cold, they can use software-defined open platforms to do that.”











“It's sort of cloudy in the sense that it's scale out,” Weil said, “but it's not really related to compute; it's just storage.”

Two Important New Features

Ceph Enterprise 1.2 contains erasure coding and cache-tiering, two features first introduced in the May release of Ceph Firefly 0.8. Erasure coding can pack more data into the same amount of space and requires less hardware than traditional replicated storage clusters, providing a cost savings benefit to companies that need to keep a lot of archival data around. Cache tiering divides the data cluster so that hot data being accessed regularly can be held on faster storage, typically SSD's, while erasure-coded cold data sits below on cheaper storage media.
Used together, erasure coding and cache tiering allow companies to combine the value of storing relatively cold, unused data in large quantities, with faster performance – all in the same cluster, said Ross Turk, director of product marketing for storage and big data at Red Hat.
It's a set of features that are both useful in a cloud platform context as well as in standalone storage for companies that want to benefit from the scale-out capabilities that the cloud has to offer but aren't entirely ready to move to the cloud.
“In theory it's great to have elastic resources and move it all to the cloud, but training organizations to adapt to that new paradigm and have their own ops teams able to run it, takes time,” Weil said.

Appealing to big data users

OpenStack was a good first use case for Ceph to target because developers and system administrators on those projects understand distributed software, Weil said. Similarly, a greenfield private cloud deployment is a good use case for Ceph because it's easy to stand up a new storage system at the same time “rather than attack legacy use cases head on,” he said.
But enterprise private and hybrid cloud adoption still lags behind public cloud use, according to two recent reports by IDC and Technology Business Research. One reason is that most companies lack the internal IT resources and expertise to move a significant portion of their resources to the cloud, according to a March 2014 enterprise cloud adoption study by Everest Group.
Storage faces an even longer road to adoption than the cloud, given the high standards and premium that companies place on retaining data and keeping it secure.
“People require their storage to be a certain level of quality and stability – you can reboot a server but not a broken disk and get your data back,” Turk said.
By providing an economic advantage to users in the growing cold storage market, Ceph has the added benefit of encouraging enterprise adoption of open source storage in the short term without relying on cloud adoption to fuel it.

The path to the open source data center

Over the long term, cloud computing and the software-defined data center – including storage, compute, and networking – will become the new paradigm for the enterprise, Weil said. And Ceph, already a dominant open source project in this space, will rise along with it.
“A couple of decades ago you had a huge transformation with Linux going from proprietary Unix OSes sold in conjunction with expensive hardware to what we have today in which you can run Linux or BSD or whatever on a huge range of hardware,” Weil said. “I think you'll see the same thing happen in storage, but that battle is just starting to happen.”
Red Hat's acquisition of Inktank will help shepherd Ceph along that path to widespread enterprise adoption -- starting with this first Ceph Enterprise release. Ceph will also eventually integrate with a lot of the other projects Red Hat is involved with, Weil says, including the Linux kernel, provisioning tools, and OpenStack itself.

What Is Cloud Computing ?

Cloud Computing is the use of Computing Resources(Hardware like Hypervisor,Storage,switches  & Software like Virtualization,vlan trafficing , dynamic ip allocation ) that are delivered as Service over the Network.It's called cloud since all these above mentioned resources can be scaled on request  and based on usage.

Why cloud Computing is preferred / benefits of Cloud Computing

• Scalability : -The customer doesn't have to know (and buy) the full capacity they might need at a peak time. Cloud computing makes it possible to scale the resources available to the application. A start-up business doesn't have to worry if the advertising campaign works a bit too well and jams the servers.
  
• Pay Per Use :- Customers pay only for what they use. They don’t have to buy servers or capacity for their maximum needs. Often, this is a cost savings.
  
• The cloud will automatically (or, in some services, with semi-manual operations) allocate and de-allocate CPU, storage, and network bandwidth on demand. When there are few users on a site, the cloud uses very little capacity to run the site, and vice versa.
  
• Reduces Cost :- Because the data centers that run the services are huge, and share resources among a large group of users, the infrastructure costs are lower (electricity, buildings, and so on). Thus, the costs that are passed on to the customer are smaller.
  
• Application programming interface (API):- Accessibility to software that enables machines to interact with cloud software in the same way that a traditional user interface (e.g., a computer desktop) facilitates interaction between humans and computers
  
• Virtualization technology allows servers and storage devices to be shared and utilization be increased. Applications can be easily migrated from one physical server to another.
  

Types of Cloud Computing :-

• Public Cloud
• Private Cloud
• Hybrid Cloud

Public Cloud  :- In public cloud applications, storage, and other resources are made available to the general public by a service provider. These services are free or offered on a pay-per-use model. Generally, public cloud service providers like Amazon AWS, Microsoft and Google own and operate the infrastructure and offer access only via Internet

Private Cloud : - Private cloud is cloud infrastructure operated solely for a single organization, whether managed internally or by a third-party and hosted internally or externally.

Hybrid Cloud : -  Hybrid cloud uses both public and private cloud infrastructure.

Cloud computing  Models

• Infrastructure as a Service (IaaS).  IaaS  offers  computers - physical or  virtual machines - and other resources like storage so that developers and IT organizations can use to deliver business solutions.Cloud providers typically bill IaaS services on a utility computing basis: cost reflects the amount of resources allocated and consumed.
  
• Platform as a Service (PaaS). Pass offers computing platform typically including operating system, programming language execution environment, database, and web server. Application developers can develop and run their software solutions on a cloud platform without the cost and complexity of buying and managing the underlying hardware and software layers.
  
• Software as a Service (SaaS). In the SaaS , the service provider hosts the software so you don’t need to install it, manage it, or buy hardware for it. All you have to do is connect and use it. SaaS Examples include customer relationship management as a service.
  

Whats New in Red Hat Enterprise Linux 7

Red Hat Enterprise Linux 7 has been released successfully on June 10, 2014. RHEL 7 is providing better performance and scalability. At system administrators it provides unified management tools and system-wide resource management that reduce he administrative burden.

Release Notes: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.0_Release_Notes/index.html

Whats New in Red Hat Enterprise Linux 7:

RedHat Enterprise Linux 7 has been released with lots of major changes and migration considerations. Currently its Release Candidate version is released and we will look final release very soon. Here is some description of major changes coming in RHEL 7 than RHEL 6. This list doesn’t contain all the changes available in RHEL 7. I have tried to provide those changes details which comes general in use.

1. System Limitations

a. RedHat recommends minimum 5 GB of disk space to install this release of RHEL series for all supported architectures.
b. For AMD64 and Intel® 64 systems – Red Hat recommends at least 1 GB memory per logical CPU.
c. For 64-bit Power systems now require at least 2 GB of memory to run.

2. New Boot Loader

A new book loader GRUB2 has been introduced in RHEL 7. It supports more filesystems and block devices.
GRUB2 Configuration File: /boot/grub2/grub.cfg

3. New Init System

As we know RHEL 6 and older releases used SysV init system. But RHEL 7 has been released with new init system systemd which is compatible with SysV.

4. New Installer

Red Hat Enterprise Linux 7 has and redesigned Anaconda version. Which have many improvements in system installation.

5. Changes to firstboot Implementation

RHRL 7 replaces firstboot with the Initial Setup utility, initial-setup, for better interoperability with the new installer.

6. Changes in File System Layout

Red Hat Enterprise Linux 7 introduces two major changes to the layout of the file system.
The /bin, /sbin, /lib and /lib64 directories are now under the /usr directory.
The /tmp directory can now be used as a temporary file storage system (tmpfs)

7. ncat (Network Configuration utility) introduced

A new networking utility ncat has been introduced in RHEL 7 which replaces netcat. ncat is a reliable back-end tool that provides network connectivity to other applications.It uses both TCP and UDP for communication.

8. Released with Apache 2.4

RHEL 7 is coming with apache 2.4, which has significant changes with number of new features.

9. Chrony – A new Package Introduced

Chrony is introduced as new NTP client provided in the chrony package. Chrony does not provides all features available in old ntp client (ntp). So ntp is still provided due to compatibility.

10. Introducing HAProxy

HAProxy has been introduced in RHEL 7. It is a TCP/HTTP reverse proxy that is well-suited to high availability environments.

Setup DNS Server step by step in CentOS / RHEL

DNS (Domain Name System) is the core component of network infrastructure. The DNS service resolves hostname into ip address and vice versa.

DNS Server Installation in CentOS 6.5

This how-to tutorial will show you how to install and configure Primary and Secondary DNS server. The steps provided here were tested in CentOS 6.5 32 bit edition, but it should work in RHEL 6.x(x stands for version) and Scientific Linux 6.x too.

Scenario

Here are my test setup scenario

[A] Primary(Master) DNS Server Details:

Operating System     : CentOS 6.5 32 bit (Minimal Server)
Hostname             : masterdns.example.com
IP Address           : 192.168.1.200/24

[B] Secondary(Slave) DNS Server Details:

Operating System     : CentOS 6.5 32 bit (Minimal Server)
Hostname             : slavedns.example.com
IP Address           : 192.168.1.201/24  

Setup Primary(Master) DNS Server

[root@masterdns ~]# yum install bind* -y

1. Configure DNS Server

The main configuration of the DNS will look like below. Edit and add the entries below which were marked as bold in this configuration files.

[root@masterdns ~]# vi /etc/named.conf 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.200;};                      ## Master DNS IP ##
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { localhost; 192.168.1.0/24; };                      ## IP Range ##
allow-transfer{ localhost; 192.168.1.201; };                        ## Slave DNS IP ##  
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
type hint;
file "named.ca";
};
zone"example.com" IN {
type master;
file "fwd.example.com";
allow-update { none; };
};
zone"1.168.192.in-addr.arpa" IN {
type master;
file "rev.example.com";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

2. Create Zone files

Now we should create forward and reverse zone files which we mentioned in the‘/etc/named.conf’ file.

[A] Create Forward Zone

Create ‘fwd.example.com’ file in the ‘/var/named’ directory and add the entries for forward zone as shown below.

[root@masterdns ~]# vi /var/named/fwd.ostechnix.com 
$TTL 86400
@   IN  SOA     masterdns.example.com. root.example.com. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@IN  NS      masterdns.example.com.
@IN  NS     slavedns.example.com.masterdns     IN  A    192.168.1.200
slavedns     IN  A   192.168.1.201

[B] Create Reverse Zone

Create ‘rev.example.com’ file in the ‘/var/named’ directory and add the entries for reverse zone as shown below.

[root@masterdns ~]# vi /var/named/rev.example.com $TTL 86400
@   IN  SOA     masterdns.example.com. root.example.com. (        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@IN  NS      masterdns.example.com.@IN  NS      slavedns.example.com.masterdnsIN  A   192.168.1.200
slavedns IN  A   192.168.1.201
200       IN  PTR     masterdns.example.com.201      IN  PTR    slavedns.example.com.

3. Start the bind service

[root@masterdns ~]# service named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]
[root@masterdns ~]# chkconfig named on

6. Test syntax errors of DNS configuration and zone files

[A] Check DNS Config file

[root@masterdns ~]# named-checkconf /etc/named.conf 
[root@masterdns ~]# named-checkconf /etc/named.rfc1912.zones

[B] Check zone files

[root@masterdns ~]# named-checkzone ostechnix.com /var/named/fwd.ostechnix.com 
zone ostechnix.com/IN: loaded serial 2011071001
OK
[root@masterdns ~]# named-checkzone ostechnix.com /var/named/rev.ostechnix.com 
zone ostechnix.com/IN: loaded serial 2011071001
OK
[root@masterdns ~]#

7. Test DNS Server

Method A:

[root@masterdns ~]# dig masterdns.example.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.example.com;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11496
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;masterdns.example.com.INA;; ANSWER SECTION:
masterdns.example.com. 86400INA192.168.1.200;; AUTHORITY SECTION:
ostechnix.com.86400INNSmasterdns.example.com.ostechnix.com.86400INNSslavedns.example.com.;; ADDITIONAL SECTION:
slavedns.ostechnix.com.86400INA192.168.1.201
;; Query time: 5 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar  3 12:48:35 2013
;; MSG SIZE  rcvd: 110

Method B:

[root@masterdns ~]# dig -x 192.168.1.200
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40891
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;200.1.168.192.in-addr.arpa.INPTR
;; ANSWER SECTION:
200.1.168.192.in-addr.arpa. 86400 INPTRmasterdns.example.com.;; AUTHORITY SECTION:
1.168.192.in-addr.arpa.86400INNSmasterdns.example.com.1.168.192.in-addr.arpa.86400INNSslavedns.example.com.;; ADDITIONAL SECTION:
masterdns.example.com. 86400INA192.168.1.200slavedns.example.com.86400INA192.168.1.201;; Query time: 6 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar  3 12:49:53 2013
;; MSG SIZE  rcvd: 150

Method C:

[root@masterdns ~]# nslookup masterdns
Server:192.168.1.200
Address:192.168.1.200#53
Name:masterdns.example.comAddress: 192.168.1.200

Thats it. Now the Primary DNS server is ready

Setup Secondary(Slave) DNS Server

[root@slavedns ~]# yum install bind* -y

1. Configure Slave DNS Server

Open the main configuration file ‘/etc/named.conf’ and add the lines as shown in bold letters.

[root@slavedns ~]# vi /etc/named.conf 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.201; };                    ## Slve DNS IP ##      
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { localhost; 192.168.1.0/24; };                     ## IP Range ##   
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
type hint;
file "named.ca";
};
zone"example.com" IN {
type slave;
file "slaves/ostechnix.fwd";
masters { 192.168.1.200; };
};
zone"1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/example.rev";
masters { 192.168.1.200; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

2. Start the DNS Service

[root@slavedns ~]# service named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]
[root@slavedns ~]# chkconfig named on

Now the forward and reverse zones are automatically replicated from Master DNS server to Slave DNS server.

To verify, goto DNS database location(i.e ‘/var/named/slaves’) and use command ‘ls’.

[root@slavedns ~]# cd /var/named/slaves/
[root@slavedns slaves]# ls
ostechnix.fwd  ostechnix.rev

The forward and reverse zones are automatically replicated from Master DNS. Now check the zone files whether the correct zone files are replicated or not.

[A] Check Forward zone:

[root@slavedns slaves]# cat example.fwd 
$ORIGIN .
$TTL 86400; 1 day
ostechnix.comIN SOAmasterdns.example.com. root.example.com. (2011071001 ; serial
3600       ; refresh (1 hour)
1800       ; retry (30 minutes)
604800     ; expire (1 week)
86400      ; minimum (1 day)
)
NSmasterdns.example.com.NSslavedns.example.com.$ORIGIN example.com.
masterdnsA192.168.1.200
slavedns A192.168.1.201

[B] Check Reverse zone:

[root@slavedns slaves]# cat example.rev 
$ORIGIN .
$TTL 86400; 1 day
1.168.192.in-addr.arpaIN SOAmasterdns.example.com. root.example.com. (2011071001 ; serial
3600       ; refresh (1 hour)
1800       ; retry (30 minutes)
604800     ; expire (1 week)
86400      ; minimum (1 day)
)
NSmasterdns.example.com.NSslavedns.example.com.$ORIGIN 1.168.192.in-addr.arpa.
200PTRmasterdns.example.com.
201PTRslavedns.example.com.
masterdnsA192.168.1.200
slavedns A192.168.1.201

3. Add the DNS Server details to all systems

[root@slavedns ~]# vi /etc/resolv.conf 
# Generated by NetworkManager
search example.com
nameserver 192.168.1.200
nameserver 192.168.1.201
nameserver 8.8.8.8

4. Test DNS Server

Method A:

[root@slavedns ~]# dig slavedns.example.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> slavedns.example.com;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39096
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;slavedns.example.com.INA;; ANSWER SECTION:
slavedns.example.com.86400INA192.168.1.201;; AUTHORITY SECTION:
example.com.86400INNSmasterdns.example.com.example.com.86400INNSslavedns.example.com.;; ADDITIONAL SECTION:
masterdns.example.com. 86400INA192.168.1.200;; Query time: 7 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar  3 13:00:17 2013
;; MSG SIZE  rcvd: 110

Method B:

[root@slavedns ~]# dig masterdns.example.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.example.com;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12825
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;masterdns.example.com.INA;; ANSWER SECTION:
masterdns.example.com. 86400INA192.168.1.200;; AUTHORITY SECTION:
ostechnix.com.86400INNSmasterdns.example.com.ostechnix.com.86400INNSslavedns.example.com.;; ADDITIONAL SECTION:
slavedns.example.com.86400INA192.168.1.201;; Query time: 13 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar  3 13:01:02 2013
;; MSG SIZE  rcvd: 110

Method C:

[root@slavedns ~]# nslookup slavedns
Server:192.168.1.200
Address:192.168.1.200#53
Name:slavedns.example.comAddress: 192.168.1.201

Method D:

[root@slavedns ~]# nslookup masterdns
Server:192.168.1.200
Address:192.168.1.200#53
Name:masterdns.example.comAddress: 192.168.1.200

Method E:

[root@slavedns ~]# dig -x 192.168.1.201
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.201
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56991
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;201.1.168.192.in-addr.arpa.INPTR
;; ANSWER SECTION:
201.1.168.192.in-addr.arpa. 86400 INPTRslavedns.example.com.;; AUTHORITY SECTION:
1.168.192.in-addr.arpa.86400INNSmasterdns.example.com.1.168.192.in-addr.arpa.86400INNSslavedns.example.com.;; ADDITIONAL SECTION:
masterdns.example.com. 86400INA192.168.1.200slavedns.example.com.86400INA192.168.1.201;; Query time: 6 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar  3 13:03:39 2013
;; MSG SIZE  rcvd: 150