Teneo !!!

Aaron’s blog on Networking, and Enterprise Technology

My Blog has moved to “My Teneo !!!”

If you are seeing this post, that means that I have not turned on redirection yet.  All new posts are now going to My Teneo !!!

I have moved all the posts on this blog over, but redirection is obviously not turned on yet.  There are just a few posts that redirection is failing, due to special characters in the Title/URL.

Please go to the new blog to see current posts.  Thanks.


Redirecting WordPress to Liferay Blogs

I love WordPress.  I really do.  If nothing else, I love the statistics that WordPress gives me per post.  However, my primary move to another site is simply because I want one integrated site, instead of maintaining two individual ones.

So, being that Liferay is my choice, and I don’t want to lose have any broken links from Google or other sites.

So, the biggest challenge?  Liferay blogs do not maintain the same URL style as WordPress.  So, how do you redirect WordPress entries to Liferay entries easily?

First, you must use Apache HTTP server as a front-end to your Liferay system (that should have been your first choice anyway, right?).  Then, you just use modrewrite and use a regular expression pattern.

Next, you would use the WordPress Importer for Liferay.  You would install it as another portlet.  Once installed, choose the “configuration” of the portlet to choose what you want imported (pages, categories, blog entries, etc).  Once the import is complete, you have your blogs.

But, not so fast.  If you choose to redirect your existing WordPress blogs to Liferay, you will end up with lots of 404 errors (page cannot be found).  That’s because the URL is different.

WordPress will send over /year/month/day/title (i.e. 2011/02/16/title-of-entry).

Liferay expects /-/blogs/title-of-entry

So, using modrewrite, I used the following pattern

RewriteRule ^/[0-9]+/[0-9]+/[0-9]+/(.*)?$ blog/-/blogs/$1 [R=301,NC,L]

This means, it will strip the year/month/day, and add the title.  The R=301 means permanent redirect, NC means not-case-sensitive, and the L means this is the last rule to execute.  Keep in mind, that I’m using “blog” first, before “/-/blogs”, because that is the page I use for my blogs.  Change to fit your needs.

I am still struggling with importing comments, but that should be rectified shortly.  Even if I have to wait for Liferay version 6.1.

New Blog Site soon!

Sorry for the lack of posts.  I’m actually creating a new site called MyTeneo!!!

For the primary reason that I’ve noticed since I kicked off this site back in 2007, more people are using the Teneo name.  Now, obviously, I have no trademark for a Latin word, but it was a bit disconcerning that other IT professionals are using my catch phrase for their business:

And to be honest, it’s time for a change anyway.  Hence, MyTeneo is being born!  MyTeneo is a spin off of Teneo, but to make it personal.  If Teneo is to understand something, then MyTeneo is your personal journey to understanding something.

Stay tuned.  Website is nearly complete.


Liferay 6+ and Blog Portlet Ideas

So, I’m in the process to looking at other vendor’s for my Blog.  I really like WordPress for a number of reasons, but I want my website to be fully integrated with my blog.  I don’t want to have 2 seperate websites.

Liferay is my choice (mostly because I love java, it’s very expandable, and I want to implement Liferay at my company for our intranet portal.)

However, there are a few things the Blog Portlet is lacking.  The largest among those, is “Anonymous Comments”.  See, not everyone wants to “Create an account”, for just one comment.  If I were building a community, that would be different, but I’m not.  The purpose of a blog is not one-way communications.  If that were true, then we would just create static web pages.  We need two-way communications, and the harder we make it for our visitors, the less likely we will have them.

The first thing that we should implement for Liferay Blog, would be to “easily allow” guest comments.  Right now, we have to modify an embedded text file called “blogs.xml” and add it to our ext-environment.  Next, we can add captcha to guest comments, which will prevent bots from spamming our blogs.  Liferay already implements Captcha, so it should not be too difficult.

Those two things will get everything started.  Now, to get Liferay Blog “up-to-standards” with the other vendors, the next milestone would be comment workflow.  This is to allow the moderating of comments, i.e. to not publish comments until an approval is made.  Again, not too difficult, as Liferay already uses workflow.

For example, with WordPress, you can add comment moderation, which sends out an email when a comment is waiting to be approved.  You can also add, “approve comment, if you have previously approved comments from the same person”.  So, if Liferay sees a comment from someone that you have previously approved, then auto-approve it.

So, to sum up:

  1. Add 3 fields to anonymous comments
    1. Name
    2. Email Address
    3. Website
  2. Easily configure to allow Anonymous comments in the config pane of the blog portlet
  3. Option to add “Captcha” or “Re-Captcha” for comment authentication
  4. Comment moderation (i.e. Workflow)

HP Les Stuart Interview

Video of me interviewing Les Stuart of HP ESSN (Enterprise Server, Storage, Network) management group.  Unfortunately, we could not get a “quiet room” in time, so we had to do this on the “Interop Floor”.  So, there is alot of background noise.  Sorry.  Hope you can hear it.


Interop 2011 finishes – Systems Mgmt

Came back from Interop Las Vegas yesterday. What a blast! I met so many great people from Twitter and HP Networking team, I can’t name everyone. But, you know who you are!!

The first day Interop started, I got put into “systems management” mood. Dunno why, but I just wanted to know everything that dealt with systems management.

I stopped by the ManageEngine booth to see their latest offerings (I already use ServiceDesk, and have used OpManager before). It was good. OpManager is a good product. However, their Netflow reporting module isn’t as integrated into their product suite as I would have liked.  It can send events as “emails” to the helpdesk system, but you lose asset information, and other things.

I did not see SolarWinds there, as I would have liked to have talked to them about their Orion product and modules.

Firestorm from BreakingPoint won the Best of Interop 2011 category of “management and monitoring”, but I didn’t talk to them. Downside of making Interop so big.

However, I did get to chat with the HP Networking team in detail on IMC (Intelligent Management Center), which, was also used to manage and monitor the entire Interop NOC.

This system is just too cool! I’ve been an OpenNMS guy for years, and this system takes the cake. With a proven production system actively monitoring, managing, and collecting on over 200,000 devices, it can scale.

What is it’s coolest feature? The ability to manage over 2600 different devices (1000 of them are Cisco alone). As of next month’s service pack, it will be over 3000.  Now, that’s neat, but the coolest part, is that you configure them all the same.  The differences lie under the code that you don’t see.  So, if you want to create another VLAN and you do not use VTP, just create the VLAN, and all the different commands will be sent to each switch.  It will also track your configuration changes.

To quote Dave Donatelli on his press release Monday, “….. we manage Cisco better than Cisco….”.  After seeing the interface, there is no doubt.  Features like central ACL’s (no, no ASA support just yet…. I already asked), VPN management, User Authentication (RADIUS and TACACS), QoS policies, etc, can all be managed from the same interface no matter what the vendor is.  Some are extra modules that you add on.

Other modules include their NTA (Network Traffic Analyzer), which is their NetFlow/sFlow collector and reporting tool, and MPLS VPN management.  You can even see your VMWare environment and kickoff vMotion from here.

In talking to Bob Suhay in the Enterprise HP Networking Group, he explained to me that this system was meant to prevent “swivel chair” syndrome, as you change between different monitors to do different things.

IMC is a really cool product, and I, for one, will include it into my bids next year for a possible replacement.

HP’s Network Management with FlexNetwork Architecture

During Interop, I’ve had the pleasure to discuss, in detail, HP’s ideas and plans for a “Single-Pane” management interface, coming from Les Stuart, Distinguished Architect.

It should come as no surprise, that HP is the *KING* of applications.  Their product line is very diverse.  Some would even say, “too excessive”, and each device has it’s own management application.  Not only that, but there is also additional software to manage multiple applications/devices.  From Proliant Servers (Insight Manager) to Procurves (Procurve Manager).  And from storage networks (StorageWorks) to data networks (Network Node Manager and IMC), just to name only a few.  Confusion comes from determining which application to use for what.

Now that HP has publicly addressed the need for a single architecture called FlexNetwork, they have a few hurdles to overcome, to say the least.  But to Les Stuart, he sees opportunity, not challenges.  His passion to bring everything together makes one believe that not only is it possible, but it’s already underway.

“There has already been significant investment in the developing of the current applications for our product line….. and they’re GOOD.  Why re-invent the wheel?  We would rather keep those existing platforms, and [roll-up] the data into a single-pane interface for the personnel to use, seeing only the parts that they need”, says Stuart.  “[Drilling-down] to the device will simply open it’s respective application for details”.

However, it does not stop there.  Stuart’s vision for the FlexNetwork is not just managing and monitoring.  It includes provisioning.  “We want our software to not only manage those devices, but add [automation] so that if an administrator wants to ‘spin-up’ a new server, we can assign the VLAN, build the firewall policies, carve out storage, and assign the network access-lists”, Stuart goes on.

Do you want integration into your already existing management system? No problem, says Stuart.  Using existing standards and models like Netconf, Openflow, and Openstack, and following the FCAPS model, HP wants to make it easy to integrate into existing platforms.  “It’s not just an application, but a framework to build upon.”

HP wants to give you the starting tools to do what you need.  However, if you want to do more, you can.

HP will not be releasing a full-featured product like this anytime soon.  However, you can expect to see a “link launcher” as Stuart calls it, sooner than later.  A single point of access for all your HP tool needs.  I, for one, will be watching closely to see how HP handles this.  If it’s as good as Les Stuart is excited that it can be, it will be a fantastic and missing feature that admins are missing.

HP FlexNetwork Architecture

Today, Dave Donatelli, Executive VP for HP, announced HP’s FlexNetwork Architecture.

There is no doubt, that HP has been gaining alot of ground in their Procurve sales for the enterprise.  Being that their price points are below that of Cisco, with functionality one would expect in the enterprise, it’s no wonder people are considering HP when they did not before.

FlexNetwork is the all-inclusive term which encompasses 3 tiers of HP’s Networking Portfolio:

  • FlexFabric – Datacenter Networking
  • FlexCampus – Wired and Wireless networks in the Campus environment
  • FlexBranch – Branch Office products

FlexManagement actually applies to the FlexNetwork Architecture, as it pertains to the full management of it.  Currently, it consists of the Intelligent Management Center, or IMC for short, which monitors and manages all your network devices.  Not just Dell, but Cisco, Juniper, Dell, etc.  Currently, it manages 2600+ devices, and more than 3000 after Service Pack 1, to be released in June 2011.

Sophos vs McAfee: Is there a winner?

I just finished up with a comparative study of Sophos and McAfee.  The results were interesting.  Sophos actually detected mal-ware that my existing McAfee implementations did not, and it is extremely fast.  If I were to have picked my favorites of Sophos it would be:

1).  Tiny differential updates throughout the day.  McAfee only updates once per day (Monday – Friday), and this really failed when a buggy update shutdown XP systems in 2010.

2).  Scanning engine is incredibly fast, and smaller memory footprint (compared to McAfee).

3).  Firewall and peripheral device control (i.e. USB Device lockouts and blocking of wireless bridging).

Now, on to McAfee.  I still have not yet found E-Policy Orchestrator’s equal.  It’s central management system is still a great policy interface.  I was asked by a sales rep, “What is the most important thing an antivirus product must do, in a manager’s eyes”.  Well, that question backfired, as my answer was “Good reporting and management”.

Now, if they had asked me “….. for the business….”, I would have answered, “catch malware”.  You see, from my point of view, I need to know how my entire infrastructure is handling security events and making sure all devices have protection.

Sophos does not have great reporting.  I’ve been told they are working on an API to make it better, but I am not known to purchase based on “future roadmaps”.  They have reports, sure….. but the best reports are ones that we can create ourselves.  Out-of-the-box reports are great, but not when you are slicing and dicing data looking for something.  That is where EPO excels at.

Another piece, albeit small but still powerful, is the ability to search by username.  If someone is having a problem, it is so easy to just search for their username, and pull up their system and all policies and events associated with them.

Finally, Sophos does not handle inheritance.  Setting policies at a root level, and having those policies trickle down to sub-groups, are a great way to be efficient and manage them.

I’m still bothered of the fact that Sophos found items that McAfee didn’t.  Is it because my policies were not strong enough?  Am I scanning often enough? Or is Sophos just better at catching them?  You see?  It’s bothering…..

Overall, Sophos is really a great client and overall  system.  Had I not already been spoiled by EPO’s great features, I would have jumped on it.  I am eager to see what Intel’s purchase of McAfee has planned for them.

Syslog-ng and filters

So, over the weekend, I had to update 200 routers with SNMP configs, and point them to my SYSLOG server. Easy, right? Well, tedious, since half-way I figured I should have used EXPECT, but by then, I was already half-done.

Anyway, after all my work, I noticed that my syslogs were not receiving any logging. Doing a TCPDUMP showed I received the logs. Strange?

I have alot of filtering done in SYSLOG-NG. With my naming convention, all end-point access routers use [location]-arXX (where XX is the numbered router at that location). So, my filter for access routers is:


Well, after some searching, SYSLOG-NG actually does a reverse DNS lookup to determine the name, even though I have the hostname inside the log.

After adding 200+ reverse DNS entries, I finally got it working.