Kerberos, and therefore LDAP with GSSAPI, has issues with servers behind NAT, or anywhere the forward DNS lookup does not match the reverse DNS lookup. For instance, in our lab we have an OpenLDAP LDAP server: $ dig +noall +answer ldap.itlab.stanford.edu ldap.itlab.stanford.edu. 207 IN CNAME idp.itlab.stanford.edu. idp.itlab.stanford.edu. 200 IN A 184.108.40.206 However, since it's running … Continue reading Kerberos, LDAP, SSH, and NAT/AWS
Amazon documents how reserved instances and consolidated billing work together, but it's apparently still confusing because Bob's account has instances and is also the paying account. Our setup is different - the only resource created inside the paying account is the S3 bucket where Amazon posts our billing data. Here's my edited version of the … Continue reading AWS Reserved Instances and Consolidated Billing
We have a group who would like to use our internal University IDs to map campus users to Salesforce users for SSO. There are several ways to achieve this with a Shibboleth IdP and Salesforce, but this is the simplest.
Shiny Toys Since it was Google I/O, every attendee received some shiny toys: a Nexus phone and Nexus 7 tablet, a Nexus Q streaming media player, and a Chromebox (the ChromeOS version of a Mac Mini). The Nexus Q doesn't really have any impact on IT, and it's an odd system: it costs over 3 … Continue reading Google I/O 2012
I recently took the Architecting with Amazon Web Services training class. The class is taught by AWS Solutions Architects, rather than by dedicated training staff, so the instructors have real, practical experience with helping customers use AWS; the SAs use that experience, and feedback from each class, to continually improve the class. The class covered … Continue reading Architecting with AWS Training