Skip to content

Category: Cloud

How this site is built and updated

We've been (very) infrequently updating this blog thing since 2006. In that time it's had a number of homes: it probably started as a VM on a machine under the desk in my office, then it spent years flipping between running directly and indirectly (as a VM) on servers in our datacenter. After our old hardware started failing, we moved it to the cloud, running on an EC2 server. Now, it's running in a container. Initially, this blog was created to test and document this new fangled SAML authentication protocol, starting with mod_shib (from Shibboleth v1. When Shibboleth v2 was released, we switched to SAML 2.0 and mod_shib2.

In late 2014, our team started deploying Drupal websites on AWS using Docker images running on CoreOS. As part of that effort we created a base LAMP image using Ubuntu. We also added SimpleSAMLphp to the image to support authentication, since it had features that were a better fit for our environment than mod_shib2 (mainly that there was no separate daemon, like shibd, and that it could store session data in the same database as Drupal, making load balancing much simpler).

In early 2015 we started merging the two efforts, resulting in this new containerized, load-balanced, and easily updated version of our blog.

Leave a Comment

Slacking with Shibboleth

Someone asked how to get Slack SAML SSO working with a Shibboleth IdP. It's pretty straightforward, despite the lack of SP metadata from Slack and the inability of Slack to import IdP metadata.

Slack will attempt an authentication when you save its SAML configuration, so you need to set up the IdP first.

Comments closed

AWS Reserved Instances and Consolidated Billing

Amazon documents how reserved instances and consolidated billing work together, but it's apparently still confusing because Bob's account has instances and is also the paying account. Our setup is different - the only resource created inside the paying account is the S3 bucket where Amazon posts our billing data. Here's my edited version of the AWS document.

Comments closed

Google I/O 2012

Shiny Toys

Since it was Google I/O, every attendee received some shiny toys: a Nexus phone and Nexus 7 tablet, a Nexus Q streaming media player, and a Chromebox (the ChromeOS version of a Mac Mini).

The Nexus Q doesn't really have any impact on IT, and it's an odd system: it costs over 3 times as much as other streaming appliances, like Roku and Apple TV, but at this time, can only stream movies, TV and music from Google Play - no Netflix, Amazon Video or Pandora (i.e. all the services most people already use), and obviously no iTunes.

Unlike the Q, phone and tablet are actually useful. Not only do they both run the latest version of Android (4.1 aka JellyBean - preinstalled on the tablet, and upgraded over the air on the phone a day after I/O) - they run "pure" Android - no manufacturer or carrier software is installed on the device. The Nexus phone is unlocked, and can be used on any GSM carrier (although the pay-as-you-go plans available in the US aren't that great, and because I have a discounted AT&T contract through Stanford, I'd need to sign up for 2 year plan on the phone). Both devices were easy to setup with Stanford Email and Calendar (not surprising since I've already migrated to Google), and Google Drive on Android has support for multiple accounts (unlike the iOS client).

One of the big announcements was that Chrome is now the standard browser in Android 4.1, and that Chrome was being released for iOS too (the iPhone and iPad version were released later on the first day of I/O). All the mobile versions of Chrome support Chrome Sync, which allows you to sync bookmarks, open tabs, auto-fill information (and optionally passwords) to one of your Google Accounts. Obviously this has privacy issues, but being able to browse the list of open tabs in Chrome on your laptop from your phone or tablet is very convenient.

Comments closed

Architecting with AWS Training

I recently took the Architecting with Amazon Web Services training class. The class is taught by AWS Solutions Architects, rather than by dedicated training staff, so the instructors have real, practical experience with helping customers use AWS; the SAs use that experience, and feedback from each class, to continually improve the class.

The class covered most of the services available via AWS, although it was pretty light on Elastic Beanstalk, Amazon's new Java and PHP Platform as a Service (PaaS) offering. Each day was made up of a mix of presentations covering the various services, group paper / whiteboard architecture exercises and discussions, and hands on exercises with various AWS components and tools.

Comments closed