Blog

Welcome to the New UberEther HQ

October 25, 2018 Blog 3 Comments

A few weeks ago our team in Virginia moved into our new headquarters in Sterling. When our previous lease came up for renewal we started talking about what the next ten years of UberEther would look like and how we could better enable our team and customers to deliver solutions more effectively. In the last seven years we've grown past delivering identity and access management solutions to managing all aspects of our customers' hybrid cloud environments, with a focus on the security of operations up and down their technology stacks. A plan that has been in the works for nearly two years has finally come to fruition.  This plan countered all the industry trends right now and for good reason. We focused on providing our team with private offices to allow them to concentrate on work instead of an open floor plan full of distractions.  All of our collaboration spaces are loaded with Google Meet hardware devices to allow us to start video conference calls with the touch of a button. We put in a Jamboard to allow us to ...

No BeyondCorp or ZeroTrust Without the Fundamentals

Last night I went to the local ISACA event where Google was talking about their 6-year journey towards their BeyondCorp / ZeroTrust model for security. As we move away from the traditional walled castle of security design to support the federated SaaS and cloud provider models I genuinely believe BeyondCorp is the best solution to keep our organizations safe. Their model is very similar to what we have implemented at multiple government organizations in extremely sensitive operating environments. For those that haven't dug into BeyondCorp, here is a link to the current papers Google has released about the concept and their deployment journey. The gist is by turning your network inside out you take a user identity and device-centric approach to security.  By continually validating devices, assigning them trust levels, and tying that to trusted user identities you can more easily spot and stop bad actors from using compromised credentials and devices against your corporate resources. Some of the key takeaways from Google's talk that I took were: Google has spent six years migrating towards this model and is only halfway complete migrating all the users and devices over. Admittedly they spent ...

Oracle Exadata 1/8 Rack vs. Oracle Database Appliance ODA

We do a lot of work with the Oracle Identity and Access Management Suite and many of our customers do not have a ton of experience with the Oracle Database, nor do they want a huge Oracle infrastructure.  What they do want is high availability and reliability on the platforms underpinning their IAM solutions.  Over the years we have recommended Oracle's Database Appliance for many of these situations.  They are great little machines that don't require extensive DBA knowledge to manage them.  In recent years they have also added the ability to do virtual machines on top of them which introduces some other awesome opportunities (OAM/OIM in a box!) Recently we ran across a salesman that was pushing our customer into using an Exadata 1/8th rack instead of the ODA. We put together this handy little spreadsheet for the customer. ODA X5-2 Exadata 1/8 Rack X6-2 2 Database Servers 2 Database Servers 72 Cores 44 Cores 512 GB of RAM 512 GB of RAM 1024 GB Optional No Storage Server 128 TB Raw 64 TB Mirrored 42.7 TB Triple Mirrored 144 TB Raw 72 TB Mirrored 48 TB Triple Mirrored

Installing Ruby Version Manager in Offline Mode

August 20, 2014 Blog 0 Comment

Thought I'd share these notes. The guides out there in the wild have gained a few holes in them since they were written. Heads up for anyone planning on following this to a T: This is on RHEL6.5 Despite this being offline mode, I'm going to use yum to download RVM dependencies. Cache those RPMs and use localinstall if you need a "true" offline installation. I recommend adding EPEL to your OS's list of repos. It should take care of most of the harder-to-find ones. First, download a stable release of RVM in tarball form. $ curl -sSL https://github.com/wayneeseguin/rvm/tarball/stable -o rvm-stable.tar Download Ruby 2.1.2 (MUST BE A tar.bz2 file) and Rubygems 2.4.1 (in tgz) and move them into the same working directory as your rvm tarball. Let's install $ mkdir rvm && cd rvm $ tar --strip-components=1 -xzf ../rvm-stable.tar $ ./install --auto-dotfiles $ source ~/.rvm/scripts/rvm $ cd .. Now let's move the software into rvm's install space $ cp ruby-2.1.2.tar.bz2 $rvm_path/archives/ $ cp rubygems-2.4.1.tgz $rvm_path/archives/ Install our prerequisites from yum (this list may be incomplete) $ sudo yum install gcc autoconf gcc-c++ readline-devel zlib-devel openssl-devel automake libtool bison libyaml libyaml-devel libffidevel Install Ruby with RVM. These options will not try to verify the binaries over the internets. $ rvm --verify-downloads 2 --disable-binary install 2.1.2 --rubygems 2.4.1 And ...

Fun Times Integrating SharePoint with Oracle Entitlements Server (Part One)

September 23, 2013 20% Time,Access,Blog 2 Comments

These are the battle scars we talk about.  We gladly take them in the interest of learning and getting better. A few months ago I began a proof-of-concept effort to use OES 11gR2 as a fine grained policy decision point for Microsoft Office SharePoint (MOSS) 2010.  Site or page level authorization simply doesn't cut it in a need-to-share dynamic content environment.  Going fine grained allows for content inspection at the time of the resource request.  Using this fine grained PEP/PDP approach, content may be blocked/redacted by OES.  In the case of MOSS this content includes web parts, documents, words, or any tagged data. First off, the setup.  I used Amazon Web Services (AWS) Elastic Cloud (EC2) instances.  One server is dedicated OES 11gR2 server running 64-bit Red Hat Enterprise Linux (RHEL) 6 dot whatever.  The second server is a vanilla install of SharePoint on Server 2010.  This was my first time working hands on with AWS. This Part One blog entry deals with the OES server install, which was relatively painless.  Thus, I won't go into too much detail since the existing Oracle documentation gets most of the job done.  If there happens to be any confusion over the steps I've glossed over ...

Hello Twine, will your notifications ward off flooding in my basement? Fingers crossed little square turquoise buddy.

Hello everyone, Josh here... I use Twine, courtesy of supermechanical.com, to notify me via Twitter the state of the sump pump that services my home basement egress drain - when the pump is running, when it has stopped running, and if there is more water in the pit than desired. Why Twine?  I found Twine online a few months ago during my quest for a water sensor that would send me a text message for alive and wet sensor states.  Those offered by the big box stores were primarily foreign made and would only tone an integrated alarm.  An alarm is great if I am asleep, but does little justice when I'm at work or out of town.  Out of the box Twine has built in sensors for temperature, vibration, and orientation.  I chose the external moisture sensor for obvious reasons; also purchased the Cloud Shield to leverage my interest in Arduino boards.  I was aware at time of purchase that a Twine instance can have one and only one external sensor connected at a time.  Here are some pics for your enjoyment. They made this simple box and slapped ...

Oracle API Gateway Silent Install bug

I was getting intimate with the latest(11.1.2.1.0) version of Oracle API Gateway aka OAG pka Oracle Enterprise Gateway aka OEG and ran into a speed bump. In my case, I was automating the installation process and needed to register the gateway and node manager as services. Here are the given options(among the others) for accomplishing this in a silent install: --askNmService Add a Service (/etc/init.d script) for the Node Manager? Default: 0 --nmServiceUser Username Default: admin --nmServiceUserQuestion Run Service as non default user? Default: 0 --askGwService Add a Service (/etc/init.d script) for the API Gateway Instance? Default: 0 --gwServiceUser Username Default: admin --gwServiceUserQuestion Run Service as non default user? Default: 0 Given this post's title, it may come as no surprise that using these flags is not the way to go. There seems to be a few leftover references to the previous version's file structure. Here's the fix. First, install the product without configuring these options. Change directory to /apigateway/posix/samples/etc/init.d Notice that they've changed the name of the init script "apigateway" to match the new name. Unfortunately, the installation binary is still looking for "enterprisegateway". No biggie. As root, cp apigateway /etc/init.d cp nodemanager /etc/init.d Change directory over to /etc/init.d and open the newly copied nodemanager file for editing. Underneath the 'INIT INFO' box, ...

Oracle HTTP Server & Webgate 11gR2 Installation on Ubuntu

Hey all, this entry consists of the steps I took to install OHS and Webgate onto a 32-bit Amazon EC2 machine running Ubuntu 11.10. First we need to download libraries: sudo apt-get install build-essential libaio1 libaio-dev unixODBC unixODBC-dev pdksh expat sysstat libelf-dev elfutils lsb-cxx unzip x-window-system These links were recommended by others who had installed Oracle software onto ubuntu sudo ln -s /usr/bin/basename /bin/basename sudo ln -s /usr/bin/awk /bin/awk Append these values to /etc/sysctl.conf fs.aio-max-nr=1048576 fs.file-max=6815744 kernel.shmall=2097152 kernel.shmmni=4096 kernel.sem=250 32000 100 128 net.ipv4.ip_local_port_range=9000 65500 net.core.rmem_default=262144 net.core.rmem_max=4194304 net.core.wmem_default=262144 net.core.wmem_max=1048586 kernel.shmmax=2147483648 (this is system RAM in bytes) To activate them, run sudo sysctl -p Check your swap space and make sure there is at least 500 MB. Download and install a 1.6 JDK, and then in the directory where the OHS installer has been extracted: ./Disk1/runInstaller -jreLoc /path/to/jdk -ignoreSysPrereqs The system prereqs that it checks for are valid for RHEL so they can be ignored here, just make sure you've got the neceassry packages listed above. I named my installation folder "webtier" Ignore any warnings that pop up during the installation process. Delete the OHS installer, and extract the webgate insaller to the same direectory. Same command as the last one: ./Disk1/runInstaller -jreLoc /path/to/jdk -ignoreSysPrereqs I put my webgate in the folder "webgate11g_home" Now we need to do some configuration. Navigate to <middleware_home>/webgate11g_home/webgate/ohs/tools/deployWebGate and run the command ./deployWebGateInstance -w ...

Little About Us

We Deliver Solutions. Our team is built differently.  We pride ourselves in simple, repeatable, and elegant solutions that are tested in our labs before they are tested on our customers.  Our products solve problems and fill painful gaps based on real ... Read More »