Blog

Testing Identity Governance Solutions

One of the places we have always differentiated ourselves from other teams building identity governance solutions is that we treat each project as a traditional software development project. We focus on managing the source code of the project and integrating builds into continuous integration and continuous deployment pipelines to be more agile and repeatable in the identity governance solutions we provide. Previously, many of our team members had been part of identity governance programs where the development environment was configured completely differently from the production environment. Other team members were allowed to go into production and make configuration and code changes directly without any process or approvals. There was no way to prove what code was running in production and, in the event of a disaster, there was definitely no way to rebuild the entire environment from code. In some cases, it would take weeks to get the identity management system back online and manually reconfigured with little trust that the solution matched what was lost at the end of the day. Merging in new code for new integrations led to hopes and prayers that it would work. This never sat well with ...

Welcome to the New UberEther HQ

October 25, 2018 Blog 3 Comments

A few weeks ago our team in Virginia moved into our new headquarters in Sterling. When our previous lease came up for renewal we started talking about what the next ten years of UberEther would look like and how we could better enable our team and customers to deliver solutions more effectively. In the last seven years we've grown past delivering identity and access management solutions to managing all aspects of our customers' hybrid cloud environments, with a focus on the security of operations up and down their technology stacks. A plan that has been in the works for nearly two years has finally come to fruition.  This plan countered all the industry trends right now and for good reason. We focused on providing our team with private offices to allow them to concentrate on work instead of an open floor plan full of distractions.  All of our collaboration spaces are loaded with Google Meet hardware devices to allow us to start video conference calls with the touch of a button. We put in a Jamboard to allow us to ...

No BeyondCorp or ZeroTrust Without the Fundamentals

Last night I went to the local ISACA event where Google was talking about their 6-year journey towards their BeyondCorp / ZeroTrust model for security. As we move away from the traditional walled castle of security design to support the federated SaaS and cloud provider models I genuinely believe BeyondCorp is the best solution to keep our organizations safe. Their model is very similar to what we have implemented at multiple government organizations in extremely sensitive operating environments. For those that haven't dug into BeyondCorp, here is a link to the current papers Google has released about the concept and their deployment journey. The gist is by turning your network inside out you take a user identity and device-centric approach to security.  By continually validating devices, assigning them trust levels, and tying that to trusted user identities you can more easily spot and stop bad actors from using compromised credentials and devices against your corporate resources. Some of the key takeaways from Google's talk that I took were: Google has spent six years migrating towards this model and is only halfway complete migrating all the users and devices over. Admittedly they spent ...

Oracle Exadata 1/8 Rack vs. Oracle Database Appliance ODA

We do a lot of work with the Oracle Identity and Access Management Suite and many of our customers do not have a ton of experience with the Oracle Database, nor do they want a huge Oracle infrastructure.  What they do want is high availability and reliability on the platforms underpinning their IAM solutions.  Over the years we have recommended Oracle's Database Appliance for many of these situations.  They are great little machines that don't require extensive DBA knowledge to manage them.  In recent years they have also added the ability to do virtual machines on top of them which introduces some other awesome opportunities (OAM/OIM in a box!) Recently we ran across a salesman that was pushing our customer into using an Exadata 1/8th rack instead of the ODA. We put together this handy little spreadsheet for the customer. ODA X5-2 Exadata 1/8 Rack X6-2 2 Database Servers 2 Database Servers 72 Cores 44 Cores 512 GB of RAM 512 GB of RAM 1024 GB Optional No Storage Server 128 TB Raw 64 TB Mirrored 42.7 TB Triple Mirrored 144 TB Raw 72 TB Mirrored 48 TB Triple Mirrored

Installing Ruby Version Manager in Offline Mode

August 20, 2014 Blog 0 Comment

Thought I'd share these notes. The guides out there in the wild have gained a few holes in them since they were written. Heads up for anyone planning on following this to a T: This is on RHEL6.5 Despite this being offline mode, I'm going to use yum to download RVM dependencies. Cache those RPMs and use localinstall if you need a "true" offline installation. I recommend adding EPEL to your OS's list of repos. It should take care of most of the harder-to-find ones. First, download a stable release of RVM in tarball form. $ curl -sSL https://github.com/wayneeseguin/rvm/tarball/stable -o rvm-stable.tar Download Ruby 2.1.2 (MUST BE A tar.bz2 file) and Rubygems 2.4.1 (in tgz) and move them into the same working directory as your rvm tarball. Let's install $ mkdir rvm && cd rvm $ tar --strip-components=1 -xzf ../rvm-stable.tar $ ./install --auto-dotfiles $ source ~/.rvm/scripts/rvm $ cd .. Now let's move the software into rvm's install space $ cp ruby-2.1.2.tar.bz2 $rvm_path/archives/ $ cp rubygems-2.4.1.tgz $rvm_path/archives/ Install our prerequisites from yum (this list may be incomplete) $ sudo yum install gcc autoconf gcc-c++ readline-devel zlib-devel openssl-devel automake libtool bison libyaml libyaml-devel libffidevel Install Ruby with RVM. These options will not try to verify the binaries over the internets. $ rvm --verify-downloads 2 --disable-binary install 2.1.2 --rubygems 2.4.1 And ...

Fun Times Integrating SharePoint with Oracle Entitlements Server (Part One)

September 23, 2013 20% Time,Access,Blog 2 Comments

These are the battle scars we talk about.  We gladly take them in the interest of learning and getting better. A few months ago I began a proof-of-concept effort to use OES 11gR2 as a fine grained policy decision point for Microsoft Office SharePoint (MOSS) 2010.  Site or page level authorization simply doesn't cut it in a need-to-share dynamic content environment.  Going fine grained allows for content inspection at the time of the resource request.  Using this fine grained PEP/PDP approach, content may be blocked/redacted by OES.  In the case of MOSS this content includes web parts, documents, words, or any tagged data. First off, the setup.  I used Amazon Web Services (AWS) Elastic Cloud (EC2) instances.  One server is dedicated OES 11gR2 server running 64-bit Red Hat Enterprise Linux (RHEL) 6 dot whatever.  The second server is a vanilla install of SharePoint on Server 2010.  This was my first time working hands on with AWS. This Part One blog entry deals with the OES server install, which was relatively painless.  Thus, I won't go into too much detail since the existing Oracle documentation gets most of the job done.  If there happens to be any confusion over the steps I've glossed over ...

Hello Twine, will your notifications ward off flooding in my basement? Fingers crossed little square turquoise buddy.

Hello everyone, Josh here... I use Twine, courtesy of supermechanical.com, to notify me via Twitter the state of the sump pump that services my home basement egress drain - when the pump is running, when it has stopped running, and if there is more water in the pit than desired. Why Twine?  I found Twine online a few months ago during my quest for a water sensor that would send me a text message for alive and wet sensor states.  Those offered by the big box stores were primarily foreign made and would only tone an integrated alarm.  An alarm is great if I am asleep, but does little justice when I'm at work or out of town.  Out of the box Twine has built in sensors for temperature, vibration, and orientation.  I chose the external moisture sensor for obvious reasons; also purchased the Cloud Shield to leverage my interest in Arduino boards.  I was aware at time of purchase that a Twine instance can have one and only one external sensor connected at a time.  Here are some pics for your enjoyment. They made this simple box and slapped ...

Oracle API Gateway Silent Install bug

I was getting intimate with the latest(11.1.2.1.0) version of Oracle API Gateway aka OAG pka Oracle Enterprise Gateway aka OEG and ran into a speed bump. In my case, I was automating the installation process and needed to register the gateway and node manager as services. Here are the given options(among the others) for accomplishing this in a silent install: --askNmService Add a Service (/etc/init.d script) for the Node Manager? Default: 0 --nmServiceUser Username Default: admin --nmServiceUserQuestion Run Service as non default user? Default: 0 --askGwService Add a Service (/etc/init.d script) for the API Gateway Instance? Default: 0 --gwServiceUser Username Default: admin --gwServiceUserQuestion Run Service as non default user? Default: 0 Given this post's title, it may come as no surprise that using these flags is not the way to go. There seems to be a few leftover references to the previous version's file structure. Here's the fix. First, install the product without configuring these options. Change directory to /apigateway/posix/samples/etc/init.d Notice that they've changed the name of the init script "apigateway" to match the new name. Unfortunately, the installation binary is still looking for "enterprisegateway". No biggie. As root, cp apigateway /etc/init.d cp nodemanager /etc/init.d Change directory over to /etc/init.d and open the newly copied nodemanager file for editing. Underneath the 'INIT INFO' box, ...

Little About Us

We Deliver Solutions. Our team is built differently.  We pride ourselves in simple, repeatable, and elegant solutions that are tested in our labs before they are tested on our customers.  Our products solve problems and fill painful gaps based on real ... Read More »