Category: Blogs

Blogs

AWS X-Ray

Unlocking Application Insights and Debugging with AWS X-Ray

AWS X-Ray stands as a pivotal service within the AWS ecosystem offering developers deep insights into their application’s performance and operational issues. Moreover, it enables a comprehensive analysis of both distributed applications and microservices facilitating a seamless debugging process across various AWS services.

What is AWS X-Ray?

AWS X-Ray is a tool designed to aid developers in understanding how their applications operate within the AWS environment. It provides a detailed view of requests as they travel through your application, allowing for the identification of performance bottlenecks and pinpointing the root cause of issues.

With the aid of a service map, AWS X-Ray visually depicts the interactions between services within an application, providing invaluable insights into the application’s architecture and behaviour.

How Does AWS X-Ray Work?

The functionality of AWS X-Ray can be broken down into a simple workflow that ensures detailed trace data collection and analysis. It starts with collecting traces from each component of your application, it then collects this data into what AWS refers to as traces. These traces then form a service map, offering a visual representation of the application’s architecture. This service map is crucial for analyzing application issues, as it provides detailed latency data, HTTP status, and other metadata for each service.

The Features and Benefits of AWS X-Ray

Simplified Setup

Getting started with AWS X-Ray is remarkably straightforward. Whether your application is running on EC2, ECS, Lambda, or Elastic Beanstalk. Integrating with X-Ray involves minimal configuration. This ease of setup ensures that developers can quickly start gaining insights into their applications without a steep learning curve.

End-to-End Tracing

One of the standout features of AWS X-Ray is its ability to offer an end-to-end view of requests made to your application. This application-driven view is instrumental in aggregating data from various services into a cohesive trace, thereby simplifying the debugging process.

Service Map Generation

At the heart of AWS X-Ray’s functionality is its service map feature. This automatically generated map provides a visual overview of your application’s architecture, highlighting the connections and interactions between different services and resources. It serves as a critical tool for identifying errors and performance issues within your application.

Practical Application and Analysis

Analysing Application Performance

AWS X-Ray shines when it comes to analyzing and improving your application’s performance. The service map and traces allow developers to drill down into specific services and paths, identifying where delays occur and optimizing them for better performance.

AWS X-Ray Core Concepts

Traces and Segments

At the core of AWS X-Ray’s functionality are traces and segments. A trace represents a single request made to your application, capturing all the actions and services that process the request. Segments, on the other hand, are pieces of the trace, representing individual operations or tasks performed by services within your application. For example, if a user uploads an image, the processing of that image by your application could be one segment of the trace of the user’s request.

Service Maps

Service maps visually represent the components of your application and how they interact with each other. By analyzing a service map, you can quickly identify which parts of your application are experiencing high latencies or errors. Think of it as a map of a city, where each service is a building, and the paths between them are the roads. The map shows you traffic flow and blockages, helping you navigate your application’s architecture more effectively.

AWS X-Ray Workflow

Data Collection

The first step in the AWS X-Ray workflow is data collection. As requests travel through your application, X-Ray collects data on these requests, creating traces. This data collection is automatic once you’ve integrated the X-Ray SDK with your application.

Data Processing

Once data is collected, AWS X-Ray processes it, organizing the information into a coherent structure that you can analyze. This processing stage is where traces are assembled, and service maps are generated, providing a comprehensive view of your application’s performance and interactions.

Data Analysis

The final stage is data analysis, where you, the developer, step in. Using the AWS X-Ray console, you can examine the traces and service maps, identify issues, and gain insights into how to improve your application. Whether it’s a slow database query or a faulty external API call, X-Ray helps you find and fix problems fast.

Integrating AWS X-Ray with Other AWS Services

AWS X-Ray seamlessly integrates with various AWS services, enhancing its tracing capabilities. When you use AWS Lambda, EC2, or Amazon ECS, integrating X-Ray allows you to trace requests as they move through these services, providing a unified view of your application’s performance across the AWS ecosystem.

AWS X-Ray is a valuable tool for developers and operations teams looking to improve the performance, reliability, and troubleshooting of their applications running on AWS. It’s particularly useful in microservices architectures where understanding dependencies and performance across services is crucial.

Thanks for reading and stay tuned for more.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at sales@accendnetworks.com.

Thank you!

Tags AWS Cloud Computing, AWS Cloud Security, AWS X Ray

Blogs

Smart Space with Cisco Spaces

Post author By Lino Almojela
Post date August 12, 2024
3 Comments on Smart Space with Cisco Spaces

Transform Your Space Into a Smart Space with Cisco Spaces [Beginner's Guide]

As a business owner or manager, you’re always looking for ways to create a trusted workplace, improve productivity, and optimize operational efficiency, all from one place while reducing your operational costs.

You need access to real-time data moving in and out of your premises to achieve this.

Fortunately, every phone, camera, laptop, and IoT device connected to your network provides real-time insights. You can leverage this data to make your business safer, your building smarter, and your wireless connectivity more seamless.

Enters Cisco Spaces, a cloud-based location services platform.

Let’s discover Cisco Spaces and how you can use this platform to create a productive, efficient, and enjoyable workplace.

What is Cisco Spaces - A Brief Introduction

Cisco Spaces (formerly Cisco DNA Spaces) is the highest-ranked indoor location-aware and IoT cloud platform that turns ordinary physical spaces into smart spaces. It provides 24/7 centralized visibility, control, and monitoring of people and objects within your premises via its single web-based dashboard.

Using Cisco Spaces, you can:

Locate available meeting rooms.
Track indoor environmental conditions.
Monitor and share occupancy levels in real-time staff and visitors.
Enable multiple apps, devices, and use cases from the dashboard.
Securely connect users to your network and offer personalized IT experiences.
Integrate with your existing Cisco platforms, third-party IoT sensors, and multivendor apps for smart and sustainable operations.

Getting Started with Cisco Spaces

Configuring Cisco Spaces might seem complex in the beginning, but with a step-by-step process, you can easily get started with this valuable tool:

Step 1: Familiarize yourself with the platform.

Create and link your Cisco Spaces account to your existing Cisco Wi-Fi infrastructure. Then, explore the dashboard that showcases all key analytics, reports, and tools available to you.

Step 2: Quick implementation

Cisco Spaces provides a variety of pre-built templates for different use cases. You can select a suitable template to quickly implement the provided solutions according to your use cases.

Step 3: Enable location analytics

Track visitor behavior metrics, from an average number of visits to time spent in a particular area and the busiest hours of the day and days of the week. Accordingly, you make data-driven staffing and resourcing decisions that further help optimize your business operations.

Step 4: Integrate engagement apps

Send contextual and personalized messages to your visitors via SMS, email, collaboration apps, and push notifications based on their behavioral patterns. You can also send real-time updates to your staff and teams through API triggers facilitated by Cisco Spaces engagement apps.

Step 5: Environmental analytics app

Optimize your building’s performance by leveraging indoor environment insights and metrics, such as carbon dioxide levels, total volatile organic compounds (TVOCs), temperature, humidity, and ambient noise. This data is derived from sensors integrated into your building’s networking and collaboration infrastructure. Accordingly, you can take the necessary steps to ensure optimal indoor conditions within your facilities.

Step 6: Proximity Reporting App

The app assists in contact tracing by showing which physical spaces a person is in based on the devices they carry and other devices in the same space. The app also shows a list of persons in the same location and a timeline of when the affected person entered and exited the location.

As you become more familiar with Cisco Spaces, you can start exploring the platform’s advanced features, such as contactless experiences, real-time space utilization, Cisco Spaces SDK, and many more.

On our blog, you will find resources, including tutorials, step-by-step guides, best practices, and more information, to help you leverage the full potential of Cisco Spaces. Subscribe to our blog so you never miss anything essential for creating a smart, safe, and efficient work environment. Stay tuned!

Tags Cisco DNA, Cisco DNA Spaces, Cisco Spaces

Blogs

Cisco Umbrella Monitoring

Cisco Umbrella Monitoring and Logging Best Practices

How to: Validate Cisco Umbrella Configuration
Cisco Umbrella offers a range of URLs to validate and ensure the successful configuration of Umbrella on your network. These URLs enable you to perform various tests to confirm the functionality of Umbrella’s DNS resolution, security settings, content filtering, and Intelligent Proxy feature. Below the table is an extra category of test page for the Intelligent Proxy.

Umbrella/OpenDNS Test URLs

Correctly Configured Result

Incorrectly Configured Result

The first stage in using Umbrella is to point your DNS addresses to our anycast IP addresses (208.67.222.222 and 208.67.220.220).

Once you’ve done that, to test whether you are using Umbrella/OpenDNS for DNS resolution, go to:
http://welcome.opendns.com

If you’ve correctly configured your DNS settings on your router, computer or mobile device to use Umbrella, this is the result you should see.

Check the settings on your device again to ensure it’s correctly configured.

To test the Security Settings of your configuration, we recommend using one of the following test sites,depending on what you want to test.

All of the test sites below are blocked with the default Umbrella Security Settings.

To test blocking the Security setting for Phishing:

http://www.internetbadguys.com

To test blocking the Security Setting for Malware:

http://www.examplemalwaredomain.com

http://malware.opendns.com/

To test blocking the Security Setting for Command and Control Callback:

http://www.examplebotnetdomain.com

An Umbrella block page should appear if you are correctly configured. With Security Settings, each of the block pages will vary based on your settings and could include custom block pages.

If this page appears, check your settings, including the order of policies and which identity you are appearing as in the logs.

To test Content Settings for your configuration, we recommend using the following test site to test blocking pornography sites. However, not every individual Content Settings has an Umbrella block page for it.

Instead, if you have created your own block page (or added one to a policy) and applied it to the policy with a blocked Content Setting, you should see that block page appear.

To test blocking for pornographic websites:

http://www.exampleadultsite.com

An Umbrella block page should appear if you are correctly configured. With Content Settings, each of the block pages will vary based on your settings and could include custom block pages.

If this page appears, check your settings, including the order of policies and which identity you are appearing as in the logs.

If these tests return results other than those described in the table, further troubleshooting may be required. To begin, we suggest to contact your ISP to ask them if they allow 3rd-party DNS services, such as Umbrella’s global DNS or Google DNS.

Additional Test: Intelligent Proxy

To validate the Intelligent Proxy feature:

Enable the Intelligent Proxy policy for an identity, such as your laptop or mobile device.
Visit http://proxy.opendnstest.com/ and follow the instructions to test image blocking and website blocking using the Intelligent Proxy.
Ensure that the identity you’re using has the Intelligent Proxy enabled in the applicable policy.

If any test results differ from the expected outcomes, further troubleshooting may be necessary. Consider reaching out to your ISP to confirm compatibility with third-party DNS services like Umbrella’s global DNS or Google DNS.

By following these steps, you can effectively validate your Cisco Umbrella configuration and ensure optimal performance of your network security measures.

How to Monitor Umbrella Service Health and System Status

Monitoring Cisco Umbrella’s health and status is key for network security. Bookmark system status pages and subscribe to the Cisco Umbrella Service Status page for notifications. Stay informed with service updates, notifications, and announcements. Regularly check the “Message Center” on the Umbrella Dashboard for alerts.

Bookmark System Status Pages:
- Bookmark http://208.69.38.170/ and https://146.112.59.2/#/ to access the Umbrella System Status pages even when local DNS is unavailable.
Subscribe to Service Status Updates:
- Subscribe to the Cisco Umbrella Service Status page at https://146.112.59.2/#/ to receive notifications regarding Service Degradations, Outages, Maintenance, and Events.
Stay Informed with Service Updates:
- Follow the Service Updates subpages of https://support.umbrella.com/hc/en-us/categories/204185887-Service-Updates for the latest information.
Check Service Notifications:
- Visit https://support.umbrella.com/hc/en-us/sections/206593887-Service-Notifications for detailed Service Notifications.
Stay Updated with Announcements:
- Check https://support.umbrella.com/hc/en-us/sections/206896108-Announcements for important announcements related to Umbrella services.
Review Service Updates:
- Visit https://support.umbrella.com/hc/en-us/categories/204185887-Service-Updates to stay updated with the latest Service Updates.
Monitor Cisco Umbrella Dashboard:
- Periodically check the Cisco Umbrella Dashboard’s “Message Center” for product alerts and notifications.

Following these steps will help you stay informed about the health and status of your Cisco Umbrella service, ensuring timely action and awareness of any potential issues.

Network Registration:

Ensure all IP addresses and CIDR ranges associated with your organization are registered with Umbrella. For more information, refer to https://docs.umbrella.com/product/umbrella/protect-your-network/.

Logging:

Umbrella retains detailed logs for 30 days before converting them into aggregated report data. To preserve detailed data beyond 30 days, configure an Amazon S3 bucket for data export at “Settings -> Log Management”.

How to Contact and Work with the Umbrella Support Team:

Submit a Support Request:
- After logging into the Umbrella dashboard, submit a request to the Umbrella support team via the webform at: https://support.umbrella.com/hc/en-us/requests/new
- Provide complete details about any problems or questions you have.
Telephone Support:
- If you have purchased telephone support from Cisco Umbrella will see a telephone icon at the top right-hand corner of the Umbrella dashboard screen.
- Clicking on the telephone icon will display the telephone number for Support.
Provide Detailed Information:
- When contacting support, provide as much detail as possible about your issue or question.
Use the Diagnostic Tool:
- Use the Umbrella Diagnostic Tool to gather valuable information for troubleshooting: https://support.umbrella.com/hc/en-us/articles/234692027-Umbrella-Diagnostic-Tool

By following these steps, you can effectively contact and work with the Umbrella support team to resolve any issues or questions you may have regarding the Umbrella service.

Feel free to reach out to us if you have any questions at info@accendnetworks.com and we’ll be glad to assist you.

Happy DNS Security!

Tags Cisco, Cisco Security, cisco umbrella, Cisco Umbrella Monitoring

Blogs

Optimizing ECR Costs

Optimizing AWS ECR Costs: Effective Use of Lifecycle Policies

Amazon Elastic Container Registry (ECR) is a highly secure, scalable, and reliable managed AWS Docker registry service. It simplifies your development and product development. However, as your container usage increases, so do the costs associated with storing container images. One effective way to manage and reduce these costs is to implement ECR life cycle policies. In this article, we’ll explore what an ECR lifecycle plan is, how it works, and how to use it to optimize your ECR costs.

What is AWS ECR?

Amazon ECR is an AWS-managed Container image registry that is secure, scalable, and reliable. We can create public and private repositories.

What is lifecycle policy?

A lifecycle policy consists of one or more sets of rules where each rule defines the action that needs to be taken on an ECR repository.

With the help of this lifecycle policy, we can automate the cleanup of expired application images in our ECR repository based on age or count.

What is lifecycle policy?

Cost Reduction: By automatically deleting old and unused images, you can significantly reduce your storage costs.

Improved Repository Management: Lifecycle policies help in maintaining a clean and organized repository, making it easier to manage and locate necessary images.

Enhanced Security: Regularly deleting old images can reduce the attack surface, thereby enhancing security.

Automated Management: Lifecycle policies automate the image deletion process, reducing the manual effort required to manage the repository.

Implementation

On the left side of the ECR UI, select repositories then click your repo. I had already created a repository called ecr-repo, as a prerequisite for this blog.

On the left side of the repository UI, select life cycle policy. Then click Create Rule.

Specify the following details for each test lifecycle policy rule.

For Rule priority, type a number for the rule priority. The rule priority determines in what order the lifecycle policy rules are applied.

For Rule description, type a description for the lifecycle policy rule.

For Image status, choose Tagged (wildcard matching), Tagged (prefix matching), Untagged, or Any.

Image status options

Here is the explanation for each of these image status

Tagged (wildcard matching)

Here we specify a comma-separated list of image tag patterns that may contain wildcards (*) on which to take action with your lifecycle policy.

For example, if our images are tagged as prod, prod1, prod2, and so on then you can use the tag pattern as prod* to specify all the prod images.

Note: If you specify multiple tags then images satisfying all the expressions are selected.

For example, if we specify tag pattern list prod*, prod*web then images with prod1web, prod2web will be selected and the images with prod1, prod2 and so on will not be selected.

Tagged (prefix matching).

Here we need to specify the comma-separated list of image tag prefixes on which action will be taken by lifecycle policy.

For example, if we have images tagged with prod, prod1, prod2, and so on then specify the tag prefix prod to target all these images.

Untagged

This is used when we have untagged images in our ECR and we want to apply a lifecycle policy rule on them. We don’t have to specify any matching rule for this and this rule will not have any impact on tagged images

Any

This image status is specified when we want to target all the images residing in our repository irrespective of whether they are tagged or not.

This rule must be assigned a higher priority number so that it can be evaluated at the end by the lifecycle policy rule evaluator.

Choose Save.

Objective achieved.

Conclusion

In conclusion, we have seen how the lifecycle policies are quite useful in the handling of storage cost reduction. This way, you will be able to automate the removal of old unused images hence making sure that your repository is well-arranged and cost-effective. Also, reviewing and adjusting your policies as the need arises will go a long way into helping you cope with the different needs thus making sure that your usage of ECR is optimized in the long run.

This brings us to the end of this blog. Clean up.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at sales@accendnetworks.com.

Thank you!

Blogs

Rotating SSH Keys

Rotating SSH Keys: Adding or Removing a Public Key on Your AWS EC2 Instance

Managing SSH keys is a crucial aspect of maintaining the security and accessibility of your AWS EC2 instances. Whether adding a new user, granting temporary access, or revoking permissions, understanding how to add or remove public keys is essential. This guide will walk you through the process of adding and removing a public keys on your AWS EC2 instance.

When you launch an instance, you can specify a key pair.

If you specify a key pair at launch, when your instance boots for the first time, the public key material is placed on your Linux instance in an entry within ~/.ssh/authorized_keys.

You can change the key pair that is used to access the default system account of your instance by adding a new public key on the instance, or by replacing the public key (deleting the existing public key and adding a new one) on the instance. You can also remove all public keys from an instance.

Reasons for Changing a Public Key

Several reasons might lead to changing the public key of our EC2 instance.

Compromised Key: If someone has a copy of the private key (.pem file) and you want to prevent them from connecting to your instance (for example, if they’ve left your organization), you can delete the public key on the instance and replace it with a new one.

Adding a New User: When a new team member needs access to the instance, you must add their public key.

Key Rotation Policy: As part of your security best practices, regularly rotating keys helps mitigate the risk of key compromise.

Revoking Access: When a user no longer requires access, removing their public key ensures they cannot connect to the instance.

Temporary Access: Granting temporary access to a user for a specific task or duration, after which the key is removed.

Lost Key: If you’ve lost access to your private key, you’ll need to add a new key pair to regain access.

If a user in your organization requires access to the system user using a separate key pair, you can add the public key to your instance.

To achieve this goal, Let’s proceed as follows.

Launch an EC2 instance.

Click instances in the left UI of the EC2 dashboard then click Launch instance.

Fill in the instance details, select the Ubuntu image, and move within the free tier with t2. Micro.

Select your key pairs then scroll down.

Leave networking as default and select Create New Security Group, with port 22 open for SSH.

Leave other settings as default, scroll down, review then click launch instance.

Click the launched instance ID, then copy the instance public IP then let’s proceed to SSH into our instance.

Type in the following command to ssh into your server.

ssh -i <keyname.pem> user@publicIP

Successfully logged into our server.

Let’s move to the .ssh directory where the authorized_key file is located.

List the contents, of the .ssh directory and then cat the contents of the authorized_keys. You will see your public key.

To add or remove the public key, this is the file we have to edit.

I have the following keys, in my AWS account.

Retrieve the public key material using the bellow command.

Using a text editor of your choice, open the .ssh/authorized_keys file on the instance. Delete the old public key information, add the new one then save the file.

Let’s disconnect from our instance, and test if we can connect back using the new private key file.

Success, we have now logged back to our EC2 instance using the new key pair.

Clean up.

Conclusion

Managing SSH keys on your AWS EC2 instances is a straightforward yet vital task to ensure secure access. By following the steps outlined above, you can easily add or remove public keys, thus maintaining control over who can access your servers.

Thanks for reading and stay tuned for more.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at sales@accendnetworks.com.

Thank you!