Virtuell in der Cloud: VMware läuft künftig auf AWS
Unter dem Namen VMware Cloud on AWS haben beide Unternehmen eine neue Software-Umgebung angekündigt. Sie soll Public und Private Cloud enger miteinander verbinden.
Quelle: Heise Tech News
General Motors Expands Its Carsharing Service To San Francisco
Priya Anand/BuzzFeed News
General Motors is expanding its new carsharing business Maven to San Francisco, its tenth city, after launching in February.
With the Maven app, people can rent GM vehicles starting at $8 an hour. The automaker introduced the Zipcar-like car rental app in Ann Arbor, Michigan, in January. Maven has since expanded to Baltimore, Boston, Chicago, Washington, DC, Detroit, Los Angeles, and New York City. Its growth shows how General Motors is preparing for upheaval in the transportation industry, and a future in which the company needs to do more than just manufacture cars.
“When I joined GM a year ago, it was a company that just sold cars,” said Dan Grossman, chief operating officer of Maven. “What are other mechanisms to produce revenue? GM could either…spend all this money in marketing to convince people to keep buying our cars, or they could take money and invest. When GM sells a car, it produces revenue. When somebody rents a car, it produces revenue.”
Maven has more than 10,000 members, the company said, who have collectively driven 15 million miles. There are about 60 cars on the Maven platform in each of its cities. In San Francisco, those 60 vehicles will be spread across 30 locations in the city. The rates, starting at $8 an hour, include gas.
GM President Dan Ammann told BuzzFeed News in April that he looks at his company and thinks, “the whole foundation of how your business has operated for the last 100 years is up for discussion.” Of course, GM isn’t the only old-school automaker to explore other business models. Ford purchased Chariot, a San Francisco based shuttle service, in September.
Grossman, who came to Maven from Zipcar, said GM is trying to distinguish itself by offering cars with more features. “We’re not the cheapest option. We’re not fighting for the lower end of the spectrum,” he said.
“It’s the closest thing to ownership,” Grossman said. “You’ve got your leather [interiors], you’ve got your satellite radio, you’ve got the ability to use your phone with Apple CarPlay and Android Auto.”
Maven will likely expand into additional markets in the coming months.
“You’ll see more activity out here in the west,” Grossman said. “We’re really calling San Francisco, our tenth market, our first real stake in the ground out here.”
Quelle: <a href="General Motors Expands Its Carsharing Service To San Francisco“>BuzzFeed
Mobilfunk: Gutachten warnt vor kostenlosem EU-Roaming
Die Umsetzung von kostenfreiem Roaming im EU-Ausland könnte unangenehme Folgen für die Kunden haben. In einem Gutachten werden langfristig höhere Kosten für Mobilfunkkunden sowie stockende Investitionen in den Netzausbau befürchtet. Jetzt ist die EU-Kommission gefragt. (Roaming, Mobilfunk)
Quelle: Golem
Kommentar: Gebt die Messdaten frei!
Anbieter von Universalmessgeräten sollten die Protokolle ihrer PC-Schnittstellen freigeben, damit Hobby-Programmierer die Messungen leicht in eigenen Programmen auswerten können, meint c't-Redakteur Tim Gerber.
Quelle: Heise Tech News
VoCore2: Angriff der Minirouter
Auf Indiegogo sammelt der Entwickler des VoCores für die Version 2.0 des Kleinstrechners. Der soll nicht nur schneller sein und mehr Speicher haben, sondern trotz zusätzlichem WLAN auch noch weniger Strom verbrauchen als sein Vorgänger.
Quelle: Heise Tech News
Playstation VR im Test: Bequemer und spielfreudiger als Vive und Rift
Mit der PSVR öffnet Sony der Virtual Reality endlich den Massenmarkt. Wir haben die Hardware mit der Oculus Rift und HTC Vive verglichen und bewerten das Angebot von fast 30 Launch-Titeln.
Quelle: Heise Tech News
Top 4 reasons for using Azure Security Center for partner security solutions
As customers expand the boundaries of their environments to hybrid cloud, they often prefer to bring their trusted partners with them. Azure Marketplace includes a variety of security solutions from leading vendors. Azure Security Center takes this a step further, by partnering with these vendors to provide an integrated experience in Azure, while relying on Marketplace for partner certification and billing.
Security Center integrates with Endpoint Protection (Trend Micro), Web Application Firewall (Barracuda, F5, Imperva and soon Microsoft WAF and Fortinet), Next Generation Firewall (Check Point, Barracuda and soon Fortinet and Cisco) solutions. And just last week at Microsoft Ignite, we released integration with Vulnerability Assessment (Qualys – preview) solutions. If you missed the Azure Security Center session where these integrations were highlighted, you can catch it on demand. During FY17, Security Center will both expand the number of partners within these existing categories and introduce new categories.
So, why use Security Center to deploy and monitor security solutions from partners?
Ease of deployment: Deploying a partner solution by following the Security Center recommendation is much easier. The deployment process can be fully automated using a default configuration and network topology, or customers can choose a semi-automated option to allow more flexibility and customization of the configuration.
Integrated Detections: Security events from partner solutions are automatically collected, aggregated and displayed as part of Security Center alerts and incidents. These events are also fused with detections from other sources to provide advanced threat detection capabilities.
Unified Health Monitoring and Management: Integrated health events allow customers to monitor all partner solutions at a glance. Basic management is available with easy access to advanced configuration using the partner solution.
Export to SIEM: Customers can now export all Security Center and partners’ alerts in CEF format to on-premise SIEM systems using Microsoft Azure Log Integration (preview)
Currently, to leverage this advanced level of integration, partner solutions must be deployed from Security Center, by following a recommendation. Partner packages that are deployed directly from the Azure Marketplace or through automation, are not yet supported. Security Center plans to add this support over the next year where partner solutions will be auto discovered and connected to Security Center, regardless of their mode of deployment.
Interested in learning more on Azure Security Center and its partner ecosystem integration?
Managing security recommendations in Azure Security Center
Monitoring partner solutions with Azure Security Center
Integrating Security Center alerts with Azure log integration (Preview)
Security Resource Provider REST API Reference
Quelle: Azure
Chicago Disability Advocates File Lawsuit Against Uber Over Wheelchair Accessibility
Robert Galbraith / Reuters
A disability rights group in Chicago filed a lawsuit Thursday against Uber, alleging that Uber is “now a significant part of our national transportation system” and that the company should provide more wheelchair-accessible vehicles.
The complaint, filed by Access Living of Metropolitan Chicago and three plaintiffs who use wheelchairs and said they cannot access Uber vehicles, alleges that Uber gave just 14 accessible rides in Chicago from 2011 to August 2015. It says that when the plaintiffs tried to use the app and requested accessible vehicles, they found only one vehicle was available, or none.
“Uber claims its services are not subject to the ADA, and its service to people who require wheelchair accessible vehicles ranges from token to non-existent,” the complaint filed in federal court reads. “That position threatens a return to the isolation and segregation that the disability rights movement has fought to overcome.”
Disability rights advocates have criticized Uber in the past for allegedly discriminating against people with disabilities. In August, a Brooklyn woman filed a lawsuit against Uber, citing a scarcity of UberWAV, or wheelchair-accessible vehicles, as well. In 2015, United Spinal Association, a nonprofit that advocates for people with spinal cord injuries, protested Time magazine’s consideration of Travis Kalanick for Person of the Year. A few weeks later, the group filed a lawsuit against Uber, claiming a driver rejected a rider after being unable to accommodate his wheelchair.
The Chicago lawsuit points to Uber’s decimation of the taxi industry to support the argument that the company has become a significant transportation service. It notes that the number of taxis operating in Chicago went down from 6,899 in 2013 to 6,222 in January 2016, compared to 1.9 million Uber rides provided in June 2015.
Uber said in May that it planned to bring more wheelchair-accessible options to Chicago. In April, the company reached a settlement in a San Francisco case with advocates for the blind. Uber agreed to require drivers to confirm they understand they are legally obligated to accept riders with service animals.
Uber, which has not yet responded to the complaint in court, did not immediately return a request for comment.
Quelle: <a href="Chicago Disability Advocates File Lawsuit Against Uber Over Wheelchair Accessibility“>BuzzFeed
Azure Mobile Apps iOS SDK 3.2.0 Release
We are excited to bring you the latest release of our Mobile Apps iOS client SDK 3.2.0. We've added Refresh Token feature, updated with iOS 10/Swift 3.0 support, and made performance improvement.
Learn more about the update on the App Service Team Blog.
Quelle: Azure
Using Tags for Access Control
Most systems use Access Control Lists (ACL’s) to manage user’s access to objects. Common examples are ACL’s for file systems, LDAP, Web Servers and many more. Anyone who has had to create ACL rules and maintain them knows how complicated this can be. To make access control easy again, CloudForms uses tags. If the group a user belongs to has the same tag as the accessed object, access is granted, if not, access is denied.
This sounds simple and straightforward, but there are a couple of things to know about tags which make them very powerful, but also a bit tricky.
Let’s start with a basic explanation of common objects in CloudForms:
Users: users can be created in the internal database or retrieved from external authentication. Meta data, including the full name, email address, password (in the case of database authentication) and relationship to one or more groups, is associated to the user.
Groups: every user is a member of one or more groups. Groups are used to define the scope or visibility of a user. For example, a member of the “Engineering Department” group can be granted access to all virtual machines (VMs) owned by the engineering department. Or a member of the group “Operations” could be granted access to all VMs running in the production environment.
Roles: every group is associated to exactly one role, which describes the privileges granted to that group. Roles are used to define which actions a user is allowed to perform. For example, an “Operator” role could include permissions to start or stop VMs, re-configure them, etc. A “Self Service” role could allow a user to order new VMs and manage them.
The combination of groups and roles defines which actions are allowed and on which objects. An “Operator” role in the “Engineering Department” group would have the same privileges as an “Operator” role in the “Finance Department” group because they share the same role, but they would see different objects because they are not in the same group.
Let’s discuss a couple of examples to get familiar with this model.
Setting the Stage
As an administrator, navigate to Settings > Configuration and click on “Access Control” in the pane on the left, and then click on “Roles”. Add a new role by clicking on Configuration > Add a New Role and name it “Self Service”. Granting privileges to the role is very nicely implemented. The tree on the right represents all of the menus and actions a user can perform in the UI. Enabling (checking) a feature grants the privilege to the role. By drilling down into sub folders, very fine grained permissions can be granted (e.g. power on, but not power off).
For the purpose of this demo, a role with full access to “Cloud Intel”, “Services”, “Compute”, “Settings” and “Access Rules for all Virtual Machines” – but no other privileges &8211; is created.
Example Group “Engineering”
In the next step, a group called “Engineering” is created. All members of this group will have the “Self Service” role assigned, which was created in the previous step. For now, we skip tags and filters and keep them all unchecked.
Example User “Joe Doe”
In the last step a user “Joe Doe” is created. This will be a local user (stored in the database) and is a member of the “Engineering” group.
Results
If Joe Doe logs into the web interface and navigates to Providers > Hosts > Virtual Machines or Providers > Hosts > Service Catalogs he will see all of the existing objects. This should not be a surprise, because he is assigned to a group which doesn’t have any restrictions on visibility.
Granting Access to Individual Objects
For our next step, we want to restrict Joe Doe’s visibility to only those VMs associated to the Engineering Department. To accomplish this, we will restrict Joe Doe to only see objects tagged as Department/Engineering. But first, we will learn a little bit about tags and tag categories.
Tags and Tag Categories
Tags are any string that you would like to describe a particular characteristic of an object. The best tags are clearly descriptive and easy for other users to understand. For example, Engineering and Finance are clearly descriptive and easy to understand tags that describe the part of the organization to which a user or VM belongs. Tag categories are groupings of related tags. For example, Engineering and Finance belong to the Department tag category. Using tag categories you can group related tags together.
CloudForms comes with a default set of tags and tag categories that you can use, or you can create your own custom taxonomy of tags. In this way, tags are very flexible. For this demonstration, we are going to work with the default set of tags and tag categories.
Assigning a Tag to an Object
Navigate to the “Engineering” group, edit it and select the Department/Engineering tag.
When changing groups, roles or tenants, the user doesn’t need to logout and login again. Changes to groups and roles are reflected immediately in CloudForms, even if the user is already logged in. If Joe now navigates to view VMs, only those VMs tagged with Department/Engineering will be shown. In this case, none!
First Gotcha!
You might have noticed, after setting the Department/Engineering tag for the group, no objects are showing up in the UI. The scope for the group, and hence the user, was just limited to objects which are tagged as Department/Engineering &8211; and no objects have been tagged so far. We now need to tag all objects which should be visible for the user. An object, like a VM, can be tagged by using the Policy > Edit Tags menu. After tagging a VM and navigating to the VM list, the VM will show up in the user interface.
This process works the same way for all other objects. If Joe Doe should be able to order a specific item from the service catalog, the item or bundle has to be tagged with the Department/Engineering tag to make it visible.
Working with Multiple Tags
If a VM or other object has to be visible to multiple groups, we can add all the necessary tags to the object. For instance, adding the Department/Finance tag to a VM, makes the VM available to members of the “Finance Department” group, which also has that tag.
Tags within the same tag category are processed as logical OR relationships. That is, if at least one tag of the group matches with at least one tag of the object, access is granted. For example, if a user is in a group with the Department/Engineering or Department/Finance tag, they will see the object. Users which are in a group with neither the Department/Engineering or Department/Finance tag, will not see the object. This also applies, if the object isn’t tagged with any tag &8211; which means, nobody will see it.
Second Gotcha!
Tag restrictions also apply to Super Administrators! If you restrict the visibility of a Super Administrator by assigning them tags, they will no longer see those objects which do not have matching tags! Since Super Administrators can always fix tag assignments or remove the tags for their group, they can restore full visibility, but it’s probably best to make sure you never limit Super Administrators.
Working with Multiple Tag Categories
When working in more complex environments, multiple tag categories must be used. For example, in addition to separating VMs by departments, tags can be used to separate VMs in different stages of deployment (Development, QA, Production). However, as soon as multiple tag categories are introduced, things get a bit more complicated.
Third Gotcha!
When using multiple tag categories, there is a logical AND between tags in multiple categories. This is probably best explained with an example. CloudForms comes with a default tag category called Environment with tags like Development and Production.
If the “Engineering” group, of which Joe Doe is a member, gets the additional tag Environment/Development, Joe will only see objects which have the Department/Engineering tag and the Environment/Development tag. A VM tagged as Department/Engineering and Environment/Production will be hidden from Joe.
Object Tags
Group Tags
Visible?
Department/Engineering
Department/Engineering
Yes, Tags match.
Department/Engineering
AND
Department/Finance
Department/Engineering
Yes. At least one tag in the same category matches.
Department/Engineering
AND
Environment/Development
Department/Engineering
No. Tags from multiple categories, so both must match.
Department/Engineering
AND
Environment/Production
Department/Engineering
AND
Environment/Development
No. Tags from multiple categories, so both must match.
Department/Engineering
AND
Environment/Development
AND
Environment/Production
Department/Engineering
AND
Environment/Development
Yes. At least one tag in each tag category matches.
This is very important and often causes confusion. As soon as you start tagging objects with tags from different tag categories, the logical AND comes into play!
Conclusion: Think Before You Tag
There are a few rules we try to follow when we plan tagging:
Don’t use tags for information which is already available as an attribute for the object. For example, tagging all Windows VMs as Operating System Windows is in most cases not a good idea. Since this information is already stored in an VM attribute, you can use a filter to find all of the Windows VMs.
Try to minimize the number of tags and tag categories. Having a large number of categories and tags makes things more complicated.
Think before you add a new tag or tag category. Besides increasing the number of tags or tag categories, you will have to tag all of the objects already in CloudForms.
Try to use auto tagging where possible. Instead of manually tagging objects, write Automate code to do this for you or make use of the CloudForms REST API.
Tags are a very simple and yet powerful way to manage access control lists. Used properly, they can provide greater flexibility and manageability in CloudForms. For more information on tags and access control, see the following resources:
Creating and Using Tags in Red Hat CloudForms
Planning your CloudForms tagging taxonomy
Quelle: CloudForms
