Contact
Contact
All Posts By

Sprint Networks

Jan 22
lambda

How to run a Simple API using AWS Lambda

By Cloud Computing No Comments

How to run a Simple API using AWS Lambda

Serverless computing is becoming one of the hottest topics in IT industry. Traditional server-based solutions need massive investment on capex and opex cost, including building and running hardware and software systems as well as other service needs to run a datacentre. Especially for ad-hoc task, running a dedicated instance would involve additional operational overheads.

AWS Lambda is a serverless compute service that lets you run code without provisioning or managing servers, creating workload-aware cluster scaling logic, maintaining event integrations, or managing runtimes. While using Lambda, all you need is to provide code for the task, and it can be triggered by API gateway as well as other AWS services which are fully managed by AWS. You will only need to pay for what you have used. The model of pay-per-use makes FaaS, function-as-a-service, insanely cheap.

Without going to too deep in concepts, I will demonstrate a simple lab about how simple to run a RESTful API by using AWS Lambda.

1. Enter the Lambda Console and create a Function

Blueprints provide example code to do some minimal processing. Most blueprints process events from specific event sources, such as Amazon S3, DynamoDB, or a custom application. In this lab, we will build a Lambda Function from scratch.

a. In the AWS Lambda console, select Create a Function

b. Select Author from scratch

c. Type in function name and runtime

How to run a Simple API using AWS Lambda

2. Configure permission for the Function

The lambda function needs right permissions to access the resources within your AWS account. You can create your own policy for Lambda or use pre-defined policy to attach.

permission

3. Input scripts and deploy the function

a. Upload the scripts as a ZIP file or paste it in.

b. navigate to File, and click Save to save the code for further editing.

c. Click the Deploy button to launch the function.

From here, the function has already been launched and ready to be used. You will need to add triggers to define when to use this function.

lambda script

4. Using API Gateway as the trigger

Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. In this case, APIs act as the “front door” for our Lambda function.

a. Click Add trigger in the function just created.

b. Type in the name and select REST API as the API Type.

c. Select the security mechanism for this function.

d. Click Add button to complete the trigger creation.

 

add trigger
select trigger

5. Editing trigger

a. Create GET method for the trigger.

b. Click the GET method and select Lambda Function as the integration type.

c. Type the name of the function into the Lambda Function block.

d. Click Save to complete the trigger setting.

changeaction

6. Test the function

Open the browser to test function just created.

test

You can reach out to us at- info@sprintnetworks.com, if you have any other questions or concern.

Jan 21
Monitoring titan

Versa Titan Live Traffic Monitoring

By Superfast IT Networks, Versa Networks No Comments

I would like to show you a cool feature of Versa SD-WAN in this blog, that is the Live Traffic Monitoring. The video on the right is showing that live traffic generated by one of our Versa Titan SD-WAN site.

One of the operational challenges facing by the traditional WAN is lack of visibility. Now, with SD-WAN technology, the business can have a comprehensive view of what is happening within their WAN network, including network congestion, delay variation, packet loss, and sometime service outages. Therefore, IT team can find it easy to manage the WAN network and troubleshot network related issues.

Versa Titan

Ref: Versa Titan Cloud Managed SD-WAN & Security Partner Program | Versa Networks (versa-networks.com)

Jan 14
553702 637335317429955995 16x9 1

Symmetric Key Management Consideration

By Cloud Computing, AWS No Comments

Symmetric Key Management Consideration

With the wide use of GDPR, General Data Protection Regulation, and other data protection standards accumulated by lots of companies, information protection has become a crucial part of the daily operation. At the same time, encryption is the backbone of any systems security scheme.

Advanced Encryption Standard, known as AES, is currently the most secure and widely used algorithm for data encryption. It is trying to provide a solution for the heart of information security, Confidentiality, Integrity, and Authentication. However, nothing is absolutely secured. The hand that wields it determines how secure a system will be.

Symmetric Key Management Consideration
shutterstock 509910508 crytprographic algerithmcfaithie

Symmetric cryptographic, such as AES, provides solid data encryption, which relies on block cipher to encrypt bulk data. However, as mentioned before, incorrect use of the encryption or improper key management will lead to no security against penetration even with the strongest and so-called safest technologies.

The idea of symmetric cryptography is to use a single key to encrypt and decrypt a certain amount of traffic. It could lead to a security concept called key exhaustion. It can be understood as using a key more than it should be, which means it might be used to encrypt too much data than it supposes or uses it beyond its authorized lifecycle.

 

That is to say, if a data center uses AES with Galois Counter Mode (GCM), then a single key should never be used to encrypt more than 232 cipher blocks. This is to prevent partial or full compromise of the plaintext messages or their integrity [1].

AES Encryption

Encryption keys are not immortal, and the probability of a breach increases the longer that a key is in use. When organizations consider the threat of an attack, management should cover the strength of the algorithm and key and the key rotation. Organizations will have no ideas when the attack will take place, where it will happen or how long the key will last without exposing it to attackers. The use of key rotation and key hierarchies as part of a key management system would directly minimize the risks associated with key exhaustion.

Reference

[1] “NIST SP 800-38D – Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC” (2007), by the National Institute for Standards and Technology 

Jan 13
images 1

How to configure Versa Titan in high-availability (HA)?

By Versa, Titan No Comments

To avoid a single-point of failure at your branch site, you can configure Versa Titan appliances in HA mode. To configure HA on Versa Titan appliances is relevant easy, it can be done on the Titan Portal within few steps. 

images 1

HA mode only works with the same device model and license, thus we need to have two identical appliances with identical license installed; Wire the 2 appliances on the cross-connect port before you can configure them on the Titan Portal.

What is the cross-connect port? The cross-connect port marks the boundary between the WAN and LAN ports. When wiring the devices for HA, the ports are divided into 3 sections:

  • WAN ports always start the lower port number on the left, e.g. port 0 then port 1;
  • LAN ports are the higher numbered ports on the right;
  • Cross-connect port should be the port in the middle; in between the WAN ports and LAN ports.

Please note that you must assign the same number of the port on both appliances. For example,

  • If the first device uses ports 0 and 1 as WAN ports and the second device uses only port 0 as a WAN port, then use port 2 as the cross-connect port on both device;
  • Or if both devices only uses same number of ports for WAN connections., then use the next port number after the highest WAN port number as the cross-connect port number

Once you have determined the cross-connect port on both appliances,  connect them with a Cat6 Ethernet cable. Then you can start creating the HA site on your Versa Patrol. 

  1. Navigate to your Versa Titan Patrol, click Configure in the left menu bar to display the Configure dashboard;
  2. Click a license type in the bottom menu bar to display available license. At least 2 licenses of the same type are required for HA configuration.
  3. Drag and drop a license onto the dashboard. The New Site Configuration window displays automatically; In the displayed New Site Configuration window, enter following details:

blog 1

  • Enter site name and location information. 
  • Click the HA Mode box.
  • Click Save to save the configuration.
  • The honeycomb displays the new site with 2 devices. Site A is on the left and Site B is on the right.

blog 2

  1. Please note the first LAN, which is the next port after the cross-connect port, is a Shared LAN and can be configured on the first device only. This configures the LAN on both devices. If one device fails, the other continues to operate the LAN.
  2. Click Deploy to deploy the new sites. 
  3. Activate each device through Wi-Fi, Bluetooth or GZTP. Once activated, the administrative state for the site in the honeycomb should turned into Green as active. 

Ref: Versa Titan Cloud Managed SD-WAN & Security Partner Program | Versa Networks (versa-networks.com)

Jan 12
Secure SDWAN Architecture

Fortinet Secure SD-WAN Architecture

By Fortinet No Comments
Secure SDWAN Architecture 1

The Fortinet Secure SD-WAN solution is architected with multiple components to meet enterprise requirements satisfying business outcomes.

Transport independence provides a freedom from being stuck with expensive legacy types of link like MPLS, and giving more flexibilities by getting the SD-WAN service over various transports, for example broadband Internet and 4G/LTE.
Eventually, it also helps reducing IT Opex from the broad and various trasport options.

The overlay secures business traffic over IPSec tunnel and the security service is empowered from Fortinet security centralised database like, FortiGuard Labs and FortiSandbox.

IT Operator is able to have the granular level of visibilities and centralised configuring ability over the entire Secure SD-WAN networks using Fortinet operational platforms like, FortiManager, FortiAnalyzer and FortiSIEM.

Fortinet Zero Touch Deployment helps a quick and efficient deployment on the large size of sites.

Fortinet Secure SD-WAN also presents strong identity and access management functions for remote users trying to connect to corporate network through secure tunnels.

Corporate hosted business applications are being transformed to cloud base rapidly and broadly.
And the perfomance of cloud based applications have become critical for coporate businesses.
Fortinet Secure SD-WAN extends the functions to private or public cloud platform, like MS Azure, Amazone AWS and Google Cloud to provide cloud based applications with better and guaranteed performance.

The major difficulty with deployment and operation of secure SD-WAN comes from the complex multi services across distributed sites.
Fortinet consolidates multi-layered services into the single platform which is FortiGate.

Any Fortinet Secure SD-WAN platform can take advantage of Fortinet’s all next generation firewall capabilities protecting corporate network from various internal and external threats as its inherent capability.

Nov 18
Hari AWS Cover 2

How to launch a WordPress website on AWS using LightSail

By Cloud Computing, AWS No Comments

Ever considered launching your own personal website or blog? Consider learning WordPress. It is a great tool that allows people with minimal technical experience to build, maintain and scale fully responsive websites on your own. WordPress is a free open source software written using PHP that lets users add thousands of plugins depending on your needs. Many incredible websites such as techcrunch.comsonymusic.combbcamerica.com and blog.ted.com are built using this powerful tool.

WordPress requires a hosting service (compute power linked to the internet) to enable users around the world access its content. An extremely simple way of hosting a WordPress website is though a hosting provider such as ventraip.com.au and digitalpacific.com.au, right here in Australia. However, they lack the scalability and provides minimal control of the compute resources to the user. This is where AWS LightSail steps in.

With Amazon LightSail, you can launch a WordPress site on AWS which is extremely scalable to millions of users within seconds. This article aims to provide all the necessary material needed to launch your own WordPress website together with AWS LightSail.

Setting Up a Budget

Before getting started I recommend you to setup a budget to ensure that you spend only a comfortable amount monthly. Furthermore, when you create a budget, AWS Budgets provides a Cost Explorer graph to help you see your incurred costs and usage. You can follow the following steps in the link to create a basic monthly budget. I setup my budget to be a $10 monthly “Cost Budget”. https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/budgets-create.html

Launching a LightSail Instance

The link below will guide you on how to launch the AWS LightSail instance. It includes steps to connect to your instance by using SSH, sign in to your WordPress website, create a static IP and attaching it to your instance, and create a DNS zone and mapping your domain. https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-tutorial-launching-and-configuring-wordpress

Obtaining a free SSL certificate for your website

SSL certificates enables websites to move from HTTP to HTTPS, which is more secure. SSL certificates make SSL/TLS encryption possible, and they contain the website’s public key and the website’s identity, along with related information. An SSL is essential to any website as your website could be flagged by web filters or anti virus guard as being malicious if a SSL certificate has not been issued for the website. Follow the directions on the link below to obtain a free SSL certificate for your AWS LightSail WordPress instance. https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-using-lets-encrypt-certificates-with-wordpress

Testing website performance using GTMetrics

With GTmetrix, you enter in your site’s URL and GTmetrix will show your websites current performance metrics, along with scores, recommendations, and analysis tools to help you optimise your site’s performance. Website performance metrics sites such as GTmetrix will be critical when scaling your website to ensure quick load speeds and great user experience. https://www.gtmetrix.com/

Conclusion

Using AWS LightSail, you can create a WordPress website even if you have no previous AWS experience. However, there’s no such thing as a perfect hosting provider, there are some drawbacks even with using LightSail such as not having a free email address associated with your hosting and not having a fixed monthly cost. If LightSail doesn’t meet all your requirements, you can simply opt to go with a traditional hosting provider such as ventraip.com.auau.godaddy.com or digitalpacific.com.au.

 
Nov 16
Hari Pacific Island 2

8 Valuable Lessons Learnt about Data Networks in the Pacific Islands

By Superfast IT Networks No Comments

Over the last decade Sprint Networks have played a pivotal role in designing some of the largest enterprise Data Networks in the Pacific Islands. So we understand that IT is no longer just a cost centre; it is part of an organisation’s overall vision and must deliver tangible value to the business. We wrote this article as a value add for our customers and partners in Papua New Guinea and the Pacific Islands. We highlight 8 lessons and impediments we’ve seen over the years and the possible solutions you can implement.

1. There is no shortage in technology in the Pacific Islands, but a lack of capability within data networks to integrate these new technologies

Sometimes the most productive thing you can do is take stock of your network. Then take massive action - without change, there is no progress

Most companies in the Pacific Islands love to bring in new Tech, cutting-edge hardware and push new Apps, but their underlying infrastructure does not lend itself to make this a reality. Poor network designs and limited technical resources hamper this progress.

Solution: Audit your network – see what and where the bottlenecks that are limiting your technological progress.

Sometimes the most productive thing you can do is take stock of your network. Then take massive action – without change, there is no progress.

Also, getting a reputed third-party consultant would give you an honest and unbiased representation of your current network and even make possible recommendations for overall improvements.

2. 99% of all enterprise data centres are messy and disorganised!

At the beginning pursue progress instead of chasing perfection.

This alone is costing businesses much grief, money, incohesive IT teams, chaos within data centres (wasting time on troubleshooting) and massive latency within LAN environments.

Solution: Get organised! If your network is anything like the picture below, there is no way you could make it all neat and tidy over a single weekend. This should be a staged approach. Take on this task, piece by piece or to put it more technically segment by segment. At the beginning pursue progress instead of chasing perfection.

3. Poor ISP services

ISPs in the Pacific Islands are unreliable. But you already knew this :). We have seen many enterprises constantly loose network connectivity and go offline due to intermittent network failures over their existing service provider. This in turn impacts their business and hampers productivity.

Solution: use dual ISPs! This might sound counterintuitive, but the benefits are far greater than the costs (if the correct architecture and design is employed). This solution is fantastic for customers who are looking for agility, resiliency, redundancy and better up-time for their WAN links between the head-office and branch offices (given there are no power failures at site :)) Here’s a write up we did on “How to overcome Data Network limitations in the Pacific Islands“. Which outlines several options.

4. Poor Network designs

No one will care about your network as much as you do

In 2020 we’ve been extremely busy! Meaning we came across many a customer networks and spend time analysing numerous designs. Our conclusion, 9 out of 10 networks were badly designed. IT personnel working for these customers couldn’t even understand the existing logical network topology, how traffic was routed across the network or how to secure the network is. This was a real eye opener!

Solution: spend the time to understand your network – there is no substitute for this. “No one will care about your network as much as you do” empower IT teams by providing proper training and mentoring, also hire capable IT personnel with a good track record. Use state-of-the-art performance and network monitoring tools. Feel free to ask us how this could be done.

0 1

5. Companies use low-grade hardware in the enterprise (hubs, switches, routers and storage units)

If you expect great things from your network, then use production worthy standards based hardware

You cannot expect to run an enterprise using low-end consumer grade appliances and network peripherals and then expect enterprise grade service and quality. This will not happen! We’ve seen a lot of customers paying the price for this pennywise – pound-foolish approach. We’ve noticed that some customers did this through pure ignorance and some did it to cut costs.

Solution: if you expect great things from your network, then use production worthy standards based hardware. Don’t run to your local electrical store to purchase an 8 port no-name brand hub just because your Cisco switch ran out of ports. Feel free to ask us how this could be done.

6. Most customers opt for static routing over Dynamic routing technologies.

Static networks are just that – static! We understand there’s a place for static routing within an enterprise. But – if you want to grow and scale your network you need to consider running dynamic routing protocols. 

Solution: consider dynamic routing protocols whenever it makes sense. If this is beyond the depths of your IT team, get professional help.

7. Unencrypted WAN data circuits

Most customers expect the service provider (i.e. the local telco) to be responsible for providing security and WAN encryption. This is expecting way too much from a local telco, who’s most likely struggling with their own security woes. Besides, how can you expect a third-party to secure your own backyard. This is not best practice.

True story: We once had a CFO dismissing the idea of paying for WAN security as he couldn’t accept the fact of paying a professional services company to provide this service. Long story short, the senor IT manger vetoed the CFO’s suggestion. We were delighted – sanity had prevailed.

0

Solution: So, what can you do to safeguard data network right now – like today? The simplest solution is encrypting your data links. You don’t need to go buy any fancy firewall or build dedicated VPNs (although these are very valid options), but use enterprise grade secure tunnelling. You can do this today, if you have the right tools and people. Feel free to ask us how this could be done.

8. No AAA (Authentication - Authorisation - Accounting) in the network

What is AAA? AAA is a term for a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. These combined processes are considered important for effective network management and security.

This is a bigger issue than most people think, when there is no governance for network administration and authorisation any Tom, Dick and Harry can access your network with any local access or account. For example, Tom can use Harry’s access and visa versa. This should concern any ICT manager, because of the lack of access control.

Also, say you have 250 devices in your network and 10 administrators, this would mean 10 local accounts across 250 devices. This is Not practical and does not scale. Believe it or not this is how most companies operate in the Pacific Islands. It gets worse, say if a user losses their username or password. The username and password would then need to be re-created on all the devices. This is very common too.

Solution: Integrate a proper TACACS or RADIUS server – where all of AAA can be centralised and consolidated. It would also help administrators to add or remove uses with varying levels of access privileges.

Conclusion

Good Networks are not adopted automatically. They must be designed into practice with brilliant architecture.

So there you have it! Our top 8 lessons we encountered around data networks in Pacific Islands. We’re sure some of our clients reading this will be smiling sheepishly. But, truth be told – enterprises having one or more of the issues described here are the once that struggle the most, complain the most and are unable to keep up with business demands. Let’s hope in 2021 these issues will be addressed..

×