July 2022 – RedThunder.Blog

Agents for Observability & Management

To use Observability & Management (O&M) services, there is the option to deploy OCI agents depending on which service you wish to enable.

There are two types of agents that can be used.

Oracle Cloud Agent (OCA) – This agent is deployed by default if you provision hosts via the OCI Compute Service. OCA has extensions and plugins which can be used to enable other features native to OCI Compute Services.
Management Agent (OMA) – This agent is a standalone version where you can deploy to hosts or VMs:
– That do not have OCA installed on OCI eg. OCI Database Services (eg. Oracle Base VM/BM, ExaCS).
– On-Premise
– Third Party Cloud (AWS, Azure etc..)

…

Please see the current O&M support we have for each agent:

OCI Agent	Logging Analytics	Stack Monitoring	Database Management	Operations Insights	Target
Oracle Cloud Agent (OCA)	Yes	Yes		Yes	OCI Compute VM / BM Host
Oracle Management Agent (OMA)	Yes	Yes	Yes	Yes	Other VM Host (including on-premise and 3rd party cloud)

OMA Agent Install

In previous post, I have provided steps on how you can install the Oracle Management Agent.

OCA Agent Install

For this post, let me show you how easy it is to enable the O&M services for Oracle Cloud Agent (OCA).

TLS Migration – A better way

HTTPS is essential as it protects the privacy of our data over the Internet. W3’s 2022 report shows nearly 80% of all websites use HTTPS as their default web protocol, up 6% on the previous year.

Getting started with HTTP/TLS is fairly straightforward. Obtain a CA signed certificate, configure it on your web servers and reverse proxy load balancers and you’re good to go. But how do you ensure your configuration stays up-to-date with current industry standards?

CyberSecurity is an arms race. As hardware and software evolves, so do the tools and techniques created to exploit them. This fierce race largely drives the innovation that we see in the industry today.

How does this relate to TLS? Since the inception of SSLv1 by Netscape in the 90’s there’s been many revisions, SSLv2, SSLv3, TLSv1.1, TLSv1.2 with the current version being TLSv1.3. TLSv1.1 was deprecated in 2021, with new versions being released approximately every 5 years. Given the rate at which exploits are discovered these release cycles will also need to keep pace.

For organisations this poses a number of interesting challenges because you can only control what TLS versions you support. Also if your website or API is public then it’s likely you have no control over the connecting client, or which TLS versions they’re able to use.

Virus & Malware Scanning Object Storage in OCI

If you’re like me, then working in IT means you also assume Tech Support duties for friends, family, and those distant relatives that only seem to call when they’ve got a problem.

I just clicked on this link, and my computer is doing something weird. I think my PC has a virus, what do I do?

When it’s just a single computer, the answer is simple, contain and validate the rouge software is removed, install an AV solution, change their passwords, enable MFA, and provide some education on what to look out for next time.

But now imagine you’re an organisation building a new application, or are moving applications to the cloud. Are you simply performing a lift-and-shift or are you planning to make use of cloud native services? Where are you going to store your data, specifically user uploaded files? Object Storage was built specifically to solve the challenges of how to store unstructured data in the cloud.

However, there is a catch. If you were previously storing files on a server file system, then it’s likely you were also running an anti-virus / anti-malware solution to identify malicious files. With Object Storage the underlying file system is transparent, so you can’t install AV, yet many compliance requirements still state “Uploaded files must be scanned for viruses and malware”.