Friday, 29 March 2019

IBM Cloud Hyper Protect Crypto Services is Now Available on IBM Public Cloud

A new offering from my IBM Z organisation: -

...
IBM offers now two choices for key management. IBM Cloud Key Protect supports Bring Your Own Key (BYOK) for protecting data at rest. Today, IBM Cloud is announcing the general availability of IBM Cloud Hyper Protect Crypto Services, a dedicated Key Management and Cloud HSM Service designed especially for customers looking for greater control over their data encryption keys and the hardware security modules (HSMs) that protect these keys. The service is now available in US South region, based out of Dallas, Texas.

Hyper Protect Crypto Services supports Keep Your Own Key (KYOK), which allows data encryption keys to be protected by a dedicated, customer-controlled HSM that uses FIPS 140-2 Level 4 certified hardware. Built on IBM LinuxONE technology and being part of the IBM Cloud Hyper Protect portfolio of services, this service guarantees that privileged users—including IBM Cloud administrators—have no access to customer keys. This provides an ideal base to onboard sensitive apps to the cloud. Key Protect and IBM Cloud Hyper Protect Crypto Services use a common Key Provider API to provide a consistent approach for managing keys.
...
High availability and disaster recovery: IBM Cloud Hyper Protect Crypto Services, which now supports three availability zones in a selected region, is a highly available service with automatic features that help keep your applications secure and operational. You can create IBM Cloud Hyper Protect Crypto Services resources in the supported IBM Cloud regions, which represent the geographic area where your IBM Cloud Hyper Protect Crypto Services requests are handled and processed.

Scalability: The service instance can be scaled out to a maximum of six crypto units to meet your performance requirement. Each crypto unit can crypto-process 5,000 keys. In a production environment, it is recommended to select at least two crypto units to enable high availability. By selecting three or more crypto units, these crypto units are distributed among three availability zones in the selected region.
...

 IBM Cloud Hyper Protect Crypto Services is Now Available on IBM Public Cloud

Friday, 22 March 2019

Tinkering with Docker manifests ? You need Manifest Tool and MQuery

MQuery

A simple utility and backend for querying Docker v2 API-supporting registry images and reporting on "manifest list" multi-platform image support.

This project uses IBM Cloud Functions (built on OpenWhisk) as a backend, in concert with the manifest-tool inspect capability (packaged as a Docker function) to easily report on the status of whether an image is a manifest list entry in the registry, and if so, what architecture/os pairs are supported by the image.

https://github.com/estesp/mquery

docker run --rm mplatform/mquery mplatform/mquery

Image: mplatform/mquery
 * Manifest List: Yes
 * Supported platforms:
   - linux/amd64
   - linux/arm
   - linux/arm64
   - linux/ppc64le
   - linux/s390x
   - windows/amd64:10.0.14393.1593

manifest-tool

manifest-tool is a command line utility that implements a portion of the client side of the Docker registry v2.2 API for interacting with manifest objects in a registry conforming to that specification.

This tool was mainly created for the purpose of viewing, creating, and pushing the new manifests list object type in the Docker registry. Manifest lists are defined in the v2.2 image specification and exist mainly for the purpose of supporting multi-architecture and/or multi-platform images within a Docker registry.

https://github.com/estesp/manifest-tool

docker run --rm mplatform/mquery mplatform/manifest-tool:latest

Image: mplatform/manifest-tool:latest
 * Manifest List: Yes
 * Supported platforms:
   - linux/amd64
   - linux/arm
   - linux/arm64
   - linux/ppc64le
   - linux/s390x
   - windows/amd64:10.0.14393.2312

Tainting and "untainting" nodes in a Kubernetes cluster

Having been tinkering with the taint function on an x86 node in an IBM Kubernetes Service (IKS) cluster, to force my pods to deploy onto another node in the same cluster: -

kubectl taint node node1 node1=DoNotSchedulePods:NoExecute

I was looking for an easy way to reverse the taint ( "untaint" ), and found this: -

kubectl patch node node1 -p '{"spec":{"taints":[]}}'

with thanks to this: -

Tuesday, 12 March 2019

IBM Notes 9 - How to munge the Shortcut Buttons

For too long, I've been trying to remember how I can add shortcuts to the IBM Notes client, alongside the existing two shortcuts: -

Guess what ?

It's easy !

This rather nice all-in-one IBM Notes 9 tutorial one-pager: -

https://www.quicksourcelearning.com/images/samplepdfs/978193551845.pdf

reminded me.

It's this :-)


So now I have mail, calendar AND contacts: -


Yay!

Right Sed Fred!

I've been using the Stream Editor (sed) for the past few years, and especially love it's ability to do in-place editing of a file as...