Security, software development and devops in a cloud world - AWS, Azure, Google, IBM & Alibaba

Author John Hanley

I design software for enterprise-class systems and data centers. My background is 30+ years in storage (SCSI, FC, iSCSI, disk arrays, imaging) virtualization. 20+ years in identity, security, and forensics.

For the past 14+ years, I have been working in the cloud (AWS, Azure, Google, Alibaba, IBM, Oracle) designing hybrid and multi-cloud software solutions. I am an MVP/GDE with several.

Laravel – Adding Azure Blob Storage

Introduction Recently I decided to deploy a Laravel site so that customers can upload large files privately and securely. Similar to Dropbox but without its bells and whistles. I did not want to share access keys or other secrets. I… Continue Reading →

Azure – OpenID Connect JSON Web Key Set

Introduction For a new project, I must validate Azure Access Tokens in PHP. This requires obtaining the public key to validate the JWT signature. This article shows the process of working with the Azure OpenID Connect Metadata Document to obtain… Continue Reading →

Azure – Setting up a Development Environment for Python

Introduction This article demonstrates how to set up a Windows development system with Python and the Azure SDK for Python. After my article, Azure – Lock a VM to Prevent Deletion, I wrote the Azure CLI equivalent commands in Python…. Continue Reading →

Laravel – GitHub Integration – Part 1

Introduction This article demonstrates backing up an existing Laravel site to GitHub. The next article demonstrates adding a GitHub WebHook to automatically update a Laravel site when you push updates to GitHub. I have many websites in production status. I… Continue Reading →

Azure – Update Network Security Group Rule with my IP Address

Introduction In Azure, I have security group rules that allow access to everything from my public IP address. I have a rule for the office and another for home. For sensitive ports such as SSH and RDP, similar rules are… Continue Reading →

Azure – Lock a VM to Prevent Deletion

Introduction You are busy developing. It is late at night. You decide to delete one of your test virtual machines and recreate it to validate your deployment procedure. You log into the Azure Portal, select a virtual machine and click… Continue Reading →

Azure – Recovering from UFW firewall lockout – Ubuntu

Introduction You have a Ubuntu instance running in an Azure Virtual Machine. You connect to this instance via SSH. One day you decide to enable the UFW firewall and your SSH connection drops. You cannot reconnect. Problem Enabling the UFW… Continue Reading →

What is Amezmo?

What is Amezmo? Amezmo is an excellent platform for .NET Core and PHP applications. Amezmo combines containers, GitHub, and Let’s Encrypt into an amazing platform for deploying applications. Updating your application is as simple as edit, commit and push. GitHub… Continue Reading →

Laravel – Redirecting HTTP to HTTPS

Introduction Once you have an SSL certificate configured, the next step is to redirect unencrypted traffic. There are several methods of doing this. Within your application (Laravel), by the web server (Apache or Nginx) or by the frontend (load balancer)…. Continue Reading →

Laravel – Displaying a GitHub Gist

Introduction Today (June 14, 2021) I answered a question on Stackoverflow regarding the Google Cloud Recommender API that required Python source code. I also created a GitHub Gist to make downloading the code easier. That got me thinking about how… Continue Reading →

WireGuard Introduction

Introduction This article is the first in a series of using WireGuard in the cloud. This article starts by explaining what WireGuard is. Additional articles will demonstrate how to configure WireGuard for both Windows and Ubuntu for the following VPN… Continue Reading →

Terraform – Experiments with Google Cloud DNS and IAM

Introduction I am currently preparing to recertify for the Google Professional Cloud Security Engineer Certification. I previously scheduled the HashiCorp Certified: Terraform Associate on March 29, 2021 at 3 PM. Maybe I will take both exams on the same day…. Continue Reading →

Google Professional Cloud Security Engineer Recertification

This article is a journal of my path to take the Google Professional Cloud Security Engineer Recertification. I plan to track my progress, resources and post exam tips. Date created: March 2, 2021 Last updated: March 7, 2021 Exam Completed:… Continue Reading →

Google Cloud Run – Debugging an ASP.NET Core Time Zone Issue

Introduction I am writing ASP.NET Core code for an automated cloud directory synchronization process that will run on Google Cloud Run and Kubernetes. This code requires the current date and time in the local time zone. Simple problem, or so… Continue Reading →

Hostwinds – Virtual Private Servers

Introduction One of the things that I love about the cloud, is that you can deploy servers in minutes. What previously took weeks of time, purchase orders, etc. is now a few clicks of the mouse. One of my action… Continue Reading →

What programming language do I write software in?

Introduction I recently had a conversation with the Principle Security Architect for a large company concerned with security, identity, and access management. He asked me, “What language do you write your code in and why?”. I answered his question with… Continue Reading →

Google Cloud – Improving Security with Impersonation

Introduction A common practice in Google Cloud is to create one or more service accounts to authorize the Google Cloud CLI. Using service accounts is recommended by Google instead of user accounts. However, a service account JSON or P12 file… Continue Reading →

PowerShell – Impersonate Google Service Account

Introduction This article shows how to impersonate a service account from user account credentials. To understand how to set up everything, read the companion article: Google Cloud – Improving Security with Impersonation Save the following PowerShell script as a file… Continue Reading →

Google Cloud Compute – Mastering SSH

Introduction One of the more frequent problems on Stackoverflow is Compute Engine SSH. This article will dive into how SSH is configured on Compute Engine and how to connect using various SSH tools. I will also cover how to create… Continue Reading →

Certification Practice Tests

What is a Certification Practice Test? There are two types: Practice Questions and Practice Tests. Practice Questions help you test your knowledge and prepare for certification. These could be as simple as a list of questions where you select an… Continue Reading →

Microsoft Security Certifications – New Year’s Resolution

Introduction I am working on two new security certifications for my new year’s resolution. My specialties include security, identity, access management, and networking with a focus on hybrid and multi-cloud. For the first quarter, I plan to prepare for and… Continue Reading →

IBM Cloud – New Website

Today I moved all of my IBM Cloud and Red Hat OpenShift content to a new site. The new site will focus on IBM Cloud, Red Hat, Serverless Containers and OpenShift. Most of my work is in Hybrid and Multi-Cloud…. Continue Reading →

Socratica Python Kickstarter Project

 Socratica Python Kickstarter Campaign Introduction from Socratica’s Kickstarter Campaign Socratica – a small educational film studio with big dreams. You know us for our high-quality video lessons about math, science, and programming, especially PYTHON. Over the course of five… Continue Reading →

Never Implement Proxy TLS Interception

Introduction I was answering a question on StackOverflow. The questioner has implemented Proxy TLS Interception which is very dangerous. I am reposting this thread on my website to share the details of my answer. The Question: how to configure Google… Continue Reading →

Google Cloud – SSL Certificates the Easy Way

Introduction I use SSL certificates for everything. I am constantly creating them for internal systems and cloud services. This includes services such as web servers, SQL servers, anything where you might use a paid SSL certificate, or a self-signed certificate… Continue Reading →

Cloud Storage Bytes – New Training Videolab

This training videolab is a collection of videos Google Cloud created by Jennifer Brown @jbrojbrojbro. Jennifer is a Google Cloud Developer Advocate and a Google employee. Her videos are very good and average about 3 minutes each. This lab combines… Continue Reading →

Get Cooking in Cloud – New Training Videolab

Introduction This training videolab is a collection of videos Google Cloud created by Priyanka Vergadia @pvergadia. Priyanka is a Google Cloud Architect and a Google employee. Her videos are very good and average about 5 minutes each. This lab combines her… Continue Reading →

Google Cloud SQL for MySQL – Connection Security, High Availability and Failover

Introduction Designing an application that incorporates Google Cloud SQL requires some thought. There are several factors to consider regarding security, performance, fault tolerance and availability. Incorrectly implementing one of these areas can affect the other areas, usually negatively. In this… Continue Reading →

Introduction to Python – New Training Videolab

Introduction I watch a lot of training material from all the major education vendors (Pluralsight, Linux Academy, Cloud Academy, A Cloud Guru, and many others). For a long time, I have been wanting to add professional scriptwriting, professional graphics and… Continue Reading →

Google Cloud SQL – New Training Videolab

Introduction I watch a lot of training material from all the major education vendors (Pluralsight, Linux Academy, Cloud Academy, A Cloud Guru, and many others). For a long time, I have been wanting to add professional scriptwriting, professional graphics and… Continue Reading →

Google Cloud SQL Proxy – Installing as a Service on GCE

Introduction Google Cloud SQL Proxy provides secure access to Cloud SQL Second Generation instances without having to whitelist IP addresses or configure SSL. Cloud SQL Proxy provides several important benefits: Secure connections: The proxy automatically encrypts traffic to and from the database using TLS… Continue Reading →

Google Cloud Run Deep Dive – Understanding the APIs – Part 2

Introduction This article discusses mapping custom domains for Google Cloud Run Managed. In a future article, I will cover Google Cloud Run on GKE. Google Cloud Run supports using a custom domain rather than the default address provided for a… Continue Reading →

Google Cloud Run Deep Dive – Understanding the APIs – Part 1

Introduction To understand Google Cloud Run, you must peel back the layers and look at the interfaces that the API offers. Understanding the API will provide you with a better understanding of the features and capabilities. If your goal is… Continue Reading →

Google Cloud Platform – Getting Started

Introduction Google Cloud Platform is a suite of cloud computing services. Google has everything from storage, compute, database, big data to AI and everything in between. I am often asked how do I get started with Google Cloud. In this… Continue Reading →

Google Cloud Run – Minimizing Cold Starts

Introduction This article discusses Google Cloud Run cold starts, what they are and how to avoid cold starts. What is Cold Start? Cloud Run is a stateless HTTP serverless container service that provides on-demand services that autoscales to zero instances…. Continue Reading →

Google Cloud – HTTP Load Balancer File Upload Error

Introduction This article is about how to upload files to Compute Engine fronted by a Google HTTP Load Balancer and how to diagnose and correct file upload timeouts. The result is a better understanding of how to configure the Google… Continue Reading →

Google Cloud Shell – CLI in Go

Google Cloud Shell CLI Written in Go This is a placeholder until I write this article. I have published the source code on GitHub. Note: This program is written for Windows. I have not yet ported it to Linux or… Continue Reading →

Security – Key Pairs and Private-Public Keys

Table of Contents Introduction Definitions Example Private & Public Keys OpenSSH Public Keys SSH-2 Public Keys Examining OpenSSH Public Keys Introduction There is a lot of confusion and inaccurate information on the Internet about Key Pairs and Private/Public keys. This… Continue Reading →

Google Cloud Run – Simple File Server in Go

Introduction This article shows how to serve files with Google Cloud Run. There are a few reasons to use Cloud Run instead of Google Cloud Storage. To learn how to deploy a simple file sharing service using Cloud Run. To… Continue Reading →

Google Cloud and Go – My Journey to Learn a new Language in 30 days

Part 1: Introduction Today I decided to learn Go in the next 30 days and document every step of my journey. How well will I know Go in 30 days? That is a difficult question and by logging the steps,… Continue Reading →

Google Cloud Asset Inventory – Reverse Engineering an API

Introduction This article describes a missing item from the articles and documentation on Google Cloud Asset Inventory. The item is the header X-Goog-User-Project. I am writing this article to show how I figured this out, so you have another method… Continue Reading →

Google Cloud Run – Identity

Introduction Sometimes your Google Cloud Run app needs to communicate with or consume other services. This can be a simple as reading an object in Cloud Storage, sending an email, or connecting to a database. What identity does Cloud Run use?… Continue Reading →

Google Cloud Run – Pricing

Introduction Google Cloud Run charges you for the resources you use when you use them. No long running compute instances, just on-demand services. There are several components to Cloud Run services. In this article, we will look at each one…. Continue Reading →

Google Developers Experts – Cloud Platform

Google Experts Program Google has honored me with Google Developers Experts Cloud Platform. I am the twentieth expert in North America. This is a global program to recognize individuals who are experts and thought leaders in one or more Google… Continue Reading →

GitHub – New Public Repository

Starting today, I am copying all of my source code for the articles on this website to GitHub. This will take a week to complete. Today’s article on Cloud Run now has a GitHub repository to make downloads and builds… Continue Reading →

Google Cloud Run – HTTPS – Part 2

Introduction This article discusses HTTP to HTTPS redirection in software. I will show you one method of server-side redirects in Python 3 and Flask. I will start by analyzing the HTTP headers received by a Cloud Run container application and… Continue Reading →

Google Cloud Run – HTTPS – Part 1

Introduction This article discusses HTTP to HTTPS redirection as implemented by Google Cloud Run. Today, all websites should deliver traffic over HTTPS. Google Cloud has adopted this policy providing HTTPS for Cloud Run service URLs with automatic redirects from HTTP to… Continue Reading →

« Older posts

© 2021 John Hanley — Powered by WordPress

Theme by Anders NorenUp ↑