Category Archives for "Networking – The New Stack"

Is Kubernetes the Next Fault Domain?

Keith McClellan Keith McClellan is director, partner solutions engineering, at Cockroach Labs These days, most application architecture is distributed by default: connected microservices running in containers in a cloud environment. Organizations large and small now deploy thousands of containers every day — a complexity of scale that is almost incomprehensible. The vast majority of organizations depend upon Kubernetes (K8s) to orchestrate, automate and manage all these workloads. So what happens, then, when something happens with Kubernetes? A fault domain is the area of a distributed system that suffers the impact when a critical piece of infrastructure or network service experiences problems. Has Kubernetes become the next fault domain? Contemplating the disaster of a Kubernetes-related application failure is the stuff of DevOps nightmares. But in disaster, there is also opportunity: Kubernetes has the potential to help us have a common operating experience across data centers, cloud regions and even clouds by becoming the fault domain we design our high availability (HA) applications to survive. Kubernetes as Common Operating System Many distributed applications need to be distributed as close to users as possible, so let’s say we want to build a three-region cluster. Without Kubernetes, even in a single cloud, that means Continue reading

All the Things a Service Mesh Can Do

Van Phan Van is a technical product marketing manager for Consul at HashiCorp. He has been in the infrastructure space for most of his career and loves learning about new technologies and getting his hands dirty. When not staring at his computer screen, he's sharing pictures of food to his wife's dismay. Even as service mesh adoption continues to grow, some organizations are still trying to understand the full extent of what a service mesh can and can’t do. They may not realize that a service mesh is not just another single-purpose tool, but one that addresses a wide variety of networking needs. A service mesh may actually help consolidate multiple existing tools to help reduce management toil and costs. Just take a look at these two multicloud network architectures. Automating and offloading network services and security-related capabilities onto a cloud-agnostic service mesh can help simplify management in multicloud environments. Multicloud architecture using cloud-vendor-specific networking solutions: Using a cloud-agnostic service mesh: Many service mesh products include service discovery, zero trust networking and load-balancing capabilities, while some other service mesh products extend even further to provide multicloud/multiruntime connectivity, network automation and north-south traffic control. Let’s take a look at the capabilities Continue reading

HTTP/3 Is Now a Standard: Why Use It and How to Get Started

I’m sure, like me, you welcomed the IETF standard (Internet Engineering Task Force). No, of course, you didn’t — the web just works, so why worry about it? But if you are vaguely intrigued about why the change is happening, here is a short breakdown of the history behind it. Then we will get into the reasons why you should adopt it for your company. HTTP/3 is the third version of the Hypertext Transfer Protocol (HTTP), and was previously known as HTTP-over-QUIC. QUIC was initially developed by Google and is the successor of HTTP/2. Companies such as Google and Facebook already use QUIC to speed up the web. A Very Short History of HTTP Back in the day, there were two internet protocols that you could choose to work with. Even before the web, we still had to squirt packets of information (or datagrams) from one machine to another across the internet. For a games developer, the important protocol was UDP (User Datagram Protocol). This was the quick, fire and forget standard: you threw a packet across the network Continue reading

Mobile Edge Computing: Lightning Speed from Factory to Personal Devices

It seems like we’ve been hearing about 5G for years now, and how when it’s here, it will revolutionize connectivity as we know it. Steve Dalby Steve is a director in the MongoDB Industry Solutions team, where he focuses on how MongoDB technology can be leveraged to solve challenges faced by organizations working in the telecommunications industry. Prior to this role, Steve held numerous leadership roles with MongoDB’s professional services team in EMEA. Well, 5G is here, but beyond faster or more reliable cell service, few companies have begun to tap into the potential 5G holds for both business-to-business and business-to-consumer innovation. In fact, this potential extends beyond the telecommunications industry into nearly all sectors that rely on connectivity, like the manufacturing, automotive and even agricultural industries, among others. By using the power of 5G networks and pairing that with intelligent software, enterprises can embrace the next generation of industry by launching IoT solutions and enabling enhanced data collection at the edge. This article will explore key questions around the slow move toward 5G innovation and how mobile edge computing can accelerate the push to near-instantaneous network connectivity. What’s Standing in the Way of Innovation? When COVID-19 hit, numerous companies Continue reading

OpenSSL Heap Memory Corruption Vulnerability Fixed

Ever since CVE-2022-2274, didn’t reach Heartbleed levels of ick, but it was more than bad enough. What happened was that the OpenSSL 3.0.4 release introduced a serious RSA bug in X86-64 CPUs supporting the AVX512 IFMA instructions. This set of CPU single instruction, multiple data (SIMD) instructions for floating-point operations per second (FLOPS) was introduced in 2018. You’ll find it in pretty much every serious Intel processor, from Skylake to AMD’s forthcoming Zen 4. In other words, it’s probably in every server you’re currently running. Is that great news or what? Memory Corruption The problem is that RSA 2048-bit private key implementations fail on this chip architecture. Adding insult to injury, memory corruption results during the computation. The last straw? An attacker can use this memory corruption to trigger a remote code execution (RCE) on the machine. Exploiting it might not be easy, but it is doable. And, even if an attack isn’t that reliable, if it’s used to hit a server that constantly respawns, say a web server, it Continue reading

Starlink and Couchbase — Accelerating Innovation to the Stars

If data is the lifeblood of enterprise applications, networks are the arteries. Wayne Carter Wayne is vice president of engineering at Couchbase. Before Couchbase, Wayne spent seven years at Oracle as the architect responsible for driving mobile innovation within the CRM and SaaS product lines. He has 10 patents and patents pending from his work there. Networks are so vital because they enable business, human and mission-critical processes by connecting organizations with customers, employees and partners, increasing efficiency, powering automation, driving engagement and accelerating productivity. Networks are the glue that knit modern applications together. But apps can only be as available and fast as the network that underpins them. Achieving high levels of reliability and speed are keys to success. Network disruptions and slowness are a daily reality that lead to downtime with Starlink. Dancing with the Stars Continue reading

There’s a Nasty Security Hole in the Apache Webserver

Here a security hole, there a security hole, everywhere a security hole. One of the latest is an obnoxious one labeled Apache HTTP Server‘s CVE-2022-23943, an Apache memory corruption vulnerability in mod_sed, was uncovered. This one was an out-of-bounds Write vulnerability that enabled attackers to overwrite heap memory. When you say, “overwrite heap memory,” you know it’s bad news. This impacted the Apache HTTP Server 2.4 version 2.4.52 and earlier versions. New Problems It was quickly fixed. But, JFrog Security Research team’s Security Research Tech Lead, worried that while the

Tailscale SSH Launches in Beta to Replace SSH Keys

Tailscale SSH, which simplifies authentication and authorization by replacing SSH keys with the Tailscale identity of any machine. A Secure Shell or SSH key is an access credential in the SSH.COM. Tailscale gives each server and user device its own identity and node key for authenticating and encrypting the Tailscale network connection and uses access control lists defined in code for authorizing connections, making it a natural extension for Tailscale to now manage access for SSH connections in your network. Removes the Pain “SSH is an everyday tool for developers, but managing SSH keys for a server isn’t so simple or secure,” said Tailscale Product Manager

Zero Trust Adoption: 4 Steps to Implementation Success

According to the Fortinet vArmour senior vice president. “This enables organizations to not have to in essence boil the ocean and try and adopt unilateral controls too quickly, but instead lock down their crown jewels and understand the relationships those assets have to address resilience planning in a phased approach.” One of the biggest mistakes we see when implementing zero trust is insufficient investing in visibility, observability, and analytics across the organization, Kuehn added. “Without visibility, companies are limited Continue reading

What Is Zero Trust Architecture?

Zero Trust Architecture (ZTA) builds on the foundational principles of zero trust security as defined by the National Institute of Standards and Technology (NIST) in publication Ansible, Puppet, and Crowdstrike offer products that cover the entire spectrum of detecting and protecting endpoints within a corporate network. This would include everything from antivirus and antimalware to abnormal network activity monitoring. Microsoft, Trend Micro, and SentinelOne offer similar capabilities and made Gartner’s upper quadrant in their 2021 Endpoint Protection report. Wrap up Zero Trust Architecture The real answer to the question of what is zero trust architecture depends on your most important corporate assets. Any network design should also include consideration of the humans with access to those critical assets. Trust but verify applies to corporate employees as well as geopolitical relationships. Choosing the right vendors and partners to meet your specific objectives will help you implement a solid Zero Trust Architecture. Once implemented it comes down to diligence and persistence. New threats pop up regularly and must be met with an adaptive security posture. Those who don’t adapt and change will be doomed to failure. The post What Is Zero Trust Architecture? appeared first on The New Stack.

A Look at Meta’s Low-Latency Metaverse Infrastructure

Tackling the challenge of providing fast, smooth, jitter-free gameplay with super low end-to-end latency, social media giant in a blog post Thursday. This low-latency gaming platform could also serve as the base Meta’s pending Metaverse, they asserted. Facebook launched its cloud gaming platform in 2020, providing users quick access to native Android and Windows mobile games across all the browsers. Along with high a volume of consumer access came a high volume of developer and engineering challenges. Network, Hosting, and Cluster Management The first step Meta took in providing low end-to-end latency was a physical one — to reduce the distance between the cloud gaming infrastructure and the players themselves. For this Meta used edge computing and deployed in edges that were close to large populations of players. The goal of edge computing is to “have a unified hosting environment to make sure we can run as many games as possible as smoothly as possible,” Meta engineers Xiaoxing Zhu wrote. The more edge computing sites, the lower the user latency. Continue reading

What Is Zero Trust Data Protection?

As cyberattacks continue to escalate; companies grow their use of tech services outside of their network perimeters and the government and other organizations work with ever more sensitive personal, corporate, and government data, there is increasing adoption of zero trust data protection. So, What Is Zero Trust Data Protection? Zero trust data protection is a security methodology that includes a framework of technologies and best practices that an organization needs to define and adopt across their IT environments over time, explained Steve Malone, Sumo Logic director of security product. “It’s the culmination of something that’s been happening in security over the last 20 years, which is the perimeter is not the point of enforcement anymore because of the way that technology works today.” Interest in operating in a zero trust data protection environment has gained plenty of interest in the last few years, according to Michael Gorelik,

The Future of Zero Trust in a Hybrid World

In the first article in this series, we discussed what zero trust security is and why it matters. In the second article in this series, we talked about the benefits of zero trust network access. In this third article installment, we will dive into using zero trust models within container security. In this fourth article, we will discuss the future of zero trust in a world that is increasingly remote.  While remote work originally appeared en masse as a Band-Aid fix for organizations to keep working during the COVID-19 pandemic, it is now decidedly here to stay. According to research from McKinsey shows that most executives no longer plan to have non-essential staff working on-site five days a week. And employees are happily abiding.

VMware to Be Acquired by Broadcom in a $61 Billion Deal

Chipmaker VMware, which was viewed as an acquisition target for server and chip makers looking to grow in the growing data center infrastructure market. The deal, valued at $61 billion, provides a new home for VMware, which is a software technology provider with decades-long partnerships with server and chip makers that include Nvidia, AMD and Intel. VMware has been a free agent for a good part of the last decade and has been bounced around between multiple owners. according to chip research firm IC Insights. Broadcom’s core business is around wireless, networking, cable modem and infrastructure components, which accounted for 73% of the $8.1 billion in Continue reading