In Linux, network-based applications rely on the kernel’s networking stack to establish communication with other systems. While this process is generally efficient and has been optimized over the years, in some cases it can create unnecessary overhead that can affect the overall performance of the system for network-intensive workloads such as web servers and databases. Calico Open Source offer an easier way to tame these technologies. Calico Open Source is a networking and security solution that seamlessly integrates with Kubernetes and other cloud orchestration platforms. While infamous for its policy engine and security capabilities, there are many other features that can be used in an environment by installing Continue reading
And down went all Microsoft 365 services around the world. One popular argument against putting your business trust in the cloud is that if your hyper-cloud provider goes down, so does your business. Well, on the early U.S. East coast morning, it happened. Microsoft Azure went down and along with it went Microsoft 365, Exchange Online, Outlook, SharePoint Online, OneDrive for Business, GitHub, Microsoft Authenticator, and Teams. In short, pretty much everything running on Azure went boom. issues impacting multiple Microsoft 365 services.” Of course, by that time, users were already screaming. As one Reddit user on the sysadmin subreddit, wrote, “rolled back a network change that we believe is causing impact. We’re monitoring the service as the rollback takes effect.” By 9:31 a.m., Microsoft said the disaster was over. “We’ve confirmed that
WebAssembly adoption is exploding. Almost every week at least one startup, SaaS vendor or established software platform provider is either beginning to offer Wasm tools or has already introduced Wasm options in its portfolio, it seems. But how can all of the different offerings compare performance-wise? The good news is that given Wasm’s runtime simplicity, the actual performance at least for runtime can be compared directly among the different WebAssembly offerings. This direct comparison is certainly much easier to do when benchmarking distributed applications that run on or with Kubernetes, containers and microservices. This means whether a Wasm application is running on a browser, an edge device or a server, the computing optimization that Wasm offers in each instance is end-to-end and, and its runtime environment is in a tunnel of sorts — obviously good for security — and not affected by the environments in which it runs as it runs directly on a machine level on the CPU. Historically, Wasm has also been around for a while, before the World Wide Web Consortium (W3C) named it as a web standard in 2019, thus becoming the fourth web standard with HTML, CSS and JavaScript. But while web browser applications have Continue reading
This is the second in a two-part series. For an overview of a typical architecture, how it can be deployed and the right tools to use, please refer to Part 1. Most APIs impose usage limits on number of requests per month and rate limits, such as a maximum of 50 requests per minute. A third-party API can be used by many parts of the system. Handling subscription limits requires the system to track all API calls and raise alerts if the limit will be reached soon. Often, increasing the limit requires human involvement, and alerts need to be raised well in advance. The system deployed must be able to track API usage data persistently to preserve data across service restarts or failures. Also, if the same API is used by multiple applications, collecting those counts and making decisions needs careful design. Rate limits are more complicated. If handed down to the developer, they will invariably add sleep statements, which will solve the problem in the short term; however, in the long run, this leads to complicated issues when the timing changes. A better approach is to use a concurrent data structure that limits rates. Even then, if the Continue reading
Increased regulations and emerging technologies forced telecommunications companies to evolve quickly in recent years. These organizations’ engineers and site reliability engineering (SRE) teams must use technology to improve performance, reliability and service uptime. Learn how WideOpenWest challenges that vary depending on where the company is in their life cycle. Across the industry, businesses must modernize their infrastructure while also maintaining legacy systems. At the same time, new regulations at both the local and federal levels increase the competition within the industry, and new businesses challenge the status quo set by current industry leaders. In recent years, the surge in people working from home requires a more reliable internet connection to handle their increased network bandwidth needs. The increased popularity of smartphones and other devices means there are more devices requiring network connectivity — all without a reduction in network speeds. Latency issues or poor uptime lead to unhappy customers, who then become flight risks. Add to this situation more frequent security breaches, which then requires all businesses to monitor their networks to detect potential breaches faster. InfluxData is the Continue reading
Suppose you operate popup clinics in rural villages and remote locations where there is no internet. You need to capture and share data across the clinic to provide vital healthcare, but if the apps you use require an internet connection to work, they can’t operate in these areas. Or perhaps you’re an oil and gas operator that needs to analyze critical warning data from a pressure sensor on a platform in the North Sea. If the data needs to be processed in cloud data centers, it has to travel incredible distances — at great expense — over unreliable networks. This incurs high degrees of latency, or network slowness, so by the time a result is sent back to the platform, it could be too late to take any action. These kinds of use cases represent a growing class of apps that require 100% uptime and real-time speed, guaranteed — regardless of where they are operating in the world. A fundamental challenge in meeting these requirements remains the network — there are still huge swaths of the globe with little or no internet — meaning apps that depend on connectivity cannot operate in those areas. Emerging advances in network technology are Continue reading
Demand for network automation and orchestration continues to rise as organizations reap the business and technical benefits it brings to their operations, including significant improvements in productivity, cost reduction and efficiency. As a result, many organizations are now looking to the next wave of network orchestration: orchestration across technology domains, more commonly known as Multi-Domain Service Orchestration (MDSO). Early adopters have learned that effectively leveraging automation and orchestration at the domain level doesn’t necessarily translate to the MDSO layer due to the different capabilities required to effectively coordinate and communicate across different technologies. While the potential benefits of MDSO are high, there are unique challenges in multidomain deployments that organizations must tackle. The most obvious difference when orchestrating across domains versus within specific domains is the need to design around the direction your network data will travel. Within a single domain, the activities are primarily focused north to south, and vice versa. Instructions are sent to the domain controller which executes the changes to the network functions. This makes single-domain orchestration relatively straightforward. When you start orchestrating across domains, however, things get a little more complex. Now you need to account for both north/south activities and also for a large Continue reading
As your infrastructure is scaling and you start to get more traffic, it’s important to make sure everything works as expected. This is most commonly done through testing, with load testing being the optimal way of verifying the resilience of your services. Traditionally, load testing has been accomplished via standalone clients, like JMeter. However, as the world of infrastructure has gotten more modern, and organizations are using tools like Kubernetes, it’s important to have a modern toolset as well. With traditional load testing, you’ll commonly run into one of three major issues: Scripting load tests takes a lot of time Load tests typically run in large, complex, end-to-end environments, that are difficult to provision, as well as being expensive for production-scale infrastructure Data and realistic use cases are impossible to mirror one-to-one, unless you have production data A more modern approach is to integrate your load-testing tools directly into your infrastructure. If you’re using Kubernetes, that can be accomplished via something like an
Three years ago, when we posed the question, “Apache Kafka was emerging as the default go-to-publish/subscribe messaging engine for the cloud era. At the time, we drew comparisons with IPO’ed while Databricks continues Pulsar recently emerged as a competing project, but is it game over? Hyperscalers are offering alternatives like Azure Event Hub, and AWS co-markets Confluent Cloud, with a similar arrangement with Jay Kreps evangelized streaming using electricity as the metaphor. Kreps positioned streaming as pivotal to the next wave of apps in chicken and egg terms. That is, when electricity Continue reading
How Idit Levine’s Athletic Past Fueled Solo.io‘s Startup “I was basically going to compete with all my international friends for two minutes without parents, without anything,” Levine said. “I think it made me who I am today. It’s really giving you a lot of confidence to teach you how to handle situations … stay calm and still focus.” Developing that calm and focus proved an asset during Levine’s subsequent career in professional basketball in Israel, and when she later started her own company. In this episode of The Tech Founder Odyssey podcast series, Levine, founder and CEO of Colleen Coll and Heather Joslyn of The New Stack After finishing school and service in the Israeli Army, Levine was still unsure of what she wanted to do. She noticed her brother and sister’s fascination with computers. Soon enough, she recalled, “I picked up a book to teach myself how to program.” Continue reading
When Patrick Markert started AmeriSave, only general guidelines for determining rates were available online. “At that time, finance was very old-school, with lots of paper and face-to-face visits,” said
William Morgan William is the co-founder and CEO of Buoyant, the creator of the open source service mesh projects Linkerd. Prior to Buoyant, he was an infrastructure engineer at Twitter, where he helped move Twitter from a failing monolithic Ruby on Rails app to a highly distributed, fault-tolerant microservice architecture. He was a software engineer at Powerset, Microsoft, and Adap.tv, a research scientist at MITRE, and holds an MS in computer science from Stanford University. eBPF is a hot topic in the Kubernetes world, and the idea of using it to build a “sidecar-free service mesh” has generated recent buzz. Proponents of this idea claim that eBPF lets them reduce service mesh complexity by removing sidecars. What’s left unsaid is that this model simply replaces sidecar proxies with multitenant per-host proxies — a significant step backward for both security and operability that increases, not decreases, complexity. The sidecar model represents a tremendous advancement for the industry. Sidecars allow the dynamic injection of functionality into the application at runtime, while — critically — retaining all the isolation guarantees achieved by containers. Moving from sidecars back to multitenant, shared proxies loses this critical isolation and results in significant regressions in security Continue reading
Keith McClellan Keith McClellan is director, partner solutions engineering, at Cockroach Labs These days, most application architecture is distributed by default: connected microservices running in containers in a cloud environment. Organizations large and small now deploy thousands of containers every day — a complexity of scale that is almost incomprehensible. The vast majority of organizations depend upon Kubernetes (K8s) to orchestrate, automate and manage all these workloads. So what happens, then, when something happens with Kubernetes? A fault domain is the area of a distributed system that suffers the impact when a critical piece of infrastructure or network service experiences problems. Has Kubernetes become the next fault domain? Contemplating the disaster of a Kubernetes-related application failure is the stuff of DevOps nightmares. But in disaster, there is also opportunity: Kubernetes has the potential to help us have a common operating experience across data centers, cloud regions and even clouds by becoming the fault domain we design our high availability (HA) applications to survive. Kubernetes as Common Operating System Many distributed applications need to be distributed as close to users as possible, so let’s say we want to build a three-region cluster. Without Kubernetes, even in a single cloud, that means Continue reading
Web Application Firewalls (WAF) first emerged in the late 1990s as Web server attacks became more common. Today, in the context of cloud native technologies, there’s an ongoing rethinking of how a WAF should be applied. No longer is it solely static applications sitting behind a WAF, said Tigera CEO
Van Phan Van is a technical product marketing manager for Consul at HashiCorp. He has been in the infrastructure space for most of his career and loves learning about new technologies and getting his hands dirty. When not staring at his computer screen, he's sharing pictures of food to his wife's dismay. Even as service mesh adoption continues to grow, some organizations are still trying to understand the full extent of what a service mesh can and can’t do. They may not realize that a service mesh is not just another single-purpose tool, but one that addresses a wide variety of networking needs. A service mesh may actually help consolidate multiple existing tools to help reduce management toil and costs. Just take a look at these two multicloud network architectures. Automating and offloading network services and security-related capabilities onto a cloud-agnostic service mesh can help simplify management in multicloud environments. Multicloud architecture using cloud-vendor-specific networking solutions: Using a cloud-agnostic service mesh: Many service mesh products include service discovery, zero trust networking and load-balancing capabilities, while some other service mesh products extend even further to provide multicloud/multiruntime connectivity, network automation and north-south traffic control. Let’s take a look at the capabilities Continue reading
I’m sure, like me, you welcomed the IETF standard (Internet Engineering Task Force). No, of course, you didn’t — the web just works, so why worry about it? But if you are vaguely intrigued about why the change is happening, here is a short breakdown of the history behind it. Then we will get into the reasons why you should adopt it for your company. HTTP/3 is the third version of the Hypertext Transfer Protocol (HTTP), and was previously known as HTTP-over-QUIC. QUIC was initially developed by Google and is the successor of HTTP/2. Companies such as Google and Facebook already use QUIC to speed up the web. A Very Short History of HTTP Back in the day, there were two internet protocols that you could choose to work with. Even before the web, we still had to squirt packets of information (or datagrams) from one machine to another across the internet. For a games developer, the important protocol was UDP (User Datagram Protocol). This was the quick, fire and forget standard: you threw a packet across the network Continue reading
It seems like we’ve been hearing about 5G for years now, and how when it’s here, it will revolutionize connectivity as we know it. Steve Dalby Steve is a director in the MongoDB Industry Solutions team, where he focuses on how MongoDB technology can be leveraged to solve challenges faced by organizations working in the telecommunications industry. Prior to this role, Steve held numerous leadership roles with MongoDB’s professional services team in EMEA. Well, 5G is here, but beyond faster or more reliable cell service, few companies have begun to tap into the potential 5G holds for both business-to-business and business-to-consumer innovation. In fact, this potential extends beyond the telecommunications industry into nearly all sectors that rely on connectivity, like the manufacturing, automotive and even agricultural industries, among others. By using the power of 5G networks and pairing that with intelligent software, enterprises can embrace the next generation of industry by launching IoT solutions and enabling enhanced data collection at the edge. This article will explore key questions around the slow move toward 5G innovation and how mobile edge computing can accelerate the push to near-instantaneous network connectivity. What’s Standing in the Way of Innovation? When COVID-19 hit, numerous companies Continue reading
Ever since CVE-2022-2274, didn’t reach Heartbleed levels of ick, but it was more than bad enough. What happened was that the OpenSSL 3.0.4 release introduced a serious RSA bug in X86-64 CPUs supporting the AVX512 IFMA instructions. This set of CPU single instruction, multiple data (SIMD) instructions for floating-point operations per second (FLOPS) was introduced in 2018. You’ll find it in pretty much every serious Intel processor, from Skylake to AMD’s forthcoming Zen 4. In other words, it’s probably in every server you’re currently running. Is that great news or what? Memory Corruption The problem is that RSA 2048-bit private key implementations fail on this chip architecture. Adding insult to injury, memory corruption results during the computation. The last straw? An attacker can use this memory corruption to trigger a remote code execution (RCE) on the machine. Exploiting it might not be easy, but it is doable. And, even if an attack isn’t that reliable, if it’s used to hit a server that constantly respawns, say a web server, it Continue reading
If data is the lifeblood of enterprise applications, networks are the arteries. Wayne Carter Wayne is vice president of engineering at Couchbase. Before Couchbase, Wayne spent seven years at Oracle as the architect responsible for driving mobile innovation within the CRM and SaaS product lines. He has 10 patents and patents pending from his work there. Networks are so vital because they enable business, human and mission-critical processes by connecting organizations with customers, employees and partners, increasing efficiency, powering automation, driving engagement and accelerating productivity. Networks are the glue that knit modern applications together. But apps can only be as available and fast as the network that underpins them. Achieving high levels of reliability and speed are keys to success. Network disruptions and slowness are a daily reality that lead to downtime with Starlink. Dancing with the Stars Continue reading
Here a security hole, there a security hole, everywhere a security hole. One of the latest is an obnoxious one labeled Apache HTTP Server‘s CVE-2022-23943, an Apache memory corruption vulnerability in mod_sed, was uncovered. This one was an out-of-bounds Write vulnerability that enabled attackers to overwrite heap memory. When you say, “overwrite heap memory,” you know it’s bad news. This impacted the Apache HTTP Server 2.4 version 2.4.52 and earlier versions. New Problems It was quickly fixed. But, JFrog Security Research team’s Security Research Tech Lead, worried that while the