Archive

Category Archives for "Networking – The New Stack"

How to Make the Most of Kubernetes Environment Variables

In traditional systems, environment variables play an important role, but not always a crucial one. Some applications make more use of environment variables than others. Some prefer configuration files over environment variables. However, when it comes to Kubernetes, environment variables are more important than you might think. It’s partially due to the way containers work in general and partially due to the specifics of Kubernetes. In this post, you’ll learn all about environment variables in Kubernetes. Traditionally, environment variables are dynamic key-value variables that are accessible to any process running on the system. The Basics Let’s start with the basics. What are environment variables and why do they exist? Traditionally, environment variables are dynamic key-value variables that are accessible to any process running on the system. The operating system itself will set many environment variables that help running processes understand the specifics of the system. Thanks to this, software developers can include logic in their software that makes the programs adjustable to a specific operating system. Environment variables also hold a lot of important information about the user, things like username, preferred language, user home directory path and many other useful bits of information. User-Defined Environment Variables Dawid Ziolkowski Dawid Continue reading

How We Built Preview Environments on Kubernetes and AWS

Romaric Philogène Romaric is CEO and co-founder of Qovery with more than 10 years of experience in site reliability engineering and software development. For two years at Qovery, we built a Qovery Engine. Environment On Qovery, every application and database belong to an environment. It is a logical entity that links all resources together. When turning on the Preview Environment feature, Qovery will duplicate an Continue reading

Microsoft Brings eBPF to Windows

If  you want to run code to provide observability, security or network functionality, running it in the kernel of your operating system gives you a lot of power because that kernel can see and control everything on the system. That’s powerful, but potentially intrusive or dangerous if you get it wrong, whether that’s introducing a vulnerability or just slowing the system down. If you’re looking for a way to take advantage of that kind of privileged context without the potential danger, eBPF is emerging as an alternative — and now it’s coming to Windows. Not Just Networking Originally eBPF stood for “extended Berkeley Packet Filter”, updating the open source networking tool that puts a packet filter in the Linux kernel for higher performance packet tracing (now often called cBPF for classic BPF). But it’s now a generic mechanism for running many kinds of code safely in a privileged context by using a sandbox, with application monitoring, profiling and security workloads as well as networking, so it’s not really an acronym anymore. That privileged context doesn’t even have to be an OS kernel, although it still tends to be, with eBPF being a more stable and secure alternative to kernel modules Continue reading

WAF: Securing Applications at the Edge

Sheraline Barthelmy Sheraline is the head of product, marketing and customer success at Cox Edge, an edge cloud startup from Cox Communications. At Cox Edge, she's focused on developing the tools and systems that customers and developers rely on to build the next generation of edge applications. These days, brick-and-mortar or television-based bank robberies and heists seem old-fashioned no matter how well planned or executed. What the new “money” criminals are after is personal data. And the “banks” being attacked are the growing number of web applications. Studies show that web application attacks have become the single most significant cause of data breaches. According to NTT’s 2020 Global Threat Intelligence Report (GTIR), more than half (55%) of all attacks in 2019 were a mix of web application and application-specific attacks, up from 32% the year before. As organizations move away from VPNs, virtual machines and centralized management systems to distributing and even running applications at the edge, conventional perimeter-based security like network firewalls isn’t enough. The best defense is a firewall that can mitigate application-layer attacks. Web Application Firewall (WAF) A WAF helps protect web applications from application-layer attacks like cross-site scripting, SQL injection attacks, remote file inclusion and cookie Continue reading

Cisco Brings Webex Collaboration to SD-WAN Cloud Program

The dramatic shift to remote work brought on two years ago by the onset of the COVID-19 pandemic forced companies to almost overnight not only adapt their business models but also to focus on technologies that would allow them and their employees to operate productively and securely. That included embracing connectivity solutions to ensure access to the applications and data critical for getting the job done and collaboration tools to enable employees to more easily work together even if they were located many miles apart. All that has accelerated the growth in such markets at software-defined networking (SD-WAN) and video conferencing and remote communications offerings like Microsoft Teams, Cisco System’s Webex and Zoom. Reliance on such technologies will only grow, given that many companies expect to continue a hybrid work environment even after the pandemic lifts. blog post this week pointed to numbers from Gartner that showed that 48% of employees are expected to work remotely post-pandemic and that hybrid workplaces will become commonplace. “In this new norm, seamless communication and collaboration will be the bare minimum for enterprises to achieve workforce productivity Continue reading

Confluent’s Q1 Updates: ‘Data Mesh vs. Data Mess’

Confluent says it will release a series of updates to its data streaming platform every quarter. In this quarter, the updates consist of a number of new features built from the Apache Kafka open source distributed event streaming platform. They include schema linking, new controls to shrink capacity for clusters on-demand and new fully managed Kafka connectors. The new capabilities “can make a huge difference in creating a data mesh versus a data mess,” Schema Linking gives organizations the freedom to develop without the risk of damaging production, Rosanova told The New Stack. “Dev and prod generally don’t talk to one another — because production environments are so sensitive, you don’t want to give everyone access,” Rosanova said. With Schema Linking, built on top of Cluster Linking, schemas can be shared that sync in real-time across teams, organizations and environments, such with hybrid and multicloud environments. “This is far more scalable and efficient compared to workarounds I’ve seen where people are literally sharing schemas through spreadsheets,” Rosanova said. Much verbiage is devoted to scaling, but how to dynamically adjust network resources for resource savings when needed to avoid redundancy is often not addressed. As Rosanova noted, organizations maintain high availability by beefing up their capacity to handle spikes in traffic and avoid downtime. “We added a simple, self-service way to scale back capacity so customers no longer have to worry about wasting resources on capacity they don’t use. These clusters also automatically rebalance your data every time you scale up or down,” Rosanova said. “This solves the really hard challenge of rebalancing workloads while they are running. It’s like changing the tires on a moving car. Now you can optimize data placement without disrupting the real-time flow of information.” New Connectors Confluent’s new release now features over 50 managed connectors for Confluent Cloud. The idea behind Confluent’s Apache Kafka connectors is to facilitate network connections for data streaming with data sources and sinks that organizations select. In the last six months, Confluent more than doubled the number of managed connectors it offers, Rosanova said. “Once one system is connected, two more need to be added, and so on,” he said. “We are bringing real-time data to traditional, non-real-time places to quickly modernize companies’ applications. This is a significant need that continues to grow.” Kafka has emerged as a leading data streaming platform and Confluent continues to evolve with it, Rosanova said. “We are improving what businesses can accomplish with Kafka through these new capabilities. Real-time data streaming continues to play an important role in the services and experiences that set organizations apart,” Rosanova said. “We want to make real-time data streaming within reach for any organization and are continuing to build a platform that is cloud native, complete, and available everywhere.” Confluent’s connector list now includes: Data warehouse connectors: Snowflake, Google BigQuery, Azure Synapse Analytics, Amazon Redshift. Database connectors: MongoDB Atlas, PostgreSQL, MySQL, Microsoft SQL Server, Azure. Cosmos DB, Amazon DynamoDB, Oracle Database, Redis, Google BigTable. Data lake connectors: Amazon S3, Google Cloud Storage, Azure Blob Storage, Azure Data. Lake Storage Gen 2, Databricks Delta Lake. Additionally, Confluent has improved access to popular tools for network monitoring. The platform now offers integrations with Datadog and Prometheus. “With a few clicks, operators have deeper, end-to-end visibility into Confluent Cloud within the monitoring tools they already use,”blog post. The post Confluent’s Q1 Updates: ‘Data Mesh vs. Data Mess’ appeared first on The New Stack.

Makings of a Web3 Stack: Agoric, IPFS, Cosmos Network

Want an easy way to get started in Web3? Download a Dietrich Ayala, IPFS Ecosystem Growth Engineer, Rowland Graus, head of product for Marko Baricevic, software engineer for Cosmos Network. an open source technology to help blockchains interoperate. Each participant describes the role in the Web3 ecosystem where their respective technologies play. These technologies are often used together, so they represent an emerging blockchain stack of sorts. TNS editor-in-chief Joab Jackson hosted the Continue reading

Anomaly Detection: Glimpse into the Future of IoT Data

Margaret Lee Margaret is senior vice president and general manager of digital service and operations management for BMC Software, Inc. She has P&L responsibility for the company’s full suite of BMC Helix solutions for IT service management and IT operations management. Big data and the internet-of-things go hand in hand. With the continued proliferation of IoT devices — one prognosticator estimates there will be

Lessons Learned from 6 Years of IO Scheduling at ScyllaDB

Pavel (Xemul) Emelyanov Pavel is a principal engineer at ScyllaDB. He is an ex-Linux kernel hacker now speeding up row cache, tweaking the IO scheduler and helping to pay back technical debt for component interdependencies. Scheduling requests of any kind always serves one purpose: gain control over the priorities of those requests. In the priority-less system, there’s no need to schedule; just putting whatever arrives into the queue and waiting until it finishes is enough. I’m a principal engineer for

Using Rustlang’s Async Tokio Runtime for CPU-Bound Tasks

Despite the term async and its association with asynchronous network I/O, this blog post argues that the Tokio.rs describes it as: “an asynchronous runtime for the Rust programming language. It provides the building blocks needed for writing network applications.” While this description emphasizes Tokio’s use for network communications, the runtime can be used for other purposes, as we will explore below. Why Use Tokio for CPU tasks? It turns out that modern analytics engines invariably need to Continue reading

Solo.io Brings ‘Docker-Like Experience’ to eBPF with BumbleBee

Service mesh integration software provider BumbleBee, a new open source project that it extended Berkeley Packet Filter (eBPF) in order to “shortcut the HTTP stack,” said Solo.io CEO and founder BPF Type Format (BTF), explained Levine, “(along with some smarts added to clang) enables the BPF program loader to fix the BPF byte code to work correctly on different versions of the kernel. For example, if a BPF program accesses a struct, clang now stores all these struct access in a special location in the BPF program binary. libbpf can go to each of these struct accesses, and use BTF information from the current kernel (obtained at runtime) to fix these accesses to the correct offset.” BumbleBee to the Rescue With the addition of BTF, Solo.io created BumbleBee, which not only uses BTF to parse and bring to the user space the maps of eBPF programs, but also uses the get started.

Redis Pub/Sub vs. Apache Kafka

Redis is the “Swiss Army knife” of it’s often used for caching, but it does even more. It can also function as a loosely coupled distributed message broker, so in this article, we’ll have a look at the original Redis messaging approach, Redis Pub/Sub, explore some use cases and compare it with Apache Kafka. 1. Redis Pub/Sub A Beatles-inspired submarine cocktail. Evlakhov Valerii The theme of “pub” pops up frequently in my articles. In a previous article, I wrote about a conversation in an outback pub, “

Tailscale: A Virtual Private Network for Zero Trust Security

Well before launching their company, the founders of problems with VPN security had already emerged before the pandemic. Since then, the big jump in remote work sparked by lockdowns has only revealed just how vulnerable they can be. Even enterprise-grade VPNs are riddled with security problems. In fact, a Zscaler David Cranshaw and Chief Operating Officer Avery Pennarun wanted to give developers a secure, scalable alternative to traditional VPNs. “Our big vision is to help developers be reasonable about scale,” said Pennarun, a former Google engineer. Although Continue reading

10 Criteria to Evaluate Your Cloud Network Security Solution

As organizations expand their cloud adoption and business-critical use cases, security of their cloud infrastructure often becomes more complex. For this reason, analysts and advisors recommend that organizations take a unified, multilayer approach to protect their cloud deployments and ensure a robust cloud security posture. Approaches like the one just mentioned have eased security concerns, as cited in a shared responsibility model, at the infrastructure layer (IaaS), cloud providers are responsible for securing their compute-network-storage infrastructure resources. This leaves cloud users responsible for protecting the data, apps and other assets deployed on the infrastructure. Cloud providers offer a number of tools and services to help users uphold their end of the shared responsibility model, and they are important elements Continue reading

Real-Time Observability with InfluxDB for BAI Communications

Jason Myers Jason is a technical marketing writer at InfluxData. In public transportation, there’s little room for error when it comes to passenger safety. At the same time, rail operators don’t have bottomless financial resources to oversee their rail system. The team at BAI Communications in Toronto faced these two, diametrically opposed realities. Fortunately, by using their existing network infrastructure, a time-series platform and a sizable helping of ingenuity, the BAI team was able to close that gap between their technical needs and cost. Here’s how they did it. Background BAI Communications is a global company and a leader in providing communications infrastructure, pioneering the future of advanced connectivity and delivering the ubiquitous coverage that can transform lives, power business ambitions and shape the future of our cities. The company focuses on three key verticals: broadcast, neutral host and 5G, and transit. It seeks to enrich lives by connecting communities and advancing economies. BAI manages and operates the networking infrastructure for T-Connect, the wireless network used by the Toronto Transit Commission (TTC). T-Connect averages over 200,000 daily sessions, and over 5 million every month from approximately 100,000 unique devices every weekday. The T-Connect network consists of more than 1,000 access Continue reading

Confluent Platform 7.0: Data Streaming Across Multiclouds

The challenge is clear: How to offer real- or near real-time access to data that is continually refreshed across a number of different distributed environments. With different types of data streaming from various sources such as multicloud and on-premises environments, the data, often in shared digital layers such as so-called digital information hubs (DIHs), must be updated asynchronously. This is necessary in order to maintain a consistent user experience. To that end, data streaming platform provider Apache Kafka, hundreds of different applications and data systems can use it to migrate to the cloud or share data between their data center and the public cloud, Confluent says. Traditionally, syncing data between multiple clouds or between on-premises and the cloud was “like a bad game of telephone,”

SC21: Fugaku Still Fastest Supercomputer as Exascale Looms

The latest release of the list of the fastest supercomputers in the world showed little movement for an HPC industry that is anxiously waiting for long-discussed exascale systems to come online. Japan’s massive Top500 list of the world’s fastest systems, a position it first reached in the summer of 2020. The latest list was released this week at the start of the

Prossimo: Making the Internet Memory Safe

The Let’s Encrypt certificate authority, but it has also turned its hand to fixing memory problems. It sponsors, via Google, so Rust in Linux in no small part to fix its built-in C memory problems. And, it also has a whole department, Rustls, a safer memory-safe code. Memory-safe programs are written in languages that avoid the usual use after free problems. C, C++, and Assembly, for all their speed, make it all too easy to make these kinds of mistakes. Languages such as Rust, Go, and C#, however, Continue reading

How eBPF Streamlines the Service Mesh

There are several service mesh products and projects today, promising simplified connectivity between application microservices, while at the same time offering additional capabilities like secured connections, observability, and traffic management. But as we’ve seen repeatedly over the last few years, the excitement about service mesh has been tempered by practical additional overhead. Let’s explore how Envoy or wrote about his experiences configuring Istio to reduce consumption from around 1GB per proxy (!) to a much more reasonable 60-70MB each. But even in our Continue reading

Create a Monitoring Subnet in Microsoft Azure to Feed a Security Stack

Andy Idsinga Andy Idsinga is a Cloud Engineering Manager and senior Cloud Solutions Architect at cPacket Networks. Andy has been a software engineer and architect since 1994 at Symantec, Intel and other technology companies. He’s worked on firmware for smart watches, RFID transceiver chipsets, and led a team in developing a new smart bracelet as part of Intel’s internal startup incubator. He lives in Portland, OR. The 2021 Verizon

1 5 6 7 8 9 16