NSX-T Infrastructure Deployment Using Ansible
VMware NSX-T Data Center 2.4 was a major release adding new functionality for virtualized network and security for public, private and hybrid clouds. The release includes a rich set of features including IPv6 support, context-aware firewall, network introspection features, a new intent-based networking user interface and many more.
Along with these features, another important infrastructure change is the ability to deploy highly-available clustered management and control plane.
What is the Highly-Available Cluster?
The highly-avilable cluster consists of three NSX nodes where each node contains the management plane and control plane services. The three nodes form a cluster to give a highly-available management plane and control plane. It provides application programming interface (API) and graphical user interface (GUI) for clients. It can be accessed from any of the manager or a single VIP associated with the cluster. The VIP can be provided by NSX or can be created using an external Load Balancer. It makes operations easier with less systems to monitor, maintain and upgrade.
Besides a NSX cluster, you will have to create Transport Zones, Host and Edge Transport Nodes to consume NSX-T Data Center.
- A Transport Zone defines the scope of hosts and virtual machines (VMs) for participation Continue reading
Pluribus Unveils White Box Gateway Router With Deep Slicing Capabilities
Pluribus calls the product the “industry’s first,” and IHS Markit analyst Michael Howard says...
Copyright 2019 SDxCentral, LLC; For non-commercial use
Google Cloud Lassos Data Analytics Provider Looker for $2.6B
An analyst noted that the deal will help Google Cloud better compete against Microsoft's BI Power...
Copyright 2019 SDxCentral, LLC; For non-commercial use
LF Edge Targets Telcos With Akraino Edge Stack Release
Akraino is an open source software stack designed to improve and expand the flexibility of edge...
Copyright 2019 SDxCentral, LLC; For non-commercial use
A10 Networks ACOS Critical Insecure Cookie Vulnerability 2 of 2
The following summarizes an HTTP persistence cookie vulnerability that I identified in A10 ACOS ADC software. This was disclosed to A10 Networks in June 2016 and has now been resolved.
As noted in a previous post, ACOS uses insecure HTTP/HTTPS persistence cookies which can allow a malicious user to craft a cookie determining the server and port to which a persistent session should be sent. In addition, for vports using the default “port-based” HTTP cookie persistence, it was discovered that when using the default persistence cookie type, ACOS does not perform a check to ensure that the server/port defined in the cookie is within the configured service-group for that VIP.
The only sanity check appears to be to ensure that the server IP read from the cookie has been configured on the A10 within the same partition. If that constraint is met, packets will be forwarded by ACOS to the real server based solely on the value contained in the cookie. This is extremely serious as it allows a malicious user to connect, for example, through a public VIP and access back end servers used by other VIPs, including those only accessible via internal IPs.
SUMMARY OF VULNERABILITY
When using Continue reading
Cisco Scoops Up IoT Security Startup Sentryo
The companies won’t reveal the purchase price, but Cisco has paid billions for IoT startups in...
Copyright 2019 SDxCentral, LLC; For non-commercial use
Orange Business Services Adds Riverbed’s Aternity to Support SD-WAN
The enterprise services provider plans to offer Aternity as a managed service within its...
Copyright 2019 SDxCentral, LLC; For non-commercial use
Improving Network Performance and Lowering Costs for Managed Service Providers and Cloud Service Providers
Today Pluribus is introducing the industry’s first fully virtualized white box multi-tenant data center gateway router (DCGR). After examining the...Why I’m helping Cloudflare build its partnerships worldwide
Cloudflare has always had an audacious mission: to help build a better Internet. From its inception, the company realized that a mission this big couldn’t be taken on alone. Such an undertaking would require the help of an extraordinary group of partners. Early in the company’s history, Cloudflare built strong relationships with many hosting providers to protect and accelerate internet traffic. And through the years, Cloudflare has continued to build some amazing Enterprise partnerships and strategic alliances.
As we continue to grow and foster our partner ecosystem, we are excited to announce Cloudflare’s next iteration of its Partner Program—to engage and enable an equally audacious set of partners that want to help build a better Internet, together.
I recently joined Cloudflare to run Global Channel Sales & Partnerships after spending over nine years at Google Cloud in various indirect and direct leadership roles. At Google, I witnessed the powerful impact that a strong partner ecosystem could have on solving complex organizational and societal problems. By combining innovative technologies provided by the manufacturer, with deep domain expertise provided by the partner, we delivered valuable industry solutions to our customers. And through this process, we helped our partners build valuable businesses, accelerate Continue reading
Cloudflare Partners: A New Program with New Partners
Many overlook a critical portion of the language in Cloudflare’s mission: “to help build a better Internet.” From the beginning, we knew a mission this bold, an undertaking of this magnitude, couldn’t be done alone. We could only help. To ultimately build a better Internet, it would take a diverse and engaged ecosystem of technologies, customers, partners, and end-users. Fortunately, we’ve been able to work with amazing partners as we’ve grown, and we are eager to announce new, specific programs to grow our ecosystem with an increasingly diverse set of partners.
Today, we’re excited to announce the latest iteration of our partnership program for solutions partners. These categories encompass resellers and referral partners, OEM partners, and the new partner services program. Over the past few years, we’ve grown and learned from some amazing partnerships, and want to bring those best practices to our latest partners at scale—to help them grow their business with Cloudflare’s global network.
Partner Program for Solution Partners
Every partner program out there has tiers, and Cloudflare’s program is no exception. However, our tiering was built to help our partners ramp up, accelerate and move fast. As Matt Harrell highlighted, we Continue reading
Announcing the New Cloudflare Partner Platform
When I first started at Cloudflare over two years ago, one of the first things I was tasked with was to help evolve our partner platform to support the changes in our service and the expanding needs of our partners and customers. Cloudflare’s existing partner platform was released in 2010. It is a testament to those who built it, that it was, and still is, in use today—but it was also clear that the landscape had substantially changed.
Since the launch of the existing partner platform, we had built and expanded multi-user access, and launched many new products: Argo, Load Balancing, and Cloudflare Workers, to name a few. Retrofitting the existing offering was not practical. Cloudflare needed a new partner platform that could meet the needs of partners and their customers.
As the team started to develop a new solution, we needed to find a partner who could keep us on the right path. The number of hypotheticals were infinite and we needed a first customer to ground ourselves. Lo and behold, not long after I had begun putting pen to paper, we found the perfect partner for the new platform.
The IBM Partnership
IBM was looking for a partner Continue reading