Archive

Category Archives for "Networking"

Geo Key Manager: How It Works

Today we announced Geo Key Manager, a feature that gives customers unprecedented control over where their private keys are stored when uploaded to Cloudflare. This feature builds on a previous Cloudflare innovation called Keyless SSL and a novel cryptographic access control mechanism based on both identity-based encryption and broadcast encryption. In this post we’ll explain the technical details of this feature, the first of its kind in the industry, and how Cloudflare leveraged its existing network and technologies to build it.

Keys in different area codes

Cloudflare launched Keyless SSL three years ago to wide acclaim. With Keyless SSL, customers are able to take advantage of the full benefits of Cloudflare’s network while keeping their HTTPS private keys inside their own infrastructure. Keyless SSL has been popular with customers in industries with regulations around the control of access to private keys, such as the financial industry. Keyless SSL adoption has been slower outside these regulated industries, partly because it requires customers to run custom software (the key server) inside their infrastructure.

Standard Configuration

Standard Configuration

Keyless SSL

Keyless SSL

One of the motivating use cases for Keyless SSL was the expectation that customers may not trust a third party like Cloudflare with their Continue reading

Introducing the Cloudflare Geo Key Manager

Introducing the Cloudflare Geo Key Manager

Introducing the Cloudflare Geo Key Manager

Cloudflare’s customers recognize that they need to protect the confidentiality and integrity of communications with their web visitors. The widely accepted solution to this problem is to use the SSL/TLS protocol to establish an encrypted HTTPS session, over which secure requests can then be sent. Eavesdropping is protected against as only those who have access to the “private key” can legitimately identify themselves to browsers and decrypt encrypted requests.

Today, more than half of all traffic on the web uses HTTPS—but this was not always the case. In the early days of SSL, the protocol was viewed as slow as each encrypted request required two round trips between the user’s browser and web server. Companies like Cloudflare solved this problem by putting web servers close to end users and utilizing session resumption to eliminate those round trips for all but the very first request.

Expanding footprint meets geopolitical concerns

As Internet adoption grew around the world, with companies increasingly serving global and more remote audiences, providers like Cloudflare had to continue expanding their physical footprint to keep up with demand. As of the date this blog post was published, Cloudflare has data centers in over 55 countries, and we continue Continue reading

IDG Contributor Network: How will you connect AWS, Azure, and Google Cloud to your SD-WAN?

I’ve been spending a lot of time the past few weeks reviewing SD-WAN vendor cloud offerings. Maybe it’s because of some the announcements in the area. It triggered a bunch of questions from my customers. Maybe it’s because a lot of folks seem to be waking up to the importance of connecting their SD-WAN into the cloud.Regardless, what’s become increasingly apparent to me are the vast differences between vendor implementations. At first glance, the cloud would seem to be just like any other site. Add an SD-WAN node as you would with any other location, let it connect into the SD-WAN, and voila! Job done. Oh, how I wish it was that simple.SD-WAN cloud configurations are like that sweet, devilish 5-year old who can terrorize your home while looking delightfully cherubic. Different tools are needed to manage cloud implementations than the cloud. Routing into the IaaS cloud is rarely simple. Properly configuring the cloud—setting up the VPCs, installing the SD-WAN nodes, provisioning the IPsec connectivity—all take time. It’s why SD-WAN vendors have made a point of introducing cloud-specific implementations.To read this article in full or to leave a comment, please click here

Up next: Disposable IoT

What if every package shipped contained a $0.20 tracker chip that could report when and approximately where the package was opened?That's a service that internet-of-things wireless network operator Sigfox thinks its partners could offer over the next year.It demonstrated a prototype wireless module contained in a cardboard envelope at its partner meeting in Prague on Tuesday, triggering the sending of a text message when the envelope was opened.Ripping open the envelope, Sigfox scientific director Christophe Fourtet showed off what he described as "an ultra-thin battery, ultra-thin contacts, and an ultra-low cost module, a few tens of cents." Seconds later, his phone buzzed to report delivery of the package.To read this article in full or to leave a comment, please click here

Up next: Disposable IoT

What if every package shipped contained a $0.20 tracker chip that could report when and approximately where the package was opened?That's a service that internet-of-things wireless network operator Sigfox thinks its partners could offer over the next year.It demonstrated a prototype wireless module contained in a cardboard envelope at its partner meeting in Prague on Tuesday, triggering the sending of a text message when the envelope was opened.Ripping open the envelope, Sigfox scientific director Christophe Fourtet showed off what he described as "an ultra-thin battery, ultra-thin contacts, and an ultra-low cost module, a few tens of cents." Seconds later, his phone buzzed to report delivery of the package.To read this article in full or to leave a comment, please click here

Managing users on Linux systems

Your Linux users may not be raging bulls, but keeping them happy is always a challenge as it involves managing their accounts, monitoring their access rights, tracking down the solutions to problems they run into, and keeping them informed about important changes on the systems they use. Here are some of the tasks and tools that make the job a little easier.Configuring accounts Adding and removing accounts is the easier part of managing users, but there are still a lot of options to consider. Whether you use a desktop tool or go with command line options, the process is largely automated. You can set up a new user with a command as simple as adduser jdoe and a number of things will happen. John’s account will be created using the next available UID and likely populated with a number of files that help to configure his account. When you run the adduser command with a single argument (the new username), it will prompt for some additional information and explain what it is doing.To read this article in full or to leave a comment, please click here

BrandPost: When It Comes To SD-WANs, WAN Optimization Should Be A No-Brainer

As someone who has been following enterprise WAN architectures for decades, I find their evolution fascinating, especially the number of new technologies that have been deployed in isolation. For example, WAN optimization and SD-WANs are often discussed as separate solutions.  From my perspective, I can’t fathom why a business would deploy an SD-WAN and not implement WAN optimization as part of it.  If you’re going to go through the work of modernizing your WAN architecture, then why wouldn’t you integrate optimization technologies into your deployment right from the start?To read this article in full or to leave a comment, please click here

Celebrating 25 Years of Advocacy

It’s been a week of jubilation: The Internet Society celebrated 25 years of advocacy for an open, globally-connected, and secure Internet with events that crisscrossed the globe. The festivities kicked off at the University of California Los Angeles campus where in 1969 the first message was sent over ARPANET – the Internet’s predecessor.

On 18 September, the 25 Under 25 award ceremony honored young people around the world for their extraordinary work. Born in the age of the Internet, these everyday heroes are passionate about using it to make a positive impact on their communities. Their projects include connecting people with disabilities to employment opportunities, using AI to identify fake news, and humanizing issues affecting refugees and the LGBT community.

Learn more about the 25 Under 25 awardees

Watch the 25 Under 25 Award Ceremony

Just a few hours later, the 2017 Internet Society Global Internet Report: Paths to Our Digital Future was launched. The interactive report, the result of in-depth interviews, roundtables, and surveys conducted in 160 countries and 21 regions around the world, offers a glimpse into how the future of the Internet might impact humanity. The report encourages you to explore paths to our digital future, asks thought-provoking Continue reading

BrandPost: Find the Path to Networking Nirvana

Almost all enterprise-class organizations are sitting atop a pile of existing network infrastructure, dealing with the headaches of a complex hardware lifecycle. Many would like to find a smooth path to a virtual networking future in which hardware is no longer a barrier to change, but instead a gateway to flexible network options. Ask enterprise IT decision makers these days to select from a menu of connectivity options and odds are the top choice will be an “All of the above” response. They want bandwidth on demand, a manageable number of connectivity options to suit a distributed workforce, scalability, and the lowest cost. That networking nirvana may not be as far in the future as you once thought.To read this article in full or to leave a comment, please click here

At Ignite, Microsoft extends hybrid cloud beyond just infrastructure

For years Microsoft has talked about, previewed and at some times delayed the release of its Azure Stack hybrid cloud computing platform.But this week at its Ignite conference in Orlando Microsoft announced that Azure Stack is now shipping to customers, and in doing so the company is pitching its hybrid cloud platform as being about more than just connecting customer data centers to the public cloud.+MORE AT NETWORK WORLD: Azure Stack: Microsoft’s private-cloud platform and what IT pros need to know about it +To read this article in full or to leave a comment, please click here

Exciting new things for Docker with Windows Server 1709

What a difference a year makes… last September, Microsoft and Docker launched Docker Enterprise Edition (EE), a Containers-as-a-Service platform for IT that manages and secures diverse applications across disparate infrastructures, for Windows Server 2016. Since then we’ve continued to work together and Windows Server 1709 contains several enhancements for Docker customers.

Docker Enterprise Edition Preview

To experiment with the new Docker and Windows features, a preview build of Docker is required. Here’s how to install it on Windows Server 1709 (this will also work on Insider builds):

Install-Module DockerProvider
Install-Package Docker -ProviderName DockerProvider -RequiredVersion preview

To run Docker Windows containers in production on any Windows Server version, please stick to Docker EE 17.06.

Docker Linux Containers on Windows

A key focus of Windows Server version 1709 is support for Linux containers on Windows. We’ve already blogged about how we’re supporting Linux containers on Windows with the LinuxKit project.

To try Linux Containers on Windows Server 1709, install the preview Docker package and enable the feature. The preview Docker EE package includes a full LinuxKit system (all 13MB of it) for use when running Docker Linux containers.

[Environment]::SetEnvironmentVariable("LCOW_SUPPORTED", "1", "Machine")
Restart-Service Docker

To disable, just remove the environment variable:

[Environment]::SetEnvironmentVariable("LCOW_SUPPORTED",  Continue reading

Pub/Sub model could connect IoT devices without carrier networks

Three characteristics of the Internet of Things (IoT) differentiate it from industrial automation. IoT devices are inexpensive. IoT devices can be ubiquitously connected everyplace and anyplace. IoT devices have inexpensive or zero-cost deployment. It explains why we see so few IoT networks and why most of the industrial IoT forecasts are measurements of industrial automation that we have had for decades.The first one, with the exception of the issue of strong security, is easy. The second two, though, in New Jersey parlance — says easy does hard.Ubiquitous connectivity is talked about, and there is a glimmer of hope presented by Low-Power Wide-Area Networks (LPWAN) such as Senet that focus on both low-cost technology and a business model for entrepreneurial partners to deploy networks. But waiting for carriers to perfect and deploy 5G networks to build IoT solutions will delay innovators and prevent early adopters from building proof-of-concept and prototype networks essential for the iterative learning of technical methods, business cases and making financial projections of the benefits of IoT.To read this article in full or to leave a comment, please click here

Pub/Sub model could connect IoT devices without carrier networks

Three characteristics of the Internet of Things (IoT) differentiate it from industrial automation. IoT devices are inexpensive. IoT devices can be ubiquitously connected everyplace and anyplace. IoT devices have inexpensive or zero-cost deployment. It explains why we see so few IoT networks and why most of the industrial IoT forecasts are measurements of industrial automation that we have had for decades.The first one, with the exception of the issue of strong security, is easy. The second two, though, in New Jersey parlance — says easy does hard.Ubiquitous connectivity is talked about, and there is a glimmer of hope presented by Low-Power Wide-Area Networks (LPWAN) such as Senet that focus on both low-cost technology and a business model for entrepreneurial partners to deploy networks. But waiting for carriers to perfect and deploy 5G networks to build IoT solutions will delay innovators and prevent early adopters from building proof-of-concept and prototype networks essential for the iterative learning of technical methods, business cases and making financial projections of the benefits of IoT.To read this article in full or to leave a comment, please click here