It’s been 5 years!!
Hard to believe I have been blogging for 5 years! If I didn’t have a record of it I probably wouldn’t believe it! Last year saw another 30 new blogs posts published, and that doesn’t count my 4 posts for the SolarWinds Thwack Ambassador program or my blog post or two for the Cisco Champion […]
Leverage Micro-Segmentation to Build a Zero Trust Network
Applications are a vital component of your business…but are your applications and data safe? Have you considered implementing a Zero Trust model at your organization to protect your vital resources? Join this hour-long webcast on Tuesday, September 29, 2015 at 11:00 AM PST / 2:00 PM EST to find out how to leverage micro-segmentation to build a true Zero Trust data center network.
Join our guest speaker, John Kindervag, VP and Principal Analyst at Forrester Research, as he discusses the results of the August 2015 commissioned research study, “Leverage Micro-segmentation To Build A Zero Trust Network”, conducted on behalf of VMware. Kindervag will cover Forrester’s three key findings from the study:
- Security gaps and disconnects are the unfortunate norm across Enterprises today.
- Network virtualization helps to reduce risk and supports a higher-level security strategy.
- Micro-segmentation provided through network virtualization paves the way for implementing a Zero Trust model.
Protecting your data doesn’t have to be difficult! Reserve your spot for this webcast today.
Micro-Segmentation and Security at Tribune Media
And to learn more about how other leading organizations are using micro-segmentation to build a Zero Trust Model, watch the video below from David Giambruno, CIO of Continue reading
Information wants to be protected: Security as a mindset
I was teaching a class last week and mentioned something about privacy to the students. One of them shot back, “you’re paranoid.” And again, at a meeting with some folks about missionaries, and how best to protect them when trouble comes to their door, I was again declared paranoid. In fact, I’ve been told I’m paranoid after presentations by complete strangers who were sitting in the audience.
Okay, so I’m paranoid. I admit it.
But what is there to be paranoid about? We’ve supposedly gotten to the point where no-one cares about privacy, where encryption is pointless because everyone can see everything anyway, and all the rest. Everyone except me, that is—I’ve not “gotten over it,” nor do I think I ever will. In fact, I don’t think any engineer should “get over it,” in terms of privacy and security. Even if you think it’s not a big deal in your own life, engineers should learn to treat other people’s information with the utmost care.
In moving from the person to the digital representation of the person, we often forget it’s someone’s life we’re actually playing with. I think it’s time for engineers to take security—and privacy—personally. It’s time Continue reading
Worth Reading: Open Source Medicine
The post Worth Reading: Open Source Medicine appeared first on 'net work.
Cisco FlexVPN DMVPN, Part 1 – Overview and Design
This post will introduce a new type of DMVPN – FlexVPN, unofficially called “DMVPN phase 4″ . We will go through the basic building blocks of Cisco FlexVPN DMVPN and some of the design best practices for a typical enterprise WAN network. FlexVPN Introduction FlexVPN is a configuration framework (a collection of CLI/API commands) aimed to […]
The post Cisco FlexVPN DMVPN, Part 1 – Overview and Design appeared first on Packet Pushers.
Security Visibility In The Virtualized Data Center
Advanced virtualization technologies like SDN and the SDDC can block traditional security monitoring tools. Security architectures must adapt.5 Ways Life Would Stink Without IT Professionals
What would happen if we suddenly had to live without the help of IT pros? The results could be scary.Security Visibility In The Virtualized Data Center
Advanced virtualization technologies like SDN and the SDDC can block traditional security monitoring tools. Security architectures must adapt.Momentum in Motion: $35 Million in Funding, Solid Partnerships, Customer Wins, Switching on New Technology
I can’t believe how fast 2015 is flying by. It seems like we were just making our networking predictions for the year. If you’ve been following the blog or keeping up with us on social media, you may have noticed we’ve been busy here in Nashua in terms of our growth and expansion as well as the products we’re delivering. We are rapidly evolving Plexxi to keep pace with today’s competitive technology landscape.
I’m excited about the prospects for the future. And the reason has to do with three key accomplishments in 2015 (so far): today’s big news —$35 million in funding to accelerate our growth plans and product development; our new strategic partnerships along with our customer growth in targeted vertical markets; and the introduction of our Switch 2 Series. We’re set to make 2015 our best year yet.
1. Financing to Accelerate our Growth. Today, we announced we raised $35 million to continue our rapid growth in the software-defined agile datacenter market. The infusion of capital will help fuel the rapid expansion of our sales, marketing, customer support, and research and development efforts to deliver on our vision of a software-defined architecture in datacenters and service provider networks. Continue reading
Plexxi Raises $35M but Won’t Start the IPO Buzz Yet
Expect more reseller deals as Plexxi builds on its partnership with Arrow and starts thinking IPO.
VXLAN Hardware Gateway Overview
One of my readers stumbled upon a 4-year-old blog post explaining the potential implementations of VXLAN hardware gateways, and asked me if that information is still relevant.
I knew that I’d included tons of information in the Data Center Fabrics and VXLAN Deep Dive webinars, but couldn’t find anything on the web, so let’s fix that.
Read more ...How We Extended CloudFlare’s Performance and Security Into Mainland China
CloudFlare launched five years ago. Within a year of our launch, the biggest surprise was the strong global demand for our service. From nearly the beginning, China was the second largest source of traffic by country to our network, behind only the United States.
In retrospect, that shouldn't have been a surprise. In 2010, the year we launched, 34% of China's population, or 450 million people, were online. Today, nearly half the country is online. To put it another way, with 700 million people online, China represents a quarter of all Internet users. If your mission is to help build a better Internet, like CloudFlare's is, then China is a country you cannot ignore.
Consequently, starting in 2011, we began to investigate how CloudFlare could bring our service to the Chinese Internet. Four years later, we're excited to announce the extension of CloudFlare's performance and security platform across mainland China. This is the story of how we did it.
The Challenges
There are three major challenges to extending a service like CloudFlare's across mainland China: technical, economic, and regulatory.
Technical
From a technical perspective, the Chinese Internet, despite its many similarities, is different than the rest of the world. Unlike Continue reading
IPv6-based Wi-Fi Hotspots
Apple’s 2015 WWDC event included a great session on IPv6 & TCP changes coming with iOS 9. There is a related post to the IETF v6ops mailing list here. The new IPv6 hotspot is very interesting to me. These are my notes on how hotspot functionality can work with IPv6, and no NAT.
Disclaimer: These are my own notes, written to help my understanding. There will be mistakes. Corrections welcome.
IPv4 Hotspot – (aka the simplicity of NAT?)
The current IPv4 hotspots use simple NAT, similar to most home network setups. The mobile network assigns a public IPv4 /32 address to the handset, H. The handset picks a local RFC1918 address space for its connectivity to local clients, and hands that out via DHCP. Hide NAT is used to provide outbound internet connectivity for those clients.
What about IPv6? Isn’t NAT verboten?
NAT is evil, right? We can’t use NAT to hide the local clients behind the handset. So how do we provide IPv6 hotspot functionality? One way would be to use DHCPv6 PD. When the hotspot is enabled, the mobile device could request a prefix via DHCPv6 PD. That could then be used for local devices.
Unfortunately the Continue reading