Automate Calico Cloud and EKS cluster integration using AWS Control Tower
Productive, scalable, and cost-effective, cloud infrastructure empowers innovation and faster deliverables. It’s a no-brainer why organizations are migrating to the cloud and containerizing their applications. As businesses scale their cloud infrastructure, they cannot be bottlenecked by security concerns. One way to release these bottlenecks and free up resources is by using automation.
What if you could automate the deployment and integration of your container security services with your cluster’s environment?
In a joint blog post with AWS Marketplace, AWS Sr. Cloud Application Architect, Deepak Sihag, joins Tigera’s Technical Marketing Engineer, Joseph Yostos, to walk you through the process of activating, deploying, and configuring Calico Cloud in your AWS Control Tower environment. And of course, how to automate the process of connecting Calico Cloud to your EKS cluster.
Blog highlights
Aside from showing you how you can fully leverage the preconfigured resources of AWS Control Tower, the solution walkthrough also highlights:
- Event-driven automation to connect an EKS cluster with Calico Cloud
- AWS CloudFormation deployment
- Detailed runthrough of prerequisite configurations
- Step-by-step guide on how to automate Calico Cloud and EKS cluster integration using AWS Control Tower
- How to clean up your account to avoid incurring costs
Why read the blog?
As the Continue reading
Advanced OOBM Tactics Simplify and Reinforce Remote Data Center Access
Modern out-of-band management (OOBM) platforms offer a wealth of new features to aid administrators with zero-touch deployments and robust, failure-resistant remote data center connectivity.Repost: What’s Wrong with Network Automation
Responding to my Infrastructure as Code Sounds Scary blog post, Deepak Arora posted an interesting (and unfortunately way too accurate) list of challenges you might encounter when trying to introduce network automation in an enterprise environment.
He graciously allowed me to repost his thoughts on my blog.
Why don’t we agree on that :
Repost: What’s Wrong with Network Automation
Responding to my Infrastructure as Code Sounds Scary blog post, Deepak Arora posted an interesting (and unfortunately way too accurate) list of challenges you might encounter when trying to introduce network automation in an enterprise environment.
He graciously allowed me to repost his thoughts on my blog.
Why don’t we agree on that :
What we served up for the last Birthday Week before we’re a teenager
Almost a teen. With Cloudflare’s 12th birthday last Tuesday, we’re officially into our thirteenth year. And what a birthday we had!
36 announcements ranging from SIM cards to post quantum encryption via hardware keys and so much more. Here’s a review of everything we announced this week.
Monday
| What | In a sentence… |
|---|---|
| The First Zero Trust SIM | We’re bringing Zero Trust security controls to the humble SIM card, rethinking how mobile device security is done, with the Cloudflare SIM: the world’s first Zero Trust SIM. |
| Securing the Internet of Things | We’ve been defending customers from Internet of Things botnets for years now, and it’s time to turn the tides: we’re bringing the same security behind our Zero Trust platform to IoT. |
| Bringing Zero Trust to mobile network operators | Helping bring the power of Cloudflare’s Zero Trust platform to mobile operators and their subscribers. |
Tuesday
| What | In a sentence… |
|---|---|
| Workers Launchpad | Leading venture capital firms to provide up to $1.25 BILLION to back startups built on Cloudflare Workers. |
| Startup Plan v2.0 | Increasing the scope, eligibility and products we include under our Startup Plan, enabling more developers and startups to build the next big thing on top of Cloudflare. |
| workerd: Continue reading |
Network Break 401: Google Teases Multi-Gig Home Broadband; New USB Cables Use Slightly Less Plastic
Today's Network Break covers three Google stories including Google Fiber's ambitions for multi-gig Internet and the killing of Stadia. We also discuss a rise in firewall sales, using plant-based materials in USB cables, and more IT news.
The post Network Break 401: Google Teases Multi-Gig Home Broadband; New USB Cables Use Slightly Less Plastic appeared first on Packet Pushers.
Network Break 401: Google Teases Multi-Gig Home Broadband; New USB Cables Use Slightly Less Plastic
Today's Network Break covers three Google stories including Google Fiber's ambitions for multi-gig Internet and the killing of Stadia. We also discuss a rise in firewall sales, using plant-based materials in USB cables, and more IT news.Offensive Security & Threat Hunting: The Best Defense is a Good Offense
Offensive security is the future of cybersecurity as the proactive mindset enables threat hunters to be more efficient in detecting vulnerabilities.Monday Mobility Quick Thoughts
I’m getting ready for Mobility Field Day 8 later this week and there’s been a lot of effort making sure we’re ready to go. That means I’ve spent lots of time thinking about event planning instead of writing. So I wanted to share some quick thoughts with you ahead of this week as well as WLPC Europe next week.
- I remain convinced than half of the objections that are raised by oversight organizations when it comes to adopting new technology come from the fact they got caught flat-footed and weren’t ready for it to be popular. Whether it’s the Wi-Fi 6E safety issue or the report earlier this year from the FAA about 5G and airports it just seems like organizations spend less time doing actual investigation and more time writing press releases about how they are ready to figure it all out yet.
- I also remain cautiously optimistic that the new Apple devices rumored to be coming out later this year, namely the iPad Pro and MacBook Pro with M2 chips, will have Wi-Fi 6E support. Yes, the iPhone didn’t. It’s also a smaller device with less room to add new hardware. The iPad and MacBook have historically gotten Continue reading
Defending against future threats: Cloudflare goes post-quantum
There is an expiration date on the cryptography we use every day. It’s not easy to read, but somewhere between 15 or 40 years, a sufficiently powerful quantum computer is expected to be built that will be able to decrypt essentially any encrypted data on the Internet today.
Luckily, there is a solution: post-quantum (PQ) cryptography has been designed to be secure against the threat of quantum computers. Just three months ago, in July 2022, after a six-year worldwide competition, the US National Institute of Standards and Technology (NIST), known for AES and SHA2, announced which post-quantum cryptography they will standardize. NIST plans to publish the final standards in 2024, but we want to help drive early adoption of post-quantum cryptography.
Starting today, as a beta service, all websites and APIs served through Cloudflare support post-quantum hybrid key agreement. This is on by default1; no need for an opt-in. This means that if your browser/app supports it, the connection to our network is also secure against any future quantum computer.
We offer this post-quantum cryptography free of charge: we believe that post-quantum security should be the new baseline for the Internet.
Deploying post-quantum cryptography seems like a Continue reading
Introducing post-quantum Cloudflare Tunnel
Undoubtedly, one of the big themes in IT for the next decade will be the migration to post-quantum cryptography. From tech giants to small businesses: we will all have to make sure our hardware and software is updated so that our data is protected against the arrival of quantum computers. It seems far away, but it’s not a problem for later: any encrypted data captured today (not protected by post-quantum cryptography) can be broken by a sufficiently powerful quantum computer in the future.
Luckily we’re almost there: after a tremendous worldwide effort by the cryptographic community, we know what will be the gold standard of post-quantum cryptography for the next decades. Release date: somewhere in 2024. Hopefully, for most, the transition will be a simple software update then, but it will not be that simple for everyone: not all software is maintained, and it could well be that hardware needs an upgrade as well. Taking a step back, many companies don’t even have a full list of all software running on their network.
For Cloudflare Tunnel customers, this migration will be much simpler: introducing Post-Quantum Cloudflare Tunnel. In this blog post, first we give an overview of how Cloudflare Tunnel Continue reading
Automatic (secure) transmission: taking the pain out of origin connection security
In 2014, Cloudflare set out to encrypt the Internet by introducing Universal SSL. It made getting an SSL/TLS certificate free and easy at a time when doing so was neither free, nor easy. Overnight millions of websites had a secure connection between the user’s browser and Cloudflare.
But getting the connection encrypted from Cloudflare to the customer’s origin server was more complex. Since Cloudflare and all browsers supported SSL/TLS, the connection between the browser and Cloudflare could be instantly secured. But back in 2014 configuring an origin server with an SSL/TLS certificate was complex, expensive, and sometimes not even possible.
And so we relied on users to configure the best security level for their origin server. Later we added a service that detects and recommends the highest level of security for the connection between Cloudflare and the origin server. We also introduced free origin server certificates for customers who didn’t want to get a certificate elsewhere.
Today, we’re going even further. Cloudflare will shortly find the most secure connection possible to our customers’ origin servers and use it, automatically. Doing this correctly, at scale, while not breaking a customer’s service is very complicated. This blog post explains how we are Continue reading