Tips for Putting Zero Trust into Practice in Kubernetes-Based Environments
If you work in IT, you’ve probably heard lots of talk in recent years about “zero trust,” a security strategy that requires all resources to be authenticated and authorized before they interact with other resources, rather than being trusted by default.
The theory behind zero trust is easy enough to understand. Where matters tend to get tough, however, is actually implementing zero-trust security and compliance, especially in complex, cloud-native environments.
Which tools are available to help you enforce zero-trust security configurations? What does zero trust look like at different layers of your stack – nodes, networks, APIs and so on? What does it mean to enforce zero trust for human users, as compared to machine users?
To answer questions like these, we’ve organized a webinar, titled “Zero Trust Security and Compliance for Modern Apps on Multi-Cloud,” that will offer practical guidance on configuring a zero-trust security posture in the real world.
The one-hour session will focus in particular on enforcing zero-trust in Kubernetes-based environments, with deep dives into the following:
- How to protect human and machine users in Kubernetes using a zero-trust model.
- Meeting Kubernetes data privacy and compliance requirements through zero trust.
- Securing user-to-app communications with zero-trust networking policies Continue reading
Day Two Cloud 146: Deploying And Managing Cloud Infrastructure With Pulumi
Today's Day Two Cloud digs into an Infrastructure as Code (IaC) platform called Pulumi. Pulumi can be used to build, deploy, and manage cloud applications using familiar languages such as .Net and Java, as well as well-known tools and practices.From Home Office to HQ: Consumerization of Wi-Fi 6E
Consumers are bringing Wi-Fi 6E to the enterprise, and soon. No matter how far out your next network refresh is, now is the time to start thinking about it.Announcing D1: our first SQL database
We announced Cloudflare Workers in 2017, giving developers access to compute on our network. We were excited about the possibilities this unlocked, but we quickly realized — most real world applications are stateful. Since then, we’ve delivered KV, Durable Objects, and R2, giving developers access to various types of storage.
Today, we're excited to announce D1, our first SQL database.
While the wait on beta access shouldn’t be long — we’ll start letting folks in as early as June (sign up here), we’re excited to share some details of what’s to come.
Meet D1, the database designed for Cloudflare Workers
D1 is built on SQLite. Not only is SQLite the most ubiquitous database in the world, used by billions of devices a day, it’s also the first ever serverless database. Surprised? SQLite was so ahead of its time, it dubbed itself “serverless” before the term gained connotation with cloud services, and originally meant literally “not involving a server”.
Since Workers itself runs between the server and the client, and was inspired by technology built for the client, SQLite seemed like the perfect fit for our first entry into databases.
So what can you build with D1? Continue reading
A New Hope for Object Storage: R2 enters open beta
In September, we announced that we were building our own object storage solution: Cloudflare R2. R2 is our answer to egregious egress charges from incumbent cloud providers, letting developers store as much data as they want without worrying about the cost of accessing that data.
The response has been overwhelming.
- Independent developers had bills too small for cloud providers to negotiate fair egress rates with them. Egress charges were the largest line-item on their cloud bills, strangling side projects and the new businesses they were building.
- Large corporations had written off multi-cloud storage - and thus multi-cloud itself - as a pipe dream. They came to us with excitement, pitching new products that integrated data with partner companies.
- Non-profit research organizations were paying massive egress fees just to share experiment data with one another. Egress fees were having a real impact on their ability to collaborate, driving silos between organizations and restricting the experiments and analyses they could run.
Cloudflare exists to help build a better Internet. Today, the Internet gets what it deserves: R2 is now in open beta.
Self-serve customers can enable R2 in the Cloudflare dashboard. Enterprise accounts can reach out to their CSM for onboarding.
Internal Continue reading
Introducing Cache Reserve: massively extending Cloudflare’s cache
One hundred percent. 100%. One-zero-zero. That’s the cache ratio we’re all chasing. Having a high cache ratio means that more of a website’s content is served from a Cloudflare data center close to where a visitor is requesting the website. Serving content from Cloudflare’s cache means it loads faster for visitors, saves website operators money on egress fees from origins, and provides multiple layers of resiliency and protection to make sure that content is reliably available to be served.
Today, I’m delighted to announce a massive extension of the benefits of caching with Cache Reserve: a new way to persistently serve all static content from Cloudflare’s global cache. By using Cache Reserve, customers can see higher cache hit ratios and lower egress bills.
Why is getting a 100% cache ratio difficult?
Every second, Cloudflare serves tens-of-millions of requests from our cache which equates to multiple terabytes-per-second of cached data being delivered to website visitors around the world. With this massive scale, we must ensure that the most requested content is cached in the areas where it is most popular. Otherwise, visitors might wait too long for content to be delivered from farther away and our network would be running inefficiently. Continue reading
Logs on R2: slash your logging costs
Hot on the heels of the R2 open beta announcement, we’re excited that Cloudflare enterprise customers can now use Logpush to store logs on R2!
Raw logs from our products are used by our customers for debugging performance issues, to investigate security incidents, to keep up security standards for compliance and much more. You shouldn’t have to make tradeoffs between keeping logs that you need and managing tight budgets. With R2’s low costs, we’re making this decision easier for our customers!
Getting into the numbers
Cloudflare helps customers at different levels of scale — from a few requests per day, up to a million requests per second. Because of this, the cost of log storage also varies widely. For customers with higher-traffic websites, log storage costs can grow large, quickly.
As an example, imagine a website that gets 100,000 requests per second. This site would generate about 9.2 TB of HTTP request logs per day, or 850 GB/day after gzip compression. Over a month, you’ll be storing about 26 TB (compressed) of HTTP logs.
For a typical use case, imagine that you write and read the data exactly once – for example, you might write the data to Continue reading
Durable Objects Alarms — a wake-up call for your applications
Since we launched Durable Objects, developers have leveraged them as a novel building block for distributed applications.
Durable Objects provide globally unique instances of a JavaScript class a developer writes, accessed via a unique ID. The Durable Object associated with each ID implements some fundamental component of an application — a banking application might have a Durable Object representing each bank account, for example. The bank account object would then expose methods for incrementing a balance, transferring money or any other actions that the application needs to do on the bank account.
Durable Objects work well as a stateful backend for applications — while Workers can instantiate a new instance of your code in any of Cloudflare’s data centers in response to a request, Durable Objects guarantee that all requests for a given Durable Object will reach the same instance on Cloudflare’s network.
Each Durable Object is single-threaded and has access to a stateful storage API, making it easy to build consistent and highly-available distributed applications on top of them.
This system makes distributed systems’ development easier — we’ve seen some impressive applications launched atop Durable Objects, from collaborative whiteboarding tools to conflict-free replicated data type (CRDT) systems for coordinating Continue reading
netsim-tools: VLANs, Hardware Labs, VRF Loopbacks
Here’s a short list of major goodies included in netsim-tools release 1.2.2:
- Access VLANs, VLAN trunks and native VLANs implemented on Cisco IOS, Arista EOS, VyOS, and Dell OS10 (VyOS and OS10 support contributed by Stefano Sasso)
- Hardware labs implemented with external topology provider (contributed by Stefano Sasso)
- VRF loopback interfaces (contributed by Stefano Sasso)
More details in the release notes.
To upgrade netsim-tools, use pip3 install --upgrade netsim-tools; if you’re starting from scratch, read the installation instructions.
BGP community-based traffic engineering
The post BGP community-based traffic engineering appeared first on Noction.
Top Data Fabric Trends for Enterprises in 2022 and Beyond
This year we should see lots of action in data fabric adoption and upgrades as the architecture proves useful for many use cases.Watching Eurovision 2022 on Cloudflare Radar
The Eurovision Song Contest has a history that goes back to 1956, so it's even older than the European Union and one of its highlights over the years was being the first global stage for the Swedish group ABBA — Waterloo won the 1974 edition). This year, for the 66th edition, we have a dedicated page for Eurovision fans, journalists or anyone interested in following Internet trends related to the event taking place in Turin, Italy.
The contest consists of two semi-finals and a final. The first semi-final is today, May 10, at 21:00 CEST, the second is Thursday, May 12, at 21:00 CEST. And the final is on Saturday, May 14, at 21:00 CEST. We are using Central European Summer Time and not our usual (on Radar) UTC because that’s the timezone of most of the 40 countries that will take part in the contest. There will be 17 countries in the first semi-final, 18 in the second, and 25 in the final (the full list is here).
From countries to fan sites.
First, you can see the Internet traffic aggregate in all the 40 countries that are participating in Eurovision 2022. There’s also a Continue reading