TLS Handshake Acceleration with Tanzu Service Mesh
Performance and Security Optimizations on Intel Xeon Scalable Processors – Part 2
Contributors
Manish Chugtu — VMware
Ramesh Masavarapu, Saidulu Aldas, Sakari Poussa, Tarun Viswanathan — Intel
Introduction
Intel and VMware have been working together to optimize and accelerate the microservices middleware and infrastructure with software and hardware to ensure developers have the best-in-class performance and low latency experience when building distributed workloads with a focus on improving the performance, crypto accelerations, and making it more secure.
In Part 1 of this blog series, we looked at how Tanzu Service Mesh uses eBPF (in a non-disruptive manner) to achieve network acceleration by bypassing the TCP/IP networking stack in the Linux kernel and we loved the interest shown and feedback we got for that. In this Part 2, we will deep dive and showcase how Intel and VMware have been working together to accelerate Tanzu Service Mesh (/Istio) crypto use-cases (mutual TLS use-case) and improve the performance of asymmetric crypto operations by using Intel AVX-512 Crypto instruction set that is available on 3rd Generation Intel Xeon Scalable processors.
Security is one of the key areas that service mesh addresses. In Tanzu Service Mesh, there are multiple security features that are Continue reading
HS032 Mentors and Leadership
Is there a role for career mentors and coaches in modern IT ? We discuss the topic and establish some points. IT Careers are high value and high effort but unlike other professions (such as law or medicine) there are no gatekeepers to working. This leads to training and ‘life coaches’ that are unregulated and often unprofessional.
The post HS032 Mentors and Leadership appeared first on Packet Pushers.
HS032 Mentors and Leadership
Is there a role for career mentors and coaches in modern IT ? We discuss the topic and establish some points. IT Careers are high value and high effort but unlike other professions (such as law or medicine) there are no gatekeepers to working. This leads to training and ‘life coaches’ that are unregulated and often unprofessional.
Rethinking security roles and organizational structure for the cloud
As more and more applications and application development move to the cloud, traditional security roles and organizational structures are being shaken up. Why is that and what are the benefits of a cloud-first approach for business?
Traditional vs. cloud model
Application development in the traditional model, especially in larger companies, can be thought of as a linear process—similar to a baton being passed between teammates (e.g. the application team hands off the baton to the security team). In this model, each team has their own area of expertise, such as networking, infrastructure, or security, and the application development process is self-contained within each team.
The downside to this model is that responsibilities are siloed, and interactions and hand-offs between teams create friction. For example, if one team needs something from another, they need to submit a ticket and deal with wait time. In the traditional model, it’s not unusual for the application development and deployment process to last weeks or months, and then there are bug fixes and new release rollouts to contend with.
A cloud model, on the other hand, offers several benefits, including automation, abstraction, and simplicity. The high degree of automation in cloud-native infrastructure in general Continue reading
How OCSF Aims to Simplify Network Security Monitoring
The Open Cybersecurity Schema Framework (OCSF) defines an open specification for the normalization of security telemetry across a wide range of security products and services.Introducing thresholds in Security Event Alerting: a z-score love story
Today we are excited to announce thresholds for our Security Event Alerts: a new and improved way of detecting anomalous spikes of security events on your Internet properties. Previously, our calculations were based on z-score methodology alone, which was able to determine most of the significant spikes. By introducing a threshold, we are able to make alerts more accurate and only notify you when it truly matters. One can think of it as a romance between the two strategies. This is the story of how they met.
Author’s note: as an intern at Cloudflare I got to work on this project from start to finish from investigation all the way to the final product.
Once upon a time
In the beginning, there were Security Event Alerts. Security Event Alerts are notifications that are sent whenever we detect a threat to your Internet property. As the name suggests, they track the number of security events, which are requests to your application that match security rules. For example, you can configure a security rule that blocks access from certain countries. Every time a user from that country tries to access your Internet property, it will log as a security event. While a Continue reading
Announcing Project Northstar: SaaS delivered Multi-Cloud Networking and Security
Multi-cloud architectures are becoming an increasingly central part of enterprise strategies delivering applications reliably. In a VMware Digital Momentum Study of enterprise technology decision-makers, nearly 73% report they are standardizing on multi-cloud foundations to operate applications and infrastructure1.
Multi-cloud infrastructure offers many benefits – such as the ability to scale quickly and increase reliability. By extension, multi-cloud deployments can help businesses:
- Innovate and transform the customer experience
- Scale and grow the business
- Empower employee engagement and productivity
Yet, from an operational and technology perspective the multi-cloud presents a major challenge: Complexity. Rapid innovation and growth require the ability to deploy and manage workloads in any public cloud while providing the required service availability and scale. However, managing workloads and infrastructure on multiple clouds at once significantly increases the complexity of the network architecture connecting these applications and clouds. It also requires businesses to deploy complex security rules to protect lateral network traffic while having to rely on limited workload mobility and visibility and threat detection capabilities that do not scale.
Successfully adopting a multi-cloud infrastructure requires a means of taming the complexity that is inherent to multi-cloud.
Introducing Project Northstar
We are introducing Project Northstar, a new technology preview, Continue reading