How to augment or replace your VPN with Cloudflare

“Never trust, always verify.”

Almost everyone we speak to these days understands and agrees with this fundamental principle of Zero Trust. So what’s stopping folks? The biggest gripe we hear: they simply aren’t sure where to start. Security tools and network infrastructure have often been in place for years, and a murky implementation journey involving applications that people rely on to do their work every day can feel intimidating.

While there’s no universal answer, several of our customers have agreed that offloading key applications from their traditional VPN to a cloud-native Zero Trust Network Access (ZTNA) solution like Cloudflare Access is a great place to start—providing an approachable, meaningful upgrade for their business.

In fact, Gartner^Ⓡ predicted that “by 2025, at least 70% of new remote access deployments will be served predominantly by ZTNA as opposed to VPN services, up from less than 10% at the end of 2021.”¹ By prioritizing a ZTNA project, IT and Security executives can better shield their business from attacks like ransomware while simultaneously improving their employees’ daily workflows. The trade-off between security and user experience is an outmoded view of the world; organizations can truly improve both if they go Continue reading

Introducing Private Network Discovery

With Cloudflare One, building your private network on Cloudflare is easy. What is not so easy is maintaining the security of your private network over time. Resources are constantly being spun up and down with new users being added and removed on a daily basis, making it painful to manage over time.

That’s why today we’re opening a closed beta for our new Zero Trust network discovery tool. With Private Network Discovery, our Zero Trust platform will now start passively cataloging both the resources being accessed and the users who are accessing them without any additional configuration required. No third party tools, commands, or clicks necessary.

To get started, sign-up for early access to the closed beta and gain instant visibility into your network today. If you’re interested in learning more about how it works and what else we will be launching in the future for general availability, keep scrolling.

One of the most laborious aspects of migrating to Zero Trust is replicating the security policies which are active within your network today. Even if you do have a point-in-time understanding of your environment, networks are constantly evolving with new resources being spun up dynamically for various operations. This results Continue reading

Your First REST API Call In Python

This post originally appeared on the Packet Pushers’ Ignition site on June 10, 2020. Introduction In many automation scripts, you’ll be retrieving information via some sort of interface and then doing something with the data. The interface is often an API–application programmatic interface. For folks new to APIs, they might seem daunting, but they need […]

The post Your First REST API Call In Python appeared first on Packet Pushers.

Cloudflare recognized by Microsoft as a Security Software Innovator

This post is also available in 简体中文, Deutsch, Français, Español and 日本語.

Recently, Microsoft announced the winners for the 2022 Microsoft Security Excellence Awards, a prestigious classification in the Microsoft partner community. We are honored to announce that Cloudflare has won the Security Software Innovator award. This award recognized Cloudflare's innovative approach to Zero Trust and Security solutions. Our transformative technology in collaboration with Microsoft provides world-class joint solutions for our mutual customers.

Microsoft Security Excellence Awards

The third annual Microsoft Security awards celebrated finalists in 10 categories spanning security, compliance, and identity. Microsoft unveiled the winners of the Microsoft Security Partner Awards, voted on by a group of industry veterans, on June 6, 2022.

Through this award, Microsoft recognizes Cloudflare’s approach to constantly deliver the most innovative solutions for joint customers. Together with Microsoft, we have supported thousands of customers including many of the largest Fortune 500 companies on their Zero Trust journey, enabling customers to simply and easily support their security needs with faster performance.

Cloudflare has built deep integrations with Microsoft to help organizations take the next step in their Zero Trust journey. These integrations empower organizations to make customer implementations operationally efficient while Continue reading

How to reduce cloud costs

The more workloads that you migrate to the cloud, the more difficult it becomes to predict monthly cloud costs. Cloud services vendors such as Amazon, Google and Microsoft can help organizations avoid capital costs for new hardware, but that doesn’t necessarily mean that you have made the most cost-effective decisions about the particular services that these and other cloud vendors offer.And while it is great that you’re only paying for the services you need, trying to parse your monthly bill requires the skills of a CPA, a software engineer, a commodities trader and a sharp eye for the details.To read this article in full, please click here

MLAG Deep Dive: Layer-3 Forwarding

The layer-2 forwarding and flooding in an MLAG cluster are intricate but still reasonably easy to understand. Layer-3 gets more interesting; its quirks depend heavily on layer-2 implementation. While most MLAG implementations exhibit similar bridging behavior, expect interesting differences in routing behavior.

We’ll have to expand by-now familiar network topology to cover layer-3 edge cases. We’ll still work with two switches in an MLAG cluster, but we’ll have an external router attached to both of them. The hosts connected to the switches belong to two subnets (red and blue).

MLAG Deep Dive: Layer-3 Forwarding

The layer-2 forwarding and flooding in an MLAG cluster are intricate but still reasonably easy to understand. Layer-3 gets more interesting; its quirks depend heavily on layer-2 implementation. While most MLAG implementations exhibit similar bridging behavior, expect interesting differences in routing behavior.

We’ll have to expand by-now familiar network topology to cover layer-3 edge cases. We’ll still work with two switches in an MLAG cluster, but we’ll have an external router attached to both of them. The hosts connected to the switches belong to two subnets (red and blue).

Embrace Multi-Cloud Complexity to gain Competitive Advantage

Counting the days on Linux

Have you ever wondered how many days it’s been since you started your diet, begun your daily jogs, or were first working with Linux? If you can remember the start date, a simple Linux script can count the days for you. All you need is the date command and a calculation that turns your dates into seconds, subtracts the start date from the end date and then divides the result by the appropriate number to turn the seconds into the corresponding number of days.Why seconds? The reason for the conversion to days is that the date command can display a date as the number of seconds since the start of the Linux epoch—10=970-01-01. This is the only option date provides for looking at the time difference between two calendar dates.To read this article in full, please click here

Counting the days on Linux

Have you ever wondered how many days it’s been since you started your diet, begun your daily jogs, or were first working with Linux? If you can remember the start date, a simple Linux script can count the days for you. All you need is the date command and a calculation that turns your dates into seconds, subtracts the start date from the end date and then divides the result by the appropriate number to turn the seconds into the corresponding number of days.Why seconds? The reason for the conversion to days is that the date command can display a date as the number of seconds since the start of the Linux epoch—10=970-01-01. This is the only option date provides for looking at the time difference between two calendar dates.To read this article in full, please click here

AWS moves towards quantum networking

AWS is making a push into an area of quantum computing that hasn't received as much attention as other aspects: networking.The AWS Center for Quantum Networking (CQN) will work toward solving scientific and engineering challenges around creating new hardware, software, and applications for quantum networks, AWS stated. The center will expand other AWS quantum work being done at the vendor’s AWS Center for Quantum Computing, the Amazon Quantum Solutions Lab, and its Amazon Braket service. [ Get regularly scheduled insights by signing up for Network World newsletters. ]To read this article in full, please click here

StorONE enables HDD connectivity over NVMe-oF

StorONE has introduced what it claims is the first storage platform to enable connectivity between standard mechanical hard disk drives (HDD) and flash drives over NVMe-over Fabric (NVMe-oF) infrastructures, which it says can reduce the cost of an NVMe solution by tenfold or more.Storage arrays have traditionally been separated by drive make. You have all-flash arrays and all-hard-disk arrays but not a mix of the two. Typical operation is to put “hot” data, or data that is frequently accessed, on the much faster SSDs, and put less frequently accessed data on the slower HDDs. That approach requires two or more separate arrays, plus the connection between them.To read this article in full, please click here

StorONE enables HDD connectivity over NVMe-oF

StorONE has introduced what it claims is the first storage platform to enable connectivity between standard mechanical hard disk drives (HDD) and flash drives over NVMe-over Fabric (NVMe-oF) infrastructures, which it says can reduce the cost of an NVMe solution by tenfold or more.Storage arrays have traditionally been separated by drive make. You have all-flash arrays and all-hard-disk arrays but not a mix of the two. Typical operation is to put “hot” data, or data that is frequently accessed, on the much faster SSDs, and put less frequently accessed data on the slower HDDs. That approach requires two or more separate arrays, plus the connection between them.To read this article in full, please click here

Contributing Cool Community Content to Calico

It’s right there on our community page—the statement that “Project Calico is first and foremost a community.”

With that in mind, we wanted to make it easier for new contributors to get involved. It’s a win-win scenario—developers experience less frustration, they can get their work done, and have their contributions considered. Plus, the project can easily benefit from the contributions.

Recently, we have been doing a lot of work to simplify the contribution process, and to encourage, recognize, thank, and reward contributors. For example, earlier this year we announced our Calico Big Cats ambassador program and began using a single monorepo architecture. Read on and we’ll dig into that more.

In my role as Lead Developer Advocate for Project Calico, up until now, when I wanted to make a bug fix or improve something, I needed to feed that back to the development team for them to implement. In this blog post, though, I’m going to test out the new contribution process myself, document it for others, make improvements, and see what I can learn.

The Project Calico home page is a great place to find a contribution to make, so I headed there. Following the “Find a good Continue reading

BGP Intra-AS and Route Reflection

Since BGP is designed to be an overlay protocol, it doesn’t really have good mechanisms for carrying routes within an autonomous system. In this video, I’m discussing some of the techniques developed to carry routes within an AS, including route reflectors.

originally posted at Packet Pushers

HS 026 So You Want to Develop A Technology Strategy ?

What are the right questions for developing and maintaining a technology strategy for your company ?

The post HS 026 So You Want to Develop A Technology Strategy ? appeared first on Packet Pushers.

HS 026 So You Want to Develop A Technology Strategy ?

CLI Shortcut for Visual Studio Code on MacOS

I really do like Microsoft’s Visual Studio Code for editing code, so much so that I can forgive it for being an electron app. However when I code in go, the way the go’s syntax validation works means that each app folder needs to be opened in its own Visual Studio Code window – and as somebody supremely lazy I find this to be an irritating thing to have to do.

Opening a Folder in a New Window

It’s not actually that big of a deal, but having to execute File->New Window, then File->Open Folder…, then browsing to the folder I want to open often feels clunky and superfluous when half the time I’ve already browsed to that folder in the shell. So here’s the dumb shortcut which makes my life easy on MacOS:

/usr/local/bin/vsc:
#!/bin/zsh
# 
"/Applications/Visual Studio Code.app/Contents/Resources/app/bin/code" --new-window "`pwd`"

So now if I’m in a folder I can just enter the command vsc and a new Visual Studio Code window opens focused on my current directory.

Stupidly simple, yes, yet I use it multiple times a day and I’m remarkably happy about it. It takes all sorts, I guess.

If you liked this post, Continue reading

Cloudflare outage brings hundreds of sites, services temporarily offline

The Tuesday outage took just under two hours to fix, and follows similar disruption last week that caused network performance issues across India, Indonesia and Eastern Europe.

Full Stack Journey 067: What The Heck Is GitOps?

What, exactly, it GitOps? It seems like a new "Ops" word pops up every week! On today's Full Stack Journey podcast, guest Christian Hernandez of Codefresh explains GitOps, what it is, and how you can get started using it.

The post Full Stack Journey 067: What The Heck Is GitOps? appeared first on Packet Pushers.