Archive

Category Archives for "Networking"

Is SONiC Right for Your Data Center and Private Cloud Network?

Many data center operators are interested in bringing the benefits of hyperscaler technologies to on-prem data centers. One of these technologies is SONiC, an open source network operating system that is being advanced under the auspices of the Open Compute Project (OCP). There are a number of questions that enterprises, communication service providers and tier 2 cloud service providers need to ask themselves to understand if SONiC is a good choice for their on-prem data center and private cloud networks.

What is SONiC?

SONiC, which stands for “Software for Open Networking in the Cloud,” is a network operating system originally designed by Microsoft for their data center networks. Microsoft was frustrated with the overly complex operating systems provided by vendors like Cisco, Juniper and Arista that included many features that Microsoft simply did not need for their Azure cloud network. Thus, SONiC was built by Microsoft in a completely modular way based on running networking functions in containers so components could be added or removed as a mechanism to build a lean, optimized OS that only contained the essential features to run the Microsoft Azure cloud network. They also developed the Switch Abstraction Interface (SAI) with a goal of enabling Continue reading

FTC investigation of Nvidia/Arm deal will only hurt Arm

The proposed Nvidia-Arm merger had another roadblock thrown in front of it when the US Federal Trade Commission’s filed a lawsuit objecting to the $40 billion deal last week.The acquisition met with almost immediate opposition from UK entities when it was announced in September 2020. Now, 15 months laster the FTC weighs in and has set an administrative trial for Aug. 9, 2022.“Tomorrow’s technologies depend on preserving today’s competitive, cutting-edge chip markets,” said Holly Vedova, director of the FTC’s Bureau of Competition in a statement. “This proposed deal would distort Arm’s incentives in chip markets and allow the combined firm to unfairly undermine Nvidia’s rivals.”To read this article in full, please click here

APIs pose the latest threat of vendor-lock-in networking

In my surveys of enterprises, the number worried about vendor lock-in has hovered around 90% for 30 years.  When you ask enterprises how they avoid it, they respond “standard interfaces” or “open-source”. Even today, the percentage who include “managing APIs” in their list of lock-in avoidance measures is in the statistical noise level, but APIs are perhaps the fastest-growing lock-in problem today, and they’re surely going to become a major problem in the future.API stands for “application programming interface”, but the term is broadly used in software today to describe the interfaces between all the software components used in an application, a cloud, or even a network. APIs let pieces of software talk with each other, and they’re essential in every situation where software components rather than hardware devices are connected. What’s creating a challenge in lock-in from APIs today is the fact that networking is shifting more to software, which means it’s shifting to a model where APIs are just as important as those standard interfaces, and enterprises aren’t tracking that important shift.To read this article in full, please click here

FTC investigation of Nvidia/Arm deal will only hurt Arm

The proposed Nvidia-Arm merger had another roadblock thrown in front of it when the US Federal Trade Commission’s filed a lawsuit objecting to the $40 billion deal last week.The acquisition met with almost immediate opposition from UK entities when it was announced in September 2020. Now, 15 months laster the FTC weighs in and has set an administrative trial for Aug. 9, 2022.“Tomorrow’s technologies depend on preserving today’s competitive, cutting-edge chip markets,” said Holly Vedova, director of the FTC’s Bureau of Competition in a statement. “This proposed deal would distort Arm’s incentives in chip markets and allow the combined firm to unfairly undermine Nvidia’s rivals.”To read this article in full, please click here

APIs pose the latest threat of networking-vendor lock-in

In my surveys of enterprises, the number worried about vendor lock-in has hovered around 90% for 30 years.  When you ask enterprises how they avoid it, they respond “standard interfaces” or “open-source”. Even today, the percentage who include “managing APIs” in their list of lock-in avoidance measures is in the statistical noise level, but APIs are perhaps the fastest-growing lock-in problem today, and they’re surely going to become a major problem in the future.API stands for “application programming interface”, but the term is broadly used in software today to describe the interfaces between all the software components used in an application, a cloud, or even a network. APIs let pieces of software talk with each other, and they’re essential in every situation where software components rather than hardware devices are connected. What’s creating a challenge in lock-in from APIs today is the fact that networking is shifting more to software, which means it’s shifting to a model where APIs are just as important as those standard interfaces, and enterprises aren’t tracking that important shift.To read this article in full, please click here

Aryaka broadens enterprise targets with managed SD-WAN, SASE services

Aryaka Networks is looking to target more enterprises with a new managed secure access service edge (SASE) offering and an improved, lower cost SD-WAN offerings.Aryaka is known for offering WAN and SD-WAN services over its global Layer 2 network with more than 40 points . The new services spring from that backbone to provide additional, flexible WAN services. SD-WAN buyers guide: Key questions to ask vendors The first is based on a new iteration of Aryaka’s L2 core—the L3—which is optimized for cost and non-mission critical applications or sites that don’t require top-shelf performance. The L2 core is optimized for performance-sensitive applications.To read this article in full, please click here

Aryaka broadens enterprise targets with managed SD-WAN, SASE services

Aryaka Networks is looking to target more enterprises with a new managed secure access service edge (SASE) offering and an improved, lower cost SD-WAN offerings.Aryaka is known for offering WAN and SD-WAN services over its global Layer 2 network with more than 40 points . The new services spring from that backbone to provide additional, flexible WAN services. SD-WAN buyers guide: Key questions to ask vendors The first is based on a new iteration of Aryaka’s L2 core—the L3—which is optimized for cost and non-mission critical applications or sites that don’t require top-shelf performance. The L2 core is optimized for performance-sensitive applications.To read this article in full, please click here

What’s New in vRealize Network Insight Cloud and vRealize Network Insight 6.4 for NSX-T 3.2

We’re pleased to announce another close collaboration between NSX-T 3.2, vRealize Network Insight Cloud, and vRealize Network Insight 6.4 in this latest release. As enterprises strive for the latest in cloud networking, the network management piece combines the end-user experience, applications, and technology to provide the visibility needed to ensure applications are consistently performing and secure. As we know, broad network observability is a critical step in securing the infrastructure.

vRealize Network Insight Cloud is available as a SaaS or on-premises solution for end-to-end network visibility, troubleshooting, and analytics. It works closely with NSX-T 3.2. vRealize Network Insight Cloud also helps optimize multi-cloud network performance with troubleshooting capabilities for applications, virtual machines, physical servers, or Kubernetes.

NSX Federation

Customers use NSX Federation to scale across different locations globally, making it easier to create hierarchies and dramatically simplifying management. vRealize Network Insight Cloud now supports network visibility for NSX Federation. This new feature will enable customers to leverage views across multiple NSX-T data centers at the global, regional, and local site levels. Several new cross-site VM to VM paths will be available, including inter-site VM-VM paths, intra-site VM-VM paths, VM-VM across sites with NAT, VM-VM paths across Continue reading

VMware NSX 3.2 Delivers New, Advanced Security Capabilities 

It’s an impactful release focused on significant NSX Security enhancements

Putting a hard shell around a soft core is not a recipe for success in security, but somehow legacy security architectures for application protection have often looked exactly like that: a hard perimeter firewall layer for an application infrastructure that was fundamentally not built with security as a primary concern. VMware NSX Distributed Firewall pioneered the micro-segmentation concept for granular access controls for cloud applications with the initial launch of the product in 2013. The promise of Zero Trust security for applications, the simplicity of deployment of the solution, and the ease of achieving internal security objectives made NSX an instant success for security-sensitive customers.

Our newest release — NSX-T 3.2 — establishes a new marker for securing application infrastructure by introducing significant new features to identify and respond to malware and ransomware attacks in the network, to enhance user identification and L7 application identification capabilities, and, at the same time, to simplify deployment of the product for our customers.

“Modern day security teams need to secure mission-critical infrastructure from both external and internal attacks. By providing unprecedented threat visibility leveraging IDS, NTA, and Network Detection and Response (NDR) capabilities along with granular controls leveraging L4-L7 Firewall, IPS, and Malware Prevention capabilities, NSX 3.2 delivers an incredible security solution for our customers“  

– Umesh Mahajan, SVP, GM (Networking and Security Business Unit) 

This blog captures critical enhancements NSX-T 3.2 delivers from a security perspective. And stay tuned —we’ll follow up with more detailed blogs on Continue reading

Announcing NSX-T 3.2: Innovations in Multi-Cloud Security, Networking, and Operations 

We’re excited to announce VMware NSX-T 3.2, one of the largest NSX releases so far. NSX-T 3.2 includes key innovations across multi-cloud security, scale-out networking for containers, VMs, and physical workloads. It also delivers simplified operations that help enterprises achieve a one-click, public cloud experience wherever their workloads are deployed. 

Strong Multi-Cloud Security 

NSX-T 3.2 provides strong, multi-cloud, easy-to-operationalize network defenses that secure application traffic within and across clouds. NSX-T 3.2 goes a step further in making it easy to enable Zero Trust application access across multi-cloud environments — enabling customers to secure traffic across applications and individual workloads with security controls that are consistent, automated, attached to the workload, and elastic in scale. 

Tapless Network Traffic Analysis (NTA)

Network traffic analysis (NTA) and sandboxing solutions are integrated directly into the NSX Distributed Firewall (DFW). NSX eliminates traffic hairpins by distributing NTA as a service within the hypervisor. Combined with distributed IDS/IPS capabilities, security teams can now virtualize the entire security stack and eliminate blind spots while allowing security policies and controls to follow workflows throughout their lifecycle, regardless of the underlying infrastructure. 

Gateway Firewall

The enhanced gateway firewall serves as a software-based gateway with L2-L7 controls — including URL filtering and advanced threat prevention with malware analysis and sandboxing. This extends centralized security controls to physical workloads, the data center perimeter, and the public cloud edge — ensuring consistent security controls across both east-west and north-south application traffic Continue reading

Gartner: Key infrastructure and operations trends to dominate 2022

The impact of COVID on the workforce is making the IT world more challenging for infrastructure and operations (I&O) leaders, but it's also a chance for those leaders to drive some serious business changes and increase resiliency, according to analysts presenting at this week’s virtual Gartner IT Infrastructure, Operations & Cloud Strategies Conference.“I&O leaders need to drive change, not simply absorb it,” said Jeffrey Hewitt, research vice president at Gartner, to the virtual audience. I&O leaders are expected to deliver more adaptable and resilient service from anywhere — and for an increasingly distributed workforce, Hewitt said.To read this article in full, please click here

Store your Cloudflare logs on R2

Store your Cloudflare logs on R2
Store your Cloudflare logs on R2

We're excited to announce that customers will soon be able to store their Cloudflare logs on Cloudflare R2 storage. Storing your logs on Cloudflare will give CIOs and Security Teams an opportunity to consolidate their infrastructure; creating simplicity, savings and additional security.

Cloudflare protects your applications from malicious traffic, speeds up connections, and keeps bad actors out of your network. The logs we produce from our products help customers answer questions like:

  • Why are requests being blocked by the Firewall rules I’ve set up?
  • Why are my users seeing disconnects from my applications that use Spectrum?
  • Why am I seeing a spike in Cloudflare Gateway requests to a specific application?

Storage on R2 adds to our existing suite of logging products. Storing logs on R2 fills in gaps that our customers have been asking for: a cost-effective solution to store logs for any of our products for any period of time.

Goodbye to old school logging

Let’s rewind to the early 2000s. Most organizations were running their own self-managed infrastructure: network devices, firewalls, servers and all the associated software. Each company has to manage logs coming from hundreds of sources in the IT stack. With dedicated storage needed for retaining Continue reading

Control input on suspicious sites with Cloudflare Browser Isolation

Control input on suspicious sites with Cloudflare Browser Isolation
Control input on suspicious sites with Cloudflare Browser Isolation

Your team can now use Cloudflare’s Browser Isolation service to protect against phishing attacks and credential theft inside the web browser. Users can browse more of the Internet without taking on the risk. Administrators can define Zero Trust policies to prohibit keyboard input and transmitting files during high risk browsing activity.

Earlier this year, Cloudflare Browser Isolation introduced data protection controls that take advantage of the remote browser’s ability to manage all input and outputs between a user and any website. We’re excited to extend that functionality to apply more controls such as prohibiting keyboard input and file uploads to avert phishing attacks and credential theft on high risk and unknown websites.

Challenges defending against unknown threats

Administrators protecting their teams from threats on the open Internet typically implement a Secure Web Gateway (SWG) to filter Internet traffic based on threat intelligence feeds. This is effective at mitigating known threats. In reality, not all websites fit neatly into malicious or non-malicious categories.

For example, a parked domain with typo differences to an established web property could be legitimately registered for an unrelated product or become weaponized as a phishing attack. False-positives are tolerated by risk-averse administrators but come at the Continue reading

Introducing the Customer Metadata Boundary

Introducing the Customer Metadata Boundary
Introducing the Customer Metadata Boundary

Data localisation has gotten a lot of attention in recent years because a number of countries see it as a way of controlling or protecting their citizens’ data. Countries such as Australia, China, India, Brazil, and South Korea have or are currently considering regulations that assert legal sovereignty over their citizens’ personal data in some fashion — health care data must be stored locally; public institutions may only contract with local service providers, etc.

In the EU, the recent “Schrems II” decision resulted in additional requirements for companies that transfer personal data outside the EU. And a number of highly regulated industries require that specific types of personal data stay within the EU’s borders.

Cloudflare is committed to helping our customers keep personal data in the EU. Last year, we introduced the Data Localisation Suite, which gives customers control over where their data is inspected and stored.

Today, we’re excited to introduce the Customer Metadata Boundary, which expands the Data Localisation Suite to ensure that a customer’s end user traffic metadata stays in the EU.

Metadata: a primer

“Metadata” can be a scary term, but it’s a simple concept — it just means “data about data.” In other Continue reading

How Vitamin C Improves Stress Resilience at Work

We all go through stressful situations at work. It is important to find ways to manage stress and relieve the symptoms of it when we are feeling overwhelmed. In this blog post, we will discuss how Vitamin C can improve your resilience in stressful situations at work. We will share with you the benefits of taking a Vitamin C supplement and explain why it is important for workplace health. Let’s get started.

Vitamin C Is an Essential Nutrient

Vitamin C is an essential nutrient that our body cannot produce on its own. We need to get Vitamin C from dietary sources or supplements, because it plays a key role in many processes of the human body. It strengthens the immune system and helps with wound healing by forming collagen (the protein found in connective tissues). Vitamin C also supports healthy vision and bone health. At work, we are exposed to all kinds of stressors which deplete our bodies’ stores of nutrients like Vitamin C. This can result in reduced immunity and poor recovery after illness or injury – both conditions that make us less productive at work! There are some simple ways you can improve your resilience when faced with Continue reading