Simplify your micro-segmentation implementations

Micro–segmentation is a critical component of Zero Trust. But, historically, micro-segmentation has been fraught with operational challenges and limited by platform capabilities.  

Not anymore.  

VMware NSX enables a new framework and firewall policy model that allows applications to define access down to the workload level. NSX does this by understanding application topologies and applying appropriate policy per workload. Creating zones in the data center where you can separate traffic by application simultaneously helps stop the spread of lateral threats, create separate development, test, and production environments, and meet certain compliance requirements. 

VMworld attendees who want to learn more about how to set up micro-segmentation in their data centers should consider the following sessions: 

Permit This, Deny That – Design Principles for NSX Distributed Firewall (ISNS2315D) 

Micro-segmentation is something that is certainly easier said than done. Although micro-segmentation allows applications to define access down to the component level, the operation of such an environment can be daunting without structure and guidance. In this session, you’ll learn how to develop a Continue reading

IBM set to spin-off managed service business to focus on hybrid cloud

IBM doesn’t want any distractions on the road to becoming a prodigious hybrid-cloud player, and today it eliminated one of those diversions by spinning off the $19 billion Managed Infrastructure Services unit of its Global Technology Services division.The move creates an as-yet-unnamed firm, tentatively dubbed “NewCo,” which won’t actually be created until 2021 but will quickly be a big provider of managed infrastructure services. It will employ about 90,000 staffers, have more than 4,600 clients in 115 countries—including more than 75% of the Fortune 100—have a backlog of $60 billion in orders, and more than twice the scale of its nearest competitor, IBM stated. That would include Accenture, Fujitsu and Huawei.To read this article in full, please click here

Community Networks: Improving Connectivity for All in Haiti

The COVID-19 pandemic reminds us of the historic transition brought about by the Internet. Its place is real in our lives today and tomorrow. Celebrate, pray, play, study, work, express yourself … these verbs have been conjugated thousands of times everywhere thanks to the Internet. In Haiti, many suffer from the glaring inequality between Internet access in rural and urban areas. It is clear that tackling these problems comes down to building a safe path towards decentralization of Internet infrastructure here.

The mission of the Internet Society Haiti Chapter (ISOC Haiti) is to promote, on Haitian territory and for the benefit of all, the conditions and tools conducive to the development of an information and knowledge society – respectful of Haitian culture and values. Since 1804, our nation has raised its voice for freedom and equality so that every person may live free and in dignity, while banishing Black slavery on our land. Our motto, ‘’unity is strength,’’ reminds us that together we can achieve unimaginable things to change this nation. ISOC Haiti ​​is aware of the challenges and believes it is time for a sustainable plan of action – and not for speech.

Poor quality and expensive Internet access Continue reading

Meet SONiC, the new NOS (definitely not the same as the old NOS)

The open-sourced Software for Open Networking in the Cloud (SONiC) NOS is rapidly growing a community of developers and users that could change the way many networks are run by large enterprises, hyperscalers and service providers.The Linux-based NOS, developed and open sourced by Microsoft in 2017, decouples network software from the underlying hardware and lets it run on switches and ASICs from multiple vendors while supporting a full suite of network features such as Border Gateway Protocol (BGP), remote direct memory access (RDMA), QoS, and  other Ethernet/IP technologies.One of the keys to SONiC is its the switch-abstraction Interface, which defines an API to provide a vendor-independent way of controlling forwarding elements such as a switching ASIC, an NPU or a software switch in a uniform manner, according to the SONiC GitHub community site.To read this article in full, please click here

Link State in DC Fabrics

If you don’t normally read IPJ, you should. Melchoir and I have an article up in the latest edition on link state in DC fabrics.

To make a case for linkstate protocols in DC fabric underlays, an extensive examination of the positive and negative aspects of BGP—and the other available protocols—is essential. Ultimately, it is up to individual operators to decide which protocol is “the best” for their application, a decision based on business and operational—as well as technical—reasons.

Read the whole thing here.

3 Ways Companies are Working on Security by Design

Tier 1 Carriers Performance Report: September, 2020

The post Tier 1 Carriers Performance Report: September, 2020 appeared first on Noction.

Network Automation Products for Brownfield Deployments

Got this question from one of my long-time readers:

I am looking for commercial SDN solutions that can be deployed on top of brownfield networks built with traditional technologies (VPC/MLAG, STP, HSRP) on lower-cost networking gear, where a single API call could create a network-wide VLAN, or apply that VLAN to a set of ports. Gluware is one product aimed at this market. Are there others?

The two other solutions that come to mind are Apstra AOS and Cisco NSO. However, you probably won’t find a simple solution that would do what you want to do without heavy customization as every network tends to be a unique snowflake. 

Network Automation Products for Brownfield Deployments

Got this question from one of my long-time readers:

I am looking for commercial SDN solutions that can be deployed on top of brownfield networks built with traditional technologies (VPC/MLAG, STP, HSRP) on lower-cost networking gear, where a single API call could create a network-wide VLAN, or apply that VLAN to a set of ports. Gluware is one product aimed at this market. Are there others?

The two other solutions that come to mind are Apstra AOS and Cisco NSO. However, you probably won’t find a simple solution that would do what you want to do without heavy customization as every network tends to be a unique snowflake. 

Extend Your Fortinet FortiManager to Kubernetes

Companies are leveraging the power of Kubernetes to accelerate the delivery of resilient and scalable applications to meet the pace of business. These applications are highly dynamic, making it operationally challenging to securely connect to databases or other resources protected behind firewalls.

Visibility into Kubernetes Infrastructure is Essential

Lack of visibility has compliance implications. Like any on-premises or cloud-based networked services, Kubernetes production containers must address both organizational and regulatory security requirements. If compliance teams can’t trace the history of incidents across the entire infrastructure, they can’t adequately satisfy their audit requirements. To enable the successful transition of Kubernetes pilot projects to enterprise-wide application rollouts, companies must be able to extend their existing enterprise security architecture into the Kubernetes environment.

In response, Fortinet and Tigera jointly developed a suite of Calico Enterprise solutions for the Fortinet Security Fabric that deliver both north-south and east-west visibility and help ensure consistent control, security, and compliance. Key among these integrations is the FortiManager Calico Kubernetes Controller, which enables Kubernetes cluster management from the FortiManager centralized management platform in the Fortinet Fabric Management Center.

View and Control the Kubernetes Environment with FortiManager

The FortiManager Calico Kubernetes Controller translates FortiManager policies into granular Kubernetes network Continue reading

Pluribus goes big to support larger, multi-vendor data center networks

Pluribus has fine-tuned its switch fabric software to support larger, distributed multi-vendor data centers. Specifically, the company has enabled its Adaptive Cloud Fabric to scale from its current level of support for 64 nodes to up to 1,024 switches in a unified fabric. The scale-up is part of the company's recently upgraded core network operating system, Netvisor One, which is a virtualized Linux-based NOS that provides Layer 2 and Layer 3 networking and distributed fabric intelligence. The NOS virtualizes switch hardware and implements the company's Adaptive Cloud Fabric. Adaptive Cloud Fabric operates without a controller and can be deployed across a single data center, or targeted to specific racks, pods, server farms or hyperconverged infrastructures, the company said.To read this article in full, please click here

Pluribus goes big to support larger, multi-vendor data center networks

Pluribus has fine-tuned its switch fabric software to support larger, distributed multi-vendor data centers. Specifically, the company has enabled its Adaptive Cloud Fabric to scale from its current level of support for 64 nodes to up to 1,024 switches in a unified fabric. The scale-up is part of the company's recently upgraded core network operating system, Netvisor One, which is a virtualized Linux-based NOS that provides Layer 2 and Layer 3 networking and distributed fabric intelligence. The NOS virtualizes switch hardware and implements the company's Adaptive Cloud Fabric. Adaptive Cloud Fabric operates without a controller and can be deployed across a single data center, or targeted to specific racks, pods, server farms or hyperconverged infrastructures, the company said.To read this article in full, please click here

Intel, Nvidia launch new networking processor initiatives

In recent days Intel and Nvidia have introduced or announced new networking products with a common goal of offloading networking traffic to the network processor, thus freeing up the CPU for computational work.Intel announced a new networking initiative to capitalize on what it calls “a perfect storm of 5G, edge buildout and pervasive artificial intelligence” with an expanded lineup of hardware, software and solutions for network infrastructure.This includes enhancements to Intel’s software reference architecture, FlexRAN; Intel virtualized radio access network (vRAN) dedicated accelerator; network-optimized next-generation Intel Xeon Scalable and D processors (codenamed “Ice Lake”); and upgraded Intel Select Solutions for Network Function Virtualization Infrastructure (NFVI).To read this article in full, please click here

Intel, Nvidia launch new networking processor initiatives

In recent days Intel and Nvidia have introduced or announced new networking products with a common goal of offloading networking traffic to the network processor, thus freeing up the CPU for computational work.Intel announced a new networking initiative to capitalize on what it calls “a perfect storm of 5G, edge buildout and pervasive artificial intelligence” with an expanded lineup of hardware, software and solutions for network infrastructure.This includes enhancements to Intel’s software reference architecture, FlexRAN; Intel virtualized radio access network (vRAN) dedicated accelerator; network-optimized next-generation Intel Xeon Scalable and D processors (codenamed “Ice Lake”); and upgraded Intel Select Solutions for Network Function Virtualization Infrastructure (NFVI).To read this article in full, please click here

Broadcom Mirror on Drop (MoD)

Using Advanced Telemetry to Correlate GPU and Network Performance Issues

Day Two Cloud 069: The Life Of A Site Reliability Engineer (SRE)

Day Two Cloud 069: The Life Of A Site Reliability Engineer (SRE)

On today's Day Two Cloud podcast we talk with a real-live SRE, or Site Reliability Engineer, who works in an IT group that delivers applications using DevOps principles as part of their day-to-day work. Our guest is James Quigley, SRE at Bloomberg. He and his team builds infrastructure and tooling for application and infrastructure teams to develop for the public cloud.

The post Day Two Cloud 069: The Life Of A Site Reliability Engineer (SRE) appeared first on Packet Pushers.

The Hedge Podcast #55: Nick Carter and Flock Networks

Nick Carter joins Tom and I to discuss Flock Networks. What is Flock Networks?

The Flock Networks IP routing suite is designed for unparalleled performance and massive scale. It has been implemented from scratch so it can excel on modern hardware. Each component of the IP routing suite is able to run in parallel, without being slowed down or interrupted by any other component.

download

The Internet of Food

This abridged article by Francisca Hector was originally published in Tasty Bytes.

Arguably food is the most important item on the planet. The current food system; however, has many inefficiencies and food security continues to be a global challenge.

In addition to this, conscious consumption has reached new heights as consumers demand that their food is not only safe, nutritious, and affordable, but they also want to ensure that their food is ethically sourced and the harvesting and production processes reduce waste.

For many, there is the belief that the food system needs to be fundamentally disrupted. While there have been some attempts to use technology to make better decisions around food, these technologies are not widely available. Without widespread availability and adoption, the impact of any technology is hard to ascertain.

This and other concerns are what spurred the creation of The Internet Society Special Interest Group for the Internet of Food (SIG-IOF), which is a discussion room for next-gen Internet backbone standards for digital aspects of food. In short, that means that when food goes data, this group would like to facilitate the Internet standards for how that data is handled.

With 110 chapters located all over Continue reading