Gartner Cancels Conferences losing >260MM in 2020 revenues
Cancelled or postponed all conferences scheduled through August 2020.
The post Gartner Cancels Conferences losing >260MM in 2020 revenues appeared first on EtherealMind.
Speeding up Linux disk encryption
Data encryption at rest is a must-have for any modern Internet company. Many companies, however, don't encrypt their disks, because they fear the potential performance penalty caused by encryption overhead.
Encrypting data at rest is vital for Cloudflare with more than 200 data centres across the world. In this post, we will investigate the performance of disk encryption on Linux and explain how we made it at least two times faster for ourselves and our customers!
Encrypting data at rest
When it comes to encrypting data at rest there are several ways it can be implemented on a modern operating system (OS). Available techniques are tightly coupled with a typical OS storage stack. A simplified version of the storage stack and encryption solutions can be found on the diagram below:
On the top of the stack are applications, which read and write data in files (or streams). The file system in the OS kernel keeps track of which blocks of the underlying block device belong to which files and translates these file reads and writes into block reads and writes, however the hardware specifics of the underlying storage device is abstracted away from the filesystem. Finally, the block subsystem actually Continue reading
SD-WAN: A Service Provider Perspective
A reader of my blog was “blessed” with hands-on experience with SD-WAN offered by large service providers. Based on that experience he sent me his views on whether that makes sense. Enjoy ;)
We all have less-than-stellar opinion on service providers and their offerings. Its well known that those services are expensive and usually lacking quality, experience, or simply, knowledge. This applies to regular MPLS/BGP techniques as to - currently, the new challenge - SD-WAN.
Cockroach Labs Defends Default Congif of AWS, Azure, GCP Test
“Ultimately, each cloud can’t hide from public, open-source benchmarks,” said Cockroach Labs'...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
How Fortinet and Tigera Protect Kubernetes in the Enterprise
What Problems are We Solving?
Container use continues to grow, and Kubernetes is the most widely adopted container orchestration system, managing nearly half of all container deployments.1 Successful integration of container services within the enterprise depends heavily on access to external resources such as databases, cloud services, third-party application programming interfaces (APIs), and other applications. All this egress activity must be controlled for security and compliance reasons. In a recent container adoption survey, 61% of correspondents, a super-majority, listed data security as their top challenge.2
Kubernetes Requires a Different Approach to Access Control
Traditional IP-based access control doesn’t work in Kubernetes, where workloads are ephemeral, typically stateless, and use short-term IP addresses. While the Calico Enterprise security management interface provides customized control within the Kubernetes environment, using Calico Enterprise security in isolation from existing enterprise network security leaves organizations with disparate policy-enforcement regimes.
Disparate Network Security Systems Introduce Unwanted Complexity
Maintaining two separate network security systems hinders visibility into routing and connectivity within and between Kubernetes clusters. This complicates the process of troubleshooting issues that span Kubernetes and external environments. Because enterprise monitoring tools lack Kubernetes context, the impact of security policy changes are hard to predict, and Continue reading
Daily Roundup: Intel Warns of Financial Hit
Intel warned of financial hit; Attackers exploited remote-code execution vulnerabilities in...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Intel Warns Pandemic Could Erode Financials, Halts Stock Buybacks
There remains "considerable uncertainty" as to how measures taken by world governments to control...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Red Hat OpenShift Serverless Inches Closer to GA
The platform is based on the Knative project, which continues to be a lightning rod of controversy...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Automate, orchestrate, survive: treating your network as a holistic entity
Organizations need to learn to think about networks as holistic entities. Networks are more than core routers or top-of-rack (ToR) switches. They’re composed of numerous connectivity options, all of which must play nice with one another. What role does automation play in making network heterogeneity viable? And does getting all the pieces from a single vendor really make management easier if that vendor has 15 different operating systems spread across their lineup of network devices?
Most network administrators are used to thinking about their networks in terms of tiers. Access is different from branch, which is different from campus, and so forth. Datacenter is something different again, and then there’s virtual networking complicating everything.
With networks being so big and sprawling that they frequently occupy multiple teams, it’s easy to focus on only one area at a time. Looking at the network holistically—both as it exists, and as it’s likely to evolve—is a much more complicated process, and increasingly important.
Networks grow, evolve and change. Some of this is organic; growth of the organization necessitates the acquisition of new equipment. Other times growth is more unmanaged; something that’s especially common with mergers and acquisitions (M&As).
Regardless of reason, change in Continue reading
Kubernetes testbed
Application development is greatly simplified if you can emulate the infrastructure you want to monitor on your development machine. Docker testbed describes a simple way to develop sFlow based visibility solutions. This article describes how to build a Kubernetes testbed to develop and test configurations before deploying solutions into production.
Create the following sflow-rt.yml file:
apiVersion: v1Run the Continue reading
kind: Service
metadata:
name: sflow-rt-sflow
spec:
type: NodePort
selector:
name: sflow-rt
ports:
- protocol: UDP
port: 6343
---
apiVersion: v1
kind: Service
metadata:
name: sflow-rt-rest
spec:
type: LoadBalancer
selector:
name: sflow-rt
ports:
- protocol: TCP
port: 8008
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sflow-rt
spec:
replicas: 1
selector:
matchLabels:
name: sflow-rt
template:
metadata:
labels:
name: sflow-rt
spec:
containers:
- name: sflow-rt
image: sflow/prometheus:latest
ports:
- name: http
protocol: TCP
containerPort: 8008
- name: sflow
protocol: UDP
containerPort: 6343
Microsoft Warns of Attacks Exploiting Zero-Day Flaws
Microsoft said it’s “aware of limited targeted attacks” using the remote-code execution...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Global Pandemic Strains 5G Supply Chain
Vendors that are projecting stability amid unprecedented calamity and uncertainty face bottlenecks...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Full Stack Journey 040: Learning To Work From Home
A panel of guests share tips, tools, and best practices for working from home in the latest episode of Full Stack Journey. Host Scott Lowe speaks to Puja Abbassi, Lisa Caywood, Simon Crosby, and John Teresick about the challenges and rewards of daily life in the home office.
The post Full Stack Journey 040: Learning To Work From Home appeared first on Packet Pushers.
Full Stack Journey 040: Learning To Work From Home
A panel of guests share tips, tools, and best practices for working from home in the latest episode of Full Stack Journey. Host Scott Lowe speaks to Puja Abbassi, Lisa Caywood, Simon Crosby, and John Teresick about the challenges and rewards of daily life in the home office.
The Bandwidth Alliance Charges Forward with New Partners – Alibaba, Zenlayer, and Cherry Servers
We started the Bandwidth Alliance in 2018 with a group of like-minded cloud and networking partners. Our common goal was to help our mutual customers reduce or eliminate data transfer charges, sometimes known as "bandwidth” or “egress” fees, between the cloud and the consumer. By reducing or eliminating these costs, our customers can more easily choose a best of breed set of solutions because they don’t have to worry about data charges from moving workloads between vendors, and thereby becoming locked-in to a single provider for all their needs. Today we’re announcing an important milestone: the addition of Alibaba, Zenlayer, and Cherry Servers to the Bandwidth Alliance, expanding it to a total of 20 partners. These partners offer our customers a wide choice of cloud services and products each suited to different needs.
In addition, we are working with our existing partners including Microsoft Azure, Digital Ocean and several others to onboard customers and provide them the benefits of the Bandwidth Alliance. Contact us at [email protected] if you are interested.
Customer savings
Over the past year we have seen several customers take advantage of the Bandwidth Alliance and wanted to highlight two examples.
Nodecraft, which Continue reading
A Backdoor Is a Backdoor Is a Backdoor
Beware of false promises and threats to encryption security online.
It’s easy to understand why United States Federal Bureau of Investigation (FBI) Director Christopher Wray would ask companies to provide a means for law enforcement to access private data and communications.
“We’re all for strong encryption and… we are not advocating for ‘backdoors,'” he said at recent cyber security conference. “We’ve been asking for providers to make sure that they, themselves, maintain some kind of access to the encrypted data we need, so that they can still provide it in response to a court order.”
We all want to thwart criminals from using the Internet for harm. But here’s the catch: despite Wray’s claims, there is no way to comply with his request without breaking the security we all rely on to keep people, communications, and data safe online.
No matter what you call it, a backdoor is a backdoor. Any method that gives a third-party access to encrypted data creates a major vulnerability that weakens the security of law-abiding citizens and the Internet at large.
Encryption is essential to security online.
Consider how it contributes to the global effort to contain the COVID-19 pandemic. Encryption protects the electricity Continue reading
Why We Started Putting Unpopular Assets in Memory
Part of Cloudflare's service is a CDN that makes millions of Internet properties faster and more reliable by caching web assets closer to browsers and end users.
We make improvements to our infrastructure to make end-user experiences faster, more secure, and more reliable all the time. Here’s a case study of one such engineering effort where something counterintuitive turned out to be the right approach.
Our storage layer, which serves millions of cache hits per second globally, is powered by high IOPS NVMe SSDs.
Although SSDs are fast and reliable, cache hit tail latency within our system is dominated by the IO capacity of our SSDs. Moreover, because flash memory chips wear out, a non-negligible portion of our operational cost, including the cost of new devices, shipment, labor and downtime, is spent on replacing dead SSDs.
Recently, we developed a technology that reduces our hit tail latency and reduces the wear out of SSDs. This technology is a memory-SSD hybrid storage system that puts unpopular assets in memory.
The end result: cache hits from our infrastructure are now faster for all customers.
You may have thought that was a Continue reading
Mist Targets Enterprises, Retail With Data Analytics
The service is designed to address network visibility needs and help businesses gain insights from...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Automation Example: Drain a Circuit
One of the attendees of our Building Network Automation Solutions online course asked an interesting question in the course Slack team:
Has anyone wrote a playbook for putting a circuit into maintenance mode — i.e. adjusting metrics to drain traffic away from a circuit that is going to be taken down for maintenance?
As always, you have to figure out what you want to do before you can start to automating stuff.