Closing the Shutters on EtherealMind 

I've been publishing on Etherealmind for more than ten years and its been quite a journey. I've changed and its time move on.

The post Closing the Shutters on EtherealMind  appeared first on EtherealMind.

MEF Unveils Long-Awaited SD-WAN Standard

How to avoid using RDP in Windows

Several new vulnerability disclosures in Windows Remote Desktop Protocol suggest it’s time to stop using it. Here’s how.

Brief History of VMware NSX

I spent a lot of time during this summer figuring out the details of NSX-T, resulting in significantly updated and expanded VMware NSX Technical Deep Dive material… but before going into those details let’s do a brief walk down the memory lane ;)

You might remember a startup called Nicira that was acquired by VMware in mid-2012… supposedly resulting in the ever-continuing spat between Cisco and VMware (and maybe even triggering the creation of Cisco ACI).

Real-world backup woes and how to fix them

Data backup and restoration can be somewhat of a black-box effort. You often don’t know whether you fully nailed it until disaster strikes, and there is always room for improvement, especially as cloud and hybrid options grow. We asked four network professionals to share what made them realize they should do more to bolster their organization’s backup and recovery processes, and how they made that happen. Here are their stories.To read this article in full, please click here(Insider Story)

Real-world backup woes and how to fix them

Data backup and restoration can be somewhat of a black-box effort. You often don’t know whether you fully nailed it until disaster strikes, and there is always room for improvement, especially as cloud and hybrid options grow. We asked four network professionals to share what made them realize they should do more to bolster their organization’s backup and recovery processes, and how they made that happen. Here are their stories.To read this article in full, please click here(Insider Story)

VMware Cloud on AWS: NSX and Avi Networks Load Balancing and Security

Authors and Contributors

I want to thank both Bhushan Pai, and Matt Karnowski, who joined VMware from the Avi Networks acquisition, for helping with the Avi Networks setup in my VMware Cloud on AWS lab and helping with some of the details in this blog.

Humair Ahmed, Sr. Technical Product Manager, VMware NSBU
Bhushan Pai, Sr. Technical Product Manager, VMware NSBU
Matt Karnowski , Product Line Manager, VMware NSBU

With the recent acquisition of Avi Networks, a complete VMware solution leveraging advanced load balancing and Application Delivery Controller (ADC) capabilities can be leveraged. In addition to load balancing, these capabilities include global server load balancing, web application firewall (WAF) and advanced analytics and monitoring.

In this blog, we walk through an example of how the Avi Networks load balancer can be leveraged within a VMware Cloud on AWS software-defined data center (SDDC).

Continue reading

Linux Foundation Powers Up on IBM’s OpenPOWER

Breakthroughs bring a quantum Internet closer

Breakthroughs in the manipulation of light are making it more likely that we will, in due course, be seeing a significantly faster and more secure Internet. Adoption of optical circuits in chips, for example, to be driven by quantum technologies could be just around the corner.Physicists at the Technical University of Munich (TUM), have just announced a dramatic leap forward in the methods used to accurately place light sources in atom-thin layers. That fine positioning has been one block in the movement towards quantum chips.To read this article in full, please click here

AfPIF 2019 Kicks Off in Balaclava, Mauritius

The tenth meeting of Africa Peering and Interconnection Forum (AfPIF) kicked off in Balaclava, Mauritius, with participants celebrating the achievements and looking forward to further collaboration.

Andrew Sullivan, the President and CEO of the Internet Society, opened by highlighting the importance of the meeting, which helps create a community that supports the growth of the Internet in Africa, identifies challenges, and ensures that understanding spreads.

In his speech, he noted that traffic exchanged inside Africa has expanded enormously as a result of the work done by AfPIF over the years. One of AfPIF goals is to increase the level of local content exchanged locally to 80% by 2020.

Sullivan, who has extensive experience working with international Internet bodies, emphasized the need for a robust community in Africa, led by Af-IX, that will continue working together to ensure that the Internet is built in Africa, according to the needs of Africans and the African network experience.

The annual meeting, brings together chief technology officers, peering coordinators and business development managers from the African region, Internet service providers and operators, telecommunications policymakers and regulators, content providers, Internet exchange point (IXP) operators, infrastructure providers, data center managers, National Research and Education Networks (NRENs), Continue reading

FCC Issues Scathing Report on 37-Hour CenturyLink Outage

A guided tour of Linux file system types

While it may not be obvious to the casual user, Linux file systems have evolved significantly over the last decade or so to make them more resistant to corruption and performance problems.Most Linux systems today use a file system type called ext4. The “ext” part stands for “extended” and the 4 indicates that this is the 4th generation of this file system type. Features added over time include the ability to provide increasingly larger file systems (currently as large as 1,000,000 TiB) and much larger files (up to 16 TiB), more resistance to system crashes and less fragmentation (scattering single files as chunks in multiple locations) which improves performance.To read this article in full, please click here

The Tale of the Mysterious Traceroute

If you follow me on Twitter ( https://twitter.com/danieldibswe), you know I have been doing a lot of SD-WAN lately and I recently built my own lab. In this lab, I wanted to try a feature known as service chaining. What is service chaining? It’s a method of sending traffic through one or more services, such as a firewall, before the traffic takes the “normal” path towards its destination.

Before we dive deeper in, let me show the topology in use:

When I tested this feature, the data plane was working perfectly but my traceroute looked very strange. The traceroute was also not finishing.

root@B1-S1:/# traceroute 10.1.2.10
traceroute to 10.1.2.10 (10.1.2.10), 30 hops max, 60 byte packets
 1  10.1.1.1 (10.1.1.1)  6.951 ms  36.355 ms  39.604 ms
 2  10.1.0.2 (10.1.0.2)  11.775 ms  15.047 ms  15.535 ms
 3  10.0.0.18 (10.0.0.18)  28.540 ms  28.538 ms  28.532 ms
 4  10.1.2.10 (10.1.2.10)  41.748 ms  41.746 ms  41.736  Continue reading

Cybersecurity Tech Accord Adopts Bug Disclosure Policies

Network Equipment Market Positioned for Five Years of Growth

Deep Dive: How Healthcare Organizations Practice Privacy and Security

In April, the Online Trust Alliance published the 11th annual Online Trust Audit assessing the security and privacy of 1,200 top organizations across several industry sectors. For the first time, this year’s Audit covered 100 of the top healthcare organizations, including lab testing companies, pharmacies, hospital chains, and insurance providers. 

How did they do?

Since this is the first year these organizations were included, we do not have historical comparisons, but we can compare how healthcare sites fared against the other audited sectors. Overall, 57% of healthcare sites made this year’s Honor Roll, the lowest of all the sectors we studied. By far the most common reason for failure in the healthcare sector was weak email security (35%, nearly triple the overall average). Failure due to privacy was better than average, while failure due to site security was slightly worse than average. 

Email Security

SPF and DKIM help protect against forged email. Overall 87% of healthcare organizations had SPF on their top-level domain and 67% had DKIM (the lowest of any sector, and the main source of healthcare’s failing scores).  DMARC builds on SPF and DKIM results, provides a means for feedback reports, and adds visibility for Continue reading

Druva Adds Smart Storage Tiering, Disaster Recovery

DDoS Mitigation and BGP Flowspec

The post DDoS Mitigation and BGP Flowspec appeared first on Noction.

BrandPost: A Compelling Justification for Your Business-driven SD-WAN Investment at Your Fingertips!

This is the second of a two-part blog series that explores how enterprise IT leaders can effectively measure the return on SD-WAN investments. In my first installment of this series, I discussed how IT leaders can make a business case for moving from a traditional router-centric architecture to a business-first networking model SD-WAN, like the one delivered by Silver Peak. According to a recent report by IDC[1], the SD-WAN market is poised to reach $5.25 Billion in 2023. The report also predicts the SD-WAN industry to grow at a compound annual growth rate (CAGR) of 30.8 percent from 2018 to 2023, and that is driving a lot of attention to this new way of deploying WAN infrastructure. CIOs are asking how and why they will use SD-WAN and how they can justify making SD-WAN investments.To read this article in full, please click here

AWS ABCs: Granting A Third-Party Access to Your Account

There can be times when you’re working on the AWS Cloud where you need to grant limited access to your account to a third-party. For example:

• A contractor or a specialist needs to perform some work on your behalf
• You’re having AWS Professional Services or a partner from the Amazon Partner Network do some work in your account
• You’re conducting a pilot with AWS and you want your friendly neighborhood Solutions Architect to review something

In each of these cases you likely want to grant the permissions the third-party needs but no more. In other words, no granting of AdministratorAccess policies because it’s easy and just works. Instead, adherence to the principle of least privilege.

This post will describe two methods–IAM users and IAM roles–for proving limited access to third-parties.

Comparing the Two Approaches

The big difference with the IAM user approach vs the role-based approach is the way the credentials for each entity are handed out.

IAM users have long-term credentials that only change by a manual action (either the user or an administrator changes the credentials). Those credentials will continue to provide access to the account until they’re either changed or the user is disabled/deleted.

By contrast, roles Continue reading