Archive

Category Archives for "Networking"

Ansible + ServiceNow Part 2: Parsing facts from network devices using PyATS/Genie

blog_ansible-and-service-now-part2

This blog is part two in a series covering how Red Hat Ansible Automation can integrate with ticket automation. This time we’ll cover dynamically adding a set of network facts from your switches and routers and into your ServiceNow tickets. If you missed Part 1 of this blog series, you can refer to it via the following link: Ansible + ServiceNow Part 1: Opening and Closing Tickets.

Suppose there was a certain network operating system software version that contained an issue you knew was always causing problems and making your uptime SLA suffer. How could you convince your management to finance an upgrade project? How could you justify to them that the fix would be well worth the cost? Better yet, how would you even know?

A great start would be having metrics that you could track. The ability to data mine against your tickets would prove just how many tickets were involved with hardware running that buggy software version. In this blog, I’ll show you how to automate adding a set of facts to all of your tickets going forward. Indisputable facts can then be pulled directly from the device with no chance of mistakes or accidentally being overlooked Continue reading

Securing infrastructure at scale with Cloudflare Access

Securing infrastructure at scale with Cloudflare Access

I rarely have to deal with the hassle of using a corporate VPN and I hope it remains this way. As a new member of the Cloudflare team, that seems possible. Coworkers who joined a few years ago did not have that same luck. They had to use a VPN to get any work done. What changed?

Cloudflare released Access, and now we’re able to do our work without ever needing a VPN again. Access is a way to control access to your internal applications and infrastructure. Today, we’re releasing a new feature to help you replace your VPN by deploying Access at an even greater scale.

Access in an instant

Access replaces a corporate VPN by evaluating every request made to a resource secured behind Access. Administrators can make web applications, remote desktops, and physical servers available at dedicated URLs, configured as DNS records in Cloudflare. These tools are protected via access policies, set by the account owner, so that only authenticated users can access those resources. These end users are able to be authenticated over both HTTPS and SSH requests. They’re prompted to login with their SSO credentials and Access redirects them to the application or server.

Continue reading

TOGAF 9 Certified

After passing more technical certification tests than I care to count, the concept of studying for a non-technical exam seemed surreal. Studying for exam that was not going to teach or test me about protocols, signals, or configurations just sounded so foreign. I do have to admit that there were doubts, the thought of studying […]

Worst DNS attacks and how to mitigate them

The Domain Name System remains under constant attack, and there seems to be no end in sight as threats grow increasingly sophisticated.DNS, known as the internet’s phonebook, is part of the global internet infrastructure that translates between familiar names and the numbers computers need to access a website or send an email. While DNS has long been the target of assailants looking to steal all manner of corporate and private information, the threats in the past year or so indicate a worsening of the situation.To read this article in full, please click here

Worst DNS attacks and how to mitigate them

The Domain Name System remains under constant attack, and there seems to be no end in sight as threats grow increasingly sophisticated.DNS, known as the internet’s phonebook, is part of the global internet infrastructure that translates between familiar names and the numbers computers need to access a website or send an email. While DNS has long been the target of assailants looking to steal all manner of corporate and private information, the threats in the past year or so indicate a worsening of the situation.To read this article in full, please click here

The Field Guide to the Cloud Networking Sessions at VMworld 2019

Meet the expanded VMware NSX Product Family

Last year, we expanded the VMware NSX family of products to include NSX Data Center, NSX Cloud, AppDefense, VMware SD-WAN by Velocloud, NSX Hybrid Connect and NSX Service Mesh. This year, AVI Networks has joined our family. 

With the combined portfolio, we’re delivering on the Virtual Cloud Network vision of connecting, automating and protecting applications and data, regardless of where they are— from the data center, to the cloud and the edge. NSX delivers the full L2-services, enabling the public cloud experience for on-premises environments. 

Join us at VMworld US 2019

We will have an exciting line-up for VMworld US 2019Our engineers, technologists and customers will be speaking on 80+ topics throughout the conference spanning beginner to advanced levels throughout the conference. Some session topics include:

  • Multi-cloud Networking
  • Container Networking
  • Multi-site Networking
  • Network Automation
  • Service Mesh 

Cloud Networking Sessions at VMworld

In this post, we will focus on our cloud networking sessions and showcase keynotes. Use this handy guide to begin planning your exciting week and bookmark the sessions you want to attend. 

If you’re interested in security focused sessions, read the blog Continue reading

Smart cities offer window into the evolution of enterprise IoT technology

Powering smart cities is one of the most ambitious use cases for the internet of things (IoT), combining a wide variety of IoT technologies to create coherent systems that span not just individual buildings or campuses but entire metropolises. As such, smart cities offer a window into the evolution of enterprise IoT technologies and implementations on the largest scale.And that’s why I connected with Christophe Fourtet, CSO and co-founder of Sigfox, a French global network operator, to learn more about using wireless networks to connect large numbers of low-power objects, ranging from smartwatches to electricity meters. (And I have to admit I was intrigued by the 0G network moniker, which conjured visions of weightless IoT devices floating in space, or maybe OG-style old-school authenticity. That’s not at all what it’s about, of course.)To read this article in full, please click here

A Tale of Two (APT) Transports

A Tale of Two (APT) Transports

Securing access to your APT repositories is critical. At Cloudflare, like in most organizations, we used a legacy VPN to lock down who could reach our internal software repositories. However, a network perimeter model lacks a number of features that we consider critical to a team’s security.

As a company, we’ve been moving our internal infrastructure to our own zero-trust platform, Cloudflare Access. Access added SaaS-like convenience to the on-premise tools we managed. We started with web applications and then moved resources we need to reach over SSH behind the Access gateway, for example Git or user-SSH access. However, we still needed to handle how services communicate with our internal APT repository.

We recently open sourced a new APT transport which allows customers to protect their private APT repositories using Cloudflare Access. In this post, we’ll outline the history of APT tooling, APT transports and introduce our new APT transport for Cloudflare Access.

A brief history of APT

Advanced Package Tool, or APT, simplifies the installation and removal of software on Debian and related Linux distributions. Originally released in 1998, APT was to Debian what the App Store was to modern smartphones - a decade ahead of its time!

Continue reading

BrandPost: Assessing Your Current WAN State is Key to Making Effective Changes

If your wide-area network (WAN) has been with you for many years, it may be time to think about an upgrade, especially given the emergence of technologies such as software-defined WANs (SD-WAN). But rather than just dive in, assuming SD-WAN will be a good fit, it’s helpful to perform an assessment of your current situation and what outcomes you’d like to see out of an upgrade.Making this type of assessment means asking a series of questions, the answers to which may – or may not – lead you toward adopting SD-WAN technology. To learn what sort of questions to ask, I talked with Mike Lawson, Manager of SD-WAN/NFV Solutions Architecture for CenturyLink, a global network provider.Lawson spends his time in the trenches with network architects and customers, accumulating an excellent sense of whether a company is a good candidate for SD-WAN.To read this article in full, please click here

I Was A 10x Engineer. And I’m Sorry.

You probably saw the big discussion this past weekend on Twitter about 10x Engineers. It all started with a tweet about how to recognize a 10x Engineer, followed by tons of responses about how useless they were and how people that had encountered them were happy to be rid of them. All that discussion made me think back to my old days as a Senior Network Rock Star. As I reminisced I realized that I was, in fact, a 10x Engineer. And I was miserable.

Pour Some Work On Me

I wasn’t always the epitome of engineering hatred. I used to be a wide-eyed technician with a hunger to learn things. I worked on a variety of systems all over the place. In fact, I was rising through the ranks of my company as a Novell Engineer in an environment with plenty of coverage. I was just learning the ropes and getting ready to take my place in a group of interchangeable people.

Then I started getting into networking. I spent more time learning about routers and switches and even firewalls. That meant that my skill set was changing from servers to appliances. It also meant that I was Continue reading

Campus design feature set-up : Part 6

I’ve been going through how to set up the CL 3.7.5 campus feature: Multi-Domain Authentication in a 6-part blog series and I’m happy to say we’ve made it to the last one.

If you’ve stuck with me through this series, you’d know that in blogs 1-5 we had guides for Wired 802.1x using Aruba ClearPass, Wired MAC Authentication using Aruba ClearPass, Multi-Domain Authentication using Aruba ClearPass, Wired 802.1x using Cisco ISE and Wired MAC Authentication using Cisco ISE

Now that we’re at the end of the road, this final guide will enable Multi-Domain Authentication in Cumulus Linux 3.7.5+ using Cisco ISE (Identity Services Engine) 2.4, Patch 8.

Keep in mind that this step-by-step guide assumes that you have already performed an initial setup of Cisco ISE and read part four and part five of this blog series.

Over the past year, Cumulus Networks has made a concerted effort to expand the breadth and scope of the campus features within Cumulus Linux. Hot off the press in 3.7.5 is one of those features, Multi-Domain Authentication (MDA).

Classically, MDA allows for a Voice VLAN and Data VLAN to be configured Continue reading

1 993 994 995 996 997 3,443