RCN Business Chooses Versa’s Software-Defined Security
No on-premises equipment is required.
SoftLayer’s Founder Aims to Build a Security-as-a-Service Powerhouse
Another startup, but this one claims 30,000 customers.
Operationalizing Micro-segmentation – NSX Securing “Anywhere” – Part III
Welcome to part 3 of the Micro-Segmentation Defined – NSX Securing “Anywhere” blog series. This installment covers how to operationalize NSX Micro-Segmentation. Be sure to check out Part 1 on the definition of micro-segmentation and Part 2 on securing physical workloads with NSX.
This blog covers the following topics:
- Micro-segmentation design patterns
- Determining appropriate security groups and policies
- Deploying micro-segmentation
- Application lifecycle management with vRealize Automation and NSX
- Day 2 operations for micro-segmentation
Micro-segmentation design patterns
Micro-segmentation can be implemented based on various design patterns reflecting specific requirements. The NSX Distributed Firewall (DFW) can be used to provide controlled communication between workloads independent of their network connectivity. These workloads can, for example, all connect to a single VLAN. Distributed logical switches and routers can be leveraged to provide isolation or segmentation between different environments or application tiers, regardless of the underlying physical network, as well as many other benefits. Furthermore, the NSX Edge Service Gateway (ESG) can provide additional functionality such as NAT or load balancing and the NSX Service Insertion framework enables partner services such as L7 firewalling, agent-less anti-virus or IPS/IDS applied to workloads that need additional security controls.
Figure 1: Leveraging the DFW to provide Continue reading
Speed Bumps Ahead for Network Security
Traffic volumes are growing exponentially across every segment.
My Raspeberry Pi cluster
So I accidentally ordered too many Raspberry Pi's. Therefore, I built a small cluster out of them. I thought I'd write up a parts list for others wanting to build a cluster.To start with is some pics of the cluster What you see is a stack of 7 RPis. At the bottom of the stack is a USB multiport charger and also an Ethernet hub. You see USB cables coming out of the charger to power the RPis, and out the other side you see Ethernet cables connecting the RPis to a network. I've including the mouse and keyboard in the picture to give you a sense of perspective.
Here is the same stack turn around, seeing it from the other side. Out the bottom left you see three external cables, one Ethernet to my main network and power cables for the USB charger and Ethernet hub. You can see that the USB hub is nicely tied down to the frame, but that the Ethernet hub is just sort jammed in there somehow.
The concept is to get things as cheap as possible, on per unit basis. Otherwise, one might as well just buy more expensive computers. My parts Continue reading
Technology Short Take #69
Welcome to Technology Short Take #69! In this post, I’ve collected a variety of links related to major data center technology areas. This episode is a bit long; sorry about that!
Networking
- Lindsay Hill recently noted that he’s been working to add support to netmiko for the Brocade ICX and MLXe, and is looking into support for VDX. Netmiko, if you haven’t heard, is a fantastic Python library that’s really useful when writing Python-based network automation scripts.
- I mentioned a while back that I was taking a deeper look at MPLS (to which my colleague Bruce Davie—one of the creators of MPLS—jokingly quipped, “Why are you looking at legacy tech?”). Honestly, I haven’t had a great deal of time to make much progress, but I did come across this article by Sudeep Goyal which helped reinforce some of the basics I already knew. It may prove useful to others who are also seeking to improve their knowledge of MPLS.
- Peter Phaal has been writing some really interesting stuff (interesting to me, at least). First up, there’s a great article on using IPVLAN with Docker and Cumulus Linux (with a tie back to sFlow, naturally!). I’m really eager to Continue reading
Focusing on Security in the SGiLAN
Virtualization of the SGiLAN in mobile networks through the use of converged platforms can improve security.
F5 CEO to Retire (Again) as New ADCs Emerge
The Shuttle series points to the future as John McAdam points toward the exit.
Intel Forecasts a Rebound Driven by Data Centers & IoT
The company reported revenues of $13.5 billion in 2Q.
Siemplify Helps Set Up Security Playbooks
Siemplify says it can find breaches. The question is what to do next.
Security Startup GuardiCore Raises $20M
A case where deception is on your side.
Ethernet-over-VPN: What Could Possibly Go Wrong?
One of my readers sent me a link to SoftEther, a VPN solution that
[…] penetrates your network admin's troublesome firewall for overprotection. […] Any deep-packet inspection firewalls cannot detect SoftEther VPN's transport packets as a VPN tunnel, because SoftEther VPN uses Ethernet over HTTPS for camouflage.
What could possibly go wrong with such a great solution?
Read more ...Network Break 96: News From Cisco Live; A Security Debate
The latest Network Break delves into news from Cisco Live US, including new security products, a potential ACI/NSX roadmap, a call for network engineers to move away from the CLI and more! The post Network Break 96: News From Cisco Live; A Security Debate appeared first on Packet Pushers.
AT&T’s Threat Intellect Combines Security & SDN
The new service is a brew of machine learning, big data, and network policy.
Juniper Finds Another Security Flaw
It's not as bad as the Netscreen back door thing.
Bay Dynamics Raises $23M in Series B Funding
The risk analytics market is expected to grow exponentially by 2021.
Black Hat Attendees Worry about IoT Security — Just Not Right Now
Only 9 percent of respondents consider IoT security a concern this year.
OpenFlow and Firewalls Don’t Mix Well
In one of my ExpertExpress engagements the customer expressed the desire to manage their firewall with OpenFlow (using OpenDaylight) and I said, “That doesn’t make much sense”. Here’s why:
Obviously if you can't imagine your life without OpenDaylight, or if your yearly objectives include "deploying OpenDaylight-based SDN solution", you can use it as a REST-to-NETCONF translator assuming your firewall supports NETCONF.
Read more ...Docker Datacenter @ DockerCon 2016: Image security, Engine 1.12 and Burning Man…
Interested in learning more about our plans for Docker in the Enterprise and getting involved in an upcoming Docker Datacenter beta? Let’s take a deeper look. On the second day of DockerCon, the keynote used different situations to discuss enterprise use of Docker. Our CEO Ben Golub broke down several fallacies in IT, CTO Keith Fulton of ADP painted a delicious picture of microservices as chicken nuggets, and Lily and I… well, we averted a massive security disaster and got our costumes ready for Burning Man.
Aside from shiny sequined jackets (not my normal wardrobe, I promise) and Ben’s enthusiastic “business guy” cameo, we presented a prototype of the next version of Docker Datacenter, our commercial solution for running containers-as-a-service (CaaS) in an on-premises or public cloud enterprise environment. Docker Datacenter is an integrated CaaS platform to securely ship, orchestrate and manage Dockerized apps and system resources. The sneak peek during the keynote shows a prototype UI and features. Some of the things you saw may change as we get to launch but what’s important are the capabilities we are bringing to the enterprise platform.
In the keynote presentation we demonstrated these enterprise use cases:
- Deploying applications, performing rolling updates, Continue reading
Ironically, Datadog Suffers a Security Breach
Just when it was bragging about its Azure integration.