0

Extend Fortinet FortiGate to Kubernetes with Calico Enterprise 2.7

We are excited to announce the general availability of Calico Enterprise 2.7. With this release, Fortinet’s 400,000 customers can use FortiGate to enforce network security policies into and out of the Kubernetes cluster as well as traffic between pods within the cluster.

• Kubernetes workloads populate the Fortigate GUI
• The network team can then create and enforce policies in Fortigate and have them enforced as Calico Policy
• Saves time and money and lets the network team retain the firewall responsibility (which also frees up time for ITOps)

We have also added many new exciting capabilities that help platform engineers blow through barriers blocking their path to production, and advanced cybersecurity capabilities for those already running production workloads.

• Manage Network Security Across Multiple Kubernetes Clusters
• Enforce a Common Set of Security Controls Across Multiple Clusters
• Detect and Alert on Unauthorized Changes and Other Attack Vectors
• Self-Service Troubleshooting for End Users
• Detect and Prevent Malicious Data Exfiltration

Manage Network Security Across Multiple Kubernetes Clusters

As the adoption of Kubernetes continues to accelerate, our customers are seeing the number of clusters in their environments rapidly multiplying. This has created a management challenge for IT Ops teams who are constantly pushed to find ways Continue reading

0

Why I’m Excited to Join Cloudflare as its First CIO

I am delighted to share that I have joined Cloudflare as its first Chief Information Officer to help scale the company in this new phase of its business. It’s an incredibly exciting time to be joining Cloudflare, and I am grateful for the opportunity to do my part to help build a better Internet.

At one of my previous companies, I made a bet on Cloudflare to equip us with security and performance solutions across a very decentralized global set of products and services. This is something that would have been very difficult without a cloud solution like Cloudflare’s. Since then I’ve been watching Cloudflare grow, and have always been very impressed by the speed of innovation and transparency, but also how Cloudflare operates: doing the right thing, with integrity, and above all building trust with customers and partners. The “do the right thing, even if it’s hard” mentality that I saw from Cloudflare since I started doing business with them as a customer, was key for me. When I heard that Cloudflare was looking for its first CIO I was excited to have a discussion to see if I could help.

During the interview process I got a sense Continue reading

0

Getting Rusty

Early this year I wrote about returning to first principles. I think this desire to dive deeper is a natural continuation of my goal of becoming a more well-rounded technologist. While it’s good to know and exploit your strengths, I think it’s also healthy to try and fill gaps where you see them, and I feel this is an area that warrants some focus for me. One way that I’ll be working towards this focus in 2020 is learning Rust.

0

Daily Roundup: Coronavirus Cancels More Tech Events

Coronavirus canceled more tech events; Equinix paid $335 million for Packet; and Rakuten Mobile...

Read More »

0

Did We Just Attend the Last Trade Show Ever at RSA?

Security professionals tend to be at least a moderately paranoid bunch, and adding a real virus to...

Read More »

0

Xilinx SmartNIC Targets Tier-2 Cloud Providers, Telcos

Xilinx claims its smartNIC will allow customers to offload 90% of Open vSwitch processing from the...

Read More »

0

Ampere Aims For The Clouds With Altra Arm Server Chip

At this point in the history of information technology, there is no way to introduce a new processor that does not appeal to the hyperscalers and cloud builders. …

Ampere Aims For The Clouds With Altra Arm Server Chip was written by Timothy Prickett Morgan at The Next Platform.

0

Rakuten Mobile Dismisses Open RAN Skeptics

The open RAN framework is 40% cheaper than traditional telecommunication infrastructure, according...

Read More »

0

Coronavirus Forces Google Cloud Next to Go Digital

The company is moving the event to an all-digital experience, and there will not be any keynotes or...

Read More »

0

Post: Essilen Research, Fauna, Sisu, Educative, PA File Sight, Etleap, Triplebyte, Stream

Who's Hiring? 

• Are you looking to improve how you hire technical talent? Essilen Research's free video series can help. Fix common issues in screening, interviewing, closing and on-boarding. Learn how world-class tech companies crush the hiring game!


• Sisu Data is looking for machine learning engineers who are eager to deliver their features end-to-end, from Jupyter notebook to production, and provide actionable insights to businesses based on their first-party, streaming, and structured relational data. Apply here.


• Triplebyte lets exceptional software engineers skip screening steps at hundreds of top tech companies like Apple, Dropbox, Mixpanel, and Instacart. Make your job search O(1), not O(n). Apply here.


• Need excellent people? Advertise your job here! 

Cool Products and Services

• Level up on in-demand technologies and prep for your interviews on Educative.io, featuring popular courses like the bestselling Grokking the System Design Interview. For the first time ever, you can now sign up for a subscription to get unlimited access to every course on the platform at a discounted price through the holiday period only. You'll also get to lock in this price as long as you're a subsciber. 


• Stateful JavaScript Apps. Effortlessly add state Continue reading

0

Operators Face Unproven Edge Computing Business Models

Nokia Software CTO Ron Haberman likened the potential business models for mobile edge computing to...

Read More »

0

GTT Focuses On ‘Connecting People’ Amid Infrastructure Sell Off

"We found out with the acquisitions of Interoute and Hibernia that the development of...

Read More »

0

Claris Rides Apple Hook for Low-Code Nirvana

The low-code vendor is Apple's only direct software play in the B2B space.

0

RPKI and the RTR protocol

Today’s Internet requires stronger protection within its core routing system and as we have already said: it's high time to stop BGP route leaks and hijacks by deploying operationally-excellent RPKI!

Luckily, over the last year plus a lot of good work has happened in this arena. If you’ve been following the growth of RPKI’s validation data, then you’ll know that more and more networks are signing their routes and creating ROA’s or Route Origin Authorizations. These are cryptographically-signed assertions of the validity of an announced IP block and contribute to the further securing of the global routing table that makes for a safer Internet.

The protocol that we have not written much about is RTR. The Resource Public Key Infrastructure (RPKI) to Router Protocol - or RTR Protocol for short. Today we’re fixing that.

RPKI rewind

We have written a few times about RPKI (here and here). We have written about how Cloudflare both signs its announced routes and filters its routing inbound from other networks (both transits and peers) using RPKI data. We also added our efforts in the open-source software space with the release of the Cloudflare RPKI Toolkit.

The primary part of the RPKI (Resource Continue reading

0

Addressing the Web’s Client-Side Security Challenge

Modern web architecture relies heavily on JavaScript and enabling third-party code to make client-side network requests. These innovations are built on client-heavy frameworks such as Angular, Ember, React, and Backbone that leverage the processing power of the browser to enable the execution of code directly on the client interface/web browser. These third-party integrations provide richness (chat tools, images, fonts) or extract analytics (Google Analytics). Today, up to 70% of the code executing and rendering on your customer’s browser comes from these integrations. All of these software integrations provide avenues for potential vulnerabilities.

Unfortunately, these unmanaged, unmonitored integrations operate without security consideration, providing an expansive attack surface that attackers have routinely exploited to compromise websites. Today, only 2% of the Alexa 1000 global websites were found to deploy client-side security measures to protect websites and web applications against attacks such as Magecart, XSS, credit card skimming, session redirects and website defacement.

Improving website security and ensuring performance with Cloudflare Workers

In this post, we focus on how Cloudflare Workers can be used to improve security and ensure the high performance of web applications. Tala has joined Cloudflare’s marketplace to further our common goals of ensuring website security, preserving data privacy and Continue reading

0

The Myth of Lossless vMotion

As a response to my Live vMotion into VMware-on-AWS Cloud blog post Nico Vilbert pointed me to his blog post explaining the details of cross-Atlantic vMotion into AWS.

Today I will not go into yet another rant pointing out all the things that can go wrong, but focus on a minor detail: “no ping was dropped in the process.”

The vMotion is instantaneous and lossless myth has been propagated since the early days of vMotion when sysadmins proudly demonstrated what seemed to be pure magic to amazed audiences… including the now-traditional terminal window running ping and not losing a single packet.

0

The Myth of Lossless vMotion

As a response to my Live vMotion into VMware-on-AWS Cloud blog post Nico Vilbert pointed me to his blog post explaining the details of cross-Atlantic vMotion into AWS.

Today I will not go into yet another rant pointing out all the things that can go wrong, but focus on a minor detail: “no ping was dropped in the process.”

The vMotion is instantaneous and lossless myth has been propagated since the early days of vMotion when sysadmins proudly demonstrated what seemed to be pure magic to amazed audiences… including the now-traditional terminal window running ping and not losing a single packet.

Read more ...

0

Virtual Conferences – Nice In Theory

As COVID-19 (Corona) has spread around the world, and while we can argue how serious that is, a lot of tech conferences have been cancelled, and rightfully so. Safety always comes first.

People have suggested that virtual conferences could be a replacement, but as I’ll explain in this blog, they can never really replace a standard conference, rather just be a complement.

First, let me just clear a couple of things:

• Safety comes first, if the prize of safety is to cancel a tech conference, that’s a small prize to pay
• We should generally try to travel less and replace some of the travel with the use of collaboration apps such as Webex, Zoom etc
• There are virtual conferences, such as the PacketPushers VDC, that do work in a virtual format

The first challenge is that we are all in different time zones. When I go to Cisco Live in the US, I adjust to the US time. If I’m staying here in Sweden, I’m not going to stay up late to watch a stream coming from the US.

When you travel to a conference, you are away from work and family, you have dedicated that time to make the Continue reading

0

The First Ethiopia Internet Development Conference: Meeting Challenge and Opportunity Head On

When it comes to Ethiopia’s future online, there are many reasons to feel optimistic.

The country has one of the fastest-growing economies in the region, is strategically placed, and has a population of over 105 million, 60% of whom are under the age of 30. All of these are assets to make it a regional digital giant.

But this won’t happen unless Ethiopia takes some strategic moves. Internet penetration is still very low compared to its peers in Africa.  The rural areas are still largely unconnected to the Internet. Only cities enjoy 3G access and 4G is only available in the capital. In spite of successive price cuts by Ethio telecom in the last year, the Internet is not affordable for the majority of Ethiopians.

It’s not that the government has not wanted to connect the rural areas. In fact, the rationale that the Ethiopian government had to keep the monopoly was to use the money generated from cities to invest in the rural areas. However, this strategy has clearly not worked since Ethiopia’s rural areas are not better connected than those in countries that have not had a government monopoly on the sector, such as Kenya.

It is Continue reading

0

Daily Roundup: Nokia CEO Walks the Plank

Nokia CEO walked the plank; VMware's winning streak came to a screeching halt; and Marvell injected...

Read More »