This includes a new External Key Manager, which allows companies to store and manage encryption...
We are not shy of playing guessing games here at The Next Platform, as you all well know. …
Doing The Math On Future Exascale Supercomputers was written by Timothy Prickett Morgan at The Next Platform.
It is now pretty much assured that the first three pre-exascale systems being installed in the European Union will not be powered by processors being developed under the European Processor Initiative (EPI). …
First European Pre-Exascale Supercomputers Forgo Homegrown CPUs was written by Michael Feldman at The Next Platform.
“SD-WAN is the gateway for security,” MEF CTO Pascal Menezes said during his keynote at MEF...
Arm server development is a reality and a growing one at that. …
Has Arm Discovered the Ecosystem Keys? was written by Nicole Hemsoth at The Next Platform.
The platform uses an open-source connector to integrate with IBM and other vendors’ security...
One of the more interesting features introduced by TLS 1.3, the latest revision of the TLS protocol, was the so called “zero roundtrip time connection resumption”, a mode of operation that allows a client to start sending application data, such as HTTP requests, without having to wait for the TLS handshake to complete, thus reducing the latency penalty incurred in establishing a new connection.
The basic idea behind 0-RTT connection resumption is that if the client and server had previously established a TLS connection between each other, they can use information cached from that session to establish a new one without having to negotiate the connection’s parameters from scratch. Notably this allows the client to compute the private encryption keys required to protect application data before even talking to the server.
However, in the case of TLS, “zero roundtrip” only refers to the TLS handshake itself: the client and server are still required to first establish a TCP connection in order to be able to exchange TLS data.
QUIC goes a step further, and allows clients to send application data in the very first roundtrip of the connection, without requiring any other handshake to be Continue reading
The startup claims its decentralized storage costs less than half the price of AWS and cloud...
You need a cloud strategy so you can tackle complex issues such as access and identity management, security and compliance, and networking. Ed Horley sits in on the Day Two Cloud podcast to share sensible advice on how to build a workable strategy that incorporates high-level business goals with more nitty-gritty operational requirements.
The post Day Two Cloud 024: Why IT Operations Needs A Cloud Strategy And How To Form One appeared first on Packet Pushers.
Automation is an essential part of modern IT. In this blog I focus on Ansible credential plugins integration via Hashicorp Vault, an API addressable secrets engine which will make life easier for anyone wishing to handle secrets management and automation better. In order to automate effectively, modern systems require multiple secrets: certificates, database credentials, keys for external services, operating systems, networking. Understanding who is accessing secret credentials and when is difficult and often platform-specific and to manage key rotation, secure storage and detailed audit logging across a heterogeneous toolset is almost impossible. Red Hat Ansible Tower solves many of these issues on its own, but its integration with enterprise secret management solutions means it can utilize secrets on demand without human interaction.
In terms of secrets management, I will demonstrate how some of the risks associated with an automation service account can be mitigated by replacing password authentication with ssh certificate based authentication. In the context of automation, a service account is used to provide authorised access into endpoints from a central location. Best practices around security state that, shared accounts could pose a risk. While Red Hat Ansible Tower has the ability to obfuscate passwords, private keys, etc. Continue reading
Alain Aina has been a key player in the Internet in Africa. While the winner of this year’s Jonathan B. Postel Award has had support from organizations and others, his leadership in building technical communities has helped countless people to spread the Internet across Africa and the world.
As the chief technology officer of the West and Central Africa Research and Education Network (WACREN), Aina has been building a Regional Research and Education Network to interconnect National Research and Education Networks (NRENs) in the region and connect them to the global Research and Education Network. He wants the world to see the work of Africa’s premier researchers and carve out its spot in the academic world – in a way that would be impossible without the resources of this new network and community. He also contributes to AfricaConnect2, a project that supports the development of high-capacity networks for research and education across Africa, by building on existing networks in Eastern, Northern, and Southern Africa to connect to West and Central Africa’s WACREN.
Aina fell into this work after graduating in the early 90s with a degree in electrical engineering and in the maintenance and analysis of computer systems. He was hired to be a technical seller Continue reading
Here’s another “let’s use network automation tools to create reports we couldn’t get in the past” (like IP multicast trees) solution coming from an attendee in our network automation course: Paddy Kelly created L3VPN graphs detailing PE-to-CE connectivity using Cisco’s pyATS to parse the Cisco IOS printouts.
You’ll find dozens of other interesting solutions on our Sample Network Automation Solutions page - all of them were created by networking engineers who knew almost nothing about network automation or open-source automation tools when they started our automation course.
When it comes to multi domain or Inter datacenter communication, minimizing the broadcast traffic between the datacenters is an important scaling requirement.
Especially if you are dealing with millions of end hosts, localizing the broadcast traffic is critical to save resources on the network and the end hosts. Resources are bandwidth , CPU , memory and so on.
In this post I will mention how ARP cache is populated in OTV and EVPN technologies and the importance of ARP proxy function.
Classical approach to control broadcast traffic by localizing it within a datacenter is Proxying.
ARP is a good example of broadcast packet and ARP Proxy or Proxy ARP works either based on control or data plane learning.
Idea is, destination MAC address can be learned from the local device which keeps ARP cache and ARP traffic doesn’t have to traffic over datacenter interconnect links.
I said ARP cache can be populated either via control or data plane learning and let me give an example for each one of them.
OTV as a Cisco preparatory protocol advertise the MAC addresses through IS-IS. MAC reachability information is learned via control plane. But OTV doesn’t advertise MAC to IP binding through IS-IS. Continue reading
One of the advantages of EIGRP Feasible Successor is that it speeds up the EIGRP. In fact, if there is a Feasible Successor in the EIGRP network, such network converges faster than OSPF or IS-IS.
In this post, I will explain the answers to the above questions.
EIGRP Feasible Successor is a backup node that can satisfy the EIGRP feasibility condition.
Feasibility condition simply means that the backup router should be loop-free.
Let’s examine the topology shown below (Figure-1) to understand how EIGRP finds loop-free alternate/backup node.
Figure-1 EIGRP Feasibility Condition
From the Router A’s point of view, Router B and Router C are the equal cost routers; as a result, both ABD and ACD path can be used in the network. What’s more, Router A installs both Router B and Router C not only in the EIGRP topology table but also in the routing table.
There is no backup router in the above topology since Router A uses both Router B and Router C to reach the destination Continue reading