K3s is basically a slimmer version of Kubernetes that is targeted at resource-constrained edge...
This includes a new External Key Manager, which allows companies to store and manage encryption...
We are not shy of playing guessing games here at The Next Platform, as you all well know. …
Doing The Math On Future Exascale Supercomputers was written by Timothy Prickett Morgan at The Next Platform.
It is now pretty much assured that the first three pre-exascale systems being installed in the European Union will not be powered by processors being developed under the European Processor Initiative (EPI). …
First European Pre-Exascale Supercomputers Forgo Homegrown CPUs was written by Michael Feldman at The Next Platform.
“SD-WAN is the gateway for security,” MEF CTO Pascal Menezes said during his keynote at MEF...
Arm server development is a reality and a growing one at that. …
Has Arm Discovered the Ecosystem Keys? was written by Nicole Hemsoth at The Next Platform.
The platform uses an open-source connector to integrate with IBM and other vendors’ security...
One of the more interesting features introduced by TLS 1.3, the latest revision of the TLS protocol, was the so called “zero roundtrip time connection resumption”, a mode of operation that allows a client to start sending application data, such as HTTP requests, without having to wait for the TLS handshake to complete, thus reducing the latency penalty incurred in establishing a new connection.
The basic idea behind 0-RTT connection resumption is that if the client and server had previously established a TLS connection between each other, they can use information cached from that session to establish a new one without having to negotiate the connection’s parameters from scratch. Notably this allows the client to compute the private encryption keys required to protect application data before even talking to the server.
However, in the case of TLS, “zero roundtrip” only refers to the TLS handshake itself: the client and server are still required to first establish a TCP connection in order to be able to exchange TLS data.
QUIC goes a step further, and allows clients to send application data in the very first roundtrip of the connection, without requiring any other handshake to be Continue reading
The startup claims its decentralized storage costs less than half the price of AWS and cloud...
You need a cloud strategy so you can tackle complex issues such as access and identity management, security and compliance, and networking. Ed Horley sits in on the Day Two Cloud podcast to share sensible advice on how to build a workable strategy that incorporates high-level business goals with more nitty-gritty operational requirements.
The post Day Two Cloud 024: Why IT Operations Needs A Cloud Strategy And How To Form One appeared first on Packet Pushers.
Automation is an essential part of modern IT. In this blog I focus on Ansible credential plugins integration via Hashicorp Vault, an API addressable secrets engine which will make life easier for anyone wishing to handle secrets management and automation better. In order to automate effectively, modern systems require multiple secrets: certificates, database credentials, keys for external services, operating systems, networking. Understanding who is accessing secret credentials and when is difficult and often platform-specific and to manage key rotation, secure storage and detailed audit logging across a heterogeneous toolset is almost impossible. Red Hat Ansible Tower solves many of these issues on its own, but its integration with enterprise secret management solutions means it can utilize secrets on demand without human interaction.
In terms of secrets management, I will demonstrate how some of the risks associated with an automation service account can be mitigated by replacing password authentication with ssh certificate based authentication. In the context of automation, a service account is used to provide authorised access into endpoints from a central location. Best practices around security state that, shared accounts could pose a risk. While Red Hat Ansible Tower has the ability to obfuscate passwords, private keys, etc. Continue reading
Alain Aina has been a key player in the Internet in Africa. While the winner of this year’s Jonathan B. Postel Award has had support from organizations and others, his leadership in building technical communities has helped countless people to spread the Internet across Africa and the world.
As the chief technology officer of the West and Central Africa Research and Education Network (WACREN), Aina has been building a Regional Research and Education Network to interconnect National Research and Education Networks (NRENs) in the region and connect them to the global Research and Education Network. He wants the world to see the work of Africa’s premier researchers and carve out its spot in the academic world – in a way that would be impossible without the resources of this new network and community. He also contributes to AfricaConnect2, a project that supports the development of high-capacity networks for research and education across Africa, by building on existing networks in Eastern, Northern, and Southern Africa to connect to West and Central Africa’s WACREN.
Aina fell into this work after graduating in the early 90s with a degree in electrical engineering and in the maintenance and analysis of computer systems. He was hired to be a technical seller Continue reading