0

Manage Secrets and Protect Sensitive Data

Automation is an essential part of modern IT. In this blog I focus on Ansible credential plugins integration via Hashicorp Vault, an API addressable secrets engine which will make life easier for anyone wishing to handle secrets management and automation better. In order to automate effectively, modern systems require multiple secrets: certificates, database credentials, keys for external services, operating systems, networking. Understanding who is accessing secret credentials and when is difficult and often platform-specific and to manage key rotation, secure storage and detailed audit logging across a heterogeneous toolset is almost impossible. Red Hat Ansible Tower solves many of these issues on its own, but its integration with enterprise secret management solutions means it can utilize secrets on demand without human interaction.

In terms of secrets management, I will demonstrate how some of the risks associated with an automation service account can be mitigated by replacing password authentication with ssh certificate based authentication. In the context of automation, a service account is used to provide authorised access into endpoints from a central location.  Best practices around security state that, shared accounts could pose a risk. While Red Hat Ansible Tower has the ability to obfuscate passwords, private keys, etc. Continue reading

0

How make a Windows disaster recovery kit

Make your own disaster checklist and recovery toolkit before trouble happens.

0

Alain Aina: 2019 Jonathan B. Postel Service Award Winner

Alain Aina has been a key player in the Internet in Africa. While the winner of this year’s Jonathan B. Postel Award has had support from organizations and others, his leadership in building technical communities has helped countless people to spread the Internet across Africa and the world.

As the chief technology officer of the West and Central Africa Research and Education Network (WACREN), Aina has been building a Regional Research and Education Network to interconnect National Research and Education Networks (NRENs) in the region and connect them to the global Research and Education Network. He wants the world to see the work of Africa’s premier researchers and carve out its spot in the academic world – in a way that would be impossible without the resources of this new network and community. He also contributes to AfricaConnect2, a project that supports the development of high-capacity networks for research and education across Africa, by building on existing networks in Eastern, Northern, and Southern Africa to connect to West and Central Africa​’s WACREN.

Aina fell into this work after graduating in the early 90s with a degree in electrical engineering and in the maintenance and analysis of computer systems. He was hired to be a technical seller Continue reading

0

Automation Solution: L3VPN Topology

Here’s another “let’s use network automation tools to create reports we couldn’t get in the past” (like IP multicast trees) solution coming from an attendee in our network automation course: Paddy Kelly created L3VPN graphs detailing PE-to-CE connectivity using Cisco’s pyATS to parse the Cisco IOS printouts.

You’ll find dozens of other interesting solutions on our Sample Network Automation Solutions page - all of them were created by networking engineers who knew almost nothing about network automation or open-source automation tools when they started our automation course.

0

Interdatacenter broadcast control – ARP Proxy in OTV and EVPN

0

EIGRP Feasible Successor

0

Local-first software: you own your data, in spite of the cloud

Local-first software: you own your data, in spite of the cloud Kleppmann et al., Onward! ’19

Watch out! If you start reading this paper you could be lost for hours following all the interesting links and ideas, and end up even more dissatisfied than you already are with the state of software today. You might also be inspired to help work towards a better future. I’m all in :).

The rock or the hard place?

On the one-hand we have ‘cloud apps’ which make it easy to access our work from multiple devices and to collaborate online with others (e.g. Google Docs, Trello, …). On the other hand we have good old-fashioned native apps that you install on your operating system (a dying breed? See e.g. Brendan Burns’ recent tweet). Somewhere in the middle, but not-quite perfect, are online (browser-based) apps with offline support.

The primary issue with cloud apps (the SaaS model) is ownership of the data.

Unfortunately, cloud apps are problematic in this regard. Although they let you access your data anywhere, all data access must go via the server, and you can only do the things that the server will let you do. Continue reading

0

KubeCon 2019 Day 1 Summary

This week I’m in San Diego for KubeCon + CloudNativeCon. Instead of liveblogging each session individually, I thought I might instead attempt a “daily summary” post that captures highlights from all the sessions each day. Here’s my recap of day 1 at KubeCon + CloudNativeCon.

Keynotes

KubeCon + CloudNativeCon doesn’t have “one” keynote; it uses a series of shorter keynotes by various speakers. This has advantages and disadvantages; one key advantage is that there is more variety, and the attendees are more likely to stay engaged. I particularly enjoyed Bryan Liles’ CNCF project updates; I like Bryan’s sense of humor, and getting updates on some of the CNCF projects is always useful. As for some of the other keynotes, those that were thinly-disguised vendor sales pitches were generally pretty poor.

Introduction to the Virtual Kubelet

I was running late for the start of this session due to booth duty, and I guess the stuff I needed most was presented in that portion I missed. Most of what I saw was about Netflix Titus, and how the Netflix team ported Titus from Mesos to Virtual Kubelet. However, that information was so specific to Netflix’s particular use of Virtual Kubelet that it Continue reading

0

Orange, SoftBank Pick Fortinet SD-WAN

In addition to expanding its service provider reach, Fortinet announced an alliance with Siemens to...

Read More »

0

USAF: Kubernetes, Containers Saved 100 Years of Taxpayer Money

"That means that all of these programs we were going to spend 100 years of dead weight [on] is now...

Read More »

0

Aryaka Breaks Out SD-WAN Into Smart Services Suite

Aryaka's restructured SmartServices product line breaks out many features previously only available...

Read More »

0

Orange Taps ThousandEyes for Visibility Across Clouds, SD-WAN

The partners are pitching enterprise-grade managed internet, multi-cloud connectivity, and SD-WAN...

Read More »

0

Heavy Networking 487: Fortinet And The Secure SD-WAN (Sponsored)

Fortinet sponsors today's Heavy Networking podcast. You probably know Fortinet as a firewall company, but today's conversation focuses on Fortinet's secure SD-WAN capabilities. Fortinet guests Nirav Shah, senior director of products and solutions; and Alex Samonte, director of technical architecture come on the podcast to talk about key SD-WAN features, how SD-WAN is evolving, the role of SD-WAN in cloud access, and more.

The post Heavy Networking 487: Fortinet And The Secure SD-WAN (Sponsored) appeared first on Packet Pushers.

0

Intel targets Nvidia (again) with GPU and cross-processor API

Third time’s the charm? Intel is hoping so. It released details of its Xe Graphics Architecture, with which it plans to span use cases from mobility to high-performance computing (HPC) servers – and which it hopes will succeed where its Larrabee GPU and Xeon Phi manycore processors failed.It’s no secret Intel wants a piece of the high-performance computing HPC action, given that it introduced the chip and other products at it Intel HPC Developer Conference in Denver, Colo., this week just ahead of the Supercomputing ’19 tradeshow.To read this article in full, please click here

0

Intel targets Nvidia (again) with GPU and cross-processor API

Third time’s the charm? Intel is hoping so. It released details of its Xe Graphics Architecture, with which it plans to span use cases from mobility to high-performance computing (HPC) servers – and which it hopes will succeed where its Larrabee GPU and Xeon Phi manycore processors failed.It’s no secret Intel wants a piece of the high-performance computing HPC action, given that it introduced the chip and other products at it Intel HPC Developer Conference in Denver, Colo., this week just ahead of the Supercomputing ’19 tradeshow.To read this article in full, please click here

0

Microsoft Drives Confidential Computing Into Kubernetes

The initiative taps into Intel’s Software Guard Extension platform to support confidential...

Read More »

0

MEF Trumpets Progress on SD-WAN, Eyes Edge on 5G

MEF’s community has grown about 70% to more than 200 organizations during the last 18 months, and...

Read More »

0

SC19 SCinet: Grafana network traffic dashboard

The Grafana sFlow-RT Countries and Networks dashboard above shows traffic on the SCinet network, described as the fastest, most powerful volunteer-built network in the world. The network is build each year to support The International Conference for High Performance Computing, Networking, Storage, and Analysis. The SC19 conference is currently underway in Denver, Colorado and the screen capture is live data from the conference network.
The high speed switches and routers used to construct the SCinet network support industry standard sFlow streaming telemetry. In this case an instance of the sFlow-RT analytics engine receives the telemetry stream and generates flow analytics that are scraped every 15 seconds by an instance of the Prometheus time series database. The Prometheus database is in turn queried by an instance of Grafana which generated the dashboard shown at the top of the page.
In addition, sFlow-RT is running an embedded application that generates a real-time, up to the second, view of the traffic over the last 5 minutes.
This solution is extremely scalable. A single sFlow-RT instance, allocated only 1G of memory, easily monitors 158 network devices, while supporting 11 different applications (including the real-time dashboard and Prometheus export applications shown above).

0

Speeding I/O for Multi-GPU Clusters

As GPU-accelerated servers go, Nvidia’s DGX-2 box is hard to beat. …

Speeding I/O for Multi-GPU Clusters was written by Nicole Hemsoth at The Next Platform.

0

Review: Microsoft Windows Server 2019

Windows Server 2019 includes updates that Microsoft introduced over the past three years as well as many new security, administration, storage and Azure cloud integration features.