Reining In And Optimizing Cloud Spending

The fundamental advantage of using cloud services to deliver IT resources needed to support daily business operations is the flexibility they allow: on demand applications and instant infrastructure that can be ordered, provisioned, and delivered in minutes without the delays often involved in submitting equivalent requests to internal IT departments or waiting for suitable on-premise architecture to be implemented and configured. …

Reining In And Optimizing Cloud Spending was written by Timothy Prickett Morgan at The Next Platform.

DNS Encryption Explained

The Domain Name System (DNS) is the address book of the Internet. When you visit cloudflare.com or any other site, your browser will ask a DNS resolver for the IP address where the website can be found. Unfortunately, these DNS queries and answers are typically unprotected. Encrypting DNS would improve user privacy and security. In this post, we will look at two mechanisms for encrypting DNS, known as DNS over TLS (DoT) and DNS over HTTPS (DoH), and explain how they work.

Applications that want to resolve a domain name to an IP address typically use DNS. This is usually not done explicitly by the programmer who wrote the application. Instead, the programmer writes something such as fetch("https://example.com/news") and expects a software library to handle the translation of “example.com” to an IP address.

Behind the scenes, the software library is responsible for discovering and connecting to the external recursive DNS resolver and speaking the DNS protocol (see the figure below) in order to resolve the name requested by the application. The choice of the external DNS resolver and whether any privacy and security is provided at all is outside the control of the application. It depends on Continue reading

The Invisible Internet

Editor’s Note: Fifty years ago today, on October 29th, 1969, a team at UCLA started to transmit five letters to the Stanford Research Institute: LOGIN. It’s an event that we take for granted now – communicating over a network – but it was historic. It was the first message sent over the ARPANET, one of the precursors to the Internet. UCLA computer science professor Leonard Kleinrock and his team sent that first message. In this anniversary guest post, Professor Kleinrock shares his vision for what the Internet might become.

On July 3, 1969, four months before the first message of the Internet was sent, I was quoted in a UCLA press release in which I articulated my vision of what the Internet would become. Much of that vision has been realized (including one item I totally missed, namely, that social networking would become so dominant). But there was a critical component of that vision which has not yet been realized. I call that the invisible Internet. What I mean is that the Internet will be invisible in the sense that electricity is invisible – electricity has the extremely simple interface of a socket in the wall from which something called Continue reading

Saved: TCP Is the Most Expensive Part of Your Data Center

Years ago Dan Hughes wrote a great blog post explaining how expensive TCP is. His web site is long gone, but I managed to grab the blog post before it disappeared and he kindly allowed me to republish it.

If you ask a CIO which part of their infrastructure costs them the most, I’m sure they’ll mention power, cooling, server hardware, support costs, getting the right people and all the usual answers. I’d argue one the the biggest costs is TCP, or more accurately badly implemented TCP.

50 Years of The Internet. Work in Progress to a Better Internet

It was fifty years ago when the very first network packet took flight from the Los Angeles campus at UCLA to the Stanford Research Institute (SRI) building in Palo Alto. Those two California sites had kicked-off the world of packet networking, of the Arpanet, and of the modern Internet as we use and know it today. Yet by the time the third packet had been transmitted that evening, the receiving computer at SRI had crashed. The “L” and “O” from the word “LOGIN” had been transmitted successfully in their packets; but that “G”, wrapped in its own packet, caused the death of that nascent packet network setup. Even today, software crashes, that’s a solid fact; but this historic crash, is exactly that — historic.

So much has happened since that day (October 29’th to be exact) in 1969, in fact it’s an understatement to say “so much has happened”! It’s unclear that one blog article would ever be able to capture the full history of packets from then to now. Here at Cloudflare we say we are helping build a “better Internet”, so it would make perfect sense for us to Continue reading

Fifty Years Ago

This is a guest post by Steve Crocker of Shinkuro, Inc. and Bill Duvall of Consulair. Fifty years ago they were both present when the first packets flowed on the Arpanet.

On 29 October 2019, Professor Leonard (“Len”) Kleinrock is chairing a celebration at the University of California, Los Angeles (UCLA).  The date is the fiftieth anniversary of the first full system test and remote host-to-host login over the Arpanet.  Following a brief crash caused by a configuration problem, a user at UCLA was able to log in to the SRI SDS 940 time-sharing system.  But let us paint the rest of the picture.

The Arpanet was a bold project to connect sites within the ARPA-funded computer science research community and to use packet-switching as the technology for doing so.  Although there were parallel packet-switching research efforts around the globe, none were at the scale of the Arpanet project. Cooperation among researchers in different laboratories, applying multiple machines to a single problem and sharing of resources were all part of the vision.  And over the fifty years since then, the vision has been fulfilled, albeit with some undesired outcomes mixed in with the enormous benefits.  However, in this blog, we Continue reading

As the internet turns 50, experts weigh future advances and emerging issues

As the internet turns 50, the technology is only picking up steam and continuing to reinvent many aspects of our lives, from the way we do business, and the way we find dates and jobs, to the way we run for political office.  The internet was born when the first Arpanet link was established between the University of California, Los Angeles and the Stanford Research Institute at 22:30 hours on October 29, 1969. UCLA professor Leonard Kleinrock and his student Charley Kline sent the first message to Bill Duval, a programmer at Stanford University. That first communication was the spark that ignited the growth of the internet and everything it has brought with it – email, sharing pictures on Facebook, buying books and toasters on Amazon, watching movies on Netflix, cat videos, mean-spirited memes and election-tampering bots.To read this article in full, please click here

HPE Takes On VMware With AI-Powered HCI

Nokia Beats ‘Trust and Security’ Drum to Bolster 5G Position

How SD-WAN is evolving into Secure Access Service Edge

SASE, pronounced "sassy," stands for secure access service edge, and it's being positioned by Gartner as the next big thing in enterprise networking. The technology category, which Gartner and other network experts first introduced earlier this year, converges the WAN edge and network security into a cloud-based, as-a-service delivery model. According to Gartner, the convergence is driven by customer demands for simplicity, scalability, flexibility, low latency, and pervasive security.SASE brings together security and networking A SASE implementation requires a comprehensive technology portfolio that only a few vendors can currently deliver. The technology is still in its infancy, with less than 1% adoption. There are a handful of existing SD-WAN providers, including Cato Networks, Juniper, Fortinet and Versa, that are expected to compete in the emerging SASE market. There will be other SD-WAN vendors jumping on this wagon, and the industry is likely to see another wave of startups. To read this article in full, please click here

How SD-WAN is evolving into Secure Access Service Edge

SASE, pronounced "sassy," stands for secure access service edge, and it's being positioned by Gartner as the next big thing in enterprise networking. The technology category, which Gartner and other network experts first introduced earlier this year, converges the WAN edge and network security into a cloud-based, as-a-service delivery model. According to Gartner, the convergence is driven by customer demands for simplicity, scalability, flexibility, low latency, and pervasive security.SASE brings together security and networking A SASE implementation requires a comprehensive technology portfolio that only a few vendors can currently deliver. The technology is still in its infancy, with less than 1% adoption. There are a handful of existing SD-WAN providers, including Cato Networks, Juniper, Fortinet and Versa, that are expected to compete in the emerging SASE market. There will be other SD-WAN vendors jumping on this wagon, and the industry is likely to see another wave of startups. To read this article in full, please click here

Rubrik Cozies Up With NetApp On Data Security

NSX Cloud – Choice of Agented or Agentless Modes of Operation

VMware NSX through its NSX Cloud offering enables customers to implement a consistent networking and security framework for workloads hosted across on-premises data center (DC) and public clouds such as AWS and Azure.

Every cloud orchestration and management tool, immaterial of what use case it has set out to solve has one question to answer: If it is an agent-based solution or an agentless solution. More often than not, the answer to this question has direct implications for the ability of the cloud admin team to deploy and manage the solution.

But, do we really have to choose?! What if we can have both agented and agentless modes of operation?! That’s the question we asked ourselves with VMware NSX and here we are with NSX-T 2.5.

Meet the New NSX Cloud Modes of Operation

What is NSX Enforced Mode?

NSX Enforced Mode provides a “consistent” security and networking policy framework between your on-premises DC and public cloud environment. You can have a unified–corporate-wide-firewall-policy which will be enforced as an NSX Policy, by having an nsx footprint inside each virtual machine running in the cloud.

Why is it Required?

Well, NSX architecture has 3 layers:

• Management-plane
• Control-plane
• Data-plane

Continue reading

Carriers’ Messaging Joint Venture Destined To Fail

IoT roundup: VMware, Nokia beef up their IoT

A powerful IoT networking technology used by the major carriers continues to gain ground, Congress makes noise about training for federal workers, and a prominent researcher warns of trouble ahead.(networkworld.com)To read this article in full, please click here

IoT roundup: VMware, Nokia beef up their IoT

The major U.S. mobile carriers are eager participants in the rise of IoT, and it’s tough to argue that they don’t have a major role to play – the ability to connect largely anywhere, coupled with the ability to handle high-throughput applications, means that cellular data can be an attractive option for the connectivity piece of an IoT deployment.AT&T announced a deal with Vodafone last week to interconnect their respective narrow-band IoT networks across the Atlantic, mating AT&T’s U.S. coverage with Vodafone’s in western Europe. That means that businesses with NB-IoT deployments in those areas can use that single network to connect their entire implementation. Not to be outdone, Sprint announced that it, too, is rolling out NB-IoT on its Curiosity IoT platform. Sprint shared its plans during a panel discussion at Mobile World Congress in Los Angeles last week.To read this article in full, please click here

IoT roundup: Carriers expand NB-IoT footprints, Congress eyes security bill, and ‘IT asbestos’ looms

The major U.S. mobile carriers are eager participants in the rise of IoT, and it’s tough to argue that they don’t have a major role to play – the ability to connect largely anywhere, coupled with the ability to handle high-throughput applications, means that cellular data can be an attractive option for the connectivity piece of an IoT deployment.AT&T announced a deal with Vodafone last week to interconnect their respective narrow-band IoT networks across the Atlantic, mating AT&T’s U.S. coverage with Vodafone’s in western Europe. That means that businesses with NB-IoT deployments in those areas can use that single network to connect their entire implementation. Not to be outdone, Sprint announced that it, too, is rolling out NB-IoT on its Curiosity IoT platform. Sprint shared its plans during a panel discussion at Mobile World Congress in Los Angeles last week.To read this article in full, please click here

IoT roundup: Carriers expand NB-IoT footprints, Congress eyes security bill, and ‘IT asbestos’ looms

The major U.S. mobile carriers are eager participants in the rise of IoT, and it’s tough to argue that they don’t have a major role to play – the ability to connect largely anywhere, coupled with the ability to handle high-throughput applications, means that cellular data can be an attractive option for the connectivity piece of an IoT deployment.AT&T announced a deal with Vodafone last week to interconnect their respective narrow-band IoT networks across the Atlantic, mating AT&T’s U.S. coverage with Vodafone’s in western Europe. That means that businesses with NB-IoT deployments in those areas can use that single network to connect their entire implementation. Not to be outdone, Sprint announced that it, too, is rolling out NB-IoT on its Curiosity IoT platform. Sprint shared its plans during a panel discussion at Mobile World Congress in Los Angeles last week.To read this article in full, please click here

This 4-course VMware mastery bundle is on sale today for just $20

An IT server is costly but necessary to run a network, and most businesses employ many of them. A great way to get the most out of a servers’ physical resources is through virtualization, which allows a server to create a host an operating system using virtual machine software such as VMware. This essentially creates a “computer within a computer”, and you can learn how to do so with this $20 bundle.To read this article in full, please click here

AT&T Lobs 3-Year Plan Amid Investor Backlash