The Road Ahead for Cloud Area Network Migration
CIOs today mandate a ‘Cloud First’ or a ‘Cloud Only’ model for new IT investments with three different cloud models.
CIOs today mandate a ‘Cloud First’ or a ‘Cloud Only’ model for new IT investments with three different cloud models.


Today, we’re excited to open source Flan Scan, Cloudflare’s in-house lightweight network vulnerability scanner. Flan Scan is a thin wrapper around Nmap that converts this popular open source tool into a vulnerability scanner with the added benefit of easy deployment.
We created Flan Scan after two unsuccessful attempts at using “industry standard” scanners for our compliance scans. A little over a year ago, we were paying a big vendor for their scanner until we realized it was one of our highest security costs and many of its features were not relevant to our setup. It became clear we were not getting our money’s worth. Soon after, we switched to an open source scanner and took on the task of managing its complicated setup. That made it difficult to deploy to our entire fleet of more than 190 data centers.
We had a deadline at the end of Q3 to complete an internal scan for our compliance requirements but no tool that met our needs. Given our history with existing scanners, we decided to set off on our own and build a scanner that worked for our setup. To design Flan Scan, we worked closely with our auditors to understand Continue reading
We are proud to announce a great lineup of guest speakers for the first Networking in Public Cloud Deployments course that will run in Spring 2020:
In this episode of Network Neighborhood, we welcome Ramzi Marjaba, Hybrid Senior Sales Engineer at Ixia Solutions Group at Keysight Technologies. Ramzi is also the creative power behind WeTheSalesEngineers.com, a career-oriented resource site for sales engineers featuring a blog, a podcast, and more.
The post Network Neighborhood 04: We The Sales Engineers With Ramzi Marjaba appeared first on Packet Pushers.
This morning’s keynotes were, in my opinion, better than yesterday’s morning keynotes. (I missed the closing keynotes yesterday due to customer meetings and calls.) Only a couple of keynotes really stuck out. Vicki Cheung provided some useful suggestions for tools that are helping to “close the gap” on user experience, and there was an interesting (but a bit overly long) session with a live demo on running a 5G mobile core on Kubernetes.
Due to some power outages at the conference venue resulting from rain in San Diego, the Prometheus session I had planned to attend got moved to a different time. As a result, I sat in this session by Lyft instead. The topic was about running large-scale stateful workloads, but the content was really about a custom solution Lyft built (called Flyte) that leveraged CRDs and custom controllers to help manage stateful workloads. While it’s awesome that companies like Lyft can extend Kubernetes to address their specific needs, this session isn’t helpful to more “ordinary” companies that are trying to figure out how to run their stateful workloads on Kubernetes. I’d really like the CNCF and the conference committee to try Continue reading
K3s is basically a slimmer version of Kubernetes that is targeted at resource-constrained edge...
This includes a new External Key Manager, which allows companies to store and manage encryption...
We are not shy of playing guessing games here at The Next Platform, as you all well know. …
Doing The Math On Future Exascale Supercomputers was written by Timothy Prickett Morgan at The Next Platform.
It is now pretty much assured that the first three pre-exascale systems being installed in the European Union will not be powered by processors being developed under the European Processor Initiative (EPI). …
First European Pre-Exascale Supercomputers Forgo Homegrown CPUs was written by Michael Feldman at The Next Platform.
“SD-WAN is the gateway for security,” MEF CTO Pascal Menezes said during his keynote at MEF...
Arm server development is a reality and a growing one at that. …
Has Arm Discovered the Ecosystem Keys? was written by Nicole Hemsoth at The Next Platform.
The platform uses an open-source connector to integrate with IBM and other vendors’ security...

One of the more interesting features introduced by TLS 1.3, the latest revision of the TLS protocol, was the so called “zero roundtrip time connection resumption”, a mode of operation that allows a client to start sending application data, such as HTTP requests, without having to wait for the TLS handshake to complete, thus reducing the latency penalty incurred in establishing a new connection.
The basic idea behind 0-RTT connection resumption is that if the client and server had previously established a TLS connection between each other, they can use information cached from that session to establish a new one without having to negotiate the connection’s parameters from scratch. Notably this allows the client to compute the private encryption keys required to protect application data before even talking to the server.
However, in the case of TLS, “zero roundtrip” only refers to the TLS handshake itself: the client and server are still required to first establish a TCP connection in order to be able to exchange TLS data.

QUIC goes a step further, and allows clients to send application data in the very first roundtrip of the connection, without requiring any other handshake to be Continue reading
The startup claims its decentralized storage costs less than half the price of AWS and cloud...