NetworkingNexus.net

Automating 802.1x (Part One)

This is a guest blog post by Albert Siersema, senior network and cloud engineer at Mediacaster.nl. He’s always busy broadening his horizons and helping his customers in (re)designing and automating their infrastructure deployment and management.

We’d like to be able to automate our network deployment and management from a single source of truth, but before we get there from a running (enterprise, campus!) network, we’ll have to take some small steps first.

These posts are not focused on 802.1x, but it serves as a nice use case in which I’ll show you how automation can save time and bring some consistency and uniformity to the network (device) configuration.

Time protection: the missing OS abstraction

Time protection: the missing OS abstraction Ge et al., EuroSys’19

Ever since the prominent emergence of timing-based microarchitectural attacks (e.g. Spectre, Meltdown, and friends) I’ve been wondering what we can do about them. When a side-channel is based on observing improved performance, a solution that removes the improved performance can work, but is clearly undesirable. In today’s paper choice, for which the authors won a best paper award at EuroSys’19 last month, Ge et al., set out a principled basis for protecting against this class of attacks. Just as today’s systems offer memory protection, they call this time protection. The paper sets out what we can do in software given today’s hardware, and along the way also highlights areas where cooperation from hardware will be needed in the future.

Timing channels, and in particular microarchitectural channels, which exploit timing variations due to shared use of caches and other hardware, remain a fundamental OS security challenge that has eluded a comprehensive solution to date… We argue that it is time to take temporal isolation seriously, and make the OS responsible for time protection, the prevention of temporal inference, just as memory protection prevents spatial inference.

5 times when cloud repatriation makes sense

A growing number of enterprises are pulling selected applications out of the cloud and returning them to their brick-and-mortar data centers. Cloud repatriation is gaining momentum as enterprises realize the cloud isn't always the best solution to IT cost, performance and other concerns.Dave Cope, senior director of market development for Cisco's CloudCenter, believes that technology has evolved to the point where enterprises now have the unprecedented freedom to locate applications wherever maximum cost, performance and security benefits can be achieved. "There’s an ability to place workloads where they best reside based on business priorities, not IT constraints," he notes. "We’re starting to get this natural distribution of workloads across existing and new environments … where they make the most sense."To read this article in full, please click here

5 times when cloud repatriation makes sense

System Monitoring: Glances at Top

System monitoring is one of the topics that has got a lot of attention lately. A lot of options already exists in the open but every-time I search a for a system monitoring tool I am presented with options suitable for large scale cluster of machines, capturing metrics over time, showing trends of resource utilization … Continue reading

Our Green Card Journey

We are now Lawful Permanent Residents of the United States - aka Green Card Holders. It took a few years to get to this point. Here’s our timeline, why we did it, what it means for us, and what next.

Timeline

I first moved to the US on an L-1B visa. This is an intra-company transfer visa, that let me move to the US to continue working for Brocade.

May 2015 - Began work for Brocade, based in New Zealand.
Jul 2016 - Received L-1B visa, allowing us to move to US.
Aug 2016 - Moved from New Zealand to US.
Nov 2016 - Broadcom announces intention to acquire Brocade
Nov 2016 - Green Card process initiated - Department of Labour certification filed.
Jul 2017 - PERM filed.
Oct 2017 - Extreme Network acquired my business unit. I remained employee of Broadcom.
Nov 2017 - PERM approved.
Jan 2018 - Received permission to transfer L-1 visa to Extreme Networks.
Feb 2018 - I-140 and I-485 submitted.
Sep 2018 - I-140 approved.
Feb 2019 - I-485 interview scheduled.
Mar 2019 - I-485 interview held. Lots of questions, confirming details & history, but all straightforward.
One week later: cards in hand

Total Continue reading

Our Green Card Journey

Timeline

I first moved to the US on an L-1B visa. This is an intra-company transfer visa, that let me move to the US to continue working for Brocade.

May 2015 - Began work for Brocade, based in New Zealand.
Jul 2016 - Received L-1B visa, allowing us to move to US.
Aug 2016 - Moved from New Zealand to US.
Nov 2016 - Broadcom announces intention to acquire Brocade
Nov 2016 - Green Card process initiated - Department of Labour certification filed.
Jul 2017 - PERM filed.
Oct 2017 - Extreme Network acquired my business unit. I remained employee of Broadcom.
Nov 2017 - PERM approved.
Jan 2018 - Received permission to transfer L-1 visa to Extreme Networks.
Feb 2018 - I-140 and I-485 submitted.
Sep 2018 - I-140 approved.
Feb 2019 - I-485 interview scheduled.
Mar 2019 - I-485 interview held. Lots of questions, confirming details & history, but all straightforward.
One week later: cards in hand

Total Continue reading

Our Green Card Journey

Timeline

I first moved to the US on an L-1B visa. This is an intra-company transfer visa, that let me move to the US to continue working for Brocade.

May 2015 - Began work for Brocade, based in New Zealand.
Jul 2016 - Received L-1B visa, allowing us to move to US.
Aug 2016 - Moved from New Zealand to US.
Nov 2016 - Broadcom announces intention to acquire Brocade
Nov 2016 - Green Card process initiated - Department of Labour certification filed.
Jul 2017 - PERM filed.
Oct 2017 - Extreme Network acquired my business unit. I remained employee of Broadcom.
Nov 2017 - PERM approved.
Jan 2018 - Received permission to transfer L-1 visa to Extreme Networks.
Feb 2018 - I-140 and I-485 submitted.
Sep 2018 - I-140 approved.
Feb 2019 - I-485 interview scheduled.
Mar 2019 - I-485 interview held. Lots of questions, confirming details & history, but all straightforward.
One week later: cards in hand

Total Continue reading

Kontainer Korner: CNCF Welcomes CRI-O, Graduates Fluentd

Plus, Google's Anthos launch draws new Kubernetes-focused storage updates, and Knative turns 0.5.

Weekly Top Posts: 2019-04-14

Worth Reading: There Is No Magic

I’m not the only one telling people not to bet the farm on Santa Claus and dancing unicorns. Pete Welcher wrote a nice blog post describing the implications of laws of physics and data gravity (I described the gory details in Designing Active-Active Data Centers and AWS Networking Deep Dive webinars).

Meanwhile, Russ White reviewed an article that (without admitting it) discovered that serverless is just software running on other people’s servers.

Enjoy!

Trump Boasts American Leadership on 5G

Trump gave his speech on 5G surrounded by a group of farmers wearing cowboy hats and cell tower...

Read More »

Matt Oswalt – Speaker Bio

Photo Short Bio Matt Oswalt hails from Portland, OR, and focuses on the intersection of network infrastructure, automation, systems, and software engineering. He’s passionate about enabling engineers to evolve their careers to the next level, and sharing the bright spots that exist within the technology industry with the masses. You can often find him speaking at conferences or meetups about these topics, as well as writing about them on his blog (https://keepingitclassless.

Keeping It Classless 1970-01-01 00:00:00

One thing that’s always bugged me about the whole “You’ll be out of a job in 5,10,15 years if you don’t learn programming” is this. Who cares when you’ll be OUT OF A JOB? It’s like we’re driving a car in dense fog, trying to figure out when to perfectly apply the brakes so that we don’t go over a cliff that’s SOMEWHERE in the distance. Like - the fact that we’re even having this debate is a horrible waste of time in my opinion.

Alexa , AWS Lambda & AWS IOT MQTT and you can interact with anything

I hear a lot on IOT but don’t have a clue on underlying protocols. My interest is only to understand how it might help a business or more than that my personal interests. So continuing the server power on/off series I wanted to do it with Amazon echo voice command. Now, this is not a smart power switch where you can power-on with a command on Echo but you actually have to send a message to IDRAC, we already covered this in a previous post.

Well, the main goal isn’t to power-on a server that can be done manually as it sits beside me, the main goal is to extend this to any business / personal ideas which might get the benefit.

Summary – Develop a small interactive model to understand Alexa voice service / AWS lambda and MQTT so that we can get a feel of what can be achieved with this.

I will not go much into any tech explanations or bore you with English, I will put here two screenshots and code to git, hopefully, you should be able to give it a try.

Its illustrated in 6 steps

Voice command to echo (I have made Continue reading

From Manufacturing to Climate Analytics: DockerCon speakers on real-world use cases

DockerCon brings industry leaders and experts of the container world to one event where they share their knowledge, experience and guidance. This year is no different. For the next few weeks, we’re going to highlight a few of our amazing speakers and the talks they will be leading.

In this third highlight, we have several speakers who will be sharing their real world Docker use cases and learnings. These are the folks who have already put things in place and are here to share and inspire. Interested in transforming legacy applications? Or maybe large scale data analytics is your focus. Maybe you’re a software vendor – or have plans to be – and want to learn about containerizing your application. To learn more, register now to attend the session featuring real Docker users like you.

In case you missed them, check out our previous speaker highlights:

Transforming a 15+ Year Old Semiconductor Manufacturing Environment

SDxCentral Weekly Wrap: Google Anthos Marks Aggressive Play Against AWS and Microsoft Azure

SDxCentral Weekly Wrap for April 12, 2019: Anthos manages on premises and across public clouds;...

Read More »

Gov’t warns on VPN security bug in Cisco, Palo Alto, F5, Pulse software

The Department of Homeland Security has issued a warning that some VPN packages from Cisco, Palo Alto, F5 and Pulse may improperly secure tokens and cookies, allowing nefarious actors an opening to invade and take control over an end user’s system. The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) warning comes on the heels of a notice from Carnegie Mellon's CERT that multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files.To read this article in full, please click here

Gov’t warns on VPN security bug in Cisco, Palo Alto, F5, Pulse software

The Department of Homeland Security has issued a warning that some VPN packages from Cisco, Palo Alto, F5 and Pusle may improperly secure tokens and cookies, allowing nefarious actors an opening to invade and take control over an end user’s system. The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) warning comes on the heels of a notice from Carnegie Mellon's CERT that multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files.To read this article in full, please click here

« Previous 1 … 1,216 1,217 1,218 1,219 1,220 … 3,796 Next »