Automating Cisco ACI Environment with Python and Ansible

This is a guest blog post by Dave Crown, Lead Data Center Engineer at the State of Delaware. He can be found automating things when he's not in meetings or fighting technical debt.

Over the course of the last year or so, I’ve been working on building a solution to deploy and manage Cisco’s ACI using Ansible and Git, with Python to spackle in cracks. The goal I started with was to take the plain-text description of our network from a Git server, pull in any requirements, and use the solution to configure the fabric, and lastly, update our IPAM, Netbox. All this without using the GUI or CLI to make changes. Most importantly, I want to run it with a simple invocation so that others can run it and it could be moved into Ansible Tower when ready.

Read more ...

BrandPost: SD-WAN Without WAN Optimization is Like Peanut Butter Without Jelly

SD-WAN vs. WAN Optimization Optimization of applications and data traffic has been an integral part of the WAN since its inception. WAN optimization accelerates application traffic by overcoming latency and reducing the amount of data traversing the WAN by applying techniques like protocol acceleration, deduplication, compression, reduced latency and caching to dramatically increase the amount of available bandwidth.Today, enterprises are rapidly adopting SD-WAN as a preferred solution when rearchitecting their WANs. SD-WAN is transforming the way networks support enterprise applications, dramatically increasing application performance by intelligently controlling and more efficiently utilizing all available WAN transport resources.To read this article in full, please click here

Three quick ways to move your Ansible inventory into Red Hat Ansible Tower

3 Ways quick ways to your Ansible inventory to Red Hat Ansible Tower

If you’ve been using Ansible at the command line for a while, you probably have a lot of servers, network devices, and other target nodes listed in your inventory. You know that Red Hat Ansible Tower makes it easier for everyone on your team to run your Ansible Playbooks. So you’ve thought about using Ansible Tower to take your automation to the next level, but you want to retain all the data and variables in your existing inventory file or directory. Are you worried about transferring your inventory from command-line use to Ansible Tower? Let me show you how easy it is to import your existing Ansible inventory into Ansible Tower!


This blog covers three quick and effective ways to connect your existing Ansible inventory into Ansible Tower:

  1. Migrating an inventory file from the Ansible Tower control node (awx-manage)
  2. Migrating an inventory file from anywhere with a playbook
  3. Setting Tower to access a git source-controlled inventory file

If you don’t have Ansible Tower yet and want to download and try it out, please visit: https://www.ansible.com/products/tower

If you’re using dynamic inventory, you don't need to import your inventory into Ansible Tower. Dynamic inventory retrieves your inventory from an Continue reading

Build your Agenda for DockerCon 2019

The DockerCon Agenda builder is live! So grab a seat and a cup of coffee and take a look at the session lineup coming to San Francisco April 29th – May 2nd. This year’s DockerCon delivers the latest updates from the Docker product team, lots of how to sessions for developers and IT Infrastructure and Ops, and customer use cases. Search talks by tracks to build your agenda today.

Build Your Agenda

Use the agenda builder to select the sessions that work for you:

  • Using Docker for Developers: How to talks for Developers, from beginner to intermediate. You’ll get practical advice on how implement Docker into your current deployment.
  • Using Docker for IT Infrastructure and Ops: Practical sessions for IT teams and enterprise architects looking for how best to design and architect your Docker container platform environment.
  • Docker Tech Talks: Delivered by the Docker team, these talks share the latest tech on the Docker Platform. You’ll learn about new features, product roadmap and more.
  • Customer Case Studies: Looking to learn from companies who have been there and learned a few things along the way? In this track, industry leaders share how Docker transformed their organization – from business use cases,technical Continue reading

Monsters in the Middleboxes: Introducing Two New Tools for Detecting HTTPS Interception

Monsters in the Middleboxes: Introducing Two New Tools for Detecting HTTPS Interception
Monsters in the Middleboxes: Introducing Two New Tools for Detecting HTTPS Interception

The practice of HTTPS interception continues to be commonplace on the Internet. HTTPS interception has encountered scrutiny, most notably in the 2017 study “The Security Impact of HTTPS Interception” and the United States Computer Emergency Readiness Team (US-CERT)  warning that the technique weakens security. In this blog post, we provide a brief recap of HTTPS interception and introduce two new tools:

  1. MITMEngine, an open-source library for HTTPS interception detection, and
  2. MALCOLM, a dashboard displaying metrics about HTTPS interception we observe on Cloudflare’s network.

In a basic HTTPS connection, a browser (client) establishes a TLS connection directly to an origin server to send requests and download content. However, many connections on the Internet are not directly from a browser to the server serving the website, but instead traverse through some type of proxy or middlebox (a “monster-in-the-middle” or MITM). There are many reasons for this behavior, both malicious and benign.

Types of HTTPS Interception, as Demonstrated by Various Monsters in the Middle

One common HTTPS interceptor is TLS-terminating forward proxies. (These are a subset of all forward proxies; non-TLS-terminating forward proxies forward TLS connections without any ability to inspect encrypted traffic). A TLS-terminating forward proxy sits Continue reading

Cross-vCenter NSX at the Center for Advanced Public Safety

Jason Foster is an IT Manager at the Center for Advanced Public Safety at the University of Alabama. The Center for Advanced Public Safety (CAPS) originally developed a software that provided crash reporting and data analytics software for the State of Alabama. Today, CAPS specializes in custom software mostly in the realm of law enforcement and public safety. They have created systems for many states and government agencies across the country.

Bryan Salek, Networking and Security Staff Systems Engineer, spoke with Jason about network virtualization and what led the Center for Advanced Public Safety to choosing VMware NSX Data Center and what the future holds for their IT transformation.

 

The Need for Secure and Resilient Infrastructure

As part of a large modernize data center initiative, the forward-thinking CAPS IT team began to investigate micro-segmentation. Security is a primary focus at CAPS due to the fact that the organization develops large software packages for various state agencies. The applications that CAPS writes and builds are hosted together, but contain confidential information and need to be segmented from one another.

Once CAPS rolled out the micro-segmentation use-case, the IT team decided to leverage NSX Data Center for disaster recovery purposes as Continue reading

The Network Sized Holes in Serverless

Until about 2017, the cloud was going to replace all on-premises data centers. As it turns out, however, the cloud has not replaced all on-premises data centers. Why not? Based on the paper under review, one potential answer is because containers in the cloud are still too much like “serverfull” computing. Developers must still create and manage what appear to be virtual machines, including:

  • Machine level redundancy, including georedundancy
  • Load balancing and request routing
  • Scaling up and down based on load
  • Monitoring and logging
  • System upgrades and security
  • Migration to new instances

Serverless solves these problems by placing applications directly onto the cloud, or rather a set of libraries within the cloud.

Jonas, Eric, Johann Schleier-Smith, Vikram Sreekanti, Chia-Che Tsai, Anurag Khandelwal, Qifan Pu, Vaishaal Shankar, et al. “Cloud Programming Simplified: A Berkeley View on Serverless Computing.” ArXiv:1902.03383 [Cs], February 9, 2019. http://arxiv.org/abs/1902.03383.

The authors define serverless by contrasting it with serverfull computing. While software is run based on an event in serverless, software runs until stopped in a cloud environment. While an application does not have a maximum run time in a serverfull environment, there is some maximum set by the provider in a serverless Continue reading

The Week in Internet News: Four Visions of the Internet

Competing visions: The World Economic Forum’s blog looks at four competing visions of the Internet that it sees emerging. These include Silicon Valley’s open Internet, Beijing’s paternal Internet, Brussels’ bourgeois Internet, and Washington’s commercial Internet. Will one vision win out?

Searching for fakes: WhatsApp, the popular messaging app owned by Facebook, is testing reverse image search in its efforts to battle fake news, TheNextWeb reports.  The chat app may use Google APIs to compare the targeted image with similar pictures as a way to filter out doctored images.

Working against itself: An Artificial Intelligence that can right fake news articles may also be useful for spotting them, the MIT Technology Review says. Recently, OpenAI withheld the release of its new language model on fears that it could be used to spread misinformation, but researchers say the tool may be useful for the opposite effect.

Privacy laundering: Lawfareblog.com take a hard look at Facebook’s recent announcement that it was moving to end-to-end encryption. The social media giant won’t fix its privacy problems with the move, however, the article says. “Facebook’s business model is the quintessential example of ‘surveillance capitalism,’ with user data serving as the main product that Facebook sells to Continue reading

Datacenter RPCs can be general and fast

Datacenter RPCs can be general and fast Kalia et al., NSDI’19

We’ve seen a lot of exciting work exploiting combinations of RDMA, FPGAs, and programmable network switches in the quest for high performance distributed systems. I’m as guilty as anyone for getting excited about all of that. The wonderful thing about today’s paper, for which Kalia et al. won a best paper award at NSDI this year, is that it shows in many cases we don’t actually need to take on that extra complexity. Or to put it another way, it seriously raises the bar for when we should.

eRPC (efficient RPC) is a new general-purpose remote procedure call (RPC) library that offers performance comparable to specialized systems, while running on commodity CPUs in traditional datacenter networks based on either lossy Ethernet or lossless fabrics… We port a production grade implementation of Raft state machine replication to eRPC without modifying the core Raft source code. We achieve 5.5 µs of replication latency on lossy Ethernet, which is faster than or comparable to specialized replication systems that use programmable switches, FPGAs, or RDMA.

eRPC just needs good old UDP. Lossy Ethernet is just fine (no need for fancy lossness Continue reading

Spousetivities at Oktane 2019

It should come as no surprise to anyone that I’m a huge supporter of Spousetivities, and not just because it was my wife, Crystal Lowe, who launched this movement. What started as the gathering of a few folks at VMworld 2008 has grown over the last 11 years, and this year marks the appearance of Spousetivities at an entirely new conference: Oktane 2019!

Oktane is the conference for Okta, a well-known provider of identity services, and the event is happening in San Francisco from April 1 through April 4 (at Moscone West). This year, Okta is bringing Spousetivities in to add activities for those traveling to San Francisco with conference attendees.

What sort of activities are planned? The Oktane19 Spousetivities landing page has full details, but here’s a quick peek:

  • A wine tour in Sonoma/Napa with private transportation (lunch is included, of course!)
  • A walking food tour of San Francisco combined with a bus tour of the city and tickets to Beach Blanket Babylon
  • A whale watching tour

…and more!

If you’re attending Oktane19 and are bringing along a spouse, domestic partner, family member, or even just a friend—I’d definitely recommend signing them up for Spousetivities. Continue reading

1 1,283 1,284 1,285 1,286 1,287 3,841