IDG Contributor Network: The WAF backed by artificial intelligence (AI)

The Web Application Firewall (WAF) issue didn't seem to me as a big deal until I actually started to dig deeper into the ongoing discussion in this field. It generally seems that vendors are trying to convince customers and themselves that everything is going smooth and that there is not a problem. In reality, however, customers don’t buy it anymore and the WAF industry is under a major pressure as constantly failing on the customer quality perspective.There have also been red flags raised from the use of the runtime application self-protection (RASP) technology. There is now a trend to enter the mitigation/defense side into the application and compile it within the code. It is considered that the runtime application self-protection is a shortcut to securing software that is also compounded by performance problems. It seems to be a desperate solution to replace the WAFs, as no one really likes to mix its “security appliance” inside the application code, which is exactly what the RASP vendors are currently offering to their customers. However, some vendors are adopting the RASP technology.To read this article in full, please click here

#BetterInternet: Join the Movement

#BetterInternet: Join the Movement
#BetterInternet: Join the Movement

When it comes to overall awareness of Cloudflare, it seems most folks fall into one of three camps: 1) those who don’t know much about Cloudflare at all, 2) those who are familiar with one or two of Cloudflare’s many solutions (i.e. DDoS protection, caching, DNS, etc.), and finally, 3) those who understand the full breadth and scope of Cloudflare’s global cloud network. This latter group of folks are especially excited about the broad scope of Cloudflare’s mission, which is: “to help build a better Internet.” Last week our co-founder Michelle Zatlyn explained in a blog post what this mission actually means:

“Our mission at Cloudflare is to help build a better Internet. That is a big, broad mission that means many things. It means that we push to make Internet properties faster. It means respecting individual’s privacy. It means making it harder for malicious actors to do bad things. It means helping to make the Internet more reliable. It means supporting new Internet standards and protocols, and making sure they are accessible to everyone. It means democratizing technology and making sure the widest possible group has access to it. It means increasing value for our community, Continue reading

What We Heard About Containers and Windows Server App Migration at Microsoft Ignite

Ever since Microsoft CVP Erin Chapelle spoke about the future of Windows Containers at DockerCon earlier this year, there has been excitement around the general availability of Windows Server 2019. That announcement came last week at the Microsoft Ignite Conference in Orlando.

Ignite was a tremendous opportunity for us to discuss the containerization journey with companies of all shapes and sizes. A central theme: what to do with large numbers of applications running today on Windows Server 2008, an operating system that will reach the end of its supported lifecycle in a mere 15 months.

Here are some common questions discussed last week at Ignite:

Q: What challenges do legacy Windows Server applications present?

A: Legacy applications have several challenges:

  • Fragile dependencies between the OS, application and other components
  • Lost knowledge when original development teams move on.
  • The stickiness of legacy .NET applications, with 70 percent of .NET apps still running on Windows Server 2003 or 2008.

Q: Are Docker containers only a public cloud technology?

A: Containers are the fastest growing cloud enabling technology, and are often used to enable cloud migration initiatives. Jabil Circuit, GE Digital and Lindsay Corporation are among many customers that have used containers Continue reading

We’ve Added an AWS Course to Our Video Library!

Hello! My name is Miles Karabas. I would like to tell you about my new course, AWS Certified SysOps Administrator, that just got released. The primary objective of this course is to teach the core components and services, and the basic concepts of AWS platform, and prepare you for the Certified SysOps Administrator – Associate level exam.

Why Get AWS Certified?

Amazon is the world leader in web services, and it’s services are used by thousands of companies around the world. AWS certifications show a potential employer that you have the skills to design, deploy and manage secure, highly available, cost efficient, scalable and fault tolerant systems on the AWS Platform. An AWS certification also puts you in an elite group of cloud engineers. These certifications are highly valued by employers. Last, AWS Certified engineers are among the highest paid IT professionals.

About the Course

The Certified AWS SysOps Administrator Exam focuses on specific processes of implementation, monitoring and managing of AWS services.

The course will cover the following topics:

  • Compute
  • Load Balancing & Auto Scaling
  • Storage
  • Databases
  • Security & Identity
  • Management Tools
  • Analytics
  • Networking & Content Delivery
  • Messaging
  • Monitoring

AWS exams are experience based, this course includes several hours Continue reading

Indigenous Access: It Will Benefit All Generations

In November 2017, the Internet Society hosted the inaugural Indigenous Connectivity Summit in Santa Fe, New Mexico. The event brought together community network operators, Internet service providers, community members, researchers, policy makers, and Indigenous leadership to work together to bridge the connectivity gap in indigenous communities in North America. One of the participants shared his story.

“My background is in architecture. This is all brand new,” said Merrill Yazzie, tribal community planner and project coordinator for the Pueblo of Cochiti. The pueblo had just begun to lay fiber to improve tribal Internet access. “The community itself doesn’t have Internet. The one line just goes to the government, to the administrative building,” said Yazzie. “Everyone relies on their cellular phones or satellite services, which can be pretty expensive.”

According to Yazzie, an enrolled member of the Navajo Nation, there are many advantages to increased Internet access. “It will benefit all generations,” said Yazzie. “Economically it will be a benefit. You don’t have access to the universities because you don’t have a vehicle or public transportation is not available. One way to access education would be through online courses.” Further, he mentioned the benefit increased connectivity could bring to basic services: Continue reading

Augmented reality, fog, and vision: Duke professor outlines importance of smart architectures

An academic researcher’s talk on Monday at the Fog World Congress in San Francisco demonstrated both the limits of distributed computing structures and their critical importance to future IoT and augmented reality (AR) implementations.Dr. Maria Gorlatova’s recent work has centered on the study of fog and edge architecture – specifically, the way in which particular methods of architecting those systems can affect latency and response time. She's studying the differences in systems which are on- and off-campus, that have different points of execution, which seems like the academic way of saying “where the computational work is done.”To read this article in full, please click here

AWS ABCs – Can I Firewall My Compute Instances?

In a previous post, I reviewed what a public subnet and Internet Gateway (IGW) are and that they allowed outbound and inbound connectivity to instances (ie, virtual machines) running in the AWS cloud.

If you’re the least bit security conscious, your reaction might be, “No way! I can’t have my instances sitting right on the Internet without any protection”.

Fear not, reader. This post will explain the mechanisms that the Amazon Virtual Private Cloud (VPC) affords you to protect your instances.

Security Groups

In a nutshell: security groups (SGs) define what traffic is allowed to reach an instance.

“Security group” is a bit of a weird name for what is essentially a firewall that sits in front of an instance, however if you think about it in terms of all servers at a particular tier in an N-tier application (eg, all the web servers) or all the servers that have a common function (eg, all PostgreSQL servers) and how each group would have its own security requirements when it comes to allowed ports, protocols, and IP addresses, then it makes a bit more sense: the security rules appropriate for a group of servers are all put together within Continue reading

A minimalist approach to network architecture

Minimalism, as a current concept, is not just about owning fewer things, or eliminating distractions, or consuming only specific coffees sold in unlabeled packaging at chairless coffee shops. Minimalism is a philosophical force and practical approach to life, that when applied correctly, can bring peace, happiness, and enrichment to your way of living. How do these core virtues of minimalism apply to network design? Read on. (And don’t worry, you can keep all of your stuff, your color TV and cell phones, and your roomy house, too – we’re just talking about networks here.)

Joshua Fields Millburn and Ryan Nicodemus, who founded theminimalists.com, sacrificed their former careers to share the concept of minimalism all over the globe, helping more than 20 million people live more meaningful lives. They’ve grounded the concepts of minimalism into a practical and elegant foundation that fits nicely in a modern society. They defined what many believe to be the core virtues of minimalism, ideas to internalize on your journey through life. When it comes to network design, here are five core virtues that prove to be incredibly valuable:

• Reclaim your time
• Create more, consume less
• Contribute beyond yourself
• Experience Continue reading

Network Troubleshooting Guidelines

It all started with an interesting weird MLAG bugs discussion during our last Building Next-Generation Data Center online course. The discussion almost devolved into “when in doubt reload” yammering when Mark Horsfield stepped in saying “while that may be true, make sure to check and collect these things before reloading”.

I loved what he wrote so much that I asked him to turn it into a blog post… and he made it even better by expanding it into generic network troubleshooting guidelines. Enjoy!

Read more ...

Virtual Cloud Network Deep Dive: Join us in New York and Toronto!

Attention New York and Toronto, the NSX team is heading your way to deliver Deep Dive Sessions to help you get a jump start on taking your company’s networking and security to the next level!

With fall in the air, many of us are in the planning stages for big improvements for the year ahead. If your IT team is feeling pressure to increase agility, stay productive and help your company innovate, then you won’t want to miss these sessions to get a head start on the latest approach to networking and security.

The Problem with the Old Approach to Networking and Security

Traditional, hardware-based approaches to networking and security are pedantic, inflexible, and notoriously slow-moving. At the same time, the complexity around applications, services and data is increasing, while new, more sophisticated and ever-evolving threats are also in the mix – making IT teams responsible for more environments than ever before (data, cloud, branches, and the edge, oh my!). That’s all to say, there’s a lot to solve for. Luckily the NSX team has your back.

Build Your Foundation for a Virtual Cloud Network

VMware NSX® is an innovative networking and security approach that changes the Continue reading

AWS ABCs — Can I Firewall My Compute Instances?

In a previous post, I reviewed what a public subnet and Internet Gateway (IGW) are and that they allowed outbound and _in_bound connectivity to instances (ie, virtual machines) running in the AWS cloud.

If you're the least bit security conscious, your reaction might be, “No way! I can't have my instances sitting right on the Internet without any protection”.

Fear not, reader. This post will explain the mechanisms that the Amazon Virtual Private Cloud (VPC) affords you to protect your instances.

VMworld EMEA 2018 and Spousetivities

Registration is now open for Spousetivities at VMworld EMEA 2108 in Barcelona! Crystal just opened registration in the last day or so, and I wanted to help get the message out about these activities.

Here’s a quick peek at what Crystal has lined up for Spousetivities participants:

  • A visit to the coastal village of Calella de Palafrugell, the village of Llafranc, and Pals (one of the most well-preserved medieval villages in all of Catalunya), along with wine in the Empordá region
  • Tour of the Dali Museum
  • Lunch and tour of Girona
  • A lunch-time food tour
  • A visit to the Collsera Natural Park and Mount Tibidabo, along with lunch at a 16th century stone farmhouse

For even more details, visit the Spousetivities site.

These activities look amazing. Even if you’ve been to Barcelona before, these unique activities and tours are not available to the public—they’re specially crafted specifically for Spousetivities participants.

Prices for all these activities are reduced thanks to Veeam’s sponsorship, and to help make things even more affordable there is a Full Week Pass that gives you access to all the activities at an additional discount.

These activities will almost certainly sell out, so register today!

Side note: Continue reading

LinkedIn the latest to introduce its own server designs

Whoever thought the chief competitors to HP Enterprise and Dell EMC would wind up being some of their biggest customers? But giant data center operators are in a sense becoming just that — a competitor to the hardware companies that they once and, to some degree still, sell hardware to.The needs of hyperscale data centers have driven this phenomenon. HPE and Dell design servers with maximum, broad appeal, so they don’t have to have many SKUs. But hyperscale data center operators want different configurations and find it cheaper to buy the parts and build the server themselves.Most of them— Google chief among them — don’t sell their designs; it’s just for their own internal use. But in the case of LinkedIn, the company is offering to “open source” the hardware designs it created to lower costs and speed up its data center deployment.To read this article in full, please click here

LinkedIn the latest to introduce its own server designs

Whoever thought the chief competitors to HP Enterprise and Dell EMC would wind up being some of their biggest customers? But giant data center operators are in a sense becoming just that — a competitor to the hardware companies that they once and, to some degree still, sell hardware to.The needs of hyperscale data centers have driven this phenomenon. HPE and Dell design servers with maximum, broad appeal, so they don’t have to have many SKUs. But hyperscale data center operators want different configurations and find it cheaper to buy the parts and build the server themselves.Most of them— Google chief among them — don’t sell their designs; it’s just for their own internal use. But in the case of LinkedIn, the company is offering to “open source” the hardware designs it created to lower costs and speed up its data center deployment.To read this article in full, please click here

Systemd traffic marking

Monitoring Linux services describes how the open source Host sFlow agent exports metrics from services launched using systemd, the default service manager on most recent Linux distributions. In addition, the Host sFlow agent efficiently samples network traffic using Linux kernel capabilities: PCAP/BPF, nflog, and ulog.

This article describes a recent extension to the Host sFlow systemd module, mapping sampled traffic to the individual services the generate or consume them. The ability to color traffic by application greatly simplifies service discovery and service dependency mapping; making it easy to see how services communicate in a multi-tier application architecture.

The following /etc/hsflowd.conf file configures the Host sFlow agent, hsflowd, to sampling packets on interface eth0, monitor systemd services and mark the packet samples, and track tcp performance:
sflow {
  collector { ip = 10.0.0.70 }
  pcap { dev = eth0 }
  systemd { markTraffic = on }
  tcp { }
}
The diagram above illustrates how the Host sFlow agent is able to efficiently monitor and classify traffic. In this case both the Host sFlow agent and an Apache web server are are running as services managed by systemd. A network connection , shown in Continue reading
1 1,446 1,447 1,448 1,449 1,450 3,840